chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@antfu/eslint-config	^6.1.0 → ^6.7.3			pnpm.catalog.dev	minor
@commitlint/cli (source)	^20.1.0 → ^20.5.3			pnpm.catalog.dev	minor
@commitlint/config-conventional (source)	^20.0.0 → ^20.5.3			pnpm.catalog.dev	minor
@date-fns/tz	^1.4.1 → ^1.5.0			pnpm.catalog.integrations	minor
@iconify-json/fluent	^1.2.34 → ^1.2.49			pnpm.catalog.dev	patch
@iconify-json/lucide	^1.2.71 → ^1.2.111			pnpm.catalog.dev	patch
@iconify-json/simple-icons	^1.2.56 → ^1.2.86			pnpm.catalog.dev	patch
@internationalized/date (source)	^3.10.0 → ^3.12.2			pnpm.catalog.integrations	minor
@nuxt/devtools (source)	^3.1.1 → ^3.2.4			pnpm.catalog.dev	minor
@nuxt/ui (source)	^4.2.1 → ^4.8.2			pnpm.catalog.integrations	minor
@nuxtjs/i18n (source)	^10.2.1 → ^10.4.0			pnpm.catalog.dev	minor
@openai/agents (source)	^0.2.1 → ^0.11.6			pnpm.catalog.integrations	minor
@paralleldrive/cuid2	2.2.2 → 2.3.1			pnpm.catalog.integrations	minor
@pinia/nuxt (source)	^0.11.2 → ^0.11.3			pnpm.catalog.integrations	patch
@tailwindcss/typography	^0.5.19 → ^0.5.20			pnpm.catalog.dev	patch
@tma.js/sdk-vue (source)	^1.0.8 → ^1.0.19			pnpm.catalog.integrations	patch
@types/node (source)	^24.9.2 → ^24.13.2			pnpm.catalog.types	minor
@types/pg (source)	8.15.5 → 8.20.0			devDependencies	minor
@unovis/ts (source)	^1.6.1 → ^1.6.5			pnpm.catalog.integrations	patch
@unovis/vue (source)	^1.6.1 → ^1.6.5			pnpm.catalog.integrations	patch
@vitest/browser-playwright (source)	^4.0.5 → ^4.1.8			pnpm.catalog.test	minor
@vitest/coverage-v8 (source)	^4.0.5 → ^4.1.8			pnpm.catalog.test	minor
arktype (source)	^2.1.22 → ^2.2.0			pnpm.catalog.integrations	minor
bumpp	^10.3.1 → ^10.4.1			pnpm.catalog.dev	minor
date-fns	^4.1.0 → ^4.4.0			pnpm.catalog.integrations	minor
dotenv	^17.2.3 → ^17.4.2			pnpm.catalog.dev	minor
drizzle-cuid2	2.1.0 → 2.2.0			dependencies	minor
drizzle-kit (source)	0.31.5 → 0.31.10			devDependencies	patch
eslint (source)	^9.39.2 → ^9.39.4			pnpm.catalog.dev	patch
grammy (source)	^1.38.3 → ^1.43.0			pnpm.catalog.integrations	minor
ioredis	^5.8.2 → ^5.11.1			pnpm.catalog.integrations	minor
libphonenumber-js	^1.12.25 → ^1.13.6			pnpm.catalog.integrations	minor
lint-staged	^16.2.7 → ^16.4.0			pnpm.catalog.dev	minor
node (source)	>=24.11.0 → >=24.16.0			engines	minor
node	24.11.0-alpine → 24.16.0-alpine			final	minor
node	24.11.0-slim → 24.16.0-slim			final	minor
nuxt-auth-utils	^0.5.26 → ^0.5.29			pnpm.catalog.dev	patch
openai	^6.7.0 → ^6.42.0			pnpm.catalog.integrations	minor
pg (source)	8.16.3 → 8.21.0			dependencies	minor
pinia (source)	^3.0.3 → ^3.0.4			pnpm.catalog.integrations	patch
playwright (source)	^1.56.1 → ^1.60.0			pnpm.catalog.test	minor
pnpm (source)	10.20.0 → 10.34.2			packageManager	minor
pnpm (source)	>=10.20.0 → >=10.34.2			engines	minor
ru-nalog-fias-gar	1.0.4 → 1.0.5			dependencies	patch
sharp (source, changelog)	^0.34.4 → ^0.35.0			pnpm.catalog.integrations	minor
sortablejs	^1.15.6 → ^1.15.7			pnpm.catalog.integrations	patch
uqr	0.1.2 → 0.1.3			dependencies	patch
vitest (source)	^4.0.5 → ^4.1.8			pnpm.catalog.test	minor
vitest-browser-vue	^2.0.1 → ^2.1.0			pnpm.catalog.test	minor
vue-tsc (source)	^3.1.8 → ^3.3.4			pnpm.catalog.dev	minor

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v6.7.3

Compare Source

   🐞 Bug Fixes

• pnpm: Remove catalogMode in the enforced settings  -  by @​antfu (4fc09)

    View changes on GitHub

v6.7.2

Compare Source

   🐞 Bug Fixes

• Update react rules to match eslint-react v2  -  by @​Rel1cx in #​795 (6b425)
• pnpm: Add ignore for @​types/vscode in json-enforce-catalog  -  by @​jinghaihan in #​794 (95685)

    View changes on GitHub

v6.7.1

Compare Source

   🐞 Bug Fixes

• pnpm: Do not set catalogMode when catalogs is not enabled  -  by @​antfu (0471e)

    View changes on GitHub

v6.7.0

Compare Source

   🚀 Features

• Add more options to toggle configs  -  by @​antfu (203b8)

   🐞 Bug Fixes

• pnpm: Respect yaml and jsonc config in the factory, close #​791  -  by @​antfu in #​791 (3e0c5)

    View changes on GitHub

v6.6.1

Compare Source

   🐞 Bug Fixes

• pnpm: Detection  -  by @​antfu (e649f)

    View changes on GitHub

v6.6.0

Compare Source

   🐞 Bug Fixes

• pnpm: Enforce catalog usage based on smart detection  -  by @​antfu (654c0)

    View changes on GitHub

v6.5.1

Compare Source

   🐞 Bug Fixes

• Adopt to tsdown extension change, close #​786, close #​787  -  by @​antfu in #​786 and #​787 (c16d3)

    View changes on GitHub

v6.5.0

Compare Source

   🚀 Features

• react: React compiler preset  -  by @​hyoban in #​784 (663e0)

   🐞 Bug Fixes

• Spelling of required-scrpts  -  by @​christopher-buss in #​785 (26185)
• pnpm: Remove cleanupUnusedCatalogs setting  -  by @​antfu (f712a)

    View changes on GitHub

v6.4.2

Compare Source

   🐞 Bug Fixes

• pnpm: Move pnpm-workspace.yaml sorting config from yaml to pnpm  -  by @​antfu (fc2b1)

    View changes on GitHub

v6.4.1

Compare Source

No significant changes

    View changes on GitHub

v6.3.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (2d2b6)

   🐞 Bug Fixes

• Ts error from cb29b1a  -  by @​daflyinbed in #​782 (b4e49)

    View changes on GitHub

v6.2.0

Compare Source

   🚀 Features

• Accepting functions for ignores, close #​776  -  by @​antfu in #​776 (63b13)

    View changes on GitHub

conventional-changelog/commitlint (@​commitlint/cli)

v20.5.3

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.5.2

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.5.0

Compare Source

Bug Fixes

• cli: validate that --cwd directory exists before execution (#​4658) (cf80f75), closes #​4595

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/cli

20.4.3 (2026-03-03)

Bug Fixes

• footer parser does not escape special chars for regex #​4560 (#​4634) (8ff7c7f)

20.4.2 (2026-02-19)

Note: Version bump only for package @​commitlint/cli

20.4.1 (2026-02-02)

Note: Version bump only for package @​commitlint/cli

v20.4.4

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.4.3

Compare Source

Bug Fixes

• footer parser does not escape special chars for regex #​4560 (#​4634) (8ff7c7f)

v20.4.2

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.4.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.4.0

Compare Source

Features

• upgrade conventional commit packages #​4082 (#​4597) (3aaf0a6)

20.3.1 (2026-01-08)

Note: Version bump only for package @​commitlint/cli

v20.3.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.3.0

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.2.0

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v20.5.3

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v20.5.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/config-conventional

20.4.3 (2026-03-03)

Bug Fixes

• footer parser does not escape special chars for regex #​4560 (#​4634) (8ff7c7f)

20.4.2 (2026-02-19)

Note: Version bump only for package @​commitlint/config-conventional

20.4.1 (2026-02-02)

Note: Version bump only for package @​commitlint/config-conventional

v20.4.4

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v20.4.3

Compare Source

Bug Fixes

• footer parser does not escape special chars for regex #​4560 (#​4634) (8ff7c7f)

v20.4.2

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v20.4.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v20.4.0

Compare Source

Features

• upgrade conventional commit packages #​4082 (#​4597) (3aaf0a6)

20.3.1 (2026-01-08)

Note: Version bump only for package @​commitlint/config-conventional

v20.3.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v20.3.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v20.2.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

adobe/react-spectrum (@​internationalized/date)

v3.12.2

Compare Source

v3.12.1

Compare Source

v3.12.0

Compare Source

v3.11.0

Compare Source

v3.10.1

Compare Source

nuxt/devtools (@​nuxt/devtools)

v3.2.4

Compare Source

   🚀 Features

• Use ua-parser-modern  -  by @​antfu (114aa)

   🐞 Bug Fixes

• Nuxt devtools inspector style  -  by @​antfu (91f09)

    View changes on GitHub

v3.2.3

Compare Source

Bug Fixes

• devtools: add zeditor option for Zed on Arch Linux (#​932) (4d481d5)
• unocss config, close #​937 (0edaf99)

v3.2.2

Compare Source

Bug Fixes

• attributes error penetration warning (#​930) (706a760)
• devtools: scope storage watchers to avoid EMFILE (#​934) (902c60c)
• wizard: typos (#​931) (0216c08)

Features

• replace prompts with @clack/prompts (#​935) (1aa3d2d)

v3.2.1

Compare Source

Bug Fixes

• inspect panel position (2f93070)

v3.2.0

Compare Source

Bug Fixes

• devtools: call devtools:initialized hook after all modules run (#​919) (3662836)

Features

• enhance inspect panel, add copy visual info for agents (#​928) (6bb2565)
• upgrade vite-devtools (5c4a0b0)

3.1.1 (2025-11-25)

Bug Fixes

• ui: remove flash when switching to dark (#​909) (75a814f)

Features

• support passing additional permissions to the iframe (#​911) (bc1d11c)

nuxt/ui (@​nuxt/ui)

v4.8.2

Compare Source

Bug Fixes

• Form: support setting the name attribute (#​6539) (f8186e2)
• InputMenu/SelectMenu: re-highlight first item when items change (#​6538) (0414dd0)
• InputNumber/InputDate/InputTime/Calendar: restore locale prop (#​6546) (ed2f955)
• module: merge custom variants into AppConfig type (#​6531) (f0571c3)

v4.8.1

Compare Source

Bug Fixes

• ContentSearch/DashboardSearch: proxy missing CommandPalette props (#​6505) (631f5dc)
• Form: add method="post" to prevent credential leaking via GET before hydration (#​6512) (7a0825a)
• Icon: avoid recursive icon resolution (#​6495) (d50c121)
• locale: improve Thai translation accuracy and consistency (#​6509) (5d82418)
• module: expose component theme keys in AppConfig type (#​6520) (ffaf163)
• module: revert tagPriority to -2 for inline style tag (2dac778)
• Select/SelectMenu/InputMenu: add fallback for max-height (#​6503) (f4d7cbe)

v4.8.0

Compare Source

⚠ BREAKING CHANGES

• InputMenu: rename autocomplete prop to mode to free up HTML attribute (#​6474)

Features

• Avatar/AvatarGroup: add color prop (#​6405) (6f2396f)
• Breadcrumb: add color prop (#​6406) (955dac1)
• ChatMessage: add body slot and improve actions alignment (#​6460) (48685b6)
• ChatMessage: add color prop and header slot (#​6407) (c6ce8ca)
• ChatPrompt: add submitOnEnter prop to control Enter behavior (b597f90), closes #​6177
• Checkbox/RadioGroup/Switch: add highlight prop for error ring styling (a0deee4)
• CommandPalette: search and highlight description field (524c34d)
• ContentSearch/DashboardSearch: enable Fuse.js token search by default (ba08220)
• ContentSearch: add async search support via useSearchCollection (#​6432) (a1bef8b)
• DashboardGroup: add storageOptions prop (8f0101b), closes #​6170
• Error: add icon prop and leading slot (e6ea707), closes #​6119
• Separator: add position prop (#​6415) (844660a)
• Theme: override component prop defaults (#​6031) (71c008e)

Bug Fixes

• ChatMessage: add wrap-break-word to content slot (#​6476) (eb468e6)
• CommandPalette: only split tokens in highlight when useTokenSearch is enabled (898fbce)
• CommandPalette: preserve relative order of ignoreFilter groups (e4c1787)
• CommandPalette: re-highlight first item after debounced results render (efd7b8e)
• CommandPalette: update default fuse keys in docs and search components (0d9cc0d)
• components: apply theme.prefix to hardcoded utility classes (f51b1e8)
• components: constrain popper content to available viewport height (007b136), closes #​6449
• ContentSearch: preserve intermediate ancestors in breadcrumb prefix (#​6466) (f639b19)
• ContentToc: apply ui.trigger prop to trigger elements (252b906), closes #​6428
• defineShortcuts: use e.code for alt shortcuts to handle macOS key remapping (231f156), closes #​6444
• FileUpload: pass disabled attribute to button variant (2890c83), closes #​6420
• Form: improve errors type (#​6208) (c1090ab)
• InputMenu/Select/SelectMenu: respect trailing: false over default trailingIcon (#​6457) (65b47ce)
• InputMenu: rename autocomplete prop to mode to free up HTML attribute (#​6474) (2799fa6)
• module: don't require @nuxtjs/mdc when using content option (89f7778)
• module: pass computed ref directly to useHead innerHTML (00b7476)
• module: ship stripped [#build](https://redirect.github.com/nuxt/ui/issues/build)/ui.css fallback for tooling (083c2a9), closes #​5504
• ProseKbd: add default slot and make value optional (f317c7f)
• Textarea: autoresize on mount with pre-filled value (e96a0b6), closes

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "after 2am and before 3am"
• Automerge
  • "after 1am and before 2am"

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @internationalized/date is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: packages/ui/package.json → npm/@internationalized/date@3.12.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@internationalized/date@3.12.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @openai/agents-realtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/@openai/agents@0.11.6 → npm/@openai/agents-realtime@0.11.6 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@openai/agents-realtime@0.11.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/@antfu/eslint-config@6.7.3 → npm/@typescript-eslint/eslint-plugin@8.61.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.61.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​tma.js/​sdk-vue@​1.0.19
	@​commitlint/​cli@​20.5.3
	@​types/​pg@​8.20.0
	@​iconify-json/​simple-icons@​1.2.86
	@​iconify-json/​fluent@​1.2.49
	@​vitest/​coverage-v8@​4.1.8
	@​iconify-json/​lucide@​1.2.111
	bumpp@​10.4.1
	@​unovis/​vue@​1.6.5
	@​pinia/​nuxt@​0.11.3
	arktype@​2.2.0
	@​vitest/​browser-playwright@​4.1.8
	@​internationalized/​date@​3.12.2
	@​date-fns/​tz@​1.5.0
	@​nuxtjs/​i18n@​10.4.0
	@​antfu/​eslint-config@​6.7.3
	@​unovis/​ts@​1.6.5
	@​commitlint/​config-conventional@​20.5.3
	@​nuxt/​devtools@​3.2.4
	@​tailwindcss/​typography@​0.5.20
	@​nuxt/​ui@​4.8.2
	@​openai/​agents@​0.11.6
	@​types/​node@​24.13.2

View full report