fix(deps): update all major dependencies (major)#355
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ❌ Deployment failed View logs |
saas-starter | 3fbd204 | Jun 15 2026, 02:01 PM |
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
5 times, most recently
from
280eae5 to
6a64d02
Compare
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
3 times, most recently
from
6b84b5f to
1118ba8
Compare
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
5 times, most recently
from
c666453 to
8252a62
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
10 times, most recently
from
a7ec3d4 to
71aac5e
Compare
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
3 times, most recently
from
66a5aa0 to
c0c3bcc
Compare
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
10 times, most recently
from
ad83f7a to
0541cd7
Compare
stickerdaniel
force-pushed
the
main
branch
2 times, most recently
from
60d29e3 to
29070d5
Compare
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
from
0541cd7 to
94b13d8
Compare
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
6 times, most recently
from
d4411a5 to
bb5871a
Compare
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
5 times, most recently
from
1af8d14 to
3185c1b
Compare
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
renovate
Bot
force-pushed
the
renovate/major-all-major
branch
3 times, most recently
from
7a05ce8 to
c9e2b4e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^3.0.4→^4.0.0^3.0.4→^4.0.0^3.0.2→^4.0.0^0.1.43→^1.0.03.5.1→4.1.053.1.1→54.12.2Release Notes
zxcvbn-ts/zxcvbn (@zxcvbn-ts/core)
v4.1.0Compare Source
useautumn/autumn (autumn-js)
v1.2.28Compare Source
v1.2.27Compare Source
v1.2.26Compare Source
v1.2.25Compare Source
v1.2.24Compare Source
v1.2.23Compare Source
v1.2.22Compare Source
v1.2.21Compare Source
v1.2.20Compare Source
v1.2.19Compare Source
v1.2.18Compare Source
v1.2.15Compare Source
v1.2.14Compare Source
v1.2.13Compare Source
v1.2.12Compare Source
v1.2.11Compare Source
v1.2.10Compare Source
v1.2.9Compare Source
v1.2.8Compare Source
v1.2.7Compare Source
v1.2.6Compare Source
v1.2.5Compare Source
v1.2.4Compare Source
v1.2.3Compare Source
v1.2.2Compare Source
v1.2.0Compare Source
v1.1.10Compare Source
v1.1.8Compare Source
v1.0.2Compare Source
v1.0.1Compare Source
v1.0.0Compare Source
sveltejs/prettier-plugin-svelte (prettier-plugin-svelte)
v4.1.0Compare Source
Minor Changes
v4.0.1Compare Source
Patch Changes
@constcorrectly (#530)v4.0.0Compare Source
svelteBracketNewLineoptionsvelteStrictModeoption<!-- #endregion -->comments belowsvelte:options/ scripts / stylesv3.5.2Compare Source
bind:get/set tuple{#each}blocksvercel/vercel (vercel)
v54.12.2Compare Source
Patch Changes
4421ad9]v54.12.1Compare Source
Patch Changes
800286e:vercel connect create --datanow accepts@<path>to read the JSON from a file and@-to read it from stdin, so non-managed connector credentials (e.g. client secrets) no longer have to be passed inline where they leak into shell history and process listings. Inline--datastill works but now warns when it looks like it contains a secret.800286e: Strip ANSI escape sequences from team-controlled connector names, UIDs, and project names in allvercel connectcommand output (attach,detach,remove,revoke-tokens, and thelisttable's type/projects cells), not just thelistUID/name cells. Prevents terminal escape injection from maliciously-named connectors visible across a team.1e64d1f: Addedvc api --spec-url <url>for loading endpoints from a custom OpenAPI spec instead of the default public Vercel spec. Custom specs are fetched fresh, can use the current CLI token to pass Vercel deployment protection via the SSO handshake, and replace the public spec entirely for listing, interactive selection, and tag/operation resolution.52f005f]2d2aad9]01e18e8]v54.12.0Compare Source
Minor Changes
5757bca: [services] add support tovc devforexperimentalServicesV2.Patch Changes
663307f: Fix CLI self-upgrade failing withEUNSUPPORTEDPROTOCOLinside pnpm/yarn workspaces32a730e: Elevate maximum maxDuration to 1800s4637f0a]32a730e]c5d53d7]a5034c1]0c4ea01]v54.11.1Compare Source
Patch Changes
8d8e871: Evaluate themaxDurationupper bound at validation time soVERCEL_CLI_SKIP_MAX_DURATION_LIMITworks regardless of import order.The gate was read when
@vercel/build-utils'functionsSchemawas constructed and when the CLI compiled itsvercel.jsonvalidator — both at module load. Any process that imports these modules before setting the env var baked in the default 900-second maximum and ignored the flag, failing withInvalid vercel.json - functions[...].maxDuration should be <= 900.@vercel/build-utilsnow exposesgetFunctionsSchema(), which reads the limit at call time (the existingfunctionsSchemaconst is kept but deprecated). The CLI builds and compiles its config validator lazily, caching one validator per resolved limit, so setting the variable after import takes effect. Default behavior is unchanged — the 900s maximum, the lower bound, and the integer check are all still enforced when the variable is unset.Updated dependencies [
8d8e871]v54.11.0Compare Source
Minor Changes
fc7b557: Ensure project manifest includes framework for non-service builds.Patch Changes
bc8dc95: Fix the darwin-arm64 native CLI binary crashing with SIGSEGV on most commands. The custom Noderuntime was stripped with bare
strip, which removes the exportednapi_*symbols that nativeaddons (
@napi-rs/keyring) bind against at dlopen time. The runtime is now stripped withstrip -SXx, which keeps exported symbols. Also makes the@vercel/vc-nativebin shim launchthe platform binary directly when the postinstall script did not run (pnpm blocks dependency
build scripts by default), instead of always failing.
bc8dc95: Fixvercel upgradecrashing withENOENT: no such file or directory, realpath '…/.pkg-staging/pkg.js'in the native binary. The command tried to
realpathprocess.argv[1], which points into the binary'svirtual filesystem snapshot. Native installs now detect the package manager (npm, pnpm, or yarn) from
the binary's real install location and suggest the matching global upgrade command.
v54.10.3Compare Source
Patch Changes
4f82914: Bump the embeddedsandboxCLI to 3.1.2 (@vercel/sandbox2.1.1) to fixvc sandboxcommands crashing with a segmentation fault.v54.10.2Compare Source
Patch Changes
0f7844c: Fix the native CLI binary crashing on auth commands (login,whoami,logout, and anycommand that reads config) with
ERR_MODULE_NOT_FOUND: '@​vercel/cli-auth'. The package is nowstaged into the binary. The binary release is also hardened with a real command smoke test and a
build-time check that every statically-imported dependency is bundled, so a binary missing a
required package can no longer be released.
78e5d4f]v54.10.1Compare Source
Patch Changes
4e849dd]v54.10.0Compare Source
Minor Changes
0774460: Bump @vercel/prepare-flags-definitionsPatch Changes
f6a6e55: Only offer the Claude Code plugin in projects that have actually been used with Claude Code. Previously the prompt could appear in any directory as long as a~/.claudedirectory existed on disk. The CLI now checks whether the current project (walking up from the working directory) appears in Claude Code's per-project history before offering the plugin.a4f7dc9: CLI help and command-schema cleanups from the docs audit:blob: remove orphanaddStoreSubcommand,removeStoreSubcommand, andgetStoreSubcommandexports that duplicated the wiredcreate-store/delete-store/get-storespecs. Handlers and telemetry now import the actual wired subcommand definitions.dns list: the<domain>argument is now declaredrequired: falseto match the runtime, which already supports listing every domain's records when no argument is given.routes delete: declare the<name-or-id>argument asmultiple: trueso the help synopsis and schema match the variadic behavior already supported by the handler and shown in the existing examples.init: fix the "Initialize example project into specified directory" help example, which was missing theinitliteral (vercel <example> <dir>→vercel init <example> <dir>).promote statusandrollback status: declare--timeouton thestatussubcommand options so--helpmatches the examples (promote status --timeout 30s,rollback status --timeout 30s). The flag is also kept on the parent command, where parsing actually happens.33efa25: Added non-managed Connex connector creation with--dataand optional--connector-type.3a2d61e: Addvercel domains search <query>for client-side Domain Discovery with fast bulk availability and registrar pricing, renewal pricing,--availableand exact TLD filters, ordering, candidate windows of up to 200 domains, and JSON output.c5eeb30: Gate the client-side 900-secondmaxDurationupper bound behind theVERCEL_CLI_SKIP_MAX_DURATION_LIMITenvironment variable. The limit is now owned by a single helper in@vercel/build-utilsinstead of being hardcoded in multiple validators. When the variable is set to1, the client-side maximum is skipped and validation defers to the server. Default behavior is unchanged — the maximum, the lower bound, and the integer check are all still enforced when the variable is unset.9f9eed3: Nest Build Output API files forexperimentalServicesV2under.vercel/output/services/<name>.fb30b76: Strip ANSI escape sequences from connector UID and name cells inconnect listtable output.Updated dependencies [
c5eeb30]Updated dependencies [
09c39af]v54.9.1Compare Source
Patch Changes
f5ab607: [evals] Shrink eval result uploads and fix run discoveryThe eval ingest transform (
transform-agent-eval-to-canonical.js) now excludes raw transcripts (transcript-raw.jsonl) from the--upload-artifacts allpath, roughly halving each ingest payload. The parsedtranscript.jsonis still uploaded and still read forresolvedModelsmetadata.It also normalizes provider-prefixed model paths before upload. Models that resolve to
provider/model(e.g.openai/gpt-5.5-pro) write results one directory deeper, pushing the timestamp past theexperiment/model/timestampshape the ingest endpoint discovers runs from, which previously failed withCould not discover any experiment/model/timestamp runs. The model is now collapsed to a single segment (openai-gpt-5.5-pro) so discovery succeeds.2b31813: Fixvc build --standalonefailing to zip Lambdas when run from a monoreposubdirectory. When dependencies are hoisted to the monorepo root (e.g. pnpm's
node_modules/.pnpm/...), the recorded function file paths could escape thefunction root (
../../node_modules/...), which later caused zipping to failwith
invalid relative path: ../../node_modules/.... These paths are nowre-anchored inside the function so the standalone output is self-contained.
252c6eb: [cli] Showclaiminvercel integration resource --helpThe
claimsubcommand was missing fromresourceSubcommand.subcommands, sovercel integration resource --helponly listedconnect,disconnect,remove, andcreate-threshold. The legacyvercel integration-resource --helpand the dispatcher's runtime resolution both already includedclaim— this was purely a help/discoverability gap on the canonical nested path. AddsclaimSubcommandto the subcommand list and updates the parent description accordingly.0a170fd: [services] wireexperimentalServicesV2intofs-detectors.Updated dependencies [
aeb5bfa]Updated dependencies [
0a170fd]v54.9.0Compare Source
Minor Changes
fb4fb2d: Add support for claiming sandbox marketplace resources (Stripe, Shopify) from the CLI.integration listshows a newClaimcolumn,integration-resource claim <name>opens the provider claim URL in the browser and polls until completion, andintegration addoffers to claim sandbox resources after provisioning with new--claim/--no-claimflags.Patch Changes
338cc35: Add isPackageInstalled util for detecting dependencies during build.Fix Vercel Flags dependency detection for emitting datafiles during builds with OIDC tokens.
338cc35]v54.8.0Compare Source
Minor Changes
fddeb55: Add configurable credentials storage handling across the CLI auth stack. Storage of credentials can be configured by the newcredStoragekey in globalconfig.jsonor the newVERCEL_TOKEN_STORAGEenvironment variable. The environment variable takes precedence over the configuration key. Accepted values arefile(store credentials inauth.json),keyring(store credentials in system keyring, e.g macOS Keychain or Secrets Service on Linux), andauto(try storing in keyring if available, fall back tofileif keyring is not available).@vercel/oidcsupports keyring-stored authentication credentials by delegating the OIDC minting to the CLI executable via@vercel/cli-exec.Patch Changes
a869874: [connect] Rename user-facing "client" references to "connector"Updates the
vercel connectCLI commands to use the official "connector" terminology in all user-facing surfaces: help text argument names (remove/attach/detach), usage strings in error messages, and the--format=jsonoutput key (clients→connectors) forvercel connect list.200aa3b: [connect] Forward--scopesand--installation-idinto the authorize/install recovery URLWhen
vercel connect tokenhits an action-required error (user_authorization_requiredorclient_installation_required), the CLI builds an authorize/install URL for the user to complete consent in the browser. Previously this URL carried onlyteamIdandrequest_code, dropping the--scopesand--installation-idthe user supplied. As a result the consent flow fell back to provider defaults (e.g. Slack'susers.profile:read), and the post-authorization token retry mismatched the requested scopes. The CLI now forwardsscopes(comma-joined) andinstallationIdas query params, which the authorize and install endpoints already accept.3019788: [services] Remove theservicesfield fromvercel.jsonand theVERCEL_USE_SERVICESgate.fe893ec: [services] AddexperimentalServicesV2field tovercel.jsonimplementing the new schema for services.d22d812: [cli] Nestintegration-resourceunderintegration resourceand addintegration resource connectThe marketplace resource subcommands (
disconnect,remove,create-threshold) are now discoverable undervercel integration resource <sub>. The standalonevercel integration-resourceandvc irforms still work as hidden aliases — no scripts or tests break.Adds a new
vercel integration resource connect <resource> [project]command (the inverse ofdisconnect). Accepts--environment(repeatable, defaults to all three),--prefixfor env var namespacing,--yes, and--format=json. Defaults to the project linked in the current directory when<project>is omitted.Tightens
disconnectto error (exit 1) when the specified project is not connected to the resource, instead of exiting 0 with a "not found" message.Both commands emit a structured
outputAgentErrorpayload withreason: confirmation_requiredand anext: [{command}]retry hint when run in non-interactive / agent mode without--yes. Whenconnectfails because an env var with the same name already exists on the target project, the error names the conflicting variable and suggests--prefixorvercel env rmas remediation.Updated dependencies [
3019788]Updated dependencies [
fe893ec]Updated dependencies [
fddeb55]v54.7.1Compare Source
Patch Changes
1180675: Revert "[flags] fix dep detection for build embedding (#16242)"1180675]v54.7.0Compare Source
Minor Changes
0b4e1ef: Addvercel connect revoke-tokenssubcommand to revoke tokens issued from a connector.Patch Changes
ba6e7c6: Internal: fix_deployeval grader passing--token ""in the Docker sandbox whereVERCEL_TOKENisn't in process env. Only pass--tokenwhen set; CLI falls back toauth.jsonotherwise.92988c2: Handle sensitive Environment Variable pull challenges in the CLI.3986bb0: Stop retrying intentionally aborted requests so the CLI exits promptly after a deployment is ready.64f5484: Allow SAML re-authentication to use device-code flow in non-TTY sessions.97fdbbe: [flags] fix dep detection for build embedding2d918b8]v54.6.1Compare Source
Patch Changes
1444502: Support discoveringexperimentalServicesfrom Build Output API config duringvercel build.7ba4713: Reordervercel env addto ask whether a value is sensitive before collecting the value and selecting environments. Sensitive adds hide Development; teams with the sensitive env policy still prompt, and non-sensitive adds are limited to Development with clearer messaging.ab0e5aa]4f782b1]v54.6.0Compare Source
Minor Changes
af3e0bd: adding version node + cli version to top of every commandPatch Changes
6495585: [services] drop top-levelenvsupport for the newservice-refshape for services.6495585]v54.5.1Compare Source
Patch Changes
57ea4ba: Reduce duplicate user and team lookups during CLI scope resolution.b66bd3e: Fix prebuilt deployments failing with "invalid relative path" when using the--standaloneflag in pnpm monorepos by skipping external node_modules symlinks and copying traced files at their logical paths instead.9ad632d: Handle CLI update flows safely for native binary installs.b66bd3e]0e04bc5]eecd10d]v54.5.0Compare Source
Minor Changes
6860c32: Add project manifest to rust builder.2c17a12: Added--openand--viewflags tovercel traces get.--openopens the trace in the Vercel Dashboard instead of printing the markdown summary.--view <timeline|tree|gantt>selects the dashboard view and is only valid with--open.Patch Changes
620bcfa: Add--type,--service, and--searchfilter flags tovercel connect list.ff2a980: Add avercel domains checksubcommand for registrar availability and extendvercel domains priceto support bulk price lookups for multiple domains.1318682]6860c32]e917989]baac149]ecf5033]73dbbe6]647c1e8](https://redirect.github.Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.