chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@antfu/ni	^30.0.0 → ^30.1.0
@iconify-json/octicon	^1.2.22 → ^1.2.23
@rive-app/canvas (source)	^2.37.1 → ^2.37.5
@types/node (source)	^25.6.0 → ^25.6.2
@vitest/coverage-v8 (source)	^4.1.4 → ^4.1.5
@vitest/ui (source)	^4.1.4 → ^4.1.5
@vueuse/core (source)	^14.2.1 → ^14.3.0
bumpp	^11.0.1 → ^11.1.0
es-toolkit (source)	^1.45.1 → ^1.46.1
eslint (source)	^10.2.0 → ^10.3.0
fs-extra	^11.3.4 → ^11.3.5
ora	^9.3.0 → ^9.4.0
pnpm (source)	10.33.0 → 10.33.4
typescript (source)	^6.0.2 → ^6.0.3
unplugin-yaml	^4.1.0 → ^4.2.0
vite (source)	^8.0.8 → ^8.0.11
vite-plugin-vue-devtools (source)	^8.1.1 → ^8.1.2
vitest (source)	^4.1.4 → ^4.1.5
vue (source)	^3.5.32 → ^3.5.34
vue (source)	>=3.5.32 → >=3.5.34
vue-tsc (source)	^3.2.6 → ^3.2.8

---

Release Notes

antfu-collective/ni (@​antfu/ni)

v30.1.0

Compare Source

   🚀 Features

• Add ? dry-run flag to --help output  -  by @​rznn7 in #​330 and #​331 (a3714)
• Add --agent flag to print detected package manager name  -  by @​Luc0-0 in #​329 (b11f1)
• nr: Add noLastCommand config option  -  by @​tomeelog, tomeelog and @​antfu in #​333 (bb835)

   🐞 Bug Fixes

• Workspace flag parsing in nr command  -  by @​buyuan-dev and @​antfu in #​325 (6ec10)

    View changes on GitHub

rive-app/rive-wasm (@​rive-app/canvas)

v2.37.5

Compare Source

Commits

• fix(scripting): clear scripted view model cache when instance changes (#​12325) bc28f6b e04b021
• chore(renderer): pre-Ore PLS misc fixes (#​12324) 53d9569 8ded17a
• Runtime compressed texture support (#​12026) 7009e7f ed02349
• fix(d3d12): three spec-compliance fixes uncovered by stricter D3D12 validation (#​12316) 68e0e5e e928c93
• feat(runtime): added clear list command (#​12301) fe2c925 314d6a9

v2.37.4

Compare Source

Commits

• chore: tag 2.37.4 e586055
• chore: Add additional nullptr checks in ArtboardComponentList (#​12292) 87fbb1c 5581955
• refactor(semantic): simplify SemanticManager refresh() bounds and ordering (#​12282) d5bd1a0 23bd88f
• Nnnnn focus management fixes (#​12290) 12495d6 0c2704b
• feature: add support for data binding solos to enums (#​12009) ab78bca 0c2de4f
• fix: do not default artboard value to 0 to avoid initializing to wron… (#​12007) d722a63 c88bd38
• feat: accessibility semantics (#​11896) 30ace69 f577ced
• chore: ensure stateful components are bound (#​12241) c352234 c6f4052
• Texture compression cli tool (#​12115) 77f2cf8 6e0b29f
• fix: ListenerAction import and stateful ArtboardHost calls advanced() (#​12238) 4ce0ced f94d6b2
• feature: add support for draw index on artboard component lists (#​12234) d83826e f8083bd
• fix(unity): add missing libpng symbol renames for Unity 6.4+ WebGL builds (#​12236) 4744c89 b593e79

v2.37.3

Compare Source

Commits

• chore: tag 2.37.3 f527948
• fix: for single-touch mode, track the primary fingers movements only (#​12227) 7b89ab2 2168ba4
• fix(runtime): leak in ElasticScrollPhysics helpers (#​12226) f6fa7f2 a5c64ae
• feat: TextInput Tool Improvements (#​12221) 5bd28c7 595e26b
• feat(renderer): Implement clip for clockwiseAtomic (#​12120) da326b3 f1cedb7
• feat(cq): add success callbacks for instantiations (#​12213) e5ce0c3 1f3600a
• fix: null-terminate char-array shaders in MSVC mode (#​12218) 6d37085 ecce5e0
• feature: add support for triggering actions on state transitions and … (#​12209) 235ca76 28b4b35
• fix(Android): Fix linking issues on ARMv7 devices due to TLS relocations (#​12175) a921b11 ff394fc

v2.37.2

Compare Source

Commits

• chore: tag 2.37.2 68ce5df
• chore(runtime): Remove tess renderer (#​12207) 862f1ff 01452a0
• feature(scripting): add support for remove and removeAt (#​12201) 0015c1d bf05e29
• fix(editor): track orphan ScriptedProperty on ScriptingContext (WITH_… (#​12195) 0475399 666c6ae
• fix(webgl): Update to latest PLS api (#​12192) c8d7c86 0790445
• fix: include BlobAsset in File::read() asset import switches (#​12191) a8142e0 62a9d33
• fix: create new render path if a path is used multiple times in the s… (#​12182) 85a72f0 8bd63e7
• fix(wgpu): honor offscreen render target in testing_window_wgpu (#​12174) f129648 525208f
• Handle linebreaks in single/multiline TextInput (#​12154) dab97cd 74b0c10
• Feat: Rive Renderer in Recorder (#​12113) 7adf1e5 5969740
• fix(editor): Fix Viewmodel duplicate naming & databind preview toggle stuck after undo (#​12132) 223c4c3 6f85294
• fix(runtime): advance view models from bindable artboards (#​12135) f1f9769 f940a9d
• fix: look for view model properties by name and type (#​12133) 51992dd c7e6a2b
• fix(Vulkan): Fix saturation blend mode on some devices (#​12111) b6b80d7 801945d
• feat: Single/multiline support in TextInput and improved scrolling (#​12127) 74f49dd 83596a1
• Get the downstream rive-runtime Linux tests passing (#​12121) 1902f9d deefb22
• chore(testing_window): Default shader compilation mode changes (#​12119) 49e0b94 4a2509b
• refactor(tests): Refactored deploy_tests to use the same file instead of one per console (#​12116) 478898e 0fb07fe
• feature: add support for component based conditions (#​12059) 5483819 d167d80

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.5

Compare Source

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in #​10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in #​10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in #​10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in #​10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in #​10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in #​8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in #​8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in #​10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in #​10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in #​10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in #​10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in #​9927 and #​10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in #​10154 (6abd5)

    View changes on GitHub

vueuse/vueuse (@​vueuse/core)

v14.3.0

Compare Source

   🚀 Features

• Expose pointer event onLongPress  -  by @​mrcwbr in #​5295 (b1688)
• createInjectionState: Non-undefined return when default specified  -  by @​Laupetin in #​5306 (b0c51)
• createReusableTemplate: Add support for specifying component names  -  by @​wbolster in #​5300 (ea29d)
• nuxt: Add composable variants to auto imports  -  by @​OrbisK in #​5285 (ac2ef)
• useElementVisibility: Add controls option  -  by @​kricsleo in #​5191 (0cb03)
• useTextareaAutosize: Add optional maxHeight to limit autosize growth  -  by @​palamarchukser, @​antfu and @​9romise in #​5324 (1a3e5)

   🐞 Bug Fixes

• Add explicit ./package.json export to all packages  -  by @​babu-ch and @​OrbisK in #​5343 (0d989)
• core: Always return ssrValue in useCssSupports before mounted  -  by @​danielroe in #​5290 (76b0b)
• directive: Create disposable directive func cleanup of side effects unmounted  -  by @​kalu5, @​43081j, Raman Paulau and @​OrbisK in #​5244 (52d68)
• docs: Typos in useManualRefHistory, useFocusWithin, useStorageAsync, useIntersectionObserver  -  by @​blowsie, Sam Blowes and @​OrbisK in #​5329 (1d9c4)
• docs: Add ignoreDeprecations for twoslash TS 6.0 compat  -  by @​antfu and Claude Opus 4.6 (1M context) in #​5367 (9d1eb)
• metadata: Cleanup removed function resolveRef  -  by @​ntnyq in #​5307 (49da8)
• onClickOutside: Detect iframe inside shadow DOM with detectIframe option  -  by @​babu-ch and @​OrbisK in #​5336 (1a77b)
• shared: Align overloads order of watch functions with original version  -  by @​KazariEX in #​5288 (f1d32)
• useAxios: Handle optional response data safely  -  by @​jahnli in #​5318 (51198)
• useCached: Update comparator type and improve documentation  -  by @​IceMooncake in #​5376 (d886c)
• useClipboard: Prevents fail in Safari for async operation  -  by @​MatteoGabriele in #​5369 (5ec56)
• useSortable: Re-query DOM on every start() for string selectors  -  by @​Mini-ghost in #​5374 (3341f)
• useVirtualList: React to changes made in mutable arrays properly  -  by @​dcherman in #​5267 (7069e)
• useWakeLock: Auto-release wake lock on component unmount  -  by @​ProgrammingWithSid and @​OrbisK in #​5271 (43937)
• useWebSocket: Race condition caused by onopen/onclose events.  -  by @​DanCardin, @​antfu and @​9romise in #​5175 (6661c)
• whenever: Improve old value types  -  by @​VChet in #​5096 (979c6)

   🏎 Performance

• Replace deepRef with shallowRef where appropriate  -  by @​9romise in #​5293 (80004)

    View changes on GitHub

antfu-collective/bumpp (bumpp)

v11.1.0

Compare Source

   🐞 Bug Fixes

• Inherit stdio for git push to support windows SSH passphrase  -  by @​awdr74100 in #​122 (a30af)
• cli: Prevent empty CLI files from overriding config-file files  -  by @​benny123tw in #​120 (4e42e)

    View changes on GitHub

toss/es-toolkit (es-toolkit)

v1.46.1

Compare Source

Released on April 29th, 2026.

• Fixed AbortError and TimeoutError to fall back to Error when DOMException is undefined. ([#​1694])
• Fixed missing forEach and countBy exports for map and set. ([#​1695])

We sincerely thank @​SrAnthony and @​umsungjun for their contributions. We appreciate your great efforts!

v1.46.0

Compare Source

Released on April 22th, 2026.

• Changed AbortError and TimeoutError to extend DOMException. ([#​1660])
• Added keyBy to the map entrypoint exports. ([#​1650])
• Added Claude Code plugin marketplace and es-toolkit usage skills. ([#​1644])
• Fixed isBuffer to add a browser export condition to avoid a 44KB Buffer polyfill. ([#​1671])
• Fixed toCamelCaseKeys and toSnakeCaseKeys to be exported from compat for the browser bundle. ([#​1685])
• Fixed partial by adding missing full-application overloads for 2/3/4 arguments. ([#​1684])
• Added Agent Skills and Claude Code Plugin guide to the AI Integration page. ([#​1664])

We sincerely thank @​raon0211, @​jantimon, @​jaydeep-pipaliya, @​ethanresnick, @​zaewc, @​minsoo-web, @​wondonghwi, @​xxxxxxjun, @​jiji-hoon96, @​james-rae, @​Gamez0, and @​dayongkr for their contributions. We appreciate your great efforts!

eslint/eslint (eslint)

v10.3.0

Compare Source

v10.2.1

Compare Source

jprichardson/node-fs-extra (fs-extra)

v11.3.5

Compare Source

• Fix ensureLink*/ensureSymlink* identical file detection on Windows (#​1068)
• Fix error handling in timestamp preservation code (#​1065, #​1069)
• Fix potential file descriptor leak on error in synchronous timestamp preservation code (#​1066)

sindresorhus/ora (ora)

v9.4.0

Compare Source

• Add successSymbol and failSymbol options to oraPromise 3d2e0a9

---

pnpm/pnpm (pnpm)

v10.33.4: pnpm 10.33.4

Compare Source

Patch Changes

• Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.

  A new gitHosted: true field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.

• Fix a regression where pnpm --recursive --filter '!<pkg>' run/exec/test/add would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative --filter arguments are provided, matching the documented behavior. To include the root, pass --include-workspace-root #​11341.

Platinum Sponsors

Gold Sponsors

v10.33.3

Compare Source

v10.33.2

Compare Source

v10.33.1: pnpm 10.33.1

Compare Source

Patch Changes

• When a project's packageManager field selects pnpm v11 or newer, commands that v10 would have passed through to npm (version, login, logout, publish, unpublish, deprecate, dist-tag, docs, ping, search, star, stars, unstar, whoami, etc.) are now handed over to the wanted pnpm, which implements them natively. Previously they silently shelled out to npm — making, for example, pnpm version --help print npm's help on a project with packageManager: pnpm@11.0.0-rc.3 #​11328.

Platinum Sponsors

Gold Sponsors

microsoft/TypeScript (typescript)

v6.0.3

Compare Source

luxass/unplugin-yaml (unplugin-yaml)

v4.2.0

Compare Source

No significant changes

    View changes on GitHub

vitejs/vite (vite)

v8.0.11

Compare Source

Features

• update rolldown to 1.0.0-rc.18 (#​22360) (3f80524)

Bug Fixes

• deps: update all non-major dependencies (#​22334) (672c962)
• deps: update all non-major dependencies (#​22382) (5c0cfcb)
• glob: align hmr matcher options with glob enumeration (#​22306) (30028f9)
• make separate object instance for each environment (#​22276) (7c2aa3b)

Documentation

• create-vite: list react-compiler templates in README (#​22347) (7c3a61f)
• explain mergeConfig skips null/undefined (#​22325) (2151f70)
• mention native config loader in CLI options (#​22348) (0420c5d)
• update evan's x handle (640202a)

Miscellaneous Chores

• deps: update dependency tsdown to ^0.21.10 (#​22333) (3b51e05)
• deps: update rolldown-related dependencies ([#​22383](https://redirect.github.com

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

❌ Failed to deploy to Netlify

Platform	Status	URL
Ubuntu	Failed	Please check the status and logs of the workflow run.
Windows	Failed	Please check the status and logs of the workflow run.