Skip to content

fix(deps): update all non-major updates#30

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-non-major-updates
Open

fix(deps): update all non-major updates#30
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-non-major-updates

Conversation

@renovate

@renovate renovate Bot commented Jun 21, 2026

Copy link
Copy Markdown

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@axe-core/playwright 4.11.34.12.1 age confidence devDependencies minor
@chenglou/pretext ^0.0.6^0.0.8 age confidence dependencies patch
@cloudflare/workers-types 4.20260611.14.20260702.1 age confidence devDependencies minor
@iconify-json/lucide 1.2.1031.2.117 age confidence devDependencies patch 1.2.118
@logtape/logtape (source) 2.1.32.2.4 age confidence dependencies minor
@playwright/test (source) 1.60.01.61.1 age confidence devDependencies minor
@srsholmes/tauri-playwright 0.4.00.4.1 age confidence devDependencies patch
@sveltejs/adapter-cloudflare (source) 7.2.87.2.9 age confidence devDependencies patch
@sveltejs/kit (source) 2.65.02.69.3 age confidence devDependencies minor 2.70.0
@sveltejs/vite-plugin-svelte (source) 7.1.27.2.0 age confidence devDependencies minor
@tauri-apps/api 2.11.02.11.1 age confidence dependencies patch
@tauri-apps/cli 2.11.22.11.4 age confidence devDependencies patch
@testing-library/svelte (source) 5.3.15.4.2 age confidence devDependencies minor
@types/hast (source) 3.0.43.0.5 age confidence devDependencies patch
@types/node (source) 26.0.126.1.1 age confidence devDependencies minor
@vitest/coverage-v8 (source) 4.1.84.1.10 age confidence devDependencies patch
actions/cache v5.0.4v5.1.0 age confidence action minor
actions/checkout (changelog) de0fac2df4cb1c action digest
alpine 3.213.24 age confidence stage minor
astro (source) 7.0.67.0.9 age confidence dependencies patch 7.1.1 (+1)
bitflags 2.13.02.13.1 age confidence dependencies patch
bytes 1.12.01.12.1 age confidence dependencies patch
dorny/paths-filter v4.0.1v4.0.2 age confidence action patch
eslint (source) 10.4.110.7.0 age confidence devDependencies minor
eslint-plugin-svelte (source) 3.19.03.20.0 age confidence devDependencies minor
exacl 0.120.13 age confidence dependencies minor
genai =0.6.0-beta.19=0.6.5 age confidence dependencies patch
gix 0.810.85 age confidence dependencies minor
globals 17.6.017.7.0 age confidence devDependencies minor
go 1.25.121.26.5 age confidence minor
golang.org/x/term v0.42.0v0.45.0 age confidence require minor
happy-dom 20.10.220.10.6 age confidence devDependencies patch 20.11.0
hono (source) 4.12.254.12.30 age confidence dependencies patch 4.12.31
intl-messageformat 11.2.811.2.11 age confidence dependencies patch 11.2.12
jdx/mise-action (changelog) 1648a78dad1bfd action digest
knip (source) 6.16.16.27.0 age confidence devDependencies minor
listmonk/listmonk v6.0.0v6.2.0 age confidence final minor
lzma-rust2 0.16.40.16.5 age confidence dependencies patch
marked (source) 18.0.518.0.6 age confidence dependencies patch
mdns-sd 0.190.20 age confidence dependencies minor 0.20.2
memchr 2.8.22.8.3 age confidence dependencies patch
numpy (changelog) ==2.1.3==2.5.1 age confidence minor
oxfmt (source) ^0.46.0^0.59.0 age confidence devDependencies minor
oxlint (source) 1.69.01.74.0 age confidence devDependencies minor
pillow (changelog) ==11.0.0==11.3.0 age confidence minor
pnpm (source) 11.9.011.11.0 age confidence packageManager minor 11.15.0 (+2)
pnpm (source) 11.0.911.11.0 age confidence minor 11.15.0 (+2)
prettier (source) 3.8.43.9.5 age confidence devDependencies minor
regex 1.12.41.13.1 age confidence dependencies minor
resend 6.12.46.17.2 age confidence dependencies minor
rusqlite 0.390.40 age confidence dependencies minor
rust (source, changelog) 1.95.01.97.0 age confidence toolchain minor 1.97.1
satori 0.26.00.28.0 age confidence dependencies minor
scikit-learn (changelog) ==1.5.2==1.9.0 age confidence minor
sevenz-rust2 (source) 0.21.20.21.3 age confidence dev-dependencies patch
sevenz-rust2 (source) 0.21.20.21.3 age confidence dependencies patch
sharp (source, changelog) ^0.34.5^0.35.0 age confidence dependencies minor
specta =2.0.0-rc.24=2.0.0-rc.25 age confidence dependencies patch
specta-typescript =0.0.11=0.0.12 age confidence dev-dependencies patch
stylelint (source) 17.13.017.14.0 age confidence devDependencies minor
svelte (source) 5.56.35.56.5 age confidence devDependencies patch 5.56.6
svelte-check 4.6.04.7.3 age confidence devDependencies minor
sysinfo 0.38.40.39.0 age confidence dependencies minor
tauri-apps/tauri-action (changelog) 73fb86584b9d35 action digest
tauri-plugin-global-shortcut =2.3.1=2.3.2 age confidence dependencies patch
tauri-plugin-mcp-bridge 0.110.12 age confidence dependencies minor
tauri-specta =2.0.0-rc.24=2.0.0-rc.25 age confidence dependencies patch
torch ==2.5.1==2.13.0 age confidence minor
tower-http 0.60.7 age confidence dependencies minor
transformers ==4.49.0==4.57.6 age confidence minor
tsx (source) 4.22.44.23.1 age confidence devDependencies minor
typescript-eslint (source) 8.61.08.64.0 age confidence devDependencies minor
umputun/remark42 (source) v1.15.0v1.16.4 age confidence minor
uuid 1.23.41.24.0 age confidence dependencies minor
vite (source) 8.0.168.1.4 age confidence devDependencies minor 8.1.5
vitest (source) 4.1.84.1.10 age confidence devDependencies patch
wrangler (source) 4.99.04.111.0 age confidence devDependencies minor 4.112.0
zbus 5.16.05.17.0 age confidence dependencies minor 5.18.0

Release Notes

dequelabs/axe-core-npm (@​axe-core/playwright)

v4.12.1

Compare Source

chenglou/pretext (@​chenglou/pretext)

v0.0.8

Compare Source

Added
  • The published package now ships declaration maps, so editor go-to-definition and programmatic TypeScript source tracing land in the shipped .ts source instead of the .d.ts files.
Fixed
  • Word-internal keyboard and Unicode symbol runs in long words now stay with surrounding text the way browsers break them, while browser-break symbols stay breakable (#​169).
  • Overlong hyphenated runs now prefer browser-like dash breakpoints before falling back to emergency grapheme breaks (#​89).

v0.0.7

Compare Source

Changed
  • The package now declares itself side-effect-free so bundlers can tree-shake unused entrypoints (#​160).
  • layoutNextLine() and layoutNextLineRange() now avoid redundant chunk lookup in chunk-heavy manual layout paths (#​140).
Fixed
  • { wordBreak: 'keep-all' } now handles no-space mixed Latin, numeric, and CJK text more like browsers.
  • No-space punctuation chains now stay together for non-ASCII word-like text too, instead of only ASCII words.
  • Opening punctuation such as ¡, ¿, German low quotes, and now stays with the following word instead of dangling at line end (#​165).
  • Numeric prefix/postfix symbols like $, %, , +, , and ° now stay attached to adjacent text the way browser line breaking does (#​105).
  • Soft-hyphen breaks now stay at the soft-hyphen insertion point instead of pulling post-hyphen graphemes onto the broken line (#​162).
  • Line geometry now preserves browser-style terminal letter spacing, including rich-inline item boundaries and visible soft-hyphen breaks (#​171).
  • Rich-inline item boundaries no longer overflow the requested width after a forced-progress break (#​132).
  • The markdown chat demo now drops parsed link URLs unless they resolve to HTTP(S) hrefs (#​168).
cloudflare/workerd (@​cloudflare/workers-types)

v4.20260702.1

Compare Source

v4.20260701.1

Compare Source

v4.20260630.1

Compare Source

v4.20260629.1

Compare Source

v4.20260628.1

Compare Source

v4.20260627.1

Compare Source

v4.20260626.1

Compare Source

v4.20260625.1

Compare Source

v4.20260624.1

Compare Source

v4.20260623.1

Compare Source

v4.20260621.1

Compare Source

v4.20260620.1

Compare Source

v4.20260619.1

Compare Source

v4.20260617.1

Compare Source

v4.20260616.1

Compare Source

v4.20260615.1

Compare Source

v4.20260613.1

Compare Source

v4.20260612.1

Compare Source

dahlia/logtape (@​logtape/logtape)

v2.2.4

Compare Source

Released on July 7, 2026.

@​logtape/logtape
  • Fixed a bug where repeated configure() or configureSync() calls could
    leave duplicate process exit hooks registered on Node.js and Bun, causing
    MaxListenersExceededWarning in long-running test suites or hot-reload
    processes. LogTape now removes its runtime disposal hook when resetting
    configuration. [#​192]

v2.2.3

Compare Source

Released on July 3, 2026.

@​logtape/sentry
  • Fixed the Sentry sink to treat the Pino-style err property as an
    exception fallback when the error property does not contain an Error
    instance, so error-level logs using { err } are captured with stack
    traces. [[#​189]]

v2.2.2

Compare Source

Released on July 1, 2026.

@​logtape/file
  • Fixed a bug where getTimeRotatingFileSink() did not delete old files
    when both filename and maxAgeMs were configured. Time-rotating file
    sinks now use file modification times for cleanup when a custom filename
    generator is configured. [#​183]

v2.2.1

Compare Source

Released on June 24, 2026.

@​logtape/logtape
  • Fixed a bug where withCategoryPrefix() was incorrectly applied to
    sub-loggers of the meta logger (e.g., ["logtape", "meta", "sink"]).
    [#​182 by Sebastian Wesley-Smith]
@​logtape/sentry
  • Fixed the Sentry sink to report internal errors to the meta logger
    (["logtape", "meta", "sentry"]) instead of console.debug(),
    making sink failures observable in tests and production.
    [#​181 by Sebastian Wesley-Smith]

  • Fixed a TypeError: Converting circular structure to JSON raised while
    rendering interpolated message values (e.g. logging a Response or any
    value containing a circular reference as
    logger.error("…{error}", { error })). The sink now uses the same
    cross-runtime inspect helper as @​logtape/logtape and @​logtape/pretty
    (Deno.inspect() on Deno, util.inspect() on Node.js/Bun) via the #util
    import map, instead of a fallible globalThis-detection fallback that
    silently degraded to JSON.stringify() on Node.js. [#​180]

v2.2.0

Compare Source

Released on June 22, 2026.

@​logtape/logtape
  • Improved enabled logging performance by avoiding redundant log record
    category copying when no category prefix is active.

  • Improved enabled string logging performance by using a faster snapshot path
    for log records created by LogTape.

  • Improved simple string logging performance by avoiding implicit context
    allocation and lazy record getters when a log call has no properties or
    message placeholders.

  • Improved enabled logging performance by caching effective sink dispatch
    plans instead of rebuilding the inherited sink list for every log record.

  • Improved enabled logging performance for built-in stream sinks by skipping
    the pre-sink log record snapshot when the sink consumes the record
    synchronously.

  • Improved default JSON Lines formatter performance by avoiding an
    intermediate wrapper object while preserving JSON serialization behavior.

  • Reduced allocation overhead in enabled logging by avoiding sink array
    materialization for the common single-sink path.

@​logtape/config
  • Added ConfigureOptions.contextLocalStorage option to
    configureFromObject(), enabling implicit context support when loading
    configuration from external files. This mirrors the
    Config.contextLocalStorage option available in configure() and
    configureSync().
@​logtape/testing
  • New package @​logtape/testing providing testing utilities for collecting
    and asserting LogTape records in memory. [#​173, #​175]

    • Added createLogRecorder(): LogRecorder.
    • Added LogRecorder interface with sink, records, clear(),
      take(), find(), filter(), assertLogged(), and
      assertNotLogged().
    • Added LogRecordMatch interface for matching category, category
      prefix, level, rendered message, raw message, structured properties,
      and custom predicates. Date property values are matched by
      timestamp, and regular expression matcher values match string property
      values.
    • Added PropertyMatcher type for custom property matching.
@​logtape/elysia, @​logtape/express, @​logtape/hono, and @​logtape/koa
  • Added opt-in request-scoped context support to elysiaLogger(),
    expressLogger(), honoLogger(), and koaLogger(). Set
    context: true to read the incoming x-request-id header, generate a
    request ID when the header is missing, write the resolved ID to the
    x-request-id response header, and add requestId to request log records
    and, when implicit context storage is configured, logs emitted while
    handling the request. [#​172, #​174]

    • Added context?: boolean | RequestContextOptions to
      ElysiaLogTapeOptions, ExpressLogTapeOptions, HonoLogTapeOptions,
      and KoaLogTapeOptions.
    • Added RequestContextOptions with
      requestId?: boolean | RequestIdOptions,
      include?: readonly RequestContextField[], and
      enrich?: (...) => Record<string, unknown> | Promise<Record<string, unknown>>.
    • Added RequestIdOptions with property?: string,
      headerNames?: readonly string[],
      responseHeader?: string | false, generate?: () => string, and
      normalize?: (value: string) => string | null.
    • Added RequestContextField for selecting request fields in implicit
      context. The Express integration also supports the httpVersion
      field.
  • Added clearer predefined format names to elysiaLogger().
    structured-combined and structured-common are structured request log
    presets, while morgan-combined and morgan-common produce
    Morgan-compatible Apache access log text. The existing combined and
    common format names remain supported as deprecated aliases for the
    corresponding structured presets. [#​178]

  • Added clearer predefined format names to expressLogger().
    structured-combined and structured-common are structured request log
    presets, while morgan-combined and morgan-common produce
    Morgan-compatible Apache access log text. The existing combined and
    common format names remain supported as deprecated aliases for the
    corresponding structured presets. [#​178]

  • Added clearer predefined format names to honoLogger().
    structured-combined and structured-common are structured request log
    presets, while morgan-combined and morgan-common produce
    Morgan-compatible Apache access log text. The existing combined and
    common format names remain supported as deprecated aliases for the
    corresponding structured presets. [#​178]

  • Added clearer predefined format names to koaLogger().
    structured-combined and structured-common are structured request log
    presets, while morgan-combined and morgan-common produce
    Morgan-compatible Apache access log text. The existing combined and
    common format names remain supported as deprecated aliases for the
    corresponding structured presets. [#​178]

@​logtape/file
  • Improved getStreamFileSink() throughput by writing formatted log records
    directly to the underlying file stream instead of routing them through an
    extra Node.js stream layer.

  • Improved file sink throughput by skipping the pre-sink log record snapshot
    for built-in file sinks that format records immediately.

  • Fixed a bug where getRotatingFileSink() with maxFiles: 0 or a negative
    maxFiles still renamed the current file to path.1 during rollover,
    leaving stale backup files behind even though no backups should be kept.
    This adds optional unlinkSync(path: string): void methods to the
    RotatingFileSinkDriver and AsyncRotatingFileSinkDriver interfaces;
    custom base rotating file drivers must provide them when maxFiles is
    0 or negative.

@​logtape/lint
  • New package @​logtape/lint providing lint rules for ESLint (v8 and v9),
    Oxlint, and Deno Lint that detect common LogTape usage mistakes.
    [#​170, #​171]

    • Added no-message-interpolation rule: flags template literals with
      ${} expressions passed as a log method's message argument.
    • Added prefer-lazy-evaluation rule: flags eager ObjectExpression
      property values that contain function calls, and provides an auto-fix
      that wraps the object in an arrow function callback.
    • Added no-unawaited-log rule: flags async arrow or function callbacks
      passed to log methods without await; provides a conditional auto-fix
      when the enclosing function is async.
    • Added require-meta-sink rule: warns when configure() or
      configureSync() is called without a logger entry for the meta
      category ("logtape", ["logtape"], or ["logtape", "meta"]).
@​logtape/sentry
  • Added SentrySinkOptions.sentry option for passing the Sentry SDK
    namespace initialized by the application. This lets the sink use the same
    Sentry module instance for captures, active spans, isolation scopes, and
    structured logs in apps where @​logtape/sentry may otherwise resolve a
    different @sentry/core version. [#​167]
@​logtape/drizzle-orm
  • Added SQLite support to DrizzleLogger. [#​168, #​169 by Van-sh]

    • Added DrizzleDialects type.
    • Added DrizzleLoggerOptions.dialect?: DrizzleDialects option which
      defaults to "pg".
    • Now serialize() and stringLiteral() functions and
      DrizzleLogger constructor take an optional dialect?: DrizzleDialect
      parameter.
@​logtape/redaction
  • Added maxDepth and maxProperties options to field-based and
    pattern-based redaction so very deep or very large log records cannot cause
    unbounded recursive traversal. When a limit is exceeded, redaction now
    emits a warning through the meta logger and truncates or omits the
    unprocessed portion of the record.

    • Added PatternRedactionOptions interface.
    • Added RedactionTraversalOptions interface.
@​logtape/adaptor-pino
  • The pino peer dependency now accepts Pino 10.x in addition to 9.x.
    The supported range is expanded from ^9.7.0 to ^9.7.0 || ^10.0.0.
    [#​176]

v2.1.8

Compare Source

Released on July 7, 2026.

@​logtape/logtape
  • Fixed a bug where repeated configure() or configureSync() calls could
    leave duplicate process exit hooks registered on Node.js and Bun, causing
    MaxListenersExceededWarning in long-running test suites or hot-reload
    processes. LogTape now removes its runtime disposal hook when resetting
    configuration. [[#​192]]

v2.1.7

Compare Source

Released on July 3, 2026.

@​logtape/sentry
  • Fixed the Sentry sink to treat the Pino-style err property as an
    exception fallback when the error property does not contain an Error
    instance, so error-level logs using { err } are captured with stack
    traces. [[#​189]]

v2.1.6

Compare Source

Released on July 1, 2026.

@​logtape/file
  • Fixed a bug where getTimeRotatingFileSink() did not delete old files
    when both filename and maxAgeMs were configured. Time-rotating file
    sinks now use file modification times for cleanup when a custom filename
    generator is configured. [[#​183]]

v2.1.5

Compare Source

Released on June 16, 2026.

@​logtape/syslog
  • Fixed a security vulnerability where structured data values containing C0
    control characters could inject forged syslog frames when
    SyslogSinkOptions.includeStructuredData was enabled. Structured
    data values now replace C0 control characters with printable #NNN
    sequences, and structured data parameters with invalid RFC 5424 SD-NAME
    keys are skipped. [CVE-2026-54511]

v2.1.4

Compare Source

Released on June 13, 2026.

@​logtape/file
  • Fixed a bug where non-blocking getRotatingFileSink() could leave records
    queued during an active background flush buffered until the next log record
    or disposal.
microsoft/playwright (@​playwright/test)

v1.61.1

Compare Source

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with [credentials.get()](https://playwright.dev/docs/api/class-credentials#creden

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone Europe/Budapest)

  • Branch creation
    • "before 6am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Jun 21, 2026

Copy link
Copy Markdown
Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: apps/desktop/src-tauri/Cargo.toml
Artifact update for mdns-sd resolved to version 0.20.2, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 0.20.1
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

@renovate
renovate Bot force-pushed the renovate/all-non-major-updates branch from 73d9730 to 11d6330 Compare June 24, 2026 20:19
vdavid added a commit that referenced this pull request Jul 7, 2026
… weekly update train

The grouped non-major PR (#30) has been unmergeable for two weeks because Renovate kept proposing two bumps that can never resolve:

- `rand_core` 0.6 → 0.10: the test-only keygen dep must match ed25519-dalek 2.x's rand_core API, and the `getrandom` feature we request no longer exists past 0.6. New rule caps it with `allowedVersions: <0.7.0`.
- `sspi` / `smb-rpc` pins in `benchmarks/smb/`: the harness pins these in lockstep with `smb` 0.11's internal `=0.18.7` pin, so independent bumps always dead-end in a `crypto-bigint` conflict. New rule disables Renovate for the whole harness.

With these in place, retrying #30 regenerates the group without the poisoned bumps, and automerge can flow again.
@renovate
renovate Bot force-pushed the renovate/all-non-major-updates branch from 11d6330 to 5b54607 Compare July 18, 2026 23:14
@renovate
renovate Bot force-pushed the renovate/all-non-major-updates branch from 5b54607 to cd93fb6 Compare July 18, 2026 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants