Skip to content

chore(deps): update all non-major dependencies#446

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#446
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Apr 5, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@antfu/eslint-config ^9.0.0^9.1.0 age confidence pnpm.catalog.default minor
@nuxt/ui (source) ^4.8.1^4.9.0 age confidence pnpm.catalog.default minor
@paypal/paypal-js (source) ^9.7.0^9.8.0 age confidence pnpm.catalog.default minor
@shikijs/langs (source) ^4.1.0^4.3.0 age confidence pnpm.catalog.default minor
@shikijs/themes (source) ^4.1.0^4.3.0 age confidence pnpm.catalog.default minor
@types/google.maps (source) ^3.65.0^3.65.2 age confidence pnpm.catalog.default patch
@types/google.maps (source) ^3.58.1^3.65.2 age confidence peerDependencies minor
@types/node (source) ^25.9.1^25.9.4 age confidence pnpm.catalog.default patch
@types/youtube (source) ^0.2.0^0.3.0 age confidence pnpm.catalog.default minor
@types/youtube (source) ^0.1.0^0.3.0 age confidence peerDependencies minor
@vue/test-utils ^2.4.10^2.4.11 age confidence pnpm.catalog.default patch
Hebilicious/reproduire v0.0.9-mpv0.0.9 age confidence action patch
actions/checkout v6.0.1v6.0.3 age confidence action patch
actions/stale v10.0.0v10.3.0 age confidence action minor
eslint (source) ^10.4.1^10.6.0 age confidence pnpm.catalog.default minor
happy-dom ^20.9.0^20.10.6 age confidence pnpm.catalog.default minor
oxc-parser (source) ^0.134.0^0.137.0 age confidence pnpm.catalog.default minor
playwright-core (source) ^1.60.0^1.61.1 age confidence pnpm.catalog.default minor
pnpm (source) 11.5.011.9.0 age confidence packageManager minor
posthog-js (source) ^1.378.1^1.395.0 age confidence pnpm.catalog.default minor
posthog-js (source) ^1.0.0^1.395.0 age confidence peerDependencies minor
rollup (source) ^4.60.4^4.62.2 age confidence pnpm.catalog.default minor
shiki (source) ^4.1.0^4.3.0 age confidence pnpm.catalog.default minor
unhead-v3-fixture>@unhead/vue (source) ^3.0.0^3.1.6 age confidence pnpm-workspace.overrides minor
unplugin (source) ^3.0.0^3.2.0 age confidence pnpm.catalog.default minor
vitest (source) ^4.1.7^4.1.9 age confidence pnpm.catalog.default patch
vue (source) ^3.5.35^3.5.39 age confidence pnpm.catalog.default patch
vue-tsc (source) ^3.3.3^3.3.5 age confidence pnpm.catalog.default patch

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v9.1.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
nuxt/ui (@​nuxt/ui)

v4.9.0

Compare Source

Features
Bug Fixes

v4.8.2

Compare Source

Bug Fixes
  • Form: support setting the name attribute (#​6539) (f8186e2)
  • InputMenu/SelectMenu: re-highlight first item when items change (#​6538) (0414dd0)
  • InputNumber/InputDate/InputTime/Calendar: restore locale prop (#​6546) (ed2f955)
  • module: merge custom variants into AppConfig type (#​6531) (f0571c3)
paypal/paypal-js (@​paypal/paypal-js)

v9.8.0

Compare Source

Minor Changes
  • 0ff45b7: Consolidating the shared GooglePay types to paypal-js package.
Patch Changes
  • 9007a82: Add optional submit options to CardFields submit() method, including billingAddress and name fields for 3DS authentication support
  • 6e1de75: Fix a typescript bug that was making .start options required.
  • 164d373: Update paypal one time payment session start options to be optional.
shikijs/shiki (@​shikijs/langs)

v4.3.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.2.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
vuejs/test-utils (@​vue/test-utils)

v2.4.11

Compare Source

compare changes

🩹 Fixes
  • Drop legacy Mutation Event listener entries (#​2844)
  • Handle setData() correctly for components using both setup() and data() (#​2846)
  • Export GlobalMountOptions type (#​2851)
  • Set spec-compliant event.code on keydown/keyup (#​2850)
❤️ Contributors
Hebilicious/reproduire (Hebilicious/reproduire)

v0.0.9

Compare Source

compare changes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

v6.0.2

Compare Source

actions/stale (actions/stale)

v10.3.0

Compare Source

What's Changed

Bug Fix
Dependency Updates

New Contributors

Full Changelog: actions/stale@v10...v10.3.0

v10.2.0

Compare Source

What's Changed

Bug Fix
Dependency Updates

New Contributors

Full Changelog: actions/stale@v10...v10.2.0

v10.1.1

Compare Source

What's Changed

Bug Fix
Improvement
Dependency Upgrades

New Contributors

Full Changelog: actions/stale@v10...v10.1.1

v10.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/stale@v10...v10.1.0

eslint/eslint (eslint)

v10.6.0

Compare Source

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#​20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#​20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#​20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#​21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#​21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#​21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#​21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#​21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#​21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#​21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#​20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#​20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#​20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#​20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#​20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#​20983) (lumir)

Chores

v10.5.0

Compare Source

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#​20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#​20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#​20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#​20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#​20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#​20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#​20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#​20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#​20926) (sethamus)

Chores

capricorn86/happy-dom (happy-dom)

v20.10.6

Compare Source

👷‍♂️ Patch fixes

v20.10.5

Compare Source

👷‍♂️ Patch fixes
  • Adds cache to query selector parser - By @​capricorn86 in task #​2142
    • The selector parser degraded in performance in v20.6.3 to solve more complex selectors
    • Parsing is still a bit slower, but the cache will hopefully mitigate most of the problem

v20.10.4

Compare Source

👷‍♂️ Patch fixes
  • Coerce null qualifiedName to empty string in createDocument - By @​Firer in task #​2206

v20.10.3

Compare Source

👷‍♂️ Patch fixes
  • Fix "~=" attribute selector matching hyphenated substrings in CSS selectors - By @​mixelburg in task #​2194

v20.10.2

Compare Source

👷‍♂️ Patch fixes

v20.10.1

Compare Source

v20.10.0

Compare Source

🎨 Features
oxc-project/oxc (oxc-parser)

v0.137.0

💥 BREAKING CHANGES
  • 7a76cd3 estree: [BREAKING] Make whether to include TS fields a runtime option (#​23574) (overlookmotel)
🚀 Features
  • 53509a8 minifier: Treeshake pure typed arrays and Set/Map array literals (#​23469) (Dunqing)
🐛 Bug Fixes

v0.136.0

⚡ Performance
  • da1a6c6 diagnostics: Migrate to allocation-optimized oxc-miette (#​23094) (Boshen)

v0.135.0

microsoft/playwright (playwright-core)

v1.61.1

Compare Source

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();
New APIs
Network
Browser and Screencast
  • New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
  • New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
  • The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.
Test runner
  • The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
  • Supported expect.soft.poll(...).
  • New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
  • New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
  • testInfo.errors now lists each sub-error of an AggregateError as a separate entry.
  • New -G command line shorthand for --grep-invert.
🛠️ Other improvements
  • Playwright now supports Ubuntu 26.04.
  • HAR and trace recordings now include WebSocket requests.
Browser Versions
  • Chromium 149.0.7827.55
  • Mozilla Firefox 151.0
  • WebKit 26.5

This version was also tested against the following stable channels:

  • Google Chrome 149
  • Microsoft Edge 149
pnpm/pnpm (pnpm)

v11.9.0

Compare Source

v11.8.0

Compare Source

Minor Changes
  • c112b61: Added a --dry-run option to pnpm install. It runs a full dependency resolution and reports what an install would change, but writes nothing to disk (no lockfile, no node_modules) and always exits with code 0. This mirrors the preview semantics of npm install --dry-run #​7340.
  • 179ebc4: pnpm run --no-bail now exits with a non-zero exit code when any of the executed scripts fail, while still running every matched script to completion. This makes the exit-code behavior of --no-bail consistent between recursive and non-recursive runs (recursive runs already failed at the end). Previously, a non-recursive pnpm run --no-bail always exited with code 0, even when a script failed #​8013.
  • 0474a9c: Added support for generating Node.js package maps at node_modules/.package-map.json during isolated and hoisted installs. Added the node-experimental-package-map setting to inject the generated map into pnpm-managed Node.js script environments, and the node-package-map-type setting to choose between standard and loose package maps.
  • dcededc: pnpm sbom now marks components reachable only through devDependencies with CycloneDX scope: "excluded" and the cdx:npm:package:development property. The excluded scope documents "component usage for test and other non-runtime purposes", which matches the semantics of a devDependency; the property is the CycloneDX npm-taxonomy marker emitted by @cyclonedx/cyclonedx-npm, so both modern (scope) and existing (property) consumers are covered. Components reachable at runtime (including installed optionalDependencies) omit scope and default to required.
  • 1495cb0: Added per-package SBOM generation with --out and --split flags. Use --out out/%s.cdx.json to write one SBOM per workspace package to individual files, or --split for NDJSON output

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@vercel

vercel Bot commented Apr 5, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
scripts-docs Error Error Jun 27, 2026 11:40pm
scripts-playground Ready Ready Preview, Comment Jun 27, 2026 11:40pm

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 9c4e39b to 5bfebea Compare April 5, 2025 00:30
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 5bfebea to 7804f68 Compare April 6, 2025 09:08
@renovate renovate Bot changed the title chore(deps): update resolutions typescript to v5.8.3 chore(deps): update all non-major dependencies Apr 6, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 7804f68 to 2d975ff Compare April 7, 2025 04:48
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 2d975ff to 0104ff1 Compare April 7, 2025 08:22
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 0104ff1 to 8120e32 Compare April 7, 2025 15:15
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 8120e32 to 5ec9f5e Compare April 7, 2025 18:22
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 5ec9f5e to efcb3b7 Compare April 8, 2025 08:39
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from efcb3b7 to 1a61aec Compare April 10, 2025 00:28
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 1a61aec to cf8e7f8 Compare April 10, 2025 09:47
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from cf8e7f8 to 2b13cf8 Compare April 11, 2025 01:12
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 6132302 to 360e116 Compare April 16, 2025 14:05
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 360e116 to aa97a8b Compare April 17, 2025 00:59
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from aa97a8b to 714cf9d Compare April 17, 2025 08:46
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 714cf9d to bdbb60c Compare April 17, 2025 18:14
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from bdbb60c to 9343bf3 Compare April 18, 2025 20:28
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 9343bf3 to fb7fea7 Compare April 21, 2025 12:46
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from fb7fea7 to 556aaae Compare April 21, 2025 16:40
@pkg-pr-new

pkg-pr-new Bot commented Jul 16, 2025
edited
Loading

Copy link
Copy Markdown

Open in StackBlitz

npm i https://pkg.pr.new/@nuxt/scripts@446

commit: 0665051

vercel[bot]
vercel Bot reviewed Sep 20, 2025
View reviewed changes
Comment thread pnpm-lock.yaml Outdated
vercel[bot]
vercel Bot reviewed Nov 25, 2025
View reviewed changes
Comment thread docs/package.json Outdated
"@nuxt/image": "^1.11.0",
"@nuxt/scripts": "workspace:*",
"@nuxt/ui": "4.0.0",
"@nuxt/ui": "4.2.1",

@vercel vercel Bot Nov 25, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"@nuxt/ui": "4.2.1",
"@nuxt/ui": "^4.2.1",

The @nuxt/ui dependency is pinned to 4.2.1 without a caret, which is inconsistent with all other dependencies in this file that use flexible versioning with the ^ prefix.

View Details

Analysis

Inconsistent version pinning for @nuxt/ui dependency

What fails: docs/package.json line 20 specifies @nuxt/ui as pinned version 4.2.1 (without caret prefix), while all 13 other dependencies use caret versioning (^) for flexible version constraints within the major version.

How to reproduce:

cat docs/package.json | grep -A 15 '"dependencies"'

Result: Shows "@nuxt/ui": "4.2.1" (pinned) while all surrounding dependencies have caret prefix:

  • "@nuxt/content": "^3.8.2"
  • "@nuxt/fonts": "^0.12.1"
  • "@nuxthq/studio": "^2.2.1"
  • All other 10 dependencies also use ^ prefix

Expected behavior: According to npm semantic versioning, caret versioning allows compatible updates (minor/patch versions) within a major version. The project consistently uses this pattern for all other dependencies, so @nuxt/ui should be ^4.2.1 to match the established convention and allow patch/minor updates like other dependencies.

Root cause: Automated dependency update (Renovate bot commit 0b37709) preserved the previous pinned format when bumping the version from 4.0.0 to 4.2.1, rather than applying the project's standard caret versioning pattern used throughout the file.

vercel[bot]
vercel Bot reviewed Jan 15, 2026
View reviewed changes
Comment thread package.json Outdated
"posthog-js": "^1.0.0"
"@types/youtube": "^0.1.2",
"@unhead/vue": "^2.1.2",
"posthog-js": "^1.321.2"

@vercel vercel Bot Jan 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"posthog-js": "^1.321.2"
"posthog-js": "^1.0.0"

The posthog-js peer dependency constraint changed from ^1.0.0 to ^1.321.2, which is unusually restrictive and appears unintentional given the patch version bump in devDependencies (1.321.1 → 1.321.2).

View Details

Analysis

Overly restrictive posthog-js peer dependency breaks backward compatibility

What fails: The posthog-js peer dependency constraint in package.json was changed from ^1.0.0 to ^1.321.2 (commit 1536ad2), restricting supported versions to 1.321.2+ and rejecting all prior versions (1.0.0-1.321.1) that would previously install.

How to reproduce:

# User has posthog-js 1.200.0 installed (legitimate version under old ^1.0.0 constraint)
npm install @nuxt/scripts
# After update, npm now rejects this version because 1.200.0 does not satisfy ^1.321.2

Result: npm/pnpm install fails with: "posthog-js@1.200.0 not satisfied by ^1.321.2"

Expected: The peer dependency should remain at ^1.0.0 (or similar permissive constraint) since:

  • Code only uses posthog.init() and basic config options (api_host, capture_pageview, disable_session_recording) available since 1.0.0
  • The devDependency update was only a patch bump (1.222.0 → 1.321.2), not a major version requiring API changes
  • Peer dependencies should be permissive to maximize compatibility
  • Semantic versioning guidance indicates patch/minor version updates within the same major version should be backward compatible

This change appears to be an error from automated dependency update tooling (Renovate) that applied the same pinpoint version to both devDependencies and peerDependencies.

@socket-security

socket-security Bot commented Apr 29, 2026
edited
Loading

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@antfu/eslint-config@9.1.0npm/@typescript-eslint/eslint-plugin@8.62.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.62.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm eslint-plugin-jsdoc is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@antfu/eslint-config@9.1.0npm/eslint-plugin-jsdoc@63.0.9

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jsdoc@63.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm happy-dom is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/happy-dom@20.10.6

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/happy-dom@20.10.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@socket-security

socket-security Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedhappy-dom@​20.10.6661008895100
Updated@​types/​youtube@​0.1.2 ⏵ 0.3.01001007586100
Added@​shikijs/​themes@​4.3.01001007697100
Addedshiki@​4.3.01001007797100
Added@​shikijs/​langs@​4.3.01001007997100
Addedvitest@​4.1.9981007998100
Added@​types/​google.maps@​3.65.21001008090100
Addedplaywright-core@​1.61.199100809980
Added@​types/​node@​25.9.41001008196100
Added@​antfu/​eslint-config@​9.1.09610010091100
Added@​vue/​test-utils@​2.4.11991009391100
Addedvue-tsc@​3.3.51001009296100
Addedeslint@​10.6.09810010097100
Addedrollup@​4.62.29710010098100
Added@​paypal/​paypal-js@​9.8.010010010099100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vercel vercel[bot] vercel[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants