gitea

mirror of https://github.com/go-gitea/gitea.git synced 2026-06-13 19:19:52 +00:00

Author	SHA1	Message	Date
Giteabot	1e9ea9c8f5	fix(deps): update npm dependencies (#38029 ) This PR contains the following updates: \| Package \| Change \| [Age](https://docs.renovatebot.com/merge-confidence/) \| [Confidence](https://docs.renovatebot.com/merge-confidence/) \| \|---\|---\|---\|---\| \| [@primer/octicons](https://primer.style/octicons) ([source](https://redirect.github.com/primer/octicons)) \| [`19.27.0` → `19.28.0`](https://renovatebot.com/diffs/npm/@primer%2focticons/19.27.0/19.28.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@primer%2focticons/19.28.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@primer%2focticons/19.27.0/19.28.0?slim=true) \| \| [@typescript-eslint/parser](https://typescript-eslint.io/packages/parser) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)) \| [`8.60.0` → `8.60.1`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.60.0/8.60.1) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@typescript-eslint%2fparser/8.60.1?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@typescript-eslint%2fparser/8.60.0/8.60.1?slim=true) \| \| [@vitest/eslint-plugin](https://redirect.github.com/vitest-dev/eslint-plugin-vitest) \| [`1.6.18` → `1.6.19`](https://renovatebot.com/diffs/npm/@vitest%2feslint-plugin/1.6.18/1.6.19) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@vitest%2feslint-plugin/1.6.19?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitest%2feslint-plugin/1.6.18/1.6.19?slim=true) \| \| [eslint](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint)) \| [`10.4.0` → `10.4.1`](https://renovatebot.com/diffs/npm/eslint/10.4.0/10.4.1) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/10.4.1?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/10.4.0/10.4.1?slim=true) \| \| [eslint-import-resolver-typescript](https://redirect.github.com/import-js/eslint-import-resolver-typescript) \| [`4.4.4` → `4.4.5`](https://renovatebot.com/diffs/npm/eslint-import-resolver-typescript/4.4.4/4.4.5) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-import-resolver-typescript/4.4.5?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-import-resolver-typescript/4.4.4/4.4.5?slim=true) \| \| [eslint-plugin-vue-scoped-css](https://future-architect.github.io/eslint-plugin-vue-scoped-css/) ([source](https://redirect.github.com/future-architect/eslint-plugin-vue-scoped-css)) \| [`3.1.0` → `3.1.1`](https://renovatebot.com/diffs/npm/eslint-plugin-vue-scoped-css/3.1.0/3.1.1) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-vue-scoped-css/3.1.1?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-vue-scoped-css/3.1.0/3.1.1?slim=true) \| \| [js-yaml](https://redirect.github.com/nodeca/js-yaml) \| [`4.1.1` → `4.2.0`](https://renovatebot.com/diffs/npm/js-yaml/4.1.1/4.2.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/js-yaml/4.2.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/js-yaml/4.1.1/4.2.0?slim=true) \| \| [pnpm](https://pnpm.io) ([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) \| [`11.4.0` → `11.5.1`](https://renovatebot.com/diffs/npm/pnpm/11.4.0/11.5.1) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/11.5.1?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/11.4.0/11.5.1?slim=true) \| \| [rolldown-license-plugin](https://redirect.github.com/silverwind/rolldown-license-plugin) \| [`3.0.8` → `3.0.9`](https://renovatebot.com/diffs/npm/rolldown-license-plugin/3.0.8/3.0.9) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/rolldown-license-plugin/3.0.9?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/rolldown-license-plugin/3.0.8/3.0.9?slim=true) \| \| [typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)) \| [`8.60.0` → `8.60.1`](https://renovatebot.com/diffs/npm/typescript-eslint/8.60.0/8.60.1) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/typescript-eslint/8.60.1?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript-eslint/8.60.0/8.60.1?slim=true) \| \| [updates](https://redirect.github.com/silverwind/updates) \| [`17.17.2` → `17.17.3`](https://renovatebot.com/diffs/npm/updates/17.17.2/17.17.3) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/updates/17.17.3?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/updates/17.17.2/17.17.3?slim=true) \| \| [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) \| [`8.0.14` → `8.0.16`](https://renovatebot.com/diffs/npm/vite/8.0.14/8.0.16) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vite/8.0.16?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/8.0.14/8.0.16?slim=true) \| \| [vitest](https://vitest.dev) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)) \| [`4.1.7` → `4.1.8`](https://renovatebot.com/diffs/npm/vitest/4.1.7/4.1.8) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vitest/4.1.8?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest/4.1.7/4.1.8?slim=true) \| \| [vue-tsc](https://redirect.github.com/vuejs/language-tools) ([source](https://redirect.github.com/vuejs/language-tools/tree/HEAD/packages/tsc)) \| [`3.3.2` → `3.3.3`](https://renovatebot.com/diffs/npm/vue-tsc/3.3.2/3.3.3) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vue-tsc/3.3.3?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vue-tsc/3.3.2/3.3.3?slim=true) \| --- ### Release Notes <details> <summary>primer/octicons (@primer/octicons)</summary> ### [`v19.28.0`](https://redirect.github.com/primer/octicons/blob/HEAD/CHANGELOG.md#19280) [Compare Source](https://redirect.github.com/primer/octicons/compare/v19.27.0...v19.28.0) ##### Minor Changes - [#1208](https://redirect.github.com/primer/octicons/pull/1208) [`eddab3ff`](https://redirect.github.com/primer/octicons/commit/eddab3ff19f1450eb1d60c78b1d20c2c4bc3fd15) Thanks [@dylanatsmith](https://redirect.github.com/dylanatsmith)! - Fix vscode icon: update 16px, add 24px, remove 32px and 48px </details> <details> <summary>typescript-eslint/typescript-eslint (@typescript-eslint/parser)</summary> ### [`v8.60.1`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8601-2026-06-01) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.60.0...v8.60.1) This was a version bump only for parser to align it with other projects, there were no code changes. See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.60.1) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>vitest-dev/eslint-plugin-vitest (@vitest/eslint-plugin)</summary> ### [`v1.6.19`](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/releases/tag/v1.6.19) [Compare Source](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.18...v1.6.19) No significant changes ##### [View changes on GitHub](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.18...v1.6.19) </details> <details> <summary>eslint/eslint (eslint)</summary> ### [`v10.4.1`](https://redirect.github.com/eslint/eslint/releases/tag/v10.4.1) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v10.4.0...v10.4.1) #### Bug Fixes - [`e557467`](https://redirect.github.com/eslint/eslint/commit/e557467db7496220eebcbe2ac5ea6d38c12bb1ec) fix: update `@eslint/plugin-kit` version to 0.7.2 ([#20930](https://redirect.github.com/eslint/eslint/issues/20930)) (Francesco Trotta) - [`d4ce898`](https://redirect.github.com/eslint/eslint/commit/d4ce898796ca22c3b96aa70d3014cb85f4bac1cd) fix: propagate failures from delegated commands ([#20917](https://redirect.github.com/eslint/eslint/issues/20917)) (Minh Vu) - [`f4f3507`](https://redirect.github.com/eslint/eslint/commit/f4f3507460bc016b5be979c05d2969793f570cbf) fix: prefer-arrow-callback invalid autofix with newline after `async` ([#20916](https://redirect.github.com/eslint/eslint/issues/20916)) (kuldeep kumar) - [`c5bc78b`](https://redirect.github.com/eslint/eslint/commit/c5bc78b37e08b9054a11f0cc2d81808bb24acb85) fix: false positive for reference in `finally` block ([#20655](https://redirect.github.com/eslint/eslint/issues/20655)) (Tanuj Kanti) - [`27538c0`](https://redirect.github.com/eslint/eslint/commit/27538c01f5df4e9306f6f4ba867b2dd6307fae59) fix: add missing CodePath and CodePathSegment types ([#20853](https://redirect.github.com/eslint/eslint/issues/20853)) (Pixel998) #### Documentation - [`61b0add`](https://redirect.github.com/eslint/eslint/commit/61b0add61ffc52665562be7bb96f526690a78b30) docs: remove deprecated rule from related rules of `max-params` ([#20921](https://redirect.github.com/eslint/eslint/issues/20921)) (Tanuj Kanti) - [`305d5b9`](https://redirect.github.com/eslint/eslint/commit/305d5b91aeac24d36fde42f75625a8f183d4ce43) docs: remove deprecated rules from related rules section ([#20911](https://redirect.github.com/eslint/eslint/issues/20911)) (Tanuj Kanti) - [`49b0202`](https://redirect.github.com/eslint/eslint/commit/49b0202d01918b8061720d586dffd7c68047090c) docs: fix `display: none` of ad ([#20901](https://redirect.github.com/eslint/eslint/issues/20901)) (Tanuj Kanti) - [`9067f94`](https://redirect.github.com/eslint/eslint/commit/9067f9492ec998afc5b4f057a477ecf6ebd45e44) docs: switch build to Node.js 24 ([#20893](https://redirect.github.com/eslint/eslint/issues/20893)) (Milos Djermanovic) - [`c91b041`](https://redirect.github.com/eslint/eslint/commit/c91b0417e3420c76807ce1fa2aea76e2de87ab86) docs: Update README (GitHub Actions Bot) - [`e349265`](https://redirect.github.com/eslint/eslint/commit/e349265cb37f3ebc837e178e48a725bb782bd870) docs: clarify semver strings in rule deprecation objects ([#20885](https://redirect.github.com/eslint/eslint/issues/20885)) (Milos Djermanovic) #### Chores - [`b0e466b`](https://redirect.github.com/eslint/eslint/commit/b0e466b6ab47bfc7de43d8de0c315d8ee83aa584) test: add `data` property to invalid tests cases for rules ([#20924](https://redirect.github.com/eslint/eslint/issues/20924)) (Tanuj Kanti) - [`f78838b`](https://redirect.github.com/eslint/eslint/commit/f78838bc4c86d487e1bcc7cede260c4467721c46) test: add CodePath type coverage ([#20904](https://redirect.github.com/eslint/eslint/issues/20904)) (Pixel998) - [`1daa4bd`](https://redirect.github.com/eslint/eslint/commit/1daa4bd734b79a62e317d0394394a6b38cff49f9) chore: update `eslint-plugin-eslint-comments` test data to latest commit ([#20922](https://redirect.github.com/eslint/eslint/issues/20922)) (Francesco Trotta) - [`002942c`](https://redirect.github.com/eslint/eslint/commit/002942ce988ea28b78e0a2f3b074081e638b552c) ci: declare contents:read on update-readme workflow ([#20919](https://redirect.github.com/eslint/eslint/issues/20919)) (Arpit Jain) - [`64bca24`](https://redirect.github.com/eslint/eslint/commit/64bca24e7bed35bc3c864fc625cb2d89eca87d5b) chore: update ecosystem plugins ([#20912](https://redirect.github.com/eslint/eslint/issues/20912)) (ESLint Bot) - [`6d7c832`](https://redirect.github.com/eslint/eslint/commit/6d7c832950d5e92499d88e504080661f888f8f56) chore: ignore fflate updates in renovate ([#20908](https://redirect.github.com/eslint/eslint/issues/20908)) (Pixel998) - [`b2c8638`](https://redirect.github.com/eslint/eslint/commit/b2c86382164d87c6203b78d52068cd6a2a6ffe30) ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 ([#20889](https://redirect.github.com/eslint/eslint/issues/20889)) (dependabot\[bot]) - [`a9b8d7f`](https://redirect.github.com/eslint/eslint/commit/a9b8d7f74c50211701cfc49710fa541fd91b2aa5) chore: increase maxBuffer for ecosystem tests ([#20881](https://redirect.github.com/eslint/eslint/issues/20881)) (sethamus) - [`b702ead`](https://redirect.github.com/eslint/eslint/commit/b702ead5e1ed7cb9f28238a454797662efb37396) chore: update ecosystem update PR settings ([#20884](https://redirect.github.com/eslint/eslint/issues/20884)) (Pixel998) - [`507f60e`](https://redirect.github.com/eslint/eslint/commit/507f60e9a78c9a902bc8759f066ae17a1ea6cd81) chore: update ecosystem plugins ([#20882](https://redirect.github.com/eslint/eslint/issues/20882)) (ESLint Bot) - [`92f5c5b`](https://redirect.github.com/eslint/eslint/commit/92f5c5bb6bf3a5d167c8ee53a430833410295c6d) test: add unit test for message-count ([#20878](https://redirect.github.com/eslint/eslint/issues/20878)) (kuldeep kumar) - [`df32108`](https://redirect.github.com/eslint/eslint/commit/df321080af5758b1fa25e4b9a40e26135642dd6e) chore: add [@eslint/markdown](https://redirect.github.com/eslint/markdown) and typescript-eslint ecosystem tests ([#20837](https://redirect.github.com/eslint/eslint/issues/20837)) (sethamus) - [`327f91d`](https://redirect.github.com/eslint/eslint/commit/327f91d36aa49f2a50ded931d841a16374fd875f) chore: use includeIgnoreFile internally ([#20876](https://redirect.github.com/eslint/eslint/issues/20876)) (Kirk Waiblinger) - [`f0dc4bd`](https://redirect.github.com/eslint/eslint/commit/f0dc4bd893fb3a9f44e4ddc3ad7063ffb0beacd3) chore: pin fflate\@0.8.2 ([#20877](https://redirect.github.com/eslint/eslint/issues/20877)) (Milos Djermanovic) - [`0f4bd25`](https://redirect.github.com/eslint/eslint/commit/0f4bd257a67a082b756de746d9e0c4842ab764ca) ci: run Discord alert for ecosystem test failures ([#20873](https://redirect.github.com/eslint/eslint/issues/20873)) (Copilot) </details> <details> <summary>import-js/eslint-import-resolver-typescript (eslint-import-resolver-typescript)</summary> ### [`v4.4.5`](https://redirect.github.com/import-js/eslint-import-resolver-typescript/blob/HEAD/CHANGELOG.md#445) [Compare Source](https://redirect.github.com/import-js/eslint-import-resolver-typescript/compare/v4.4.4...v4.4.5) ##### Patch Changes - [#473](https://redirect.github.com/import-js/eslint-import-resolver-typescript/pull/473) [`32c61ab`](https://redirect.github.com/import-js/eslint-import-resolver-typescript/commit/32c61abccf26bd2a2267f2e0e67d82e6f88d149a) Thanks [@leey0818](https://redirect.github.com/leey0818)! - fix: check tsconfig matching before using resolver </details> <details> <summary>future-architect/eslint-plugin-vue-scoped-css (eslint-plugin-vue-scoped-css)</summary> ### [`v3.1.1`](https://redirect.github.com/future-architect/eslint-plugin-vue-scoped-css/blob/HEAD/CHANGELOG.md#311) [Compare Source](https://redirect.github.com/future-architect/eslint-plugin-vue-scoped-css/compare/v3.1.0...v3.1.1) ##### Patch Changes - Fix false positives in `vue-scoped-css/require-selector-used-inside` for selectors that start with ignored pseudo-classes such as `:has(...)`. ([#496](https://redirect.github.com/future-architect/eslint-plugin-vue-scoped-css/pull/496)) </details> <details> <summary>nodeca/js-yaml (js-yaml)</summary> ### [`v4.2.0`](https://redirect.github.com/nodeca/js-yaml/blob/HEAD/CHANGELOG.md#420---2026-06-01) [Compare Source](https://redirect.github.com/nodeca/js-yaml/compare/4.1.1...590dbabadd172b099c07654fab2eabec8c7a07b9) ##### Added - Added `docs/safety.md` with notes about processing untrusted YAML. - Added `maxDepth` (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow. - Added `maxMergeSeqLength` (20) loader option. Not a problem after `merge` fix, but an additional restriction for safety. - Added sourcemaps to `dist/` builds. ##### Changed - Stop resolving numbers with underscores as numeric scalars, [#627](https://redirect.github.com/nodeca/js-yaml/issues/627). - Switched dev toolchains to Vite / neostandard. - Updated demo. - Reorganized tests. - `dist/` files are no longer kept in the repository. ##### Fixed - Fix parsing of properties on the first implicit block mapping key, [#62](https://redirect.github.com/nodeca/js-yaml/issues/62). - Fix trailing whitespace handling when folding flow scalar lines, [#307](https://redirect.github.com/nodeca/js-yaml/issues/307). - Reject top-level block scalars without content indentation, [#280](https://redirect.github.com/nodeca/js-yaml/issues/280). - Ensure numbers survive round-trip, [#737](https://redirect.github.com/nodeca/js-yaml/issues/737). - Fix test coverage for issue [#221](https://redirect.github.com/nodeca/js-yaml/issues/221). - Fix flow scalar trailing whitespace folding, [#307](https://redirect.github.com/nodeca/js-yaml/issues/307). - Fix digits in YAML named tag handles. ##### Security - Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K). </details> <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v11.5.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1151) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.5.0...v11.5.1) ##### Patch Changes - Improve `pnpm audit` performance by pruning non-vulnerable lockfile subtrees and stopping path enumeration once vulnerable findings reach the path cap. - Avoid crashing when the workspace state cache is partially written or malformed. - Set `npm_config_user_agent` for root lifecycle scripts during headless installs. - Preserve the `integrity` field of a remote (non-registry) tarball dependency when its lockfile entry is rebuilt. Re-resolving such a dependency without re-fetching it (for example via `pnpm update`, or when another dependency changes) produced a resolution with no integrity — URL/tarball resolvers only learn the integrity after the tarball is downloaded — so the previously recorded integrity was dropped, making later installs fail with `ERR_PNPM_MISSING_TARBALL_INTEGRITY` [#12067](https://redirect.github.com/pnpm/pnpm/issues/12067). - Normalize a string `repository` field into the `{ type, url }` object form when creating the publish manifest, matching npm's behavior. Some registries (e.g. Gitea/Codeberg) reject a string `repository` with a 500 Internal Server Error during `pnpm publish` [#12099](https://redirect.github.com/pnpm/pnpm/issues/12099). - Preserve compatible optional peer versions already present in the lockfile when resolving dependencies. - Fixed inconsistent resolution of a peer dependency that is shared through a diamond. When a package peer-depends on both another package and one of that package's own peer dependencies (for example `@typescript-eslint/eslint-plugin` peer-depends on both `@typescript-eslint/parser` and `typescript`, and `@typescript-eslint/parser` peer-depends on `typescript`), pnpm no longer reuses a hoisted instance of the shared peer that was resolved against a different version [#12079](https://redirect.github.com/pnpm/pnpm/issues/12079). ### [`v11.5.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1150) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.4.0...v11.5.0) ##### Minor Changes - Added a new `hoistingLimits` setting for `nodeLinker: hoisted` installs, mirroring yarn's `nmHoistingLimits`. It accepts `none` (the default — hoist as far as possible), `workspaces` (hoist only as far as each workspace package), or `dependencies` (hoist only up to each workspace package's direct dependencies). Originally proposed in [#6468](https://redirect.github.com/pnpm/pnpm/pull/6468), closing [#6457](https://redirect.github.com/pnpm/pnpm/issues/6457). - Replaced `enquirer` with `@inquirer/prompts` for all interactive prompts. Fixes the `update -i` scrolling overflow bug where long choice lists were clipped in the terminal [#6643](https://redirect.github.com/pnpm/pnpm/issues/6643). User-facing changes: - `pnpm update -i` / `pnpm update -i --latest`: Scrolling now works correctly when many packages are available; the new library uses visual-line-aware pagination via `usePagination` - `pnpm audit --fix -i`: Same scrolling fix for vulnerability selection - `pnpm approve-builds`: Interactive build approval prompts updated - `pnpm patch`: Version selection and "apply to all" prompts updated - `pnpm patch-remove`: Patch removal selection updated - `pnpm publish`: Branch confirmation prompt updated - `pnpm login`: Credential prompts updated - `pnpm run` / `pnpm exec` (with `verifyDepsBeforeRun=prompt`): Confirmation prompt updated Vim-style `j`/`k` keys still work for up/down navigation in all interactive prompts. Internal: The `OtpEnquirer` and `LoginEnquirer` DI interfaces changed from `{ prompt }` to `{ input }` / `{ input, password }` respectively. Plugins or custom builds that inject their own enquirer mock will need to update. - Staged publishes are now recognized in the trust scale. When a package version's registry metadata carries an `approver` field, it is treated as the strongest trust evidence (ranked above trusted publishers and provenance attestations), since staged publishes require 2FA publish approvals. This prevents false-positive trust downgrade errors when moving from a staged publish to a lower trust level [#11887](https://redirect.github.com/pnpm/pnpm/issues/11887). ##### Patch Changes - Fix pnpm hanging during peer resolution when an aliased install pulls in transitive packages with mutual peer cycles at different depths in the dependency tree (for example, `pnpm i nuxt@npm:nuxt-nightly@5x`). Cycles whose members hit the `findHit` cache instead of running their own `calculateDepPath` are now short-circuited by sibling resolutions at the level where the cycle is detected, so the cached path promises no longer deadlock. [#11999](https://redirect.github.com/pnpm/pnpm/issues/11999). - Fix `pnpm dist-tag add` and `pnpm dist-tag rm` against npmjs.org failing without `--otp` with `[ERR_PNPM_UNAUTHORIZED] You must be logged in to set dist-tag … "You must provide a one-time pass. Upgrade your client to npm@latest in order to use 2FA."`. pnpm now sends `npm-auth-type: web` on dist-tag writes and surfaces the resulting OTP challenge through the existing browser-based 2FA flow (the same `withOtpHandling` helper used by `pnpm publish`), so the browser opens, the user authenticates, and the dist-tag is set on retry. `--otp=<code>` continues to work via the classic flow. - Fix `minimumReleaseAgeExclude` handling in npm resolution fast paths so excluded packages do not get pinned to stale versions. Excludes are honored consistently during `publishedBy` metadata selection and cache-mtime shortcuts. - Fix the `integrity` field being dropped from the lockfile entry of a remote (non-registry) https-tarball dependency when an unrelated package is installed afterwards. URL/tarball resolvers do not return an integrity (it is only known after the tarball is downloaded), so when such a dependency was reused from the lockfile without being re-fetched, its integrity was lost. It is now carried over from the existing resolution. With pnpm's lockfile-integrity hardening, the missing integrity made subsequent `--frozen-lockfile` installs fail with `ERR_PNPM_MISSING_TARBALL_INTEGRITY`. [#12001](https://redirect.github.com/pnpm/pnpm/issues/12001). - Skip dependency re-resolution when `pnpm-lock.yaml` is missing but `node_modules/.pnpm/lock.yaml` exists and still satisfies the manifest. `pnpm install` now reuses the materialized snapshot to regenerate `pnpm-lock.yaml` instead of walking the registry to rebuild it from scratch, turning the cache+node\_modules variation into a near-no-op for users who deleted the lockfile but kept the install [#11993](https://redirect.github.com/pnpm/pnpm/issues/11993). `--frozen-lockfile` still refuses to proceed when `pnpm-lock.yaml` is absent — the regenerated lockfile must be committed, so failing loudly is the correct behavior for CI. </details> <details> <summary>silverwind/rolldown-license-plugin (rolldown-license-plugin)</summary> ### [`v3.0.9`](https://redirect.github.com/silverwind/rolldown-license-plugin/releases/tag/3.0.9) [Compare Source](https://redirect.github.com/silverwind/rolldown-license-plugin/compare/3.0.8...3.0.9) - update deps (silverwind) - make: collapse patch/minor/major into one rule (silverwind) - simplify generateBundle: pair dir+raw, rename shadow, inline single-use const (silverwind) - make update a combination target, split out update-js (silverwind) - add update-actions make target (silverwind) - remove authorship attribution rule from AGENTS.md (silverwind) - docs: use defineConfig in README usage example (silverwind) </details> <details> <summary>typescript-eslint/typescript-eslint (typescript-eslint)</summary> ### [`v8.60.1`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8601-2026-06-01) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.60.0...v8.60.1) This was a version bump only for typescript-eslint to align it with other projects, there were no code changes. See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.60.1) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>silverwind/updates (updates)</summary> ### [`v17.17.3`](https://redirect.github.com/silverwind/updates/releases/tag/17.17.3) [Compare Source](https://redirect.github.com/silverwind/updates/compare/17.17.2...17.17.3) - fix prerelease drop in updateVersionRange and scope regex (silverwind) - fix 1.2.x ranges, docker tag corruption, and per-file cooldown (silverwind) - fix go +incompatible, cargo inline-table, and prerelease selection (silverwind) - fix --pin range parsing, url tag deps, and -s flag docs (silverwind) - make update a combination target, split out update-js (silverwind) - add update-actions make target (silverwind) - remove authorship attribution rule from AGENTS.md (silverwind) </details> <details> <summary>vitejs/vite (vite)</summary> ### [`v8.0.16`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8016-2026-06-01-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v8.0.15...v8.0.16) ##### Bug Fixes - deps: reject UNC paths for launch-editor-middleware ([#22571](https://redirect.github.com/vitejs/vite/issues/22571)) ([50b9512](https://redirect.github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9)) - reject windows alternate paths ([#22572](https://redirect.github.com/vitejs/vite/issues/22572)) ([dc245c7](https://redirect.github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546)) ### [`v8.0.15`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8015-2026-06-01-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v8.0.14...v8.0.15) ##### Features - send 408 on request timeout ([#22476](https://redirect.github.com/vitejs/vite/issues/22476)) ([c85c9ee](https://redirect.github.com/vitejs/vite/commit/c85c9eeb9aaf41f477b48b057146887bd5620797)) - update rolldown to 1.0.3 ([#22538](https://redirect.github.com/vitejs/vite/issues/22538)) ([646dbed](https://redirect.github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575)) ##### Bug Fixes - capitalize error messages and remove spurious space in parse error ([#22488](https://redirect.github.com/vitejs/vite/issues/22488)) ([85a0eff](https://redirect.github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3)) - deps: update all non-major dependencies ([#22511](https://redirect.github.com/vitejs/vite/issues/22511)) ([2686d7d](https://redirect.github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa)) - dev: fix html-proxy cache key mismatch for /@fs/ HTML paths ([#21762](https://redirect.github.com/vitejs/vite/issues/21762)) ([47c4213](https://redirect.github.com/vitejs/vite/commit/47c4213f134f562c41ed7c031e4788510cf7e31e)) - glob: error on relative glob in virtual module when no files match ([#22497](https://redirect.github.com/vitejs/vite/issues/22497)) ([5c8e98f](https://redirect.github.com/vitejs/vite/commit/5c8e98f8b584ac5d42f0f9b8580c49792213b13c)) - optimizer: close the rolldown bundle when write() rejects ([#22528](https://redirect.github.com/vitejs/vite/issues/22528)) ([e3cfb9d](https://redirect.github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815)) - resolve: provide onWarn for viteResolvePlugin in JS plugin containers ([#22509](https://redirect.github.com/vitejs/vite/issues/22509)) ([40985f1](https://redirect.github.com/vitejs/vite/commit/40985f1c09b7696e594e6c5695fbc315d2da2c83)) ##### Miscellaneous Chores - deps: update rolldown-related dependencies ([#22566](https://redirect.github.com/vitejs/vite/issues/22566)) ([3052a67](https://redirect.github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd)) ##### Code Refactoring - correct logic in `collectAllModules` function ([#22562](https://redirect.github.com/vitejs/vite/issues/22562)) ([6978a9c](https://redirect.github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c)) </details> <details> <summary>vitest-dev/vitest (vitest)</summary> ### [`v4.1.8`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v4.1.8) [Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8) ##### 🐞 Bug Fixes - browser: - Disable client `cdp` API when `allowWrite/allowExec: false` \[backport to v4] - by [@hi-ogawa](https://redirect.github.com/hi-ogawa) and Codex in [#10450](https://redirect.github.com/vitest-dev/vitest/issues/10450) [<samp>(e4067)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e4067b3b1) - Remove orphaned Playwright route when same module is mocked via multiple ids \[backport to v4] - by [@toxik](https://redirect.github.com/toxik) and [@Zelys-DFKH](https://redirect.github.com/Zelys-DFKH) in [#10474](https://redirect.github.com/vitest-dev/vitest/issues/10474) [<samp>(675b4)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/675b4343f) ##### [View changes on GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8) </details> <details> <summary>vuejs/language-tools (vue-tsc)</summary> ### [`v3.3.3`](https://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#333-2026-05-30) [Compare Source](https://redirect.github.com/vuejs/language-tools/compare/v3.3.2...v3.3.3) ##### vscode - fix: prevent grammar scopes leakage in capitalized tags ([#6073](https://redirect.github.com/vuejs/language-tools/issues/6073)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - fix: preserve TS auto imports behavior in Vue files ([#6072](https://redirect.github.com/vuejs/language-tools/issues/6072)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ##### workspace - fix: read PR title from env in `auto-version` workflow to prevent injection ([#6074](https://redirect.github.com/vuejs/language-tools/issues/6074)) - Thanks to [@arpitjain099](https://redirect.github.com/arpitjain099)! </details> --- ### Configuration 📅 Schedule: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: bircni <bircni@icloud.com>	2026-06-08 06:03:55 +00:00
Giteabot	798578115b	fix(deps): update npm dependencies, remove nolyfill (#37968 ) This PR contains the following updates: \| Package \| Change \| [Age](https://docs.renovatebot.com/merge-confidence/) \| [Confidence](https://docs.renovatebot.com/merge-confidence/) \| \|---\|---\|---\|---\| \| [@eslint-community/eslint-plugin-eslint-comments](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments) \| [`4.7.1` → `4.7.2`](https://renovatebot.com/diffs/npm/@eslint-community%2feslint-plugin-eslint-comments/4.7.1/4.7.2) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@eslint-community%2feslint-plugin-eslint-comments/4.7.2?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@eslint-community%2feslint-plugin-eslint-comments/4.7.1/4.7.2?slim=true) \| \| [@primer/octicons](https://primer.style/octicons) ([source](https://redirect.github.com/primer/octicons)) \| [`19.26.0` → `19.27.0`](https://renovatebot.com/diffs/npm/@primer%2focticons/19.26.0/19.27.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@primer%2focticons/19.27.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@primer%2focticons/19.26.0/19.27.0?slim=true) \| \| [@typescript-eslint/parser](https://typescript-eslint.io/packages/parser) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)) \| [`8.59.4` → `8.60.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.59.4/8.60.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@typescript-eslint%2fparser/8.60.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@typescript-eslint%2fparser/8.59.4/8.60.0?slim=true) \| \| [@vitest/eslint-plugin](https://redirect.github.com/vitest-dev/eslint-plugin-vitest) \| [`1.6.17` → `1.6.18`](https://renovatebot.com/diffs/npm/@vitest%2feslint-plugin/1.6.17/1.6.18) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@vitest%2feslint-plugin/1.6.18?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitest%2feslint-plugin/1.6.17/1.6.18?slim=true) \| \| [dayjs](https://day.js.org) ([source](https://redirect.github.com/iamkun/dayjs)) \| [`1.11.20` → `1.11.21`](https://renovatebot.com/diffs/npm/dayjs/1.11.20/1.11.21) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.21?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.20/1.11.21?slim=true) \| \| [katex](https://katex.org) ([source](https://redirect.github.com/KaTeX/KaTeX)) \| [`0.16.47` → `0.17.0`](https://renovatebot.com/diffs/npm/katex/0.16.47/0.17.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/katex/0.17.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/katex/0.16.47/0.17.0?slim=true) \| \| [material-icon-theme](https://redirect.github.com/material-extensions/vscode-material-icon-theme/blob/main/README.md) ([source](https://redirect.github.com/material-extensions/vscode-material-icon-theme)) \| [`5.34.0` → `5.35.0`](https://renovatebot.com/diffs/npm/material-icon-theme/5.34.0/5.35.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/material-icon-theme/5.35.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/material-icon-theme/5.34.0/5.35.0?slim=true) \| \| [pnpm](https://pnpm.io) ([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) \| [`11.2.1` → `11.4.0`](https://renovatebot.com/diffs/npm/pnpm/11.2.1/11.4.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/11.4.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/11.2.1/11.4.0?slim=true) \| \| [rolldown-license-plugin](https://redirect.github.com/silverwind/rolldown-license-plugin) \| [`3.0.7` → `3.0.8`](https://renovatebot.com/diffs/npm/rolldown-license-plugin/3.0.7/3.0.8) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/rolldown-license-plugin/3.0.8?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/rolldown-license-plugin/3.0.7/3.0.8?slim=true) \| \| [typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)) \| [`8.59.4` → `8.60.0`](https://renovatebot.com/diffs/npm/typescript-eslint/8.59.4/8.60.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/typescript-eslint/8.60.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript-eslint/8.59.4/8.60.0?slim=true) \| \| [updates](https://redirect.github.com/silverwind/updates) \| [`17.16.13` → `17.17.2`](https://renovatebot.com/diffs/npm/updates/17.16.13/17.17.2) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/updates/17.17.2?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/updates/17.16.13/17.17.2?slim=true) \| \| [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) \| [`8.0.13` → `8.0.14`](https://renovatebot.com/diffs/npm/vite/8.0.13/8.0.14) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vite/8.0.14?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/8.0.13/8.0.14?slim=true) \| \| [vue](https://vuejs.org/) ([source](https://redirect.github.com/vuejs/core)) \| [`3.5.34` → `3.5.35`](https://renovatebot.com/diffs/npm/vue/3.5.34/3.5.35) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vue/3.5.35?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vue/3.5.34/3.5.35?slim=true) \| \| [vue-tsc](https://redirect.github.com/vuejs/language-tools) ([source](https://redirect.github.com/vuejs/language-tools/tree/HEAD/packages/tsc)) \| [`3.3.1` → `3.3.2`](https://renovatebot.com/diffs/npm/vue-tsc/3.3.1/3.3.2) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vue-tsc/3.3.2?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vue-tsc/3.3.1/3.3.2?slim=true) \| --- ### Release Notes <details> <summary>eslint-community/eslint-plugin-eslint-comments (@eslint-community/eslint-plugin-eslint-comments)</summary> ### [`v4.7.2`](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/releases/tag/v4.7.2) [Compare Source](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/compare/v4.7.1...v4.7.2) ##### Bug Fixes - deps: pin `modern-monaco` version to 0.4.0 ([#320](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/issues/320)) ([62a2c3a](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/commit/62a2c3a4ee304a8383f170369c9999198d9bdac8)) - docs: use `modern-monaco` instead of `monaco-editor` ([#311](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/issues/311)) ([42919d0](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/commit/42919d06d8a221e061de3ec98e35bf508ea2b5d2)) </details> <details> <summary>primer/octicons (@primer/octicons)</summary> ### [`v19.27.0`](https://redirect.github.com/primer/octicons/blob/HEAD/CHANGELOG.md#19270) [Compare Source](https://redirect.github.com/primer/octicons/compare/v19.26.0...v19.27.0) ##### Minor Changes - [#1203](https://redirect.github.com/primer/octicons/pull/1203) [`a69618e4`](https://redirect.github.com/primer/octicons/commit/a69618e4b64988784c9c0a06bbf809a3fa343642) Thanks [@ericwbailey](https://redirect.github.com/ericwbailey)! - Add flag icon ##### Patch Changes - [#1212](https://redirect.github.com/primer/octicons/pull/1212) [`02bd1ef8`](https://redirect.github.com/primer/octicons/commit/02bd1ef8d15abffaa45be8e00c5fbc896e276c54) Thanks [@ericwbailey](https://redirect.github.com/ericwbailey)! - remove hardcoded fill from flag icon </details> <details> <summary>typescript-eslint/typescript-eslint (@typescript-eslint/parser)</summary> ### [`v8.60.0`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8600-2026-05-25) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.4...v8.60.0) This was a version bump only for parser to align it with other projects, there were no code changes. See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.60.0) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>vitest-dev/eslint-plugin-vitest (@vitest/eslint-plugin)</summary> ### [`v1.6.18`](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/releases/tag/v1.6.18) [Compare Source](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.17...v1.6.18) ##### 🐞 Bug Fixes - Correct `requiresTypeChecking` metadata for four rules - by [@inglec-arista](https://redirect.github.com/inglec-arista) in [#905](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/issues/905) [<samp>(e06a3)</samp>](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/commit/e06a3dc) ##### [View changes on GitHub](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.17...v1.6.18) </details> <details> <summary>iamkun/dayjs (dayjs)</summary> ### [`v1.11.21`](https://redirect.github.com/iamkun/dayjs/blob/HEAD/CHANGELOG.md#11121-2026-05-26) [Compare Source](https://redirect.github.com/iamkun/dayjs/compare/v1.11.20...v1.11.21) ##### Bug Fixes - preserve unsupported year tokens in format ([#3015](https://redirect.github.com/iamkun/dayjs/issues/3015)) ([#3016](https://redirect.github.com/iamkun/dayjs/issues/3016)) ([8fda602](https://redirect.github.com/iamkun/dayjs/commit/8fda602beac5abbc64230ddc49085aa532320f26)) </details> <details> <summary>KaTeX/KaTeX (katex)</summary> ### [`v0.17.0`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#0170-2026-05-22) [Compare Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.47...v0.17.0) ##### Performance Improvements - simplify `defineFunction` to avoid destructuring, improve typing ([#4222](https://redirect.github.com/KaTeX/KaTeX/issues/4222)) ([fb604e6](https://redirect.github.com/KaTeX/KaTeX/commit/fb604e6ba63e99809e242d37f9c8359209d55431)) ##### BREAKING CHANGES - The internal API for `__defineFunction` changed: you should no longer wrap properties in `props`. #### [0.16.47](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.46...v0.16.47) (2026-05-16) ##### Bug Fixes - correct size of `[` big delimiter ([#4217](https://redirect.github.com/KaTeX/KaTeX/issues/4217)) ([7ba0027](https://redirect.github.com/KaTeX/KaTeX/commit/7ba0027d2f04abddd3b215362f867ab8260b09d7)), closes [#4215](https://redirect.github.com/KaTeX/KaTeX/issues/4215) #### [0.16.46](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.45...v0.16.46) (2026-05-13) ##### Bug Fixes - preserve math font in some styling commands ([#4214](https://redirect.github.com/KaTeX/KaTeX/issues/4214)) ([e9ee046](https://redirect.github.com/KaTeX/KaTeX/commit/e9ee0464ddb31da9bf9649eeb70e52236e7a974a)), closes [#4213](https://redirect.github.com/KaTeX/KaTeX/issues/4213) #### [0.16.45](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.44...v0.16.45) (2026-04-05) ##### Bug Fixes - wrap vcenter mpadded in mrow for valid MathML ([#4193](https://redirect.github.com/KaTeX/KaTeX/issues/4193)) ([ee66b78](https://redirect.github.com/KaTeX/KaTeX/commit/ee66b78d24340edbbd05b08a4a429ce9ed158b25)), closes [#4078](https://redirect.github.com/KaTeX/KaTeX/issues/4078) #### [0.16.44](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.43...v0.16.44) (2026-03-27) ##### Bug Fixes - remove extra \jot space at bottom of align/gather/etc. ([#4184](https://redirect.github.com/KaTeX/KaTeX/issues/4184)) ([3870ee9](https://redirect.github.com/KaTeX/KaTeX/commit/3870ee913e27fdde7bce244e4c6c5d63e2b28a62)) #### [0.16.43](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.42...v0.16.43) (2026-03-26) ##### Bug Fixes - use makeEm() consistently to truncate long CSS decimals ([#4181](https://redirect.github.com/KaTeX/KaTeX/issues/4181)) ([0967dcc](https://redirect.github.com/KaTeX/KaTeX/commit/0967dcc0278f20d4501a93f01c7343c70abb3fcd)) #### [0.16.42](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.41...v0.16.42) (2026-03-24) ##### Features - \underbracket and \overbracket ([#4147](https://redirect.github.com/KaTeX/KaTeX/issues/4147)) ([5be9abb](https://redirect.github.com/KaTeX/KaTeX/commit/5be9abb0b4d687a2a196b8adf9b5b9deeb60f7bc)) #### [0.16.41](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.40...v0.16.41) (2026-03-24) ##### Bug Fixes - \sout in text mode ([#4173](https://redirect.github.com/KaTeX/KaTeX/issues/4173)) ([e748578](https://redirect.github.com/KaTeX/KaTeX/commit/e748578b63e07ad30d5e404e60b04e5e794c0a5a)) #### [0.16.40](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.39...v0.16.40) (2026-03-20) ##### Bug Fixes - css: specify position: relative for .katex ([#4170](https://redirect.github.com/KaTeX/KaTeX/issues/4170)) ([020f0d8](https://redirect.github.com/KaTeX/KaTeX/commit/020f0d89567d59229bac5fc8d8f5832a9508a85f)) #### [0.16.39](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.38...v0.16.39) (2026-03-19) ##### Bug Fixes - middle dot in text mode ([#4169](https://redirect.github.com/KaTeX/KaTeX/issues/4169)) ([edb45b0](https://redirect.github.com/KaTeX/KaTeX/commit/edb45b0b17c7b33349ce5142fe39156da05cb4d8)), closes [#3641](https://redirect.github.com/KaTeX/KaTeX/issues/3641) #### [0.16.38](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.37...v0.16.38) (2026-03-08) ##### Bug Fixes - accent skew mixed with font specifiers ([#4159](https://redirect.github.com/KaTeX/KaTeX/issues/4159)) ([aea3375](https://redirect.github.com/KaTeX/KaTeX/commit/aea33758d6c98896017007d0244885301773856a)), closes [#4121](https://redirect.github.com/KaTeX/KaTeX/issues/4121) #### [0.16.37](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.36...v0.16.37) (2026-03-06) ##### Bug Fixes - negative-width `\hphantom` and symmetric `\smash` ([#4153](https://redirect.github.com/KaTeX/KaTeX/issues/4153)) ([d4799ca](https://redirect.github.com/KaTeX/KaTeX/commit/d4799cae585d909e2a4e3dedbebdc2f142998ca9)) #### [0.16.36](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.35...v0.16.36) (2026-03-06) ##### Bug Fixes - contrib esm bloat ([#4157](https://redirect.github.com/KaTeX/KaTeX/issues/4157)) ([2bde1ad](https://redirect.github.com/KaTeX/KaTeX/commit/2bde1adab2a23f61519145923329c915b04d4778)) #### [0.16.35](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.34...v0.16.35) (2026-03-05) ##### Bug Fixes - version number regression ([#4155](https://redirect.github.com/KaTeX/KaTeX/issues/4155)) ([db26b73](https://redirect.github.com/KaTeX/KaTeX/commit/db26b733805f2d0d71e82596475b313c8706557e)) #### [0.16.34](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.33...v0.16.34) (2026-03-05) ##### Bug Fixes - emoji with variation selector ([#4151](https://redirect.github.com/KaTeX/KaTeX/issues/4151)) ([c2606e5](https://redirect.github.com/KaTeX/KaTeX/commit/c2606e5db91ae199ee1ff0c8c2f7f9f70fcf589b)) #### [0.16.33](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.32...v0.16.33) (2026-02-23) ##### Bug Fixes - scss: forward variables to fonts module ([#4146](https://redirect.github.com/KaTeX/KaTeX/issues/4146)) ([9349a64](https://redirect.github.com/KaTeX/KaTeX/commit/9349a64a051ca408da713baf061e32ade80ed22a)) #### [0.16.32](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.31...v0.16.32) (2026-02-22) ##### Bug Fixes - italic separation in \mathnormal ([#4143](https://redirect.github.com/KaTeX/KaTeX/issues/4143)) ([71305a0](https://redirect.github.com/KaTeX/KaTeX/commit/71305a05140ca6203092bfdc14f689168b26ab8c)) #### [0.16.31](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.30...v0.16.31) (2026-02-22) ##### Bug Fixes - `\frac` sizing ([#4137](https://redirect.github.com/KaTeX/KaTeX/issues/4137)) ([ef51f18](https://redirect.github.com/KaTeX/KaTeX/commit/ef51f18ded4ab9ba54ba750f2866241c4676c41c)) #### [0.16.30](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.29...v0.16.30) (2026-02-22) ##### Bug Fixes - no line breaks after `\not` ([#4140](https://redirect.github.com/KaTeX/KaTeX/issues/4140)) ([2d1ba86](https://redirect.github.com/KaTeX/KaTeX/commit/2d1ba86143bd45540d5a773cfa456081318f3f33)) #### [0.16.29](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.28...v0.16.29) (2026-02-22) ##### Bug Fixes - `\imath` and other `\html@mathml` macros in arguments ([#4139](https://redirect.github.com/KaTeX/KaTeX/issues/4139)) ([a850cce](https://redirect.github.com/KaTeX/KaTeX/commit/a850cce7ccbf95a0b187313d1e54d8d40dfc7273)) #### [0.16.28](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.27...v0.16.28) (2026-01-25) ##### Bug Fixes - type:* add missing types definition path to package.json ([#4125](https://redirect.github.com/KaTeX/KaTeX/issues/4125)) ([0ef8921](https://redirect.github.com/KaTeX/KaTeX/commit/0ef8921d189346b0ff8f84a77f7f552349b76893)) #### [0.16.27](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.26...v0.16.27) (2025-12-07) ##### Features - support equals sign and surrounding whitespace in \htmlData attribute values ([#4112](https://redirect.github.com/KaTeX/KaTeX/issues/4112)) ([c77aaec](https://redirect.github.com/KaTeX/KaTeX/commit/c77aaec00c766f5bb02e332a1dc416b82a65fe8f)) #### [0.16.26](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.25...v0.16.26) (2025-12-07) ##### Bug Fixes - \mathop followed by integral symbol ([6fbad18](https://redirect.github.com/KaTeX/KaTeX/commit/6fbad18857351e4d2a88ed3e3348bd76caad9be3)) #### [0.16.25](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.24...v0.16.25) (2025-10-13) ##### Features - css: provide `katex-swap.css` that uses `font-display: swap` ([#3940](https://redirect.github.com/KaTeX/KaTeX/issues/3940)) ([b3f9ce6](https://redirect.github.com/KaTeX/KaTeX/commit/b3f9ce691e89a52dea7ec8f10cc6ed4ddc8fc161)), closes [#2242](https://redirect.github.com/KaTeX/KaTeX/issues/2242) #### [0.16.24](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.23...v0.16.24) (2025-10-12) ##### Features - support hex colors with alpha ([#4090](https://redirect.github.com/KaTeX/KaTeX/issues/4090)) ([8c9b306](https://redirect.github.com/KaTeX/KaTeX/commit/8c9b3063965acc0d6e6a0b6df4d051169de9e1a9)), closes [#4067](https://redirect.github.com/KaTeX/KaTeX/issues/4067) [#fA6](https://redirect.github.com/KaTeX/KaTeX/issues/fA6) [#fA6f1](https://redirect.github.com/KaTeX/KaTeX/issues/fA6f1) #### [0.16.23](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.22...v0.16.23) (2025-10-03) ##### Bug Fixes - Support `\def` with arguments via `macros` option ([#4087](https://redirect.github.com/KaTeX/KaTeX/issues/4087)) ([80a8158](https://redirect.github.com/KaTeX/KaTeX/commit/80a815856a8c26d78b3669e9c05fff00efe82247)) #### [0.16.22](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.21...v0.16.22) (2025-04-09) ##### Bug Fixes - \relax in base or exponent of super/subscript ([#4045](https://redirect.github.com/KaTeX/KaTeX/issues/4045)) ([1f43c84](https://redirect.github.com/KaTeX/KaTeX/commit/1f43c84a175fb689f8c8d1d72b1e8b896a8b43d1)) #### [0.16.21](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.20...v0.16.21) (2025-01-17) ##### Bug Fixes - escape \htmlData attribute name ([57914ad](https://redirect.github.com/KaTeX/KaTeX/commit/57914ad91eff401357f44bf364b136d37eba04f8)) #### [0.16.20](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.19...v0.16.20) (2025-01-12) ##### Bug Fixes - \providecommand does not overwrite existing macro ([#4000](https://redirect.github.com/KaTeX/KaTeX/issues/4000)) ([6d30fe4](https://redirect.github.com/KaTeX/KaTeX/commit/6d30fe47b06f9da9b836fe518d5cbbecf6a6a3a1)), closes [#3928](https://redirect.github.com/KaTeX/KaTeX/issues/3928) #### [0.16.19](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.18...v0.16.19) (2024-12-29) ##### Bug Fixes - types: improve `strict` function type ([#4009](https://redirect.github.com/KaTeX/KaTeX/issues/4009)) ([4228b4e](https://redirect.github.com/KaTeX/KaTeX/commit/4228b4eb529b8e35def66cc6e4fa467383b98c86)) #### [0.16.18](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.17...v0.16.18) (2024-12-18) ##### Bug Fixes - Actually publish TypeScript type definitions ([#4008](https://redirect.github.com/KaTeX/KaTeX/issues/4008)) ([629b873](https://redirect.github.com/KaTeX/KaTeX/commit/629b87354fdfc04a3769f09b69f6bbadebcb9ae8)) #### [0.16.17](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.16...v0.16.17) (2024-12-17) ##### Bug Fixes - MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM ([#3999](https://redirect.github.com/KaTeX/KaTeX/issues/3999)) ([7d79e22](https://redirect.github.com/KaTeX/KaTeX/commit/7d79e220f465c42d4334dc95f1c41e333667e168)), closes [#3995](https://redirect.github.com/KaTeX/KaTeX/issues/3995) #### [0.16.16](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.15...v0.16.16) (2024-12-17) ##### Features - ESM exports, TypeScript types ([#3992](https://redirect.github.com/KaTeX/KaTeX/issues/3992)) ([ea9c173](https://redirect.github.com/KaTeX/KaTeX/commit/ea9c173a0de953b49b2ce5d131e88b785f5dffa1)) #### [0.16.15](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.14...v0.16.15) (2024-12-09) ##### Features - italic sans-serif in math mode via `\mathsfit` command ([#3998](https://redirect.github.com/KaTeX/KaTeX/issues/3998)) ([2218901](https://redirect.github.com/KaTeX/KaTeX/commit/22189018b63c9312ec4ad126804514a7390d60b5)) #### [0.16.14](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.13...v0.16.14) (2024-12-08) ##### Features - \dddot and \ddddot support ([#3834](https://redirect.github.com/KaTeX/KaTeX/issues/3834)) ([bda35cd](https://redirect.github.com/KaTeX/KaTeX/commit/bda35cdb0a6bbbc52dd27c79e4d984688be3b745)), closes [#2744](https://redirect.github.com/KaTeX/KaTeX/issues/2744) #### [0.16.13](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.12...v0.16.13) (2024-12-08) ##### Bug Fixes - `\vdots` and `\rule` support in text mode ([#3997](https://redirect.github.com/KaTeX/KaTeX/issues/3997)) ([0e08352](https://redirect.github.com/KaTeX/KaTeX/commit/0e0835262345d991df61a435800a16b069a4d5c7)), closes [#3990](https://redirect.github.com/KaTeX/KaTeX/issues/3990) #### [0.16.12](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.11...v0.16.12) (2024-12-08) ##### Features - css: configurable margin for display math ([#3638](https://redirect.github.com/KaTeX/KaTeX/issues/3638)) ([3405001](https://redirect.github.com/KaTeX/KaTeX/commit/3405001225b8ee0cf8b35b2e3a6c1fa2191e5fef)) #### [0.16.11](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.10...v0.16.11) (2024-07-02) ##### Features - add \emph ([#3963](https://redirect.github.com/KaTeX/KaTeX/issues/3963)) ([9f34da4](https://redirect.github.com/KaTeX/KaTeX/commit/9f34da4b3cf228a7af8134c394394d780a089f2b)), closes [#3566](https://redirect.github.com/KaTeX/KaTeX/issues/3566) #### [0.16.10](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.9...v0.16.10) (2024-03-24) ##### Bug Fixes - \edef bypassing maxExpand via exponential blowup ([e88b4c3](https://redirect.github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34)) - escape \includegraphics src and alt ([c5897fc](https://redirect.github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770)) - force protocol to be lowercase for better protocol filtering ([fc5af64](https://redirect.github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de)), closes [/datatracker.ietf.org/doc/html/rfc3986#section-3](https://redirect.github.com//datatracker.ietf.org/doc/html/rfc3986/issues/section-3) - maxExpand limit with Unicode sub/superscripts ([085e21b](https://redirect.github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2)) #### [0.16.9](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.8...v0.16.9) (2023-10-02) ##### Features - Support bold Fraktur ([#3777](https://redirect.github.com/KaTeX/KaTeX/issues/3777)) ([`240d5ae`](https://redirect.github.com/KaTeX/KaTeX/commit/240d5aede915e0303929a9328745b1060e12004a)) #### [0.16.8](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.7...v0.16.8) (2023-06-24) ##### Features - expose error length and raw error message on ParseError ([#3820](https://redirect.github.com/KaTeX/KaTeX/issues/3820)) ([710774a](https://redirect.github.com/KaTeX/KaTeX/commit/710774aaebb38f43b1ec51c159fe9b9520c91424)) #### [0.16.7](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.6...v0.16.7) (2023-04-28) ##### Bug Fixes - docs/support\_table.md: delete redundant "varPsi" ([#3814](https://redirect.github.com/KaTeX/KaTeX/issues/3814)) ([33a1b98](https://redirect.github.com/KaTeX/KaTeX/commit/33a1b98710c880d2d4a67aa0048f027a94b85702)) #### [0.16.6](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.5...v0.16.6) (2023-04-17) ##### Bug Fixes - Support `\let` via `macros` option ([#3738](https://redirect.github.com/KaTeX/KaTeX/issues/3738)) ([bdb0be2](https://redirect.github.com/KaTeX/KaTeX/commit/bdb0be201794d22adaee05438b07a2830efea9da)), closes [#3737](https://redirect.github.com/KaTeX/KaTeX/issues/3737) [#3737](https://redirect.github.com/KaTeX/KaTeX/issues/3737) #### [0.16.5](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.4...v0.16.5) (2023-04-17) ##### Features - \_\_defineFunction API exposing internal defineFunction ([#3805](https://redirect.github.com/KaTeX/KaTeX/issues/3805)) ([c7b1f84](https://redirect.github.com/KaTeX/KaTeX/commit/c7b1f84b7801a29dffdfa3db0ff35de289db80c0)), closes [#3756](https://redirect.github.com/KaTeX/KaTeX/issues/3756) #### [0.16.4](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.3...v0.16.4) (2022-12-07) ##### Bug Fixes - space should prevent optional argument to \ ([#3746](https://redirect.github.com/KaTeX/KaTeX/issues/3746)) ([a0deb34](https://redirect.github.com/KaTeX/KaTeX/commit/a0deb3410fd92340556fc4c9edb8ab586077e5bf)), closes [#3745](https://redirect.github.com/KaTeX/KaTeX/issues/3745) #### [0.16.3](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.2...v0.16.3) (2022-10-22) ##### Bug Fixes - \hline after \cr ([#3735](https://redirect.github.com/KaTeX/KaTeX/issues/3735)) ([ebf6bf5](https://redirect.github.com/KaTeX/KaTeX/commit/ebf6bf5b50a98ac6c5aca1896c0a6ba985c1c91c)), closes [#3734](https://redirect.github.com/KaTeX/KaTeX/issues/3734) #### [0.16.2](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.1...v0.16.2) (2022-08-29) ##### Bug Fixes - auto-render: concatenate content of successive text nodes ([#3422](https://redirect.github.com/KaTeX/KaTeX/issues/3422)) ([4d3fdd8](https://redirect.github.com/KaTeX/KaTeX/commit/4d3fdd8647a1c320dc7bcb9c9ea2af81379f700d)) - Implement \pmb via CSS text-shadow ([#3505](https://redirect.github.com/KaTeX/KaTeX/issues/3505)) ([176552a](https://redirect.github.com/KaTeX/KaTeX/commit/176552a69183d71425b491d4cc2fa1d462a1246a)) #### [0.16.1](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.0...v0.16.1) (2022-08-28) ##### Bug Fixes - Use SVGs for some stacked delims ([#3686](https://redirect.github.com/KaTeX/KaTeX/issues/3686)) ([8a65a2e](https://redirect.github.com/KaTeX/KaTeX/commit/8a65a2e1fd69ffeee2fac62229f9f05ebf6afd45)) </details> <details> <summary>material-extensions/vscode-material-icon-theme (material-icon-theme)</summary> ### [`v5.35.0`](https://redirect.github.com/material-extensions/vscode-material-icon-theme/blob/HEAD/CHANGELOG.md#v5350) [Compare Source](https://redirect.github.com/material-extensions/vscode-material-icon-theme/compare/v5.34.0...v5.35.0) [compare changes](https://redirect.github.com/material-extensions/vscode-material-icon-theme/compare/v5.34.0...v5.35.0) ##### 🚀 Enhancements - Add CAD file extensions to 3d icon mapping ([#3436](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3436)) - Add tsdown icon ([#3418](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3418)) - Add new icons for mrpack ([#3439](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3439)) - Add support for vercel.ts icon (typed Vercel configuration) ([#3441](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3441)) - Support jxl image file type ([#3444](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3444)) - Add uiua file icon ([#3408](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3408)) - Add folder associations for rust/cargo projects ([#3447](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3447)) - icon: Add zed folder icon ([#3442](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3442)) - icon: Add redis icon ([#3450](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3450)) - Add more unit tests for writefile helper function ([9e4c98aa](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/9e4c98aa)) - Include language IDs into the file icons ([c9a9d2ed](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/c9a9d2ed)) - Update dependencies ([d7274c71](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/d7274c71)) ##### 🩹 Fixes - Add rootDir to tsconfig.declarations.json for TypeScript 6 ([4f7f49e9](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/4f7f49e9)) - Correct typos in CONTRIBUTING.md ([4de4acf7](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/4de4acf7)) ##### 💅 Refactors - core: Rewrite toTitleCase for clarity and add tests ([33c0e614](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/33c0e614)) - Remove duplicate toTitleCase, consolidate imports ([e247951d](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/e247951d)) ##### 🏡 Chore - Improve release process ([b959b483](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/b959b483)) ##### ✅ Tests - core: Add comprehensive tests for object helpers ([57f476c5](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/57f476c5)) ##### ❤️ Contributors - Philipp Kief ([@PKief](https://redirect.github.com/PKief)) - Sayan Shankhari ([@SayanShankhari](https://redirect.github.com/SayanShankhari)) - Tymon Marek ([@TymonMarek](https://redirect.github.com/TymonMarek)) - Unteksi-ozar ([@Unteksi-ozar](https://redirect.github.com/Unteksi-ozar)) - 锐冰 SharpIce ([@SharpIceX](https://redirect.github.com/SharpIceX)) - El Mahdi Bennajah ([@bennajah](https://redirect.github.com/bennajah)) - Glitch714 ([@glitchplaysgames714](https://redirect.github.com/glitchplaysgames714)) - Andrin Haldner ([@AHaldner](https://redirect.github.com/AHaldner)) - Kaden Gruizenga ([@kgruiz](https://redirect.github.com/kgruiz)) </details> <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v11.4.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1140) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.3.0...v11.4.0) ##### Minor Changes - Treat tarball-integrity mismatches against the lockfile as a hard failure by default. Previously, `pnpm install` (non-frozen) would log `ERR_PNPM_TARBALL_INTEGRITY`, silently re-resolve from the registry, and overwrite the locked integrity — which meant a compromised registry, proxy, or republished version could substitute attacker-controlled content on a clean machine even though the project shipped a committed lockfile. `pnpm install` now exits with `ERR_PNPM_TARBALL_INTEGRITY` and a hint pointing at the new opt-in flag. The only opt-in is `pnpm install --update-checksums` — narrowly scoped to refreshing the locked integrity values from what the registry currently serves. Mirrors yarn's flag of the same name. A warning still prints when the bypass takes effect so the operation is auditable. `--force` and `pnpm update` deliberately do not bypass the integrity check. They are routine refresh operations; silently overwriting a locked integrity in those flows would erase the protection a committed lockfile is supposed to provide. `--frozen-lockfile` behavior is unchanged. `--fix-lockfile` keeps its documented purpose (filling in missing lockfile entries) and is also not a bypass. - `pnpm runtime set <name> <version>` now saves the runtime to `devEngines.runtime` by default instead of `engines.runtime`. Pass `--save-prod` (or `-P`) to save it to `engines.runtime` instead [#11948](https://redirect.github.com/pnpm/pnpm/issues/11948). ##### Patch Changes - Fix a credential disclosure issue where an unscoped `_authToken` (or `_auth`, or `username` + `_password`, or `tokenHelper`) defined in one source — `~/.npmrc`, `~/.config/pnpm/auth.ini`, a workspace `.npmrc`, CLI flags, etc. — would be sent as an `Authorization` header to whichever registry a different (potentially untrusted) source named. The same fix extends to client TLS credentials (`cert`, `key`) so they aren't presented to a registry their author didn't choose. pnpm now rewrites each unscoped per-registry setting (`_authToken`, `_auth`, `username`, `_password`, `tokenHelper`, `cert`, `key`) to its URL-scoped form at load time, using the `registry=` value declared in the same source (or the npmjs default registry if the source declares none). A later layer overriding `registry=` therefore cannot pull an unscoped credential along, because it is already pinned to the URL its author intended. `ca`/`cafile` are intentionally not rescoped — they're trust anchors, not credentials, and corporate MITM-proxy setups rely on them applying globally. Every rescope emits a deprecation warning telling the user where the setting was pinned and how to write it directly. npm has rejected unscoped credentials outright since `npm@9`, and pnpm intends to remove support in a future major release. To target a specific registry, write the setting URL-scoped (e.g. `//registry.example.com/:_authToken=...` or `//registry.example.com/:cert=...`). `@pnpm/network.auth-header`: removed the `defaultRegistry` parameter from `createGetAuthHeaderByURI` and `getAuthHeadersFromCreds`. Now that credentials are URL-scoped at load time, the merged `configByUri` never contains the empty-string "default registry" placeholder slot, so re-keying it onto the merged default registry is no longer needed. - Fix `pnpm deploy` crashing with `ENOENT: ... lstat '<deployDir>/node_modules'` when `configDependencies` declares pacquet (`pacquet` or `@pnpm/pacquet`). The deploy directory never installs config dependencies, so the install engine they designate isn't on disk to invoke; the nested install now skips them. - Reject git resolutions whose `commit` field is not a 40-character hexadecimal SHA before invoking `git`. A malicious lockfile could otherwise smuggle a value such as `--upload-pack=<command>` through `git fetch` / `git checkout`, which on SSH or local-file transports executes the supplied command. - Limit concurrent project manifest reads while listing large workspaces to avoid `EMFILE` errors. - Reject patch files whose `diff --git` headers reference paths outside the patched package directory. Previously a malicious `.patch` file added via a pull request could write, delete, or rename arbitrary files reachable by the user running `pnpm install`. - Improve the log message that pnpm prints after auto-adding entries to `minimumReleaseAgeExclude` when `minimumReleaseAge` is set without `minimumReleaseAgeStrict`. The message previously referred to the internal "loose mode" terminology, which wasn't searchable in the docs; it now tells the user to set `minimumReleaseAgeStrict` to `true` if they want these updates gated behind a prompt instead [#11747](https://redirect.github.com/pnpm/pnpm/issues/11747). - Reject dependency aliases that contain path-traversal segments (such as `@x/../../../../../.git/hooks`) when reading them from a package manifest or symlinking them into `node_modules`. A malicious registry package could otherwise use a transitive dependency key to make `pnpm install` create symlinks at attacker-chosen paths outside the intended `node_modules` directory. - Reject `pnpm-lock.yaml` entries whose remote tarball `resolution:` block is missing the `integrity` field. Previously the worker that extracts a downloaded tarball skipped hash verification when no integrity was supplied and minted a fresh one from the unverified bytes, so an attacker who could both alter the lockfile (e.g. via a pull request that strips `integrity:`) and serve modified content at the referenced tarball URL could install a tampered package without any error — including under `--frozen-lockfile`. pnpm now fails closed at lockfile-read time with `ERR_PNPM_MISSING_TARBALL_INTEGRITY`. Git-hosted tarballs (`gitHosted: true` or a URL on codeload.github.com / bitbucket.org / gitlab.com) and `file:` tarballs are exempt — the commit SHA in a git-host URL and the user-controlled local path already anchor the bytes. - Validate `devEngines.runtime` and `engines.runtime` version ranges for `node`, `deno`, and `bun` when `onFail` is set to `error` or `warn`. Previously these settings only had an effect with `onFail: 'download'` — the `error` and `warn` modes silently did nothing [#11818](https://redirect.github.com/pnpm/pnpm/issues/11818). Violations now throw `ERR_PNPM_BAD_RUNTIME_VERSION`. - Require provenance before treating trusted publisher metadata as the strongest trust evidence. ### [`v11.3.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1130) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.2.2...v11.3.0) ##### Minor Changes - Added `pnpm stage` with `publish`, `list`, `view`, `approve`, `reject`, and `download` subcommands for npm staged publishing. - Added a new setting `trustLockfile`. When `true`, `pnpm install` skips the supply-chain verification pass that re-applies `minimumReleaseAge` / `trustPolicy='no-downgrade'` to every entry in the loaded lockfile. The install treats the lockfile as already-trusted — useful for closed-source projects where every commit comes from a trusted author. Defaults to `false`; verification stays on by default. Set in `pnpm-workspace.yaml`. Also cut the memory footprint of the verification pass itself: the per-(registry, name) trust-meta cache previously retained the full packument — dependency graphs, scripts, README, and per-version manifests — for the entire install. On large workspaces (`~4k` lockfile entries with `minimumReleaseAge` + `trustPolicy: no-downgrade` enabled) this could OOM CI runners with a 2GB heap cap. The cache now stores only the fields the trust check actually reads (`time`, per-version `_npmUser.trustedPublisher`, `dist.attestations.provenance`). The abbreviated-metadata cache is similarly projected to just the package-level `modified` field and the set of currently-listed version names. Fixes [#11860](https://redirect.github.com/pnpm/pnpm/issues/11860). - Implemented `pnpm pkg` command natively, following `npm pkg` standards. - Implemented `pnpm repo` command natively, following `npm repo` standards. - Implemented `pnpm set-script` (alias `ss`) natively. Adds or updates an entry in the `scripts` field of the project manifest, supporting `package.json`, `package.json5`, and `package.yaml` formats. - Add a `skip-manifest-obfuscation` option for `pnpm pack` and `pnpm publish`. When enabled, the original `packageManager` field and publish lifecycle scripts are kept in the packed/published manifest instead of being stripped. The pnpm-specific `pnpm` field continues to be omitted. ##### Patch Changes - Fixed `pnpm dlx` failing with `ERR_PNPM_NO_IMPORTER_MANIFEST_FOUND` when the installed package's CAS slot is missing its `package.json`. Observed in the wild for `pnpm dlx node@runtime:<version>` when the GVS slot was populated without the synthesized manifest runtime archives need (they don't ship a `package.json` of their own, so the synthesized one is the only way it gets there; an existing slot from an earlier code path that skipped the synthesis stays incomplete). The bin link itself is wired up from the resolution and remains valid, so `dlx` now falls back to the scopeless package name when the slot's manifest is unreadable — for single-bin packages (the dlx common case, including every `runtime:` spec) this matches what `manifest.bin` would have named. Multi-bin packages already require `--package=<spec> <bin>` to disambiguate and don't enter this code path. - Fixed non-determinism in `pnpm dedupe` and `pnpm install` when a dependency graph contains packages with transitive peer dependencies on each other (e.g. `@aws-sdk/client-sts` and `@aws-sdk/client-sso-oidc`) and `auto-install-peers` is enabled. The lockfile no longer flips between two equally-valid forms across consecutive runs. The root cause was that `resolveDependencies` pushed onto its `pkgAddresses` / `postponedResolutionsQueue` arrays from inside `Promise.all`-spawned callbacks, so completion-order timing leaked into the array order and downstream cyclic-peer suffix assignment. Fixes [#8155](https://redirect.github.com/pnpm/pnpm/issues/8155). - Fixed a regression introduced by [#11711](https://redirect.github.com/pnpm/pnpm/pull/11711) where `pnpm add <github-shorthand>` (and any other wanted-dependency whose alias can't be parsed from the user-supplied spec, e.g. tarball URLs or `pnpm/test-git-fetch#sha`) was silently dropped from the manifest update and from `pendingBuilds`. The alias-keyed lookup added in that PR couldn't find a `wantedDependency` whose `alias` was `undefined` at parse time but resolved to a package name only after fetching, so the entry never made it into `specsToUpsert`. Restored the original index-based pairing between `directDependencies` and `wantedDependencies`; the catalog-protocol preservation that PR was originally fixing is unaffected because it's driven by `rdd.catalogLookup.userSpecifiedBareSpecifier`, not by the lookup. Fixes the three `rebuilds dependencies` / `rebuilds specific dependencies` / `rebuild with pending option` failures in `building/commands/test/build/index.ts`. - Fixed `pnpm add --config` leaving orphan entries in `pnpm-lock.env.yaml` (the optional subdependencies of the previously resolved version of the updated config dependency). ### [`v11.2.2`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1122) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.2.1...v11.2.2) ##### Patch Changes - When the install engine is delegated to pacquet via `configDependencies`, the user's CLI flags passed to `pnpm install` (e.g. `--no-runtime`, `--prod`, `--dev`, `--no-optional`, `--node-linker`, `--cpu`/`--os`/`--libc`, `--offline`, `--prefer-offline`) are now forwarded to pacquet's `install` subcommand verbatim. Previously pacquet was invoked with a fixed argument list, so flags like `--no-runtime` were silently dropped. Flag forwarding is gated on the command being `install`/`i`; `add`, `update`, and `dedupe` still don't forward (their flag surface doesn't line up with pacquet's `install`). - Fixed `pnpm up` (and `pnpm add` / `pnpm remove`) failing with `pacquet_package_manager::outdated_lockfile` when pacquet is declared in `configDependencies`. pnpm now passes `--ignore-manifest-check` to pacquet so its `--frozen-lockfile` check doesn't fire against the (pre-mutation) `package.json` pnpm hasn't written yet [#11797](https://redirect.github.com/pnpm/pnpm/issues/11797). Requires a pacquet release that supports the flag — bump `PACQUET_VERSION` in the e2e tests once it ships. </details> <details> <summary>silverwind/rolldown-license-plugin (rolldown-license-plugin)</summary> ### [`v3.0.8`](https://redirect.github.com/silverwind/rolldown-license-plugin/releases/tag/3.0.8) [Compare Source](https://redirect.github.com/silverwind/rolldown-license-plugin/compare/3.0.7...3.0.8) - update deps (silverwind) - swap path.join for template concat in I/O hot paths (silverwind) - simplify license sort and allow-branch control flow (silverwind) </details> <details> <summary>typescript-eslint/typescript-eslint (typescript-eslint)</summary> ### [`v8.60.0`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8600-2026-05-25) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.4...v8.60.0) This was a version bump only for typescript-eslint to align it with other projects, there were no code changes. See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.60.0) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>silverwind/updates (updates)</summary> ### [`v17.17.2`](https://redirect.github.com/silverwind/updates/releases/tag/17.17.2) [Compare Source](https://redirect.github.com/silverwind/updates/compare/17.17.1...17.17.2) - Read github env tokens lazily instead of at import (silverwind) ### [`v17.17.1`](https://redirect.github.com/silverwind/updates/releases/tag/17.17.1) [Compare Source](https://redirect.github.com/silverwind/updates/compare/17.17.0...17.17.1) - Scope GitHub token fallback to GitHub hosts only (silverwind) ### [`v17.17.0`](https://redirect.github.com/silverwind/updates/releases/tag/17.17.0) [Compare Source](https://redirect.github.com/silverwind/updates/compare/17.16.13...17.17.0) - update deps (silverwind) - Add per-package `overrides` config option ([#140](https://redirect.github.com/silverwind/updates/issues/140)) (silverwind) - fix three bugs in range/tag handling (silverwind) </details> <details> <summary>vitejs/vite (vite)</summary> ### [`v8.0.14`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8014-2026-05-21-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v8.0.13...v8.0.14) ##### Features - update rolldown to 1.0.2 ([#22484](https://redirect.github.com/vitejs/vite/issues/22484)) ([96efc88](https://redirect.github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0)) ##### Bug Fixes - deps: update all non-major dependencies ([#22471](https://redirect.github.com/vitejs/vite/issues/22471)) ([98b8163](https://redirect.github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3)) - dev: handle errors when sending messages to vite server ([#22450](https://redirect.github.com/vitejs/vite/issues/22450)) ([e8e9a34](https://redirect.github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217)) - html: handle trailing slash paths in transformIndexHtml ([#22480](https://redirect.github.com/vitejs/vite/issues/22480)) ([5d94d1b](https://redirect.github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693)) - optimizer: pass oxc jsx options to transformSync in dependency scan ([#22342](https://redirect.github.com/vitejs/vite/issues/22342)) ([b3132da](https://redirect.github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262)) ##### Miscellaneous Chores - deps: update rolldown-related dependencies ([#22470](https://redirect.github.com/vitejs/vite/issues/22470)) ([7cb728e](https://redirect.github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f)) - remove irrelevant commits from changelog ([2c69495](https://redirect.github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086)) ##### Code Refactoring - glob: do not rewrite import path for absolute base ([#22310](https://redirect.github.com/vitejs/vite/issues/22310)) ([0ae2844](https://redirect.github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302)) ##### Tests - css: sass does not use main field ([#22449](https://redirect.github.com/vitejs/vite/issues/22449)) ([ebf39a0](https://redirect.github.com/vitejs/vite/commit/ebf39a04329ddc6ba765e006a5d463680a952270)) </details> <details> <summary>vuejs/core (vue)</summary> ### [`v3.5.35`](https://redirect.github.com/vuejs/core/blob/HEAD/CHANGELOG.md#3535-2026-05-27) [Compare Source](https://redirect.github.com/vuejs/core/compare/v3.5.34...v3.5.35) ##### Bug Fixes - compiler-core: avoid double processing v-for keys with v-memo ([#14861](https://redirect.github.com/vuejs/core/issues/14861)) ([34a0ded](https://redirect.github.com/vuejs/core/commit/34a0ded4d27289a8f227462bd35b6341a4b51831)), closes [#14859](https://redirect.github.com/vuejs/core/issues/14859) - compiler-sfc: resolve top-level exports from files registered as global types ([#14805](https://redirect.github.com/vuejs/core/issues/14805)) ([3d077f2](https://redirect.github.com/vuejs/core/commit/3d077f26e33510f2ba001d14142ba76a1414dfff)), closes [nuxt/nuxt#33694](https://redirect.github.com/nuxt/nuxt/issues/33694) - runtime-core: avoid repeated hydration mismatch checks ([#14857](https://redirect.github.com/vuejs/core/issues/14857)) ([170fc95](https://redirect.github.com/vuejs/core/commit/170fc95eb64b97024dcb3df770557065e2919aa8)), closes [#14855](https://redirect.github.com/vuejs/core/issues/14855) - runtime-core: skip idle persisted transition hooks in keep-alive moves ([#14865](https://redirect.github.com/vuejs/core/issues/14865)) ([80fc139](https://redirect.github.com/vuejs/core/commit/80fc139f90513943f1d0da20d353feec8a9ec894)), closes [#14031](https://redirect.github.com/vuejs/core/issues/14031) - server-renderer: propagate sync errors from `ssrRenderSuspense` ([#14804](https://redirect.github.com/vuejs/core/issues/14804)) ([4760997](https://redirect.github.com/vuejs/core/commit/47609975e294fbcc8017b6d68c9be38fa5508f36)), closes [nuxt/nuxt#28162](https://redirect.github.com/nuxt/nuxt/issues/28162) - teleport: skip child unmount when pending mount discarded ([#14876](https://redirect.github.com/vuejs/core/issues/14876)) ([#14877](https://redirect.github.com/vuejs/core/issues/14877)) ([584beb1](https://redirect.github.com/vuejs/core/commit/584beb1262d1247d41ed3b463c485c57022fa922)) ##### Performance Improvements - reactivity: skip type checks for cached proxies ([#14860](https://redirect.github.com/vuejs/core/issues/14860)) ([5734fe9](https://redirect.github.com/vuejs/core/commit/5734fe97f6e42d7abb1893c8bc38a17f7deb00b1)) - runtime-dom: optimize array event handler dispatch ([#14828](https://redirect.github.com/vuejs/core/issues/14828)) ([bb18dc8](https://redirect.github.com/vuejs/core/commit/bb18dc8e567ce22f1e5dfbc6b16c1003b48c2785)) - server-renderer: avoid materializing iterables in ssrRenderList ([#14821](https://redirect.github.com/vuejs/core/issues/14821)) ([1b7a2cc](https://redirect.github.com/vuejs/core/commit/1b7a2cc15c501a4b1e4be61874879381af59b74f)) </details> <details> <summary>vuejs/language-tools (vue-tsc)</summary> ### [`v3.3.2`](https://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#332-2026-05-25) [Compare Source](https://redirect.github.com/vuejs/language-tools/compare/v3.3.1...v3.3.2) ##### language-core - feat: preserve literal types for inline `v-for` sources ([#6067](https://redirect.github.com/vuejs/language-tools/issues/6067)) - Thanks to [@kkesidis](https://redirect.github.com/kkesidis)! - fix: align `v-bind` shorthand identifier skipping with interpolation - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ##### vscode - feat: transform tsserver content ([#6062](https://redirect.github.com/vuejs/language-tools/issues/6062)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - fix: do not mark trailing slash in capitalized self-closing tags as invalid ([#6065](https://redirect.github.com/vuejs/language-tools/issues/6065)) - Thanks to [@suisanka](https://redirect.github.com/suisanka)! </details> --- ### Configuration 📅 Schedule: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io>	2026-06-02 07:18:20 +02:00
Giteabot	953090fda4	fix(deps): update npm dependencies (#37844 ) This PR contains the following updates: \| Package \| Change \| [Age](https://docs.renovatebot.com/merge-confidence/) \| [Confidence](https://docs.renovatebot.com/merge-confidence/) \| \|---\|---\|---\|---\| \| @codemirror/legacy-modes \| [`6.5.2` → `6.5.3`](https://renovatebot.com/diffs/npm/@codemirror%2flegacy-modes/6.5.2/6.5.3) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@codemirror%2flegacy-modes/6.5.3?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@codemirror%2flegacy-modes/6.5.2/6.5.3?slim=true) \| \| @codemirror/view \| [`6.42.1` → `6.43.0`](https://renovatebot.com/diffs/npm/@codemirror%2fview/6.42.1/6.43.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@codemirror%2fview/6.43.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@codemirror%2fview/6.42.1/6.43.0?slim=true) \| \| [@primer/octicons](https://primer.style/octicons) ([source](https://redirect.github.com/primer/octicons)) \| [`19.25.0` → `19.26.0`](https://renovatebot.com/diffs/npm/@primer%2focticons/19.25.0/19.26.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@primer%2focticons/19.26.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@primer%2focticons/19.25.0/19.26.0?slim=true) \| \| [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) \| [`25.7.0` → `25.9.1`](https://renovatebot.com/diffs/npm/@types%2fnode/25.7.0/25.9.1) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/25.9.1?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/25.7.0/25.9.1?slim=true) \| \| [@typescript-eslint/parser](https://typescript-eslint.io/packages/parser) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)) \| [`8.59.3` → `8.59.4`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.59.3/8.59.4) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@typescript-eslint%2fparser/8.59.4?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@typescript-eslint%2fparser/8.59.3/8.59.4?slim=true) \| \| [@vitejs/plugin-vue](https://redirect.github.com/vitejs/vite-plugin-vue/tree/main/packages/plugin-vue#readme) ([source](https://redirect.github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue)) \| [`6.0.6` → `6.0.7`](https://renovatebot.com/diffs/npm/@vitejs%2fplugin-vue/6.0.6/6.0.7) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/@vitejs%2fplugin-vue/6.0.7?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitejs%2fplugin-vue/6.0.6/6.0.7?slim=true) \| \| [clippie](https://redirect.github.com/silverwind/clippie) \| [`4.1.15` → `4.2.0`](https://renovatebot.com/diffs/npm/clippie/4.1.15/4.2.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/clippie/4.2.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/clippie/4.1.15/4.2.0?slim=true) \| \| [eslint](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint)) \| [`10.3.0` → `10.4.0`](https://renovatebot.com/diffs/npm/eslint/10.3.0/10.4.0) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/10.4.0?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/10.3.0/10.4.0?slim=true) \| \| [eslint-plugin-playwright](https://redirect.github.com/mskelton/eslint-plugin-playwright) \| [`2.10.2` → `2.10.4`](https://renovatebot.com/diffs/npm/eslint-plugin-playwright/2.10.2/2.10.4) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-playwright/2.10.4?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-playwright/2.10.2/2.10.4?slim=true) \| \| [katex](https://katex.org) ([source](https://redirect.github.com/KaTeX/KaTeX)) \| [`0.16.46` → `0.16.47`](https://renovatebot.com/diffs/npm/katex/0.16.46/0.16.47) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/katex/0.16.47?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/katex/0.16.46/0.16.47?slim=true) \| \| [pnpm](https://pnpm.io) ([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) \| [`11.1.1` → `11.1.3`](https://renovatebot.com/diffs/npm/pnpm/11.1.1/11.1.3) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/11.1.3?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/11.1.1/11.1.3?slim=true) \| \| [postcss](https://postcss.org/) ([source](https://redirect.github.com/postcss/postcss)) \| [`8.5.14` → `8.5.15`](https://renovatebot.com/diffs/npm/postcss/8.5.14/8.5.15) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/postcss/8.5.15?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/postcss/8.5.14/8.5.15?slim=true) \| \| [rolldown-license-plugin](https://redirect.github.com/silverwind/rolldown-license-plugin) \| [`3.0.5` → `3.0.7`](https://renovatebot.com/diffs/npm/rolldown-license-plugin/3.0.5/3.0.7) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/rolldown-license-plugin/3.0.7?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/rolldown-license-plugin/3.0.5/3.0.7?slim=true) \| \| [stylelint](https://stylelint.io) ([source](https://redirect.github.com/stylelint/stylelint)) \| [`17.11.0` → `17.11.1`](https://renovatebot.com/diffs/npm/stylelint/17.11.0/17.11.1) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/stylelint/17.11.1?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/stylelint/17.11.0/17.11.1?slim=true) \| \| [typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)) \| [`8.59.3` → `8.59.4`](https://renovatebot.com/diffs/npm/typescript-eslint/8.59.3/8.59.4) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/typescript-eslint/8.59.4?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript-eslint/8.59.3/8.59.4?slim=true) \| \| [updates](https://redirect.github.com/silverwind/updates) \| [`17.16.11` → `17.16.13`](https://renovatebot.com/diffs/npm/updates/17.16.11/17.16.13) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/updates/17.16.13?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/updates/17.16.11/17.16.13?slim=true) \| \| [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) \| [`8.0.12` → `8.0.13`](https://renovatebot.com/diffs/npm/vite/8.0.12/8.0.13) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vite/8.0.13?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/8.0.12/8.0.13?slim=true) \| \| [vitest](https://vitest.dev) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)) \| [`4.1.6` → `4.1.7`](https://renovatebot.com/diffs/npm/vitest/4.1.6/4.1.7) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vitest/4.1.7?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest/4.1.6/4.1.7?slim=true) \| \| [vue-tsc](https://redirect.github.com/vuejs/language-tools) ([source](https://redirect.github.com/vuejs/language-tools/tree/HEAD/packages/tsc)) \| [`3.2.9` → `3.3.1`](https://renovatebot.com/diffs/npm/vue-tsc/3.2.9/3.3.1) \| ![age](https://developer.mend.io/api/mc/badges/age/npm/vue-tsc/3.3.1?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vue-tsc/3.2.9/3.3.1?slim=true) \| --- ### Release Notes <details> <summary>primer/octicons (@primer/octicons)</summary> ### [`v19.26.0`](https://redirect.github.com/primer/octicons/blob/HEAD/CHANGELOG.md#19260) [Compare Source](https://redirect.github.com/primer/octicons/compare/v19.25.0...v19.26.0) ##### Minor Changes - [#1197](https://redirect.github.com/primer/octicons/pull/1197) [`b45f1d35`](https://redirect.github.com/primer/octicons/commit/b45f1d35477402da4df64ae3a38dae8e95477dc4) Thanks [@lukasoppermann](https://redirect.github.com/lukasoppermann)! - Add repo-forked-locked icon ##### Patch Changes - [#1209](https://redirect.github.com/primer/octicons/pull/1209) [`9a7e2146`](https://redirect.github.com/primer/octicons/commit/9a7e2146907d2b0bf06d2dd65d2d17d4c3959108) Thanks [@siddharthkp](https://redirect.github.com/siddharthkp)! - fix: remove hardcoded fill from sandbox icon </details> <details> <summary>typescript-eslint/typescript-eslint (@typescript-eslint/parser)</summary> ### [`v8.59.4`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8594-2026-05-18) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.3...v8.59.4) This was a version bump only for parser to align it with other projects, there were no code changes. See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.4) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>vitejs/vite-plugin-vue (@vitejs/plugin-vue)</summary> ### [`v6.0.7`](https://redirect.github.com/vitejs/vite-plugin-vue/blob/HEAD/packages/plugin-vue/CHANGELOG.md#small-607-2026-05-15-small) ##### Features - use carets for `@rolldown/pluginutils` version ([#776](https://redirect.github.com/vitejs/vite-plugin-vue/issues/776)) ([941b651](https://redirect.github.com/vitejs/vite-plugin-vue/commit/941b651d8329559fce9231aad4e178f54cccb013)) ##### Bug Fixes - deps: update all non-major dependencies ([#762](https://redirect.github.com/vitejs/vite-plugin-vue/issues/762)) ([9e825b8](https://redirect.github.com/vitejs/vite-plugin-vue/commit/9e825b85ebe9b6006dc5927aaa8aabc0bcc7eceb)) - deps: update all non-major dependencies ([#774](https://redirect.github.com/vitejs/vite-plugin-vue/issues/774)) ([77dc8bc](https://redirect.github.com/vitejs/vite-plugin-vue/commit/77dc8bc935216bb7ed13f1c2653a80ffdc99fd45)) </details> <details> <summary>silverwind/clippie (clippie)</summary> ### [`v4.2.0`](https://redirect.github.com/silverwind/clippie/releases/tag/4.2.0) [Compare Source](https://redirect.github.com/silverwind/clippie/compare/4.1.15...4.2.0) - tests: make fallback block concurrent-safe (silverwind) - add ClippieCopyable type (silverwind) - fallback: use el.value.length for setSelectionRange end (silverwind) - update deps, replace describe.sequential with concurrent: false (silverwind) - Update vitest-config-silverwind to 11.3.3, add Node 26 to CI (silverwind) - update deps (silverwind) - simplify and fix minor issues (silverwind) </details> <details> <summary>eslint/eslint (eslint)</summary> ### [`v10.4.0`](https://redirect.github.com/eslint/eslint/releases/tag/v10.4.0) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v10.3.0...v10.4.0) #### Features - [`1a45ec5`](https://redirect.github.com/eslint/eslint/commit/1a45ec596af1dd5f880e6874cb8f24dafb6a7ecf) feat: check sequence expressions in `for-direction` ([#20701](https://redirect.github.com/eslint/eslint/issues/20701)) (kuldeep kumar) - [`450040b`](https://redirect.github.com/eslint/eslint/commit/450040bd89b989b3531824c6be45feb5fe3d936b) feat: add `includeIgnoreFile()` to `eslint/config` ([#20735](https://redirect.github.com/eslint/eslint/issues/20735)) (Kirk Waiblinger) #### Bug Fixes - [`544c0c3`](https://redirect.github.com/eslint/eslint/commit/544c0c3da589166ad8e5d634f35d3d06701c57be) fix: escape code path DOT labels in debug output ([#20866](https://redirect.github.com/eslint/eslint/issues/20866)) (Pixel998) - [`6799431`](https://redirect.github.com/eslint/eslint/commit/6799431203f2579632d0870f98ba132067f4040c) fix: update dependency [@eslint/config-helpers](https://redirect.github.com/eslint/config-helpers) to ^0.6.0 ([#20850](https://redirect.github.com/eslint/eslint/issues/20850)) (renovate\[bot]) - [`f078fef`](https://redirect.github.com/eslint/eslint/commit/f078fef5005dceb14fc162aab7c7200e027688dd) fix: handle non-array deprecated rule replacements ([#20825](https://redirect.github.com/eslint/eslint/issues/20825)) (xbinaryx) #### Documentation - [`7e52a71`](https://redirect.github.com/eslint/eslint/commit/7e52a7151fb92eec0e0f67fe4e5ddbd1ccce796f) docs: add mention of `@eslint-react/eslint-plugin` ([#20869](https://redirect.github.com/eslint/eslint/issues/20869)) (Pavel) - [`db3468b`](https://redirect.github.com/eslint/eslint/commit/db3468ba746407d7f286f18f7ea9db6df0e3bc08) docs: tweak wording around ambiguous CJS-vs-ESM config ([#20865](https://redirect.github.com/eslint/eslint/issues/20865)) (Kirk Waiblinger) - [`9084664`](https://redirect.github.com/eslint/eslint/commit/90846643ec6e97d447ae0d831fabe6d17b0a998a) docs: Update README (GitHub Actions Bot) - [`9cc7387`](https://redirect.github.com/eslint/eslint/commit/9cc73875046e3c4b8313644cbb1e99e26b36bd3f) docs: Update README (GitHub Actions Bot) - [`3d7b548`](https://redirect.github.com/eslint/eslint/commit/3d7b5484407403817aa9071a394d336d8ea96eb5) docs: Update README (GitHub Actions Bot) - [`191ec3c`](https://redirect.github.com/eslint/eslint/commit/191ec3c0a3f94ce0f110df761f0b2b8949011ccb) docs: Update README (GitHub Actions Bot) #### Chores - [`6616856`](https://redirect.github.com/eslint/eslint/commit/6616856f28fa514a30f87b5539fc100d739a94bf) chore: upgrade knip to v6 ([#20875](https://redirect.github.com/eslint/eslint/issues/20875)) (Pixel998) - [`d13b084`](https://redirect.github.com/eslint/eslint/commit/d13b084a3ad02f926e9addaa35fc383759ea5554) ci: ensure auto-created PRs run CI ([#20860](https://redirect.github.com/eslint/eslint/issues/20860)) (lumir) - [`e71c7af`](https://redirect.github.com/eslint/eslint/commit/e71c7af86dce9acc1d18cb12d2184309f6841594) ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 ([#20862](https://redirect.github.com/eslint/eslint/issues/20862)) (dependabot\[bot]) - [`d84393d`](https://redirect.github.com/eslint/eslint/commit/d84393dea170f54191fd20c8268b52c81c0ccd99) test: add unit tests for SuppressionsService.applySuppressions() ([#20863](https://redirect.github.com/eslint/eslint/issues/20863)) (kuldeep kumar) - [`24db8cb`](https://redirect.github.com/eslint/eslint/commit/24db8cb8e6f07fba667121777a15b1785486be94) test: add tests for SuppressionsService.save() ([#20802](https://redirect.github.com/eslint/eslint/issues/20802)) (kuldeep kumar) - [`2ef0549`](https://redirect.github.com/eslint/eslint/commit/2ef0549cac4a9537e4c3a26b9f3edd4c99476bf6) chore: update ecosystem plugins ([#20857](https://redirect.github.com/eslint/eslint/issues/20857)) (github-actions\[bot]) - [`a429791`](https://redirect.github.com/eslint/eslint/commit/a4297918d264d229a06cd96051ef9b91c7b86732) ci: remove `eslint-webpack-plugin` types integration test ([#20668](https://redirect.github.com/eslint/eslint/issues/20668)) (Milos Djermanovic) - [`9e37386`](https://redirect.github.com/eslint/eslint/commit/9e37386aa7f2ce220b2ef74a6afbac5f6b3527c5) chore: replace `recast` with range approach in code-sample-minimizer ([#20682](https://redirect.github.com/eslint/eslint/issues/20682)) (Copilot) - [`0dd1f9f`](https://redirect.github.com/eslint/eslint/commit/0dd1f9ffc9a07704d46e2a4c8d4ccc0d0908b0c0) test: disable warning for `vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER` ([#20845](https://redirect.github.com/eslint/eslint/issues/20845)) (Francesco Trotta) - [`9da3c7b`](https://redirect.github.com/eslint/eslint/commit/9da3c7bc92d9579f8db19ecb56e718538d09db2b) refactor: remove deprecated `meta.language` and migrate `meta.dialects` ([#20716](https://redirect.github.com/eslint/eslint/issues/20716)) (Pixel998) - [`2099ed1`](https://redirect.github.com/eslint/eslint/commit/2099ed12a0a74c3d7f0808514362af2499b4fe2b) refactor: add `meta.defaultOptions` to more rules, enable linting ([#20800](https://redirect.github.com/eslint/eslint/issues/20800)) (xbinaryx) - [`f1dfbc9`](https://redirect.github.com/eslint/eslint/commit/f1dfbc9ca57196de7092e1888cc99427bd6fe06e) chore: update ecosystem plugins ([#20836](https://redirect.github.com/eslint/eslint/issues/20836)) (github-actions\[bot]) - [`c759413`](https://redirect.github.com/eslint/eslint/commit/c75941390c14728806cd4baef4f6072f6de78318) ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 ([#20843](https://redirect.github.com/eslint/eslint/issues/20843)) (dependabot\[bot]) - [`5b817d6`](https://redirect.github.com/eslint/eslint/commit/5b817d6fdc9ae2c35b528dc662b2eca8f40f64aa) test: add unit tests for lib/shared/ast-utils ([#20838](https://redirect.github.com/eslint/eslint/issues/20838)) (kuldeep kumar) - [`1c13ae3`](https://redirect.github.com/eslint/eslint/commit/1c13ae3934c198c494e5958fa3a68b33244ff06a) test: add unit tests for lib/shared/severity ([#20835](https://redirect.github.com/eslint/eslint/issues/20835)) (kuldeep kumar) </details> <details> <summary>mskelton/eslint-plugin-playwright (eslint-plugin-playwright)</summary> ### [`v2.10.4`](https://redirect.github.com/mskelton/eslint-plugin-playwright/releases/tag/v2.10.4) [Compare Source](https://redirect.github.com/mskelton/eslint-plugin-playwright/compare/v2.10.3...v2.10.4) ##### Bug Fixes - valid-title: Skip title checks for anonymous describe blocks ([894c0ec](https://redirect.github.com/mskelton/eslint-plugin-playwright/commit/894c0ec261763bb1e073b276c70bbf88b4ebad39)) ### [`v2.10.3`](https://redirect.github.com/mskelton/eslint-plugin-playwright/releases/tag/v2.10.3) [Compare Source](https://redirect.github.com/mskelton/eslint-plugin-playwright/compare/v2.10.2...v2.10.3) ##### Bug Fixes - missing-playwright-await: Fix false positive when not assigning awaited variable ([#464](https://redirect.github.com/mskelton/eslint-plugin-playwright/issues/464)) ([801f01a](https://redirect.github.com/mskelton/eslint-plugin-playwright/commit/801f01aa8a5e279b65939e06d63f7e0d2b638f93)) </details> <details> <summary>KaTeX/KaTeX (katex)</summary> ### [`v0.16.47`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01647-2026-05-16) [Compare Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.46...v0.16.47) ##### Bug Fixes - correct size of `[` big delimiter ([#4217](https://redirect.github.com/KaTeX/KaTeX/issues/4217)) ([7ba0027](https://redirect.github.com/KaTeX/KaTeX/commit/7ba0027d2f04abddd3b215362f867ab8260b09d7)), closes [#4215](https://redirect.github.com/KaTeX/KaTeX/issues/4215) </details> <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v11.1.3`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1113) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.1.2...v11.1.3) ##### Patch Changes - `pnpm install` now re-validates `pnpm-lock.yaml` entries against the active `minimumReleaseAge` and `trustPolicy: 'no-downgrade'` policies before any tarball is fetched. Lockfiles resolved elsewhere (committed to the repo, restored from a CI cache, produced by an older pnpm) under a weaker or absent policy can no longer install a freshly-published or trust-downgraded version silently. Violating entries abort the install with `ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION`, `ERR_PNPM_TRUST_DOWNGRADE`, or the generic `ERR_PNPM_LOCKFILE_RESOLUTION_VERIFICATION` when both policies trip in the same batch; `minimumReleaseAgeExclude` and `trustPolicyExclude` are honored. Verification results are cached so repeat installs against an unchanged lockfile take a fast path, and pnpm shows a transient progress line while the registry round-trip runs. When fresh resolution picks an immature version, the behavior depends on `minimumReleaseAgeStrict`: - Loose mode — the default, in effect whenever `minimumReleaseAge` keeps its built-in 24-hour value — auto-adds the immature picks to `minimumReleaseAgeExclude` in `pnpm-workspace.yaml` and lets the install proceed. A single info message lists what was persisted. - Strict mode in an interactive terminal collects every immature direct AND transitive pick in one pass and prompts once with the full list. Approving adds them to `minimumReleaseAgeExclude` and the install continues; declining aborts before the lockfile, `package.json`, or `node_modules` is touched. - Strict mode in CI (or any non-TTY context) aborts with `ERR_PNPM_NO_MATURE_MATCHING_VERSION` listing every offending entry, instead of failing on the first one the resolver hit. `minimumReleaseAgeStrict` auto-enables whenever the user explicitly sets `minimumReleaseAge` (CLI flag, env var, global `config.yaml`, or `pnpm-workspace.yaml`); set `minimumReleaseAgeStrict: false` to keep loose-mode auto-collect even with an explicit `minimumReleaseAge` value. Closes [#10438](https://redirect.github.com/pnpm/pnpm/issues/10438), [#10488](https://redirect.github.com/pnpm/pnpm/issues/10488), [#11687](https://redirect.github.com/pnpm/pnpm/issues/11687). - Allow redundant trailing base64 padding in `.npmrc` auth values and report invalid auth base64 with a pnpm error. - Make `pnpm self-update` respect `minimumReleaseAge` (and `minimumReleaseAgeExclude`) when resolving which pnpm version to install. When the `latest` dist-tag points to a version newer than the configured age threshold, `self-update` now selects the newest mature version instead unless excluded by `minimumReleaseAgeExclude`. Also makes `dlx` and `outdated` surface invalid `minimumReleaseAgeExclude` patterns under the same `ERR_PNPM_INVALID_MINIMUM_RELEASE_AGE_EXCLUDE` error code already used by `install`, instead of leaking the internal `ERR_PNPM_INVALID_VERSION_UNION` / `ERR_PNPM_NAME_PATTERN_IN_VERSION_UNION` codes. - Global installs respect global config build policy (e.g., `dangerouslyAllowAllBuilds` from config.yaml) when GVS is enabled [#9249](https://redirect.github.com/pnpm/pnpm/issues/9249). The global virtual-store (GVS) default `allowBuilds = {}` was applied before workspace manifest settings were read and before global config values (stripped by `extractAndRemoveDependencyBuildOptions`) were re-applied via `globalDepsBuildConfig`. This caused `hasDependencyBuildOptions` to return `true` (because `{}` is not null), blocking restoration of global config values like `dangerouslyAllowAllBuilds`. As a result, global installs skipped all build scripts even when the config explicitly allowed them. This fix moves the GVS default to after workspace manifest reading and `globalDepsBuildConfig` re-application, so that: 1. Workspace manifest `allowBuilds` takes precedence (if present) 2. Global config `dangerouslyAllowAllBuilds` is properly restored (if set and no workspace policy exists) 3. Empty `{}` is only applied as a last resort when no policy is configured anywhere - Honor `--silent` when `verifyDepsBeforeRun: install` auto-installs dependencies before `pnpm run` or `pnpm exec`, preventing install output from being written to stdout [#11636](https://redirect.github.com/pnpm/pnpm/issues/11636). - Fix lockfile parsing failures when `pnpm-lock.yaml` contains CRLF line endings and multiple YAML documents [#11612](https://redirect.github.com/pnpm/pnpm/issues/11612). - Anchor the side-effects-cache key and global-virtual-store hash to the project's script-runner Node — `engines.runtime` pin when present, shell `node` otherwise — instead of pnpm's own runtime. `ENGINE_NAME` (the `<platform>;<arch>;node<major>` prefix used as the side-effects-cache key and the engine portion of the GVS hash) was computed from `process.version` — the Node that runs pnpm itself. That was wrong in two situations: 1. `@pnpm/exe` SEA bundle. The bundle has its own embedded Node, not the `node` on the user's `PATH` that actually spawns lifecycle scripts. Two pnpm installations on the same machine (one SEA, one npm-package) therefore disagreed on the cache key, partitioning the side-effects cache and the global virtual store across two Node majors even though both installs would run scripts on the same shell `node`. 2. `engines.runtime` / `devEngines.runtime` pin. When a project pins a Node version via `devEngines.runtime` (pnpm v11+), pnpm downloads that Node into `node_modules/node/` and uses it to run lifecycle scripts. But the hash still anchored to whichever Node ran pnpm itself, not to the pinned Node — so two installs of the same project with two different runner Nodes would still disagree on the GVS slot path even though scripts run on the same pinned Node. Three changes: - `@pnpm/engine.runtime.system-node-version` now exports `engineName(nodeVersion?)`. Resolves the version in this order: explicit override → `getSystemNodeVersion()` (which already prefers `node --version` over `process.version` in SEA contexts) → `process.version`. - `@pnpm/deps.graph-hasher` now exports `findRuntimeNodeVersion(snapshotKeys)` — scans an iterable of lockfile snapshot keys for a `node@runtime:<version>` entry and returns its bare version string. `calcDepState` and `calcGraphNodeHash`/`iterateHashedGraphNodes` accept a `nodeVersion?` (in the options bag for the first, as a trailing parameter / ctx field for the others), forwarded to `engineName()`. The default (no override) preserves the pre-change behaviour. The legacy `ENGINE_NAME` constant in `@pnpm/constants` is unchanged so external consumers and existing tests keep working; in non-SEA, non-pinned contexts every value lines up. - Every install-side caller of the graph-hasher (`@pnpm/installing.deps-resolver`, `@pnpm/installing.deps-restorer`, `@pnpm/installing.deps-installer`, `@pnpm/building.during-install`, `@pnpm/building.after-install`, `@pnpm/deps.graph-builder`) now derives the project's pinned runtime via `findRuntimeNodeVersion(Object.keys(graph))` once per invocation and threads it through. On upgrade, two one-time GVS slot churns are possible: - SEA-pnpm users without a runtime pin: slots that previously hashed under the embedded-Node major (e.g. `node26`) now hash under the shell-Node major (e.g. `node24`), matching what pacquet, the npm-published `pnpm` package, and any other pnpm-compatible tool already produce. - Projects with a `devEngines.runtime` pin: slots that previously hashed under the runner's Node major now hash under the pinned Node major, matching what the lifecycle scripts will actually run on. In both cases the old slots become prune-eligible. - Resolve the GVS hash's engine portion per-snapshot when a dependency declares its own `engines.runtime`, instead of using an install-wide value. Pnpm's resolver desugars a dep's `engines.runtime` into `dependencies.node: 'runtime:<version>'`, and the bin linker spawns that dep's lifecycle scripts through the pinned Node downloaded into `<pkgDir>/node_modules/node/`. The GVS hash and the side-effects-cache key prefix were still anchored to the install-wide runtime — so a pinning snapshot's slot encoded the wrong Node major, and a reinstall on the same host could read the cached side-effects under a key whose `<platform>;<arch>;node<major>` triple disagreed with the Node the build actually ran on. Per-snapshot resolution now matches what `bins/linker` already does on a per-package basis: - `@pnpm/deps.graph-hasher` adds `readSnapshotRuntimePin(children)` — reads the `node` entry from one snapshot's graph children and extracts the version from a `node@runtime:` value. Pairs with the existing `findRuntimeNodeVersion(snapshotKeys)` install-wide fallback (also now exported from `@pnpm/deps.graph-hasher` rather than `@pnpm/engine.runtime.system-node-version`, where it was a poor fit — `system-node-version` is about probing the host Node, not parsing lockfile-derived strings). - `calcDepState` and `calcGraphNodeHash` consult `readSnapshotRuntimePin(graph[depPath].children)` first and only fall back to the install-wide `nodeVersion` parameter when the snapshot doesn't pin its own Node. Pacquet mirrors the same precedence at the `calc_graph_node_hash` call site in `package-manager/src/virtual_store_layout.rs` — a new `find_own_runtime_node_major(snapshot)` helper reads each snapshot's `dependencies` for a `node` entry with `Prefix::Runtime` and overrides the install-wide engine when present. On upgrade, snapshots of dependencies that declare their own `engines.runtime` re-hash under that dep's pinned Node instead of the install-wide value. The old slots become prune-eligible. Closes [#11690](https://redirect.github.com/pnpm/pnpm/issues/11690). - Fixed `pnpm publish` failing with a 404 when authentication relied on OIDC trusted publishing alongside an `.npmrc` written by `actions/setup-node` (`_authToken=${NODE_AUTH_TOKEN}`) without `NODE_AUTH_TOKEN` being set. Unresolved `${VAR}` placeholders in auth values are now treated as empty rather than passed through verbatim, so the literal placeholder no longer surfaces as a bearer token when OIDC fallback is the intended auth source [#11513](https://redirect.github.com/pnpm/pnpm/issues/11513). - Fix `devEngines.packageManager` (singular form, without `onFail`) defaulting to `onFail: "error"` instead of the documented `pmOnFail: "download"`. As a result, a project that pinned a different pnpm version via `devEngines.packageManager` and ran `pnpm install` from a mismatched pnpm version failed with a hard error, even though the migration table from `managePackageManagerVersions: true` to `pmOnFail: download (default)` promises the install would auto-download the wanted version [#11676](https://redirect.github.com/pnpm/pnpm/issues/11676). The array form of `devEngines.packageManager` keeps its existing per-element defaults (`error` for the last entry, `ignore` for the rest), since those reflect explicit prioritization by the user. Explicit `onFail` values continue to win. - Fix `devEngines.packageManager` not writing `packageManagerDependencies` to `pnpm-lock.yaml` when the lockfile lacks an env-doc entry. Previously the lockfile sync skipped resolution unless an existing `packageManagerDependencies.pnpm` entry needed refreshing, so a fresh install without `onFail: "download"` left the resolved pnpm version unrecorded — contradicting the documented behavior that the resolved version is stored in `pnpm-lock.yaml` [#11674](https://redirect.github.com/pnpm/pnpm/issues/11674). - Warn when `package.json` contains a legacy `pnpm` field with settings pnpm no longer reads from `package.json` (e.g. `pnpm.overrides`, `pnpm.patchedDependencies`). Previously these were silently ignored after the upgrade from v10, leaving users unaware that their overrides/patched dependencies had stopped taking effect [#11677](https://redirect.github.com/pnpm/pnpm/issues/11677). ### [`v11.1.2`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1112) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.1.1...v11.1.2) ##### Patch Changes - `convertEnginesRuntimeToDependencies`: switch the runtime-dependency write to `Object.defineProperty` so the CodeQL `js/prototype-polluting-assignment` rule treats the assignment as safe regardless of the property name (follow-up to [#11609](https://redirect.github.com/pnpm/pnpm/pull/11609)). - Address CodeQL static-analysis findings: guard manifest dependency writes against prototype-polluting keys (`__proto__`, `constructor`, `prototype`), and replace a potentially super-linear semver-detection regex in registry 404 hints with an O(n) parser. - Strip `sec-fetch-` headers from outgoing HTTP requests. These headers are automatically added by undici's `fetch()` implementation per the Fetch spec but cause Azure DevOps Artifacts to return HTTP 400 for uncached upstream packages, as ADO interprets them as browser requests [#11572](https://redirect.github.com/pnpm/pnpm/issues/11572). - Fix `minimumReleaseAge` handling for cached abbreviated metadata. The version-spec cache fast path no longer rethrows `ERR_PNPM_MISSING_TIME` under `strictPublishedByCheck`; it now falls through to the registry-fetch path, consistent with the adjacent mtime-gated cache block. When the registry returns 304 Not Modified for a package whose cached metadata is abbreviated (no per-version `time`), pnpm now re-fetches with `fullMetadata: true` if `minimumReleaseAge` is active and the package was modified after the cutoff. The upgraded metadata is persisted to disk so subsequent installs don't repeat the fetch. Previously the abbreviated meta was used as-is and the maturity check fell back to its warn-and-skip path, silently bypassing the quarantine and emitting a misleading "metadata is missing the time field" warning. Closes [#11619](https://redirect.github.com/pnpm/pnpm/issues/11619). - Fix `pnpm upgrade --interactive --latest -r` not respecting named catalog groups. Previously, upgrading a dependency using a named catalog (e.g. `"catalog:foo"`) would incorrectly rewrite `package.json` to `"catalog:"` and place the updated version in the default catalog instead of the named one [#10115](https://redirect.github.com/pnpm/pnpm/issues/10115). - Fixed `optimisticRepeatInstall` skipping `pnpm-lock.yaml` merge conflict resolution when the existing `node_modules` state appears up to date. - Fix `minimumReleaseAge` / `resolutionMode: time-based` installs failing on lockfiles whose `time:` block is missing entries. The npm-resolver's peek-from-store fast path now surfaces `publishedAt` from the lockfile rather than discarding it, and falls through to a registry metadata fetch when the time-based cutoff can't be computed from the data on hand. </details> <details> <summary>postcss/postcss (postcss)</summary> ### [`v8.5.15`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8515) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.5.14...8.5.15) - Fixed declaration parsing performance (by [@homanp](https://redirect.github.com/homanp)). </details> <details> <summary>silverwind/rolldown-license-plugin (rolldown-license-plugin)</summary> ### [`v3.0.7`](https://redirect.github.com/silverwind/rolldown-license-plugin/releases/tag/3.0.7) [Compare Source](https://redirect.github.com/silverwind/rolldown-license-plugin/compare/3.0.6...3.0.7) - update deps (silverwind) - skip readdir when package has a "LICENSE" file (silverwind) - clarify dedup comment: package.json reads are not deduped, only readdir/readFile (silverwind) - skip readdir/readFile for duplicate package paths (silverwind) ### [`v3.0.6`](https://redirect.github.com/silverwind/rolldown-license-plugin/releases/tag/3.0.6) [Compare Source](https://redirect.github.com/silverwind/rolldown-license-plugin/compare/3.0.5...3.0.6) - update deps (silverwind) - skip duplicate license reads, preserve wrap indentation (silverwind) - batch generateBundle IO into two phases for \~11% speedup (silverwind) </details> <details> <summary>stylelint/stylelint (stylelint)</summary> ### [`v17.11.1`](https://redirect.github.com/stylelint/stylelint/blob/HEAD/CHANGELOG.md#17111---2026-05-14) [Compare Source](https://redirect.github.com/stylelint/stylelint/compare/17.11.0...17.11.1) It fixes 2 bugs. - Fixed: `node_modules` ignore for `codeFilename` paths containing a dot-prefixed directory ([#9282](https://redirect.github.com/stylelint/stylelint/pull/9282)) ([@tuhtah](https://redirect.github.com/tuhtah)). - Fixed: `declaration-block-no-redundant-longhand-properties` range for contiguous redundant longhand properties ([#9273](https://redirect.github.com/stylelint/stylelint/pull/9273)) ([@pamelalozano16](https://redirect.github.com/pamelalozano16)). </details> <details> <summary>typescript-eslint/typescript-eslint (typescript-eslint)</summary> ### [`v8.59.4`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8594-2026-05-18) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.3...v8.59.4) ##### 🩹 Fixes - typescript-eslint:* export Compatible\* types from typescript-eslint to resolve pnpm TS error ([#12340](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12340)) ##### ❤️ Thank You - Kirk Waiblinger [@kirkwaiblinger](https://redirect.github.com/kirkwaiblinger) See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.4) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>silverwind/updates (updates)</summary> ### [`v17.16.13`](https://redirect.github.com/silverwind/updates/releases/tag/17.16.13) [Compare Source](https://redirect.github.com/silverwind/updates/compare/17.16.12...17.16.13) - Speed up findVersion hot loop (silverwind) - Minor simplifications (silverwind) - Fix Go pseudo-version write corruption and selectTag tag ordering (silverwind) - Fix parser/replace edge cases across modes (silverwind) ### [`v17.16.12`](https://redirect.github.com/silverwind/updates/releases/tag/17.16.12) [Compare Source](https://redirect.github.com/silverwind/updates/compare/17.16.11...17.16.12) - Fix several parser/URL edge cases across modes (silverwind) - bump vitest-config-silverwind to 11.3.5 (silverwind) - speed up tests (silverwind) - perf: reduce redundant work in hot paths (silverwind) </details> <details> <summary>vitejs/vite (vite)</summary> ### [`v8.0.13`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8013-2026-05-14-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v8.0.12...v8.0.13) ##### Features - bundled-dev: add lazy bundling support ([#21406](https://redirect.github.com/vitejs/vite/issues/21406)) ([4f0949f](https://redirect.github.com/vitejs/vite/commit/4f0949f3f13e4b2b34d32bf7b2b4de5f26bea192)) - optimizer: improve the esbuild plugin converter to pass some properties of build result to `onEnd` ([#22357](https://redirect.github.com/vitejs/vite/issues/22357)) ([47071ce](https://redirect.github.com/vitejs/vite/commit/47071ce53f21726cf39e999c4407c4828ecbe957)) - update rolldown to 1.0.1 ([#22444](https://redirect.github.com/vitejs/vite/issues/22444)) ([8c766a6](https://redirect.github.com/vitejs/vite/commit/8c766a6c5ee014969c4e32f29cc265e8e2c96e18)) ##### Bug Fixes - build: copy public directory after building same environment with `write=false` ([#22328](https://redirect.github.com/vitejs/vite/issues/22328)) ([158e8ae](https://redirect.github.com/vitejs/vite/commit/158e8ae8efdf7075ab295727e36b5ff68da3243e)) - css: await sass/less/styl worker disposal on teardown (fix [#22274](https://redirect.github.com/vitejs/vite/issues/22274)) ([#22275](https://redirect.github.com/vitejs/vite/issues/22275)) ([b7edcb7](https://redirect.github.com/vitejs/vite/commit/b7edcb7d0dd17ddfeef4ace78d610c099216dade)) - css: keep deprecated `name`/`originalFileName` in synthetic `assetFileNames` call ([#22439](https://redirect.github.com/vitejs/vite/issues/22439)) ([8e59c97](https://redirect.github.com/vitejs/vite/commit/8e59c97a44d923c4c06f67287a793c9aa5a4ebaa)) - make `isBundled` per environment ([#22257](https://redirect.github.com/vitejs/vite/issues/22257)) ([a576326](https://redirect.github.com/vitejs/vite/commit/a5763266170f8606836da5c6f987b4b2fd6ddc55)) - ssr: avoid rewriting labels that collide with imports ([#22451](https://redirect.github.com/vitejs/vite/issues/22451)) ([d9b18e0](https://redirect.github.com/vitejs/vite/commit/d9b18e0387a253628d3d834288e79c5f7e85d566)) ##### Miscellaneous Chores - remove irrelevant commits from changelog ([#22430](https://redirect.github.com/vitejs/vite/issues/22430)) ([6ea3838](https://redirect.github.com/vitejs/vite/commit/6ea383859aaf0ef8e673b458f164e84aeb6ff51d)) - update changelog ([#22413](https://redirect.github.com/vitejs/vite/issues/22413)) ([fcdc87c](https://redirect.github.com/vitejs/vite/commit/fcdc87cc6799857e2bab0f44f333a681694fff74)) </details> <details> <summary>vitest-dev/vitest (vitest)</summary> ### [`v4.1.7`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v4.1.7) [Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7) ##### 🐞 Bug Fixes - runner: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by [@hi-ogawa](https://redirect.github.com/hi-ogawa) in [#10384](https://redirect.github.com/vitest-dev/vitest/issues/10384) [<samp>(4f0f2)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4f0f2a1ee) ##### [View changes on GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7) </details> <details> <summary>vuejs/language-tools (vue-tsc)</summary> ### [`v3.3.1`](https://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#331-2026-05-19) [Compare Source](https://redirect.github.com/vuejs/language-tools/compare/v3.3.0...v3.3.1) ##### language-core - fix: avoid extraneous children error for conditional slots ([#6056](https://redirect.github.com/vuejs/language-tools/issues/6056)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ##### language-service - refactor: replace scanner-based missing props hints detection with AST traversal - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ##### typescript-plugin - fix: get component prop details from symbols - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - fix: skip unchecked JS identifiers in component props ([#6055](https://redirect.github.com/vuejs/language-tools/issues/6055)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ##### vscode - fix: resolve typescript plugin path from resolved server path ([#6058](https://redirect.github.com/vuejs/language-tools/issues/6058)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ### [`v3.3.0`](https://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#330-2026-05-18) [Compare Source](https://redirect.github.com/vuejs/language-tools/compare/v3.2.9...v3.3.0) ##### language-core - feat: check required fallthrough attributes ([#6049](https://redirect.github.com/vuejs/language-tools/issues/6049)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - fix: penetrate `v-if` branch fragments when collecting single root nodes - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - refactor: rename `Sfc` APIs to `IR` - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ##### language-service - fix: reuse ASTs for define assignment suggestions - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - fix: re-support `html.customData` ([#5910](https://redirect.github.com/vuejs/language-tools/issues/5910)) - Thanks to [@Bomberus](https://redirect.github.com/Bomberus)! - fix: strip `=""` only for plain boolean props completion edits - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - fix: reset to default data provider after running with vue data provider - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ##### typescript-plugin - feat: refine props completion logic to follow TS behavior ([#5709](https://redirect.github.com/vuejs/language-tools/issues/5709)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! ##### vscode - fix: include `extraFileExtensions` in tsserver `configure` request payload ([#6048](https://redirect.github.com/vuejs/language-tools/issues/6048)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - fix: write typescript plugins at build time ([#6050](https://redirect.github.com/vuejs/language-tools/issues/6050)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! - fix: avoid infinite diagnostics on Vue files when project diagnostics is enabled ([#6051](https://redirect.github.com/vuejs/language-tools/issues/6051)) - Thanks to [@KazariEX](https://redirect.github.com/KazariEX)! </details> --- ### Configuration 📅 Schedule: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->	2026-05-25 10:08:25 +00:00
Sebastian Ertz	89a49de0fd	Update go js py dependencies (#37525 ) \| go \| from \| to \| \| --- \| --- \| --- \| \| connectrpc.com/connect \| `1.19.1 ` \| `1.19.2` \| \| github.com/Azure/go-ntlmssp \| `0.1.0` \| `0.1.1` \| \| github.com/alecthomas/chroma/v2 \| `2.23.1` \| `2.24.1` \| \| github.com/aws/aws-sdk-go-v2/credentials \| `1.19.15` \| `1.19.16` \| \| github.com/aws/aws-sdk-go-v2/service/codecommit \| `1.33.13` \| `1.33.14` \| \| github.com/blevesearch/bleve/v2 \| `2.5.7` \| `2.6.0` \| \| github.com/caddyserver/certmagic \| `0.25.2` \| `0.25.3` \| \| github.com/fsnotify/fsnotify \| `1.9.0` \| `1.10.1` \| \| github.com/getkin/kin-openapi \| `0.134.0` \| `0.137.0` \| \| github.com/go-co-op/gocron/v2 \| `2.21.0` \| `2.21.1` \| \| github.com/go-sql-driver/mysql \| `1.9.3` \| `1.10.0` \| \| github.com/go-webauthn/webauthn \| `0.16.5` \| `0.17.2` \| \| github.com/klauspost/compress \| `1.18.5` \| `1.18.6` \| \| github.com/mattn/go-isatty \| `0.0.21` \| `0.0.22` \| \| github.com/mattn/go-sqlite3 \| `1.14.42` \| `1.14.44` \| \| github.com/minio/minio-go/v7 \| `7.0.100` \| `7.1.0` \| \| github.com/redis/go-redis/v9 \| `9.18.0` \| `9.19.0` \| \| google.golang.org/grpc \| `1.80.0` \| `1.81.0` \| \| gopkg.in/ini.v1 \| `1.67.1` \| `1.67.2` \| \| js \| from \| to \| \| --- \| --- \| --- \| \| @codemirror/search \| `6.6.0` \| `6.7.0` \| \| @primer/octicons \| `19.24.1` \| `19.25.0` \| \| clippie \| `4.1.14` \| `4.1.15` \| \| easymde \| `2.20.0` \| `2.21.0` \| \| postcss \| `8.5.10` \| `8.5.13` \| \| rolldown-license-plugin \| `3.0.1` \| `3.0.4` \| \| swagger-ui-dist \| `5.32.4` \| `5.32.5` \| \| vite \| `8.0.9` \| `8.0.10` \| \| vite-string-plugin \| `2.0.2` \| `2.0.4` \| \| vue \| `3.5.32` \| `3.5.33` \| \| @typescript-eslint/parser \| `8.59.0` \| `8.59.1` \| \| eslint \| `10.2.1` \| `10.3.0` \| \| eslint-plugin-vue \| `10.8.0` \| `10.9.0` \| \| globals \| `17.5.0` \| `17.6.0` \| \| material-icon-theme \| `5.33.1` \| `5.34.0` \| \| spectral-cli-bundle \| `1.0.7` \| `1.0.8` \| \| stylelint \| `17.8.0` \| `17.10.0` \| \| typescript-eslint \| `8.59.0` \| `8.59.1` \| \| updates \| `17.16.3` \| `17.16.8` \| \| vitest \| `4.1.4` \| `4.1.5` \| \| vue-tsc \| `3.2.7` \| `3.2.8` \| \| pnpm \| `10.33.0` \| `10.33.2` \| \| py \| from \| to \| \| --- \| --- \| --- \| \| click \| `8.3.2` \| `8.3.3` \| \| pathspec \| `1.0.4` \| `1.1.1` \| --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>	2026-05-04 19:27:47 +00:00
TheFox0x7	ff777cd2ad	Add terraform state registry (#36710 ) Adds terraform/opentofu state registry with locking. Implements: https://github.com/go-gitea/gitea/issues/33644. I also checked [encrypted state](https://opentofu.org/docs/language/state/encryption), it works out of the box. Docs PR: https://gitea.com/gitea/docs/pulls/357 --------- Co-authored-by: Andras Elso <elso.andras@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2026-04-06 13:41:17 -07:00
silverwind	b3c6917463	Update JS dependencies (#37001 ) - Update all JS dependencies via `make update-js` - `webpack-cli` 6 to 7: remove `--disable-interpret` from Makefile - Fix lint: remove unnecessary type args, `toThrowError` to `toThrow` - Fix duplicate CSS selector detected by `stylelint` 17.6.0 - Change `updates.config.ts` to use `pin`, needed for `tailwindcss` - Pin `typescript` pending typescript-eslint/typescript-eslint#12123 --------- Co-authored-by: Claude (claude-opus-4-6) <noreply@anthropic.com> Co-authored-by: Giteabot <teabot@gitea.io>	2026-03-27 04:39:24 +01:00
silverwind	ddacefa5d6	Update JS deps (#36656 ) Fixes a [security issue in mermaid](https://github.com/mermaid-js/mermaid/issues/7345), tested mermaid and asciinema.	2026-02-17 19:35:37 +01:00
silverwind	49edbbbc2e	Update JS and PY deps (#36383 ) - Update JS and PY dependencies - Workaround https://github.com/stylelint/stylelint/issues/8893 by moving the stylint config file to JS - Regenerate SVGs - Bump to python 3.14 in devcontainer and actions - Verified `@github/text-expander-element` - Removed obsolete type stub	2026-01-16 11:00:16 +00:00
silverwind	1baca49870	Update JS deps (#35978 ) Update JS deps, regenerate SVGs, fixed lint issues and did cursory testing of UI.	2025-11-20 21:53:44 +00:00
鲁汀	2223be2cc4	Support blue yellow colorblind theme (#35910 ) This icon is from GitHub: <img width="350" height="350" alt="image" src="https://github.com/user-attachments/assets/c3f31901-5359-4b7f-ae68-eddcec63df53" /> --------- Signed-off-by: 鲁汀 <131967983+lutinglt@users.noreply.github.com> Co-authored-by: lutinglt <lutinglt@users.noreply.github.com>	2025-11-11 18:21:15 +00:00
silverwind	c3472dd395	Fix file extension on gogs.png (#35793 ) During https://github.com/go-gitea/gitea/issues/35790, it was noticed that this PNG image had the wrong file extension. I also verified `dingtalk.ico` and that one is actually an `.ico`.	2025-10-30 18:25:53 +01:00
wxiaoguang	6b5563c54a	Support selecting theme on the footer (#35741 ) Fixes: https://github.com/go-gitea/gitea/pull/27576	2025-10-28 18:25:00 +08:00
silverwind	49a0a11f55	Update JS deps, misc tweaks (#35643 ) - Update all JS dependencies - Enable eslint `no-useless-assignment` and fix 2 discovered issues - Replace `gitea-vscode` svg with new `octicon-vscode` - Remove now-unused `@ts-expect-error` comments - Change Monaco wrapping behaviour to match the wrapping in code view: no wrapping indent and break on any character.	2025-10-12 21:07:15 +00:00
鲁汀	327d0a7fdd	The status icon of the Action step is consistent with GitHub (#35618 ) Before: running: <img width="45" height="34" alt="image" src="https://github.com/user-attachments/assets/e2508f98-2f1f-4b7e-a80c-30b406f42531" /> waiting: <img width="44" height="33" alt="image" src="https://github.com/user-attachments/assets/e7c8164e-fdc3-4546-b088-31166544edb0" /> --- After: running: <img width="49" height="43" alt="image" src="https://github.com/user-attachments/assets/b5a9b245-a995-458a-af23-d1723daa3692" /> waiting: <img width="42" height="44" alt="image" src="https://github.com/user-attachments/assets/ff72551e-cfb5-4665-af52-938ef0cf8f1c" /> `gitea-running.svg` is not an icon from the @ primer/octicon library, extracted from the Github page. Github did not assign a clear class name to this icon --------- Signed-off-by: 鲁汀 <131967983+lutinglt@users.noreply.github.com> Co-authored-by: lutinglt <lutinglt@users.noreply.github.com>	2025-10-10 11:25:03 -07:00
silverwind	47df15cabc	Update JS and PY dependencies (#35444 ) Tested all affected dependencies.	2025-09-10 02:30:20 +02:00
silverwind	801da7fdab	Update js dependencies (#35429 )	2025-09-07 18:50:44 +02:00
silverwind	89b4be057b	Switch to `@resvg/resvg-wasm` for `generate-images` (#35415 ) Use the WASM module of [`resvg-js`](https://github.com/thx/resvg-js) to replace `fabric` and the problematic native `canvas` dependency. WASM works cross-platform so we can include it in the main `package.json`.	2025-09-05 21:06:02 +00:00
silverwind	e9655df082	Update tools/package.json dependencies, remove imagemin-zopfli (#35406 ) imagemin-zopfli brings a lot of [vulnerable dependencies](https://github.com/go-gitea/gitea/security/dependabot) and it is unmaintained. The removal brings a size increase to these images, but I think ultimately this size does not matter enough. I verified this passes `pnpm audit` now.	2025-09-04 09:17:33 -04:00
silverwind	e7d6f74450	Update JS and PY deps (#35191 ) - Updated all dependencies - Fixed new CSS lint errors, specifically tested the RepoActivityTopAuthors.vue change - Regenerated SVGs	2025-08-01 07:24:26 +00:00
silverwind	41678e1a57	Update JS dependencies (#34951 ) Ran `make update-js svg` and adapted to svgo v4.	2025-07-04 17:02:32 +02:00
silverwind	f6f6aedd4f	Update JS deps, regenerate SVGs (#34640 ) Result of `make update-js svg`.	2025-06-07 17:59:36 +00:00
wxiaoguang	34e5df6d30	Add material icons for file list (#33837 )	2025-03-10 15:57:17 +08:00
silverwind	3bbacac62c	Update JS and PY dependencies (#33587 ) - Update all dependencies excluding `tailwindcss` and `idiomorph` - Tested citation, asciinema, pdf, swagger --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2025-02-16 14:14:23 +01:00
Typed SIGTERM	47bf836310	Update feishu icon (#33470 )	2025-02-01 14:08:32 +00:00
silverwind	5cada75596	Update dependencies, tweak eslint (#32719 ) - ~~Remove `eslint-plugin-sonarjs`. I lost faith in it since they moved it to their monorepo and I can't recall the last time when this plugin raised a useful error.~~ - Add new rules from `no-jquery` - ~~Tweak typescript config to prevent temp files in root directory in certain situations~~ File is just gitignored now. - Tested all relevant dependencies	2024-12-05 16:13:10 +00:00
KN4CK3R	0c3c041c88	Add Arch package registry (#32692 ) Close #25037 Close #31037 This PR adds a Arch package registry usable with pacman. ![grafik](https://github.com/user-attachments/assets/81cdb0c2-02f9-4733-bee2-e48af6b45224) Rewrite of #25396 and #31037. You can follow [this tutorial](https://wiki.archlinux.org/title/Creating_packages) to build a package for testing. Docs PR: https://gitea.com/gitea/docs/pulls/111 Co-authored-by: [d1nch8g@ion.lc](mailto:d1nch8g@ion.lc) Co-authored-by: @ExplodingDragon --------- Co-authored-by: dancheg97 <dancheg97@fmnx.su> Co-authored-by: dragon <ExplodingFKL@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2024-12-04 23:09:07 +00:00
silverwind	9914c9ab08	Update JS and PY dependencies (#32388 ) - Update all JS dependencies excluding stylelint (because of https://github.com/AndyOGo/stylelint-declaration-strict-value/issues/379). - Update all PY dependencies. - Replace `eslint-plugin-deprecation` with `@typescript-eslint/no-deprecated` rule. - Enabled `unicorn/prefer-math-min-max` and autofixed issues. - Tested all dependencies. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2024-10-31 04:19:15 +00:00
Zettat123	def1c9670b	Support migration from AWS CodeCommit (#31981 ) This PR adds support for migrating repos from [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html). The access key ID and secret access key are required to get repository information and pull requests. And [HTTPS Git credentials](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html) are required to clone the repository. <img src="https://github.com/user-attachments/assets/82ecb2d0-8d43-42b0-b5af-f5347a13b9d0" width="680" /> The AWS CodeCommit icon is from [AWS Architecture Icons](https://aws.amazon.com/architecture/icons/). <img src="https://github.com/user-attachments/assets/3c44d21f-d753-40f5-9eae-5d3589e0d50d" width="320" />	2024-09-11 07:49:42 +08:00
silverwind	a06bbcf0b6	Update JS dependencies (#31616 ) Result of `make update-js`. Tested all dependencies. Lockfile diff is because of https://github.com/npm/cli/pull/7475.	2024-07-11 14:36:02 -04:00
wxiaoguang	f4921b9daa	Simplify 404/500 page (#31409 )	2024-06-23 17:45:21 +00:00
silverwind	9730d3a9af	Update various logos and unify their filenames (#29637 ) 1. Checked all logos, updated 3 of them to newer versions. 2. Remove `open-with-` infix on the editor logos to be consistent with other files. <img width="626" alt="image" src="https://github.com/go-gitea/gitea/assets/115237/3b2d9486-6e0a-45c6-b0e4-d38dc4c0b118">	2024-03-06 22:20:05 +00:00
silverwind	8d32f3cb74	Update Twitter Logo (#29621 ) <img width="430" alt="image" src="https://github.com/go-gitea/gitea/assets/115237/9cf7b0a3-406b-4dd6-ab3d-d31a96b9335a">	2024-03-06 05:21:39 +00:00
wxiaoguang	29a26d9d8c	Customizable "Open with" applications for repository clone (#29320 ) Users could customize the "clone" menu with their own application URLs on the admin panel. Replace #22378 Close #21121 Close #22149	2024-02-24 13:12:17 +00:00
silverwind	c4b0cb4d0d	Upgrade to fabric 6 (#29334 ) Upgrade fabric to latest v6 beta. It works for our use case, even thought it does not fix the upstream issue https://github.com/fabricjs/fabric.js/issues/9679 that https://github.com/go-gitea/gitea/issues/29326 relates to.	2024-02-23 00:31:24 +01:00
DC	3d3c3d9ee5	Update Discord logo (#29285 ) Fixes #27057 by changing the discord .svg file and running `make svg`. Before: <img width="637" src="https://private-user-images.githubusercontent.com/85847352/267667100-1eaf5d20-b4e9-4736-bb55-7f1da04bbde7.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDg0NzAwNDUsIm5iZiI6MTcwODQ2OTc0NSwicGF0aCI6Ii84NTg0NzM1Mi8yNjc2NjcxMDAtMWVhZjVkMjAtYjRlOS00NzM2LWJiNTUtN2YxZGEwNGJiZGU3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDAyMjAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwMjIwVDIyNTU0NVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTIwN2Y2ODc5N2MzZDU5NzgzODRhNDIzZWY3MDk3ODhiYmIzZDU4NWVlYmFmZjc2OTIyZjE3MWM4ZDg0ODZjNTYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.C6jVQLFPfq4fhGV8wiY9D-P21PUNTDMkX2d2-kU17Ug"> After: <img width="637" src="https://github.com/go-gitea/gitea/assets/106393991/45b197ae-e422-42f4-999e-25dc8f6b7a92">	2024-02-21 01:55:26 +00:00
silverwind	a062725758	Update JS and PY dependencies, build for `es2020` browsers (#28977 ) - Update all JS dependencies minus @mcaptcha/vanilla-glue - Fix new lint errors - Regenerate SVGs - Switch to maintained stylelint stylistic plugin - Tested Mermaid, Citation, Swagger, sorting - Raise ESBuild target to `es2020` as dictated by `pretty-ms` dependency.	2024-02-02 09:36:32 +00:00
Matheus Sampaio Queiroga	37ede3197a	Fix google logo in security page (#28982 ) Fix google logo in user security page: #28701 Before ![before user security page](https://github.com/go-gitea/gitea/assets/50121801/6c058c28-8013-470a-b047-f47afecdca09) after ![user security page](https://github.com/go-gitea/gitea/assets/50121801/36053ee9-18c5-4ef0-a63a-8accc1d00adc)	2024-01-30 02:54:52 +02:00
silverwind	ce55a74374	Update JS dependencies (#28537 ) - Update all JS dependencies excluding mcaptcha (breaking changes) and stylelint (plugin not compatible with v16) - Regenerate SVGs - Update markdownlint rule names - Fix one issue of heading in markdown discovered during lint - Update for monaco options renames - Fix stylelint rule length-zero-no-unit for custom properties - Tested editor, swagger, sorting, vue, lint	2023-12-30 05:29:03 +00:00
silverwind	06dcb251f3	Update JS and PY dependencies (#28120 ) - Update all JS and PY dependencies minus `@mcaptcha/vanilla-glue` - Adapt to eslint rule rename - Regenerate all SVGs because of [new optimizations](https://github.com/svg/svgo/releases/tag/v3.0.4) from svgo. - Tested mentions, mermaid, vue, api docs	2023-11-20 01:02:57 +01:00
silverwind	a101dbaa79	Update JS and Poetry dependencies and eslint (#27200 ) - Update all JS and Poetry dependencies - Remove deprecated `eslint-plugin-custom-elements` and replace it with rules from `eslint-plugin-wc` - Add a convenience `make update` to update both js and py dependencies - Tested markdown toolbar, swagger and citation	2023-09-22 22:51:48 +02:00
Chongyi Zheng	7046065c0e	Drop Node.js 16 and update js dependencies (#27094 ) - Drop Node.js 16 since it reached EOL - Upgrade js dependencies - Two packages have major version bump - `updates`: require node 18 - `eslint-plugin-array-func`: require `eslint` 8.40.0, which is satisfied - Run `make svg` for `@primer/octicons` update	2023-09-16 11:36:35 +00:00
silverwind	5feef6d5c0	Update JS dependencies (#26586 ) - Update all JS dependencies - Adapt `ansi_up` import for ESM - Tested Mermaid and Ansi rendering	2023-08-19 10:18:39 +02:00
silverwind	8e644d3460	Update js and py dependencies (#26243 ) - Update all JS and PY dependencies minus `eslint-plugin-eslint-comments` (because of https://github.com/eslint-community/eslint-plugin-eslint-comments/issues/89) - Regenerate SVGs - Remove depreacted eslint rule - Tested mermaid and swagger	2023-07-31 01:16:12 +02:00
wxiaoguang	52fb936773	Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974 ) Replace #25892 Close #21942 Close #25464 Major changes: 1. Serve "robots.txt" and ".well-known/security.txt" in the "public" custom path * All files in "public/.well-known" can be served, just like "public/assets" 3. Add a test for ".well-known/security.txt" 4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so the code can be simpler 5. Add CORS header for ".well-known" endpoints 6. Add logs to tell users they should move some of their legacy custom public files ``` 2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img 2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt ``` This PR is not breaking. --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>	2023-07-21 12:14:20 +00:00
wxiaoguang	faa28b5a44	Move public asset files to the proper directory (#25907 ) Move `public/` to `public/assets/` Some old PRs (like #15219) introduced inconsistent directory system. For example: why the local directory "public" is accessed by `http://site/assets`? How to serve the ".well-known" files properly in the public directory? For convention rules, the "public" directory is widely used for the website's root directory. It shouldn't be an exception for Gitea. So, this PR makes the things consistent: * `http://site/assets/foo` means `{CustomPath}/public/assets/foo`. * `{CustomPath}/public/.well-known` and `{CustomPath}/public/robots.txt` can be used in the future. This PR is also a prerequisite for a clear solution for: * #21942 * #25892 * discourse.gitea.io: [.well-known path serving custom files behind proxy?](https://discourse.gitea.io/t/well-known-path-serving-custom-files-behind-proxy/5445/1) This PR is breaking for users who have custom "public" files (CSS/JS). After getting approvals, I will update the documents. ---- ## ⚠️ BREAKING ⚠️ If you have files in your "custom/public/" folder, please move them to "custom/public/assets/". --------- Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Giteabot <teabot@gitea.io>	2023-07-18 18:06:43 +02:00
silverwind	d2142ba3c3	Update octicons and use `octicon-file-directory-symlink` (#25453 ) Make use of the [new octicon](https://github.com/primer/octicons/issues/945) that indicates a symlink to a directory: <img width="189" alt="Screenshot 2023-06-22 at 22 50 57" src="https://github.com/go-gitea/gitea/assets/115237/a70690ea-ebfc-48fe-af23-cdc33bcb2098">	2023-06-22 22:05:52 +00:00
silverwind	f47744c3f1	Update JS dependencies, remove space after emoji completion (#25266 ) - Update all JS dependencies - Enable stylint [`media-feature-name-value-no-unknown`](https://stylelint.io/user-guide/rules/media-feature-name-value-no-unknown) - Make use of new features in webpack and text-expander-element - Tested Swagger and Mermaid To explain the `text-expander-element` change: Before this version, the element added a unavoidable space after emoji completion. Now that https://github.com/github/text-expander-element/pull/36 is in, we gain control over this space and I opted to remove it for emoji completion and retain it for `@` mentions. --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-06-18 08:38:47 +00:00
silverwind	a51b115b0a	Use inline SVG for built-in OAuth providers (#25171 ) The plan is that all built-in auth providers use inline SVG for more flexibility in styling and to get the GitHub icon to follow `currentcolor`. This only removes the `public/img/auth` directory and adds the missing svgs to our svg build. It should map the built-in providers to these SVGs and render them. If the user has set a Icon URL, it should render that as an `img` tag instead. ``` gitea-azure-ad gitea-bitbucket gitea-discord gitea-dropbox gitea-facebook gitea-gitea gitea-gitlab gitea-google gitea-mastodon gitea-microsoftonline gitea-nextcloud gitea-twitter gitea-yandex octicon-mark-github ``` GitHub logo is now white again on dark theme: <img width="431" alt="Screenshot 2023-06-12 at 21 45 34" src="https://github.com/go-gitea/gitea/assets/115237/27a43504-d60a-4132-a502-336b25883e4d"> --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-06-13 10:51:02 +00:00
HesterG	63a429581c	Modify OAuth login ui and fix display name, iconurl related logic (#25030 ) Close #24808 Co-Authour @wxiaoguang @silverwind 1. Most svgs are found from https://worldvectorlogo.com/ , and some are from conversion of png to svg. (facebook and nextcloud). And also changed `templates/user/settings/security/accountlinks.tmpl`. 2. Fixed display name and iconurl related logic # After <img width="1436" alt="Screen Shot 2023-06-05 at 14 09 05" src="https://github.com/go-gitea/gitea/assets/17645053/a5db39d8-1ab0-4676-82a4-fba60a1d1f84"> On mobile <img width="378" alt="Screen Shot 2023-06-05 at 14 09 46" src="https://github.com/go-gitea/gitea/assets/17645053/71d0f51b-baac-4f48-8ca2-ae0e013bd62e"> user/settings/security/accountlinks (The dropdown might be improved later) <img width="973" alt="Screen Shot 2023-06-01 at 10 01 44" src="https://github.com/go-gitea/gitea/assets/17645053/27010e7e-2785-4fc5-8c49-b06621898f37"> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-06-08 16:35:29 +00:00
silverwind	e4e98979ff	Add PDF rendering via PDFObject (#24086 ) Use [PDFObject](https://pdfobject.com/) to embed PDFs, replacing our outdated PDF.js copy we vendor (the last non-webpack vendoring). [Commit 1](https://github.com/go-gitea/gitea/pull/24086/commits/673e0263da64b72565ff59b990ab1b8e87271872) is the PDFObject integration [Commit 2](https://github.com/go-gitea/gitea/pull/24086/commits/9336f5769d54445bba0e16776164f6a2fe2c32ac) is the removal of PDF.js <img width="1251" alt="Screenshot 2023-05-27 at 09 57 52" src="https://github.com/go-gitea/gitea/assets/115237/169ce50c-bd1d-4bb0-86e5-1710bd0400a9"> <img width="1257" alt="Screenshot 2023-05-27 at 10 12 50" src="https://github.com/go-gitea/gitea/assets/115237/318f7ee9-fb11-4093-83e7-17475aa70629"> Fallback for unsupporting browsers (most mobile ones, except Firefox Mobile): <img width="358" alt="Screenshot 2023-05-27 at 09 43 34" src="https://github.com/go-gitea/gitea/assets/115237/8c12d7ba-57d6-4228-89a0-5fef9fad0cbb"> --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-29 12:10:00 +00:00

1 2 3 4 5 ...

1221 Commits