chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@ai-sdk/anthropic (source)	3.0.75 → 3.0.78					dependencies	patch
@ai-sdk/openai (source)	3.0.62 → 3.0.64					dependencies	patch
@antfu/eslint-config	8.2.0 → 8.3.0					devDependencies	minor
@sentry/react (source)	10.52.0 → 10.53.1					devDependencies	minor
@tailwindcss/vite (source)	4.2.4 → 4.3.0					devDependencies	minor
@tanstack/react-query (source)	5.100.9 → 5.100.11					devDependencies	patch
@tanstack/react-query-devtools (source)	5.100.9 → 5.100.11					devDependencies	patch
@types/node (source)	25.6.0 → 25.9.1					devDependencies	minor
@types/react (source)	19.2.14 → 19.2.15					devDependencies	patch
@vitejs/plugin-react (source)	6.0.1 → 6.0.2					devDependencies	patch
ai (source)	6.0.175 → 6.0.185					dependencies	patch
electron	41.5.0 → 41.7.0					devDependencies	minor
electron-log	5.4.3 → 5.4.4					devDependencies	patch
eslint (source)	10.3.0 → 10.4.0					devDependencies	minor
framer-motion	12.38.0 → 12.39.0					devDependencies	minor
lucide-react (source)	1.14.0 → 1.16.0					devDependencies	minor
opencc-js	1.3.0 → 1.3.1					devDependencies	patch
pnpm (source)	10.11.0 → 10.33.4					packageManager	minor
pnpm/action-setup	v4.1.0 → v4.4.0					action	minor
prettier-plugin-tailwindcss	^0.7.2 → ^0.8.0					devDependencies	minor
react-router (source)	7.15.0 → 7.15.1					devDependencies	patch
softprops/action-gh-release	v2.2.1 → v2.6.2					action	minor
tailwind-merge	3.5.0 → 3.6.0					devDependencies	minor
tailwindcss (source)	4.2.4 → 4.3.0					devDependencies	minor
vite (source)	8.0.11 → 8.0.13					devDependencies	patch

---

Release Notes

vercel/ai (@​ai-sdk/anthropic)

v3.0.78

Compare Source

Patch Changes

• 6e28d25: fix(anthropic): propagate toModelOutput providerOption to anthropic tool results

v3.0.77

Compare Source

Patch Changes

• d53314d: feat(anthropic): add the new advisor tool

v3.0.76

Compare Source

Patch Changes

• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27

antfu/eslint-config (@​antfu/eslint-config)

v8.3.0

Compare Source

   🚀 Features

• Make perfectionist configurable inside antfu()  -  by @​oliver139 in #​848 (ae1d6)
• stylistic: Allow easy setting brace style  -  by @​oliver139 in #​846 (bd784)
• svelte: Use recommended rules  -  by @​Jungzl in #​842 (6c839)

   🐞 Bug Fixes

• markdown: Scope user rule overrides away from md files  -  by @​antfu and Claude Opus 4.7 (1M context) in #​844 (8d25a)

    View changes on GitHub

getsentry/sentry-javascript (@​sentry/react)

v10.53.1

Compare Source

• fix(core): Don't gate user data for streamed spans at scope read time (#​20827)
• fix(core): Include subpath type shims in published package (#​20835)
• ref(hono): Consolidate route patching and add clarification comments (#​20829)

Internal Changes

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#​20821)

Bundle size 📦

Path	Size
@​sentry/browser	26.22 KB
@​sentry/browser - with treeshaking flags	24.69 KB
@​sentry/browser (incl. Tracing)	43.69 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.62 KB
@​sentry/browser (incl. Tracing, Profiling)	48.56 KB
@​sentry/browser (incl. Tracing, Replay)	82.4 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.99 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.33 KB
@​sentry/browser (incl. Feedback)	43 KB
@​sentry/browser (incl. sendFeedback)	30.92 KB
@​sentry/browser (incl. FeedbackAsync)	35.91 KB
@​sentry/browser (incl. Metrics)	27.27 KB
@​sentry/browser (incl. Logs)	27.42 KB
@​sentry/browser (incl. Metrics & Logs)	28.08 KB
@​sentry/react	27.92 KB
@​sentry/react (incl. Tracing)	45.9 KB
@​sentry/vue	31.01 KB
@​sentry/vue (incl. Tracing)	45.5 KB
@​sentry/svelte	26.24 KB
CDN Bundle	28.55 KB
CDN Bundle (incl. Tracing)	46.04 KB
CDN Bundle (incl. Logs, Metrics)	29.89 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.14 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.3 KB
CDN Bundle (incl. Tracing, Replay)	82.55 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.6 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.23 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.3 KB
CDN Bundle - uncompressed	83.97 KB
CDN Bundle (incl. Tracing) - uncompressed	138.12 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.07 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.5 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.97 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	254.05 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	257.42 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	267.43 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	270.79 KB
@​sentry/nextjs (client)	48.36 KB
@​sentry/sveltekit (client)	44.17 KB
@​sentry/node-core	59.39 KB
@​sentry/node	162.07 KB
@​sentry/node - without tracing	72.21 KB
@​sentry/aws-serverless	105.52 KB
@​sentry/cloudflare (withSentry) - minified	166.63 KB
@​sentry/cloudflare (withSentry)	420.32 KB

v10.53.0

Compare Source

Important Changes

• feat(core): Add streamGenAiSpans options to stream gen_ai spans (#​20785)

  Adds a new streamGenAiSpans option that controls how gen_ai spans are
  sent to Sentry. When set, the SDK extracts all gen_ai spans out of a
  transaction and sends them as v2 envelope items.

  Enable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.

  Sentry.init({
    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',
    streamGenAiSpans: true,
  });

Other Changes

• feat(browser): Migrate browser profiling thread data to span attributes (#​20800)
• feat(core): Add addConsoleInstrumentationFilter utility (#​20790)
• feat(core): Add applicationKey to BuildTimeOptionsBase (#​20789)
• feat(core): split exports by browser/server for bundle size (#​20435)
• feat(nextjs): Add top-level applicationKey option (#​20794)
• feat(node): Support Node 26 (#​20710)
• feat(profiling-node): Bump @sentry-internal/node-cpu-profiler to 2.4.0 (#​20720)
• fix(cloudflare): avoid flush lock self-wait (#​20719)
• fix(hono): Capture transaction name on request for correct culprit (#​20801)
• fix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (#​20699)
• fix(node-core): Guard against undefined util.getSystemErrorMap (#​20660)
• fix(replay): Capture aborted/errored fetch requests in replay network tab (#​20722)

Internal Changes

• chore: bump replay dependencies (#​20746)
• chore: Typo intergation -> integration (#​20799)
• chore(deps): Bump @​babel/plugin-transform-modules-systemjs from 7.24.1 to 7.29.4 (#​20773)
• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15 (#​20818)
• chore(deps): Bump next from 16.2.4 to 16.2.6 in /dev-packages/e2e-tests/test-applications/nextjs-16-streaming (#​20811)
• chore(deps): Bump rollup from 4.59.0 to 4.60.3 (#​20716)
• ci: Ensure PR reminder workflow considers new sub teams (#​20814)
• ci: Remove codecov reporting (#​20803)
• feat(deps): Bump bundler plugins to 5.3.0 (#​20820)
• feat(deps): Bump fast-uri from 3.0.6 to 3.1.2 (#​20774)
• feat(deps): Bump hono from 4.12.16 to 4.12.18 (#​20777)
• test(cloudflare-hono): fix 'occured' -> 'occurred' typo in error log (#​20783)
• test(deps): Bump hono from 4.12.14 to 4.12.16 (#​20712)
• test(deps): Bump hono from 4.12.14 to 4.12.18 in /dev-packages/e2e-tests/test-applications/cloudflare-hono (#​20776)
• test(e2e): Pin astro version in astro-6 test app (#​20709)

Work in this release was contributed by @​dmmulroy and @​SAY-5. Thank you for your contributions!

Bundle size 📦

Path	Size
@​sentry/browser	26.22 KB
@​sentry/browser - with treeshaking flags	24.69 KB
@​sentry/browser (incl. Tracing)	43.69 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.63 KB
@​sentry/browser (incl. Tracing, Profiling)	48.56 KB
@​sentry/browser (incl. Tracing, Replay)	82.4 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.99 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.33 KB
@​sentry/browser (incl. Feedback)	43 KB
@​sentry/browser (incl. sendFeedback)	30.92 KB
@​sentry/browser (incl. FeedbackAsync)	35.91 KB
@​sentry/browser (incl. Metrics)	27.27 KB
@​sentry/browser (incl. Logs)	27.42 KB
@​sentry/browser (incl. Metrics & Logs)	28.08 KB
@​sentry/react	27.92 KB
@​sentry/react (incl. Tracing)	45.91 KB
@​sentry/vue	31.01 KB
@​sentry/vue (incl. Tracing)	45.5 KB
@​sentry/svelte	26.24 KB
CDN Bundle	28.55 KB
CDN Bundle (incl. Tracing)	46.05 KB
CDN Bundle (incl. Logs, Metrics)	29.89 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.15 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.3 KB
CDN Bundle (incl. Tracing, Replay)	82.57 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.62 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.24 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.32 KB
CDN Bundle - uncompressed	83.97 KB
CDN Bundle (incl. Tracing) - uncompressed	138.15 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.07 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.53 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.97 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	254.08 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	257.44 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	267.46 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	270.81 KB
@​sentry/nextjs (client)	48.36 KB
@​sentry/sveltekit (client)	44.17 KB
@​sentry/node-core	59.4 KB
@​sentry/node	162.08 KB
@​sentry/node - without tracing	72.22 KB
@​sentry/aws-serverless	105.53 KB
@​sentry/cloudflare (withSentry) - minified	166.66 KB
@​sentry/cloudflare (withSentry)	420.38 KB

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.3.0

Compare Source

Added

• Add @container-size utility (#​18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#​19981, #​20019)
• Add scrollbar-gutter-* utilities (#​20018)
• Add zoom-* utilities (#​20020)
• Add tab-* utilities (#​20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#​19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#​19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#​19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#​19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#​19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#​19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#​19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#​19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#​19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#​19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#​19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#​19918)
• Allow multiple @utility definitions with the same name but different value types (#​19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#​19707)
• Ensure start and end legacy utilities without values do not generate CSS (#​20003)
• Ensure --value(…) is required in functional @utility definitions (#​20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#​20011)

TanStack/query (@​tanstack/react-query)

v5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.11

v5.100.10

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.10

TanStack/query (@​tanstack/react-query-devtools)

v5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.11
  • @​tanstack/react-query@​5.100.11

v5.100.10

Patch Changes

• Updated dependencies [4d130b9]:
  • @​tanstack/query-devtools@​5.100.10
  • @​tanstack/react-query@​5.100.10

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v6.0.2

Compare Source

Allow all options in reactCompilerPreset (#​1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

electron/electron (electron)

v41.7.0

Compare Source

v41.6.1: electron v41.6.1

Compare Source

Release Notes for v41.6.1

Other Changes

• Improved performance of native event emission, IPC dispatch, and option-dictionary parsing. #​51613 ^{(Also in 42)}
• Security: backported 20 High-severity fixes from Chrome 148 stable release. #​51612

v41.6.0: electron v41.6.0

Compare Source

Release Notes for v41.6.0

Fixes

• Fixed a crash in the macOS Touch ID WebAuthn prompt caused by a missing string resource, and added touchID.promptReason to app.configureWebAuthn() to customize the prompt text. #​51604 ^{(Also in 42, 43)}

v41.5.2: electron v41.5.2

Compare Source

Release Notes for v41.5.2

Fixes

• Improved external resize band positioning and scaling for frameless windows on Windows. #​51560 ^{(Also in 43)}

v41.5.1: electron v41.5.1

Compare Source

Release Notes for v41.5.1

Fixes

• Fixed app.getLoginItemSettings() returning undefined for executableWillLaunchAtLogin on macOS; the property is now always a boolean. #​51508 ^{(Also in 40, 42)}
• Fixed a potential race condition crash when closing DevTools. #​51474 ^{(Also in 42)}
• Fixed cross-origin isolation failing for non-file origins. #​51403 ^{(Also in 42)}
• Improved the way Electron determines the default XDG App ID and WM_CLASS on Linux for better platform compatibility if desktopName is not provided in package.json. #​51480 ^{(Also in 42)}

megahertz/electron-log (electron-log)

v5.4.4

Compare Source

eslint/eslint (eslint)

v10.4.0

Compare Source

motiondivision/motion (framer-motion)

v12.39.0

Compare Source

Added

• Support for repeatType and repeatDelay in animation sequences.

Fixed

• Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.
• Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so dragSnapToOrigin no longer leaves the drag transform stranded after a layout swap.
• LazyMotion: Share React contexts between the framer-motion and framer-motion/m (and therefore motion/react and motion/react-m) CJS bundles so that <m.div> from the /m subpath picks up features loaded by <LazyMotion> from the main entry point.
• useScroll: Support hydrating target and container refs from anywhere in the tree.
• Drag: Gesture no longer starts from incorrect start point when rendered inside <AnimatePresence initial={false} />.
• Drag: dragConstraints, when set as viewport-relative ref, no longer break on scroll.§
• Updated visualElement hydration order.
• useAnimate: Now respects skipAnimations.
• AnimatePresence: Fix object-form initial values not applied on re-entry after exit completes.
• scroll: Fixed callback progress when tracking an element.
• useScroll: Fix hardware acceleration when tracking an element.

lucide-icons/lucide (lucide-react)

v1.16.0: Version 1.16.0

Compare Source

What's Changed

• feat(icons): added blender icon by @​rrod497 in #​3884

Full Changelog: lucide-icons/lucide@1.15.0...1.16.0

v1.15.0

Compare Source

nk2028/opencc-js (opencc-js)

v1.3.1

Compare Source

Added

• Add OpenCC-style mmseg segmentation for built-in converters so multi-stage conversions preserve official phrase boundaries.
• Add explicit package exports for opencc-js/core, opencc-js/preset, opencc-js/preset/cn2t, and opencc-js/preset/t2cn.
• Add CommonJS conditional exports for opencc-js/cn2t and opencc-js/t2cn.
• Add default ESM exports for the bundled package entry points.
• Add TypeScript declaration files for the public package entry points.
• Add THIRD_PARTY_LICENSES.md documenting the use of opencc-data (Apache 2.0) and include it in the published package.

Changed

• Adapt dictionary generation and OpenCC test cases to opencc-data 1.3.1-next.1.
• Publish only built artifacts, type declarations, README files, changelog, and license files to npm.
• Mark the package as side-effect-free for bundlers.

pnpm/pnpm (pnpm)

v10.33.4: pnpm 10.33.4

Compare Source

Patch Changes

• Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.

  A new gitHosted: true field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.

• Fix a regression where pnpm --recursive --filter '!<pkg>' run/exec/test/add would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative --filter arguments are provided, matching the documented behavior. To include the root, pass --include-workspace-root #​11341.

Platinum Sponsors

Gold Sponsors

	✂ Note PR body was truncated to here. Configuration 📅 Schedule: (UTC) Branch creation At any time (no schedule defined) Automerge At any time (no schedule defined) 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired. If you want to rebase/retry this PR, check this box This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 4 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
.                                        |  WARN  deprecated fluent-ffmpeg@2.1.3
Progress: resolved 48, reused 0, downloaded 0, added 0
Progress: resolved 68, reused 0, downloaded 0, added 0
Progress: resolved 74, reused 0, downloaded 0, added 0
Progress: resolved 77, reused 0, downloaded 0, added 0
Progress: resolved 78, reused 0, downloaded 0, added 0
Progress: resolved 160, reused 0, downloaded 0, added 0
Progress: resolved 169, reused 0, downloaded 0, added 0
Progress: resolved 181, reused 0, downloaded 0, added 0
Progress: resolved 190, reused 0, downloaded 0, added 0
Progress: resolved 234, reused 0, downloaded 0, added 0
Progress: resolved 262, reused 0, downloaded 0, added 0
Progress: resolved 284, reused 0, downloaded 0, added 0
Progress: resolved 299, reused 0, downloaded 0, added 0
Progress: resolved 324, reused 0, downloaded 0, added 0
 WARN  Request took 10758ms: https://registry.npmjs.org/@typescript-eslint%2Fparser
/tmp/renovate/repos/github/marchen-dev/marchen-player/packages/electron-ipc:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "semver@6.3.1" (possible package takeover)

This error happened while installing the dependencies of electron@41.5.0
 at @electron/get@2.0.3

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.