chore(deps): update all non-major dependencies#446
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
9c4e39b to
5bfebea
Compare
5bfebea to
7804f68
Compare
7804f68 to
2d975ff
Compare
2d975ff to
0104ff1
Compare
0104ff1 to
8120e32
Compare
8120e32 to
5ec9f5e
Compare
5ec9f5e to
efcb3b7
Compare
efcb3b7 to
1a61aec
Compare
1a61aec to
cf8e7f8
Compare
cf8e7f8 to
2b13cf8
Compare
6132302 to
360e116
Compare
360e116 to
aa97a8b
Compare
aa97a8b to
714cf9d
Compare
714cf9d to
bdbb60c
Compare
bdbb60c to
9343bf3
Compare
9343bf3 to
fb7fea7
Compare
fb7fea7 to
556aaae
Compare
commit: |
| "@nuxt/image": "^1.11.0", | ||
| "@nuxt/scripts": "workspace:*", | ||
| "@nuxt/ui": "4.0.0", | ||
| "@nuxt/ui": "4.2.1", |
There was a problem hiding this comment.
| "@nuxt/ui": "4.2.1", | |
| "@nuxt/ui": "^4.2.1", |
The @nuxt/ui dependency is pinned to 4.2.1 without a caret, which is inconsistent with all other dependencies in this file that use flexible versioning with the ^ prefix.
View Details
Analysis
Inconsistent version pinning for @nuxt/ui dependency
What fails: docs/package.json line 20 specifies @nuxt/ui as pinned version 4.2.1 (without caret prefix), while all 13 other dependencies use caret versioning (^) for flexible version constraints within the major version.
How to reproduce:
cat docs/package.json | grep -A 15 '"dependencies"'Result: Shows "@nuxt/ui": "4.2.1" (pinned) while all surrounding dependencies have caret prefix:
"@nuxt/content": "^3.8.2""@nuxt/fonts": "^0.12.1""@nuxthq/studio": "^2.2.1"- All other 10 dependencies also use
^prefix
Expected behavior: According to npm semantic versioning, caret versioning allows compatible updates (minor/patch versions) within a major version. The project consistently uses this pattern for all other dependencies, so @nuxt/ui should be ^4.2.1 to match the established convention and allow patch/minor updates like other dependencies.
Root cause: Automated dependency update (Renovate bot commit 0b37709) preserved the previous pinned format when bumping the version from 4.0.0 to 4.2.1, rather than applying the project's standard caret versioning pattern used throughout the file.
| "posthog-js": "^1.0.0" | ||
| "@types/youtube": "^0.1.2", | ||
| "@unhead/vue": "^2.1.2", | ||
| "posthog-js": "^1.321.2" |
There was a problem hiding this comment.
| "posthog-js": "^1.321.2" | |
| "posthog-js": "^1.0.0" |
The posthog-js peer dependency constraint changed from ^1.0.0 to ^1.321.2, which is unusually restrictive and appears unintentional given the patch version bump in devDependencies (1.321.1 → 1.321.2).
View Details
Analysis
Overly restrictive posthog-js peer dependency breaks backward compatibility
What fails: The posthog-js peer dependency constraint in package.json was changed from ^1.0.0 to ^1.321.2 (commit 1536ad2), restricting supported versions to 1.321.2+ and rejecting all prior versions (1.0.0-1.321.1) that would previously install.
How to reproduce:
# User has posthog-js 1.200.0 installed (legitimate version under old ^1.0.0 constraint)
npm install @nuxt/scripts
# After update, npm now rejects this version because 1.200.0 does not satisfy ^1.321.2Result: npm/pnpm install fails with: "posthog-js@1.200.0 not satisfied by ^1.321.2"
Expected: The peer dependency should remain at ^1.0.0 (or similar permissive constraint) since:
- Code only uses
posthog.init()and basic config options (api_host,capture_pageview,disable_session_recording) available since 1.0.0 - The devDependency update was only a patch bump (1.222.0 → 1.321.2), not a major version requiring API changes
- Peer dependencies should be permissive to maximize compatibility
- Semantic versioning guidance indicates patch/minor version updates within the same major version should be backward compatible
This change appears to be an error from automated dependency update tooling (Renovate) that applied the same pinpoint version to both devDependencies and peerDependencies.
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
This PR contains the following updates:
^10.0.1→^10.0.3^4.3.0→^4.3.1^4.3.0→^4.3.1^3.58.1→^3.65.2^26.0.1→^26.1.1^0.1.0→^0.3.0v0.0.9-mp→v0.0.9v6.0.1→v6.0.3v10.0.0→v10.3.0v10.4.0^0.137.0→^0.139.011.9.0→11.10.011.11.0^1.396.2→^1.399.01.399.1^1.0.0→^1.399.01.399.1^4.3.0→^4.3.1^4.1.0→^4.2.0^3.0.0→^3.1.7^4.1.9→^4.1.10^3.3.5→^3.3.7Release Notes
paypal/paypal-js (@paypal/paypal-js)
v10.0.3Compare Source
Patch Changes
4619c74: Adding v6 types for Venmo vault-without-payment (SavePayment)v10.0.2Compare Source
Patch Changes
cfcb985: Add adefaultexport condition to the./sdk-v6subpath so bundlers/tracers (e.g. @vercel/nft) resolve it correctly and don't fall back to the v5 entry.shikijs/shiki (@shikijs/langs)
v4.3.1Compare Source
🚀 Features
typefield forThemedToken- by @ije in #1293 (585b5)View changes on GitHub
Hebilicious/reproduire (Hebilicious/reproduire)
v0.0.9Compare Source
compare changes
actions/checkout (actions/checkout)
v6.0.3Compare Source
v6.0.2Compare Source
actions/stale (actions/stale)
v10.3.0Compare Source
What's Changed
Bug Fix
Dependency Updates
New Contributors
Full Changelog: actions/stale@v10...v10.3.0
v10.2.0Compare Source
What's Changed
Bug Fix
Dependency Updates
New Contributors
Full Changelog: actions/stale@v10...v10.2.0
v10.1.1Compare Source
What's Changed
Bug Fix
only-issue-typesby @Bibo-Joshi in #1298Improvement
Dependency Upgrades
New Contributors
Full Changelog: actions/stale@v10...v10.1.1
v10.1.0Compare Source
What's Changed
only-issue-typesoption to filter issues by type by @Bibo-Joshi in #1255New Contributors
Full Changelog: actions/stale@v10...v10.1.0
oxc-project/oxc (oxc-parser)
v0.138.0🛡️ Security
3cdd18fdeps: Update npm packages (#23690) (renovate[bot])pnpm/pnpm (pnpm)
v11.10.0Compare Source
Minor Changes
e2e3c81: Added theissuescommand as an alias ofbugs, sopnpm issuesopens the package's bug tracker URL in the browser.8491f8e: Added theprefixcommand which prints the current package prefix directory (or global prefix directory if-g/--globalis used).3425e80: Added an_authsetting for configuring registry authentication as a single structured (URL-keyed) value. It can be set in the global pnpm config (config.yaml) or, for CI, via thepnpm_config__authenvironment variable. The env form sidesteps the GitHub Actions / bash / zsh limitation that broke the existingpnpm_config_//host/:_authToken=…form (env var names containing/,:, or.are silently dropped). Closes #12314.The value is keyed by registry URL so each secret is explicitly bound to the host that may receive it. Registry URL keys must use
httporhttpsand must not include credentials, query strings, or fragments:The equivalent in the global
config.yaml:Within each registry URL,
@means registry-wide/default credentials and package scopes like@orgbind credentials to that scope on the same host. The only supported credential field isauthToken(maps to_authToken/ bearer auth); the deprecatedbasicAuth/username+passwordforms are intentionally not accepted here.Each entry also infers a trusted registry route:
@routes the default registry (andpnpm add <pkg>resolves there), and@orgroutes that scope. Because the credential and destination host arrive in one trusted value, repo-controlledpnpm-workspace.yamlor project.npmrccannot redirect the token to a different host._authis honored only from the env var and the global config — it is ignored in a projectpnpm-workspace.yaml/.npmrc, so repo-controlled config can never supply registry auth. Precedence: CLI flags (--registry,--@​scope:registry) >pnpm_config__auth> globalconfig.yaml_auth>pnpm-workspace.yaml.Both
pnpm_config__auth(lowercase, documented form) andPNPM_CONFIG__AUTH(all-caps, the shell convention some CI runners apply) are honored. If both are set, lowercase wins unless it is empty, in which case uppercase is used. The env var wins over the globalconfig.yaml_authon a conflicting key.tokenHelperis not supported in_auth. Parsing is strict: a malformed value (bad JSON, wrong shape, invalid registry URL or scope, an unsupported credential field) fails fast with an error rather than being silently dropped.Pacquet parity note: the pacquet (Rust) port supports the same single credential field as the TS CLI:
authToken.a33eeec:pnpm self-updateandpackageManagerversion-switching can now install and link pnpm v12 (the Rust port), published with equal content under both thepnpmand@pnpm/exenames on thenext-12dist-tag. Its native binaries ship as@pnpm/exe.<platform>-<arch>packages, which pnpm's built-in installer links directly — no Node.js launcher, so the command pays no Node startup cost. v12 is initialized exactly like@pnpm/exe, including per-platform global-virtual-store hashing. From v12 onward the install converges on the unscopedpnpmpackage (the Rust exe) — even when updating from the SEA@pnpm/exebuild.1dd12bd: When resolving through a pnpr install-accelerator server, pnpm no longer forwards its own upstream registry credentials in the resolve request. Only theAuthorizationheader identifying the caller to pnpr is sent. The pnpr server now selects upstream credentials from its own route policy (operator-configured upstream credential aliases), so private dependencies resolve through a pnpr-managed alias the caller is authorized to use, rather than by sending the client's registry tokens to the server.1e81761: Expose web authenticationauthUrlanddoneUrlin JSON error output when OTP is required in a non-interactive terminal #12724.Patch Changes
2f389d6: Added the Node.js release team's new signing key (Stewart X Addison,655F3B5C1FB3FA8D1A0CA6BDE4A7D232B936D2FD) to the embedded Node.js release keys, so runtimes whoseSHASUMS256.txtis signed by the new releaser verify successfully.acbdb94: Fixed shell tab completion not suggesting workspaces after the-Falias for--filteroption.dcabb78: Fixedpnpm up -r <pkg>bumping unrelated packages that have open semver ranges. Previously, any update mutation nullified the lockfile-derivedpreferredVersionsglobally, so packages with^x.y.zranges could re-resolve to newer compatible versions even though the user only asked to update a specific package. The install layer now always seedspreferredVersionsfrom the lockfile, and caller-supplied preferred versions (such as the vulnerability penalties ofpnpm audit --fix) layer on top of the seed instead of replacing it. The targeted package still bumps: the per-resolveupdateRequestedflag makes the resolver ignore the target's own lockfile pins.Closes #10662.
d539172: Fixed pnpm pack and pnpm publish failing when prepack generates files that are included in the package and postpack cleans them up.be6505a: Hardened global package management:node.exeflavor of a bin, so a stalenode.exeno longer survives onPATHafter uninstall, and a new global install no longer silently overwrites an existingnode.exe.pnpm add -g pnpm@<version>(and@pnpm/exe@<version>) is now rejected like the barepnpmform, pointing topnpm self-update.node_modulespaths, preventing a tampered manifest from escaping the install directory.25c7388: pnpm now rejectsjsr:specifiers whose package name is not a valid npm package name — an empty scope or name (e.g.jsr:@​scope/), path separators inside the name, or any other shapevalidate-npm-package-namerejects — withERR_PNPM_INVALID_JSR_PACKAGE_NAMEinstead of silently converting them into a malformed@jsr/...npm package name.25c7388: pnpm now rejects named-registry specifiers (e.g.gh:) whose package name is not a valid npm package name — an empty scope (e.g.gh:@​/bar), path separators inside the name (e.g.gh:@​scope/../name), or any other shapevalidate-npm-package-namerejects — withERR_PNPM_INVALID_NAMED_REGISTRY_PACKAGE_NAMEinstead of passing the name through to registry URLs and metadata cache file paths.96da7c5: node-gyp'sgyp_main.pyandgypentrypoints are now packed with the executable bit in thepnpmand@pnpm/exetarballs. Without it, building native addons from source could fail with a permission error.99982b9: Sped up resolution and reduced memory use against registries that ignore npm's abbreviated metadata format and always return the full package document (for example, Azure DevOps Artifacts). pnpm now strips such documents down to the abbreviated field set before caching them. Resolution output is unchanged, and registries that honor the abbreviated format (such as the npm registry) pay no extra cost.11a7fdd: Sped up offline and--prefer-offlineresolution on large workspaces (e.g.pnpm dedupe --offline,pnpm install --offline). Package metadata loaded from the local cache is now kept in memory, so each package's metadata is parsed once per command instead of once per dependent that references it.2c7369d:pnpm pack-appnow rejects--entry/pnpm.app.entryand--output-dir/pnpm.app.outputDirvalues that are absolute paths or escape the project directory via..(or a symlink that resolves outside it), and refuses to write the produced executable when its target path already exists as a symlink (or other non-regular file). This prevents a repository-controlledpackage.jsonfrom embedding host files (such as an SSH key) into the produced executable, writing build artifacts outside the project, or overwriting an arbitrary file through a committed symlink. The new error codes areERR_PNPM_PACK_APP_ENTRY_OUTSIDE_PROJECT,ERR_PNPM_PACK_APP_OUTPUT_DIR_OUTSIDE_PROJECT, andERR_PNPM_PACK_APP_OUTPUT_FILE_NOT_REGULAR.When ad-hoc signing macOS targets,
pnpm pack-appnow runs the systemcodesignby absolute path and resolvesldidto a location outside the project, so a repository-controllednode_modules/.binonPATHcannot hijack the signer.ce5d5a5: Relative paths inpatchedDependenciesare now resolved against the lockfile directory when computing patch file hashes, so runningpnpm installfrom a subdirectory no longer fails withENOENTlooking for the patch file in the wrong location #12762.ebb4096:pnpm peersno longer reports a conflict for a missing peer dependency that is ignored viapnpm.peerDependencyRules.ignoreMissing.dcabb78: Fixed a prototype-pollution hazard when seeding preferred versions: a dependency named__proto__in a manifest or inpnpm-lock.yamlcould write throughObject.prototype(or crash the install) while the preferred-versions map was being built. The maps are now null-prototype objects, so crafted package names land as plain keys.f38e696: Hardenedpnpm deploy --forceso it refuses unsafe deploy targets such as workspace roots, parent directories, out-of-workspace paths, and symlinked target parents.806c3ec: pnpm no longer warns about ignored project-level auth settings whenPNPM_CONFIG_NPMRC_AUTH_FILEpoints at the project.npmrc— setting it to that file is an explicit opt-in to trusting it, so auth env variables in it are expanded pnpm/pnpm#12480.991405e: Restore differential rendering (ansi-diff) to fix duplicated output lines introduced by #12351.c121235: Fixed the topological order of--filtered commands (pnpm run,pnpm exec,pnpm publish,pnpm pack,pnpm rebuild) when the selected projects depend on each other only transitively through projects that were not selected. Previously such selected projects could run concurrently or in the wrong order; now a project always runs after the selected projects it transitively depends on, while projects without a real dependency relationship still run concurrently. This now also holds for prod-only filters (--filter-prod), which resolve order through the production dependency graph so transitive production dependencies are respected without pulling back the dev dependencies the filter drops, and for selections that mix--filterwith--filter-prod#8335.d539172:pnpm packandpnpm publishno longer follow a symlinked workspaceLICENSEfile when injecting it into a package that has no license of its own. Following the symlink could pack bytes from outside the workspace into the published tarball.dcabb78: Fixedpnpm up <pkg>producing a different result than a fresh install of the same manifests would. The resolver now distinguishesupdateRequested(true only for packages that match the user's update target) from the broaderupdateflag, and for the targeted package ignores only its own lockfile-derived preferred-version pins — so the target re-resolves exactly as if its lockfile entries were deleted andpnpm installran. Preferred versions a fresh install applies (manifest pins, versions propagated down the dependency chain, and the vulnerability-avoidance penalties ofpnpm audit --fix) stay in effect, so an update never installs duplicate versions that a reinstall from scratch would not reproduce. When a preferred version holds the update target below the newest version its range admits, pnpm now prints a warning explaining that reaching the newer version everywhere requires an override.dcabb78:pnpm update <dep>@​<version>now prints a warning when<dep>is only present as a transitive dependency: the requested version cannot be applied there (updates resolve the target the way a fresh install would), and the warning recommends adding the version topnpm.overridesinstead, which is the mechanism that does pin transitive dependencies. Closes #12744.a6c4d5f: When a dependency cannot be found in the registry (404) or the registry has no matching version, and a workspace project with the same name exists only at non-matching versions, the error now reports the available workspace versions (ERR_PNPM_NO_MATCHING_VERSION_INSIDE_WORKSPACE) instead of the raw registry failure pnpm/pnpm#1379. Other registry failures (authorization, network, server errors) still propagate unchanged. The pacquet (Rust) resolver applies the same behavior.PostHog/posthog-js (posthog-js)
v1.399.0Compare Source
1.399.0
Minor Changes
#4115
86bb3a5Thanks @DanielVisca! - add the posthog.metrics API (count, gauge, histogram) — alphaA statsd-style pre-aggregating metrics client for the PostHog Metrics product (alpha). Samples are folded into per-series aggregates in memory (counts sum, gauges keep the last value, histograms accumulate buckets) and flushed periodically as OTLP/JSON to
/i/v1/metrics— one data point per series per flush window, no matter how many calls. No OpenTelemetry SDK setup required:Configure via
metrics: { serviceName, environment, flushIntervalMs, maxSeriesPerFlush, beforeSend, ... }. (2026-07-08)Patch Changes
86bb3a5]:v1.398.7Compare Source
1.398.7
Patch Changes
#4113
45f17eeThanks @TueHaulund! - fix session replay leaking a shadow-root observer when a same-origin iframe is removedFollow-up to the shadow-observer iframe-teardown fix:
takeFullSnapshot'sonSerializeregisters every shadow root with the top-level document, so a root nested in a same-origin iframe was keyed to the wrong document and its observer/buffer were not disconnected when that iframe was removed (they lingered until the next full snapshot).addShadowRootnow derives the owning document from the host element, so per-document teardown matches iframe-nested roots too. (2026-07-08)v1.398.6Compare Source
1.398.6
Patch Changes
c75c0baThanks @hpouillot! - fix: avoid throwing when rrweb recorder cleanup cannot remove a listener(2026-07-08)
v1.398.5Compare Source
1.398.5
Patch Changes
be8242aThanks @rafaeelaudibert! - Publish the code-split ESM toolbar bundle when the build emits one. The release tooling now recursively includesdist/toolbar/(with explicit JS content types for the strict-MIME ESM chunks) across the immutable, major-alias, and compatibility upload prefixes, and the workflow accepts the canonicaltoolbar.js/toolbar.csslayout. This is a no-op against today's single-file build.(2026-07-08)
v1.398.4Compare Source
v1.398.3Compare Source
1.398.3
Patch Changes
#4112
38bb185Thanks @TueHaulund! - fix session replay silently dropping shadow DOM mutations after an iframe teardownThe single shared ShadowDomManager observes every shadow root on the page, but MutationBuffer.reset() disconnected it. That reset fires whenever any one buffer is torn down, so an iframe being removed or navigating away disconnected every shadow-root observer page-wide. Shadow DOM content (for example a widget mounted in an open shadow root) then stopped recording until the next periodic full snapshot re-registered it. Buffer teardown now releases only its own resources; global shadow observation is reset by takeFullSnapshot and on recording stop. (2026-07-08)
v1.398.2Compare Source
1.398.2
Patch Changes
#4063
24aadd5Thanks @posthog! - Fix aRangeError: Maximum call stack size exceededthat could originate from the sharedpatch()fetch/XHR wrapper. posthog-js wrapswindow.fetchin two independent places (tracing headers and session-recording network capture), so their restores routinely ran out of order. Previously an out-of-order restore silently no-op'd, leaving the wrapper in the call path; repeated start/stop cycles grew the wrapper chain without bound until a realfetchwalked a chain deep enough to overflow the stack. Wrappers now delegate through a mutable link so any layer can be torn down even when newer wrappers sit on top of it, keeping the chain bounded. Header-injection and network-capture behavior is unchanged.(2026-07-07)
#4100
e250a24Thanks @marandaneto! - Stop adding the gzip compression query parameter to browser SDK requests.(2026-07-07)
#4083
f07e241Thanks @posthog! - fix(replay): harden session-replay network capture so instrumentation that throws (e.g.new Request()rejecting a URL/method) degrades gracefully and never breaks or misattributes the host application's ownxhr.open()/fetch()calls(2026-07-07)
v1.398.1Compare Source
1.398.1
Patch Changes
5013ab6Thanks @marandaneto! - Stop sending the deprecatedverquery parameter to capture and session recording endpoints.(2026-07-07)
v1.398.0Compare Source
v1.397.0Compare Source
1.397.0
Minor Changes
cc340dbThanks @bs1180! - feat(web): add aposthog-js/customizationssubpath entry point exposing the optional customizations (setAllPersonProfilePropertiesAsPersonPropertiesForFlags, thebefore-sendsampling helpers, and the redux/kea loggers) as a proper ES module with bundled types, replacing the internalposthog-js/lib/src/customizationsdeep import. Also fixes the TypeScript definitions sosetAllPersonProfilePropertiesAsPersonPropertiesForFlagsaccepts the instance passed to theloadedcallback (the documented usage), and theloadedcallback's instance type now includesconfig.(2026-07-06)
v1.396.9Compare Source
v1.396.8Compare Source
1.396.8
Patch Changes
2af0026Thanks @posthog! - fix(web): prevent an infinite-recursion stack overflow in the logs console capture. The console wrapper's own capture path can emit internal debug lines through PostHog's logger, which wrote back to the wrapped console and re-entered capture until the stack blew (RangeError: Maximum call stack size exceeded). The wrapper now exposes the original console method via__rrweb_original__(so the internal logger bypasses it) and guards against re-entrancy from any code that logs mid-capture.(2026-07-06)
v1.396.7Compare Source
v1.396.6Compare Source
1.396.6
Patch Changes
#4053
45d1b36Thanks @posthog! - feat(web): add a gracefulshutdown()to the browser client for parity with posthog-node, so isomorphic teardown code (e.g. the Nuxt module) that callsposthog.shutdown()on the client no longer throwsTypeError: shutdown is not a function. It best-effort flushes the queued events and always resolves.(2026-07-03)
#4054
f0657ebThanks @posthog! - fix(web): detect our own feature-flag request timeouts via atimedOutflag instead of the abort reason, so they are logged atwarn(noterror) on browsers that don't propagatecontroller.abort(reason)— keeping benign timeouts out of error tracking's console-error capture(2026-07-03)
#4031
94a0530Thanks @posthog! - Improve survey display reliability:$surveysdefinitions after a short TTL (stale-while-revalidate) so server-side changes such as switching a survey from popover to API propagate to long-lived tabs without a page reload.posthog.surveys.markSurveyAsSeen(surveyId, { iteration })so custom integrators that render surveys through their own backend can honour the "already seen" and wait-period checks.Modalnotifies its parent on close even when iOSModal.onDismissfails to fire, so the transparent full-screen modal can no longer stay mounted intercepting touches and freezing the app. (2026-07-03)Updated dependencies [
45d1b36]:v1.396.5Compare Source
1.396.5
Patch Changes
d7cf13bThanks @turnipdabeets! - Prevent uncaughtgetComputedStylecrashes in heatmaps and autocapture when the event target is a cross-realm element (e.g. from an iframe or synthetic event)(2026-07-02)
5e7e132]:v1.396.4Compare Source
1.396.4
Patch Changes
#4035
18e543bThanks @posthog! - fix(web): isolateonFeatureFlagscallbacks so a throwing user handler no longer breaks the remaining callback chain or gets misattributed as an SDK error(2026-07-01)
#4039
15bcb42Thanks @github-actions! - fix(replay): measure$snapshot_bytesas UTF-8 byte length instead of UTF-16 string length, so non-ASCII session replay payloads are counted accurately against the message size limit(2026-07-01)
v1.396.3Compare Source
1.396.3
Patch Changes
e0ad8efThanks @posthog! - FixTypeError: ....at is not a functionthrown by the bundledweb-vitalsdependency on browsers that predateArray.prototype.at()(Chrome <92, iOS Safari <15.4). The web-vitals entrypoints now install a tinyArray.prototype.atpolyfill before web-vitals runs, so web vitals capture works again on older browsers instead of crashing with an unhandled error.(2026-06-30)
unjs/std-env (std-env)
v4.2.0Compare Source
compare changes
🚀 Enhancements
🩹 Fixes
🏡 Chore
❤️ Contributors
unjs/unhead (unhead-v3-fixture>@unhead/vue)
v3.1.7Compare Source
🐞 Bug Fixes
🏎 Performance
View changes on GitHub
v3.1.6Compare Source
🏎 Performance
urlprop #82Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.