Skip to content

fix(deps): update non-major dependencies#1116

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major-deps
Open

fix(deps): update non-major dependencies#1116
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major-deps

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Pending OpenSSF
@auth0/auth0-react dependencies minor 2.19.02.20.0 OpenSSF Scorecard
@graphql-tools/graphql-file-loader (source) dependencies patch 8.1.148.1.15 8.1.16 OpenSSF Scorecard
@tailwindcss/postcss (source) devDependencies patch 4.3.14.3.2 OpenSSF Scorecard
framer-motion dependencies patch 12.42.012.42.2 OpenSSF Scorecard
node (source) minor 24.16.024.18.0 OpenSSF Scorecard
postcss (source) devDependencies patch 8.5.158.5.16 OpenSSF Scorecard
posthog-js (source) dependencies minor 1.395.01.396.6 1.398.2 (+6) OpenSSF Scorecard
postprocessing dependencies patch 6.39.16.39.2 OpenSSF Scorecard
prettier (source) devDependencies minor 3.8.43.9.4 OpenSSF Scorecard
tailwindcss (source) devDependencies patch 4.3.14.3.2 OpenSSF Scorecard
three (source) devDependencies patch 0.185.00.185.1 OpenSSF Scorecard

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

auth0/auth0-react (@​auth0/auth0-react)

v2.20.0

Compare Source

Full Changelog

Added

ardatan/graphql-tools (@​graphql-tools/graphql-file-loader)

v8.1.15

Compare Source

Patch Changes
tailwindlabs/tailwindcss (@​tailwindcss/postcss)

v4.3.2

Compare Source

Fixed
  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#​20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#​20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#​20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#​20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#​20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#​20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#​20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#​20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#​20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#​20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#​20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#​20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#​20289)
motiondivision/motion (framer-motion)

v12.42.2

Compare Source

Fixed
  • animateView: Cropped group layers now animate border-radius from the old to new radius.

v12.42.1

Compare Source

Fixed
  • animateView: Old layer fade out now cancelled when defining .new().
nodejs/node (node)

v24.18.0: 2026-06-23, Version 24.18.0 'Krypton' (LTS), @​richardlau prepared by @​sxa

Compare Source

Notable Changes
  • [e07e7a31e1] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #​63527
  • [44c8ebcbd6] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #​64004
  • [d3ef4122ee] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #​63597
  • [bb2857b85a] - (SEMVER-MINOR) crypto: align key argument names in docs and error messages (Filip Skokan) #​62527
  • [b9d5e87880] - (SEMVER-MINOR) crypto: accept key data in crypto.diffieHellman() and cleanup DH jobs (Filip Skokan) #​62527
  • [ccd756d61e] - (SEMVER-MINOR) crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms (Filip Skokan) #​62183
  • [4c9251fc09] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155
  • [8c989ec4a3] - (SEMVER-MINOR) inspector: expose precise coverage start to JS runtime (sangwook) #​63079
  • [3f54c8ba32] - Revert "stream: noop pause/resume on destroyed streams" (Stewart X Addison) #​63834
Commits

v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
  • (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
  • (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
  • (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
  • (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
  • (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
  • (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
  • (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
  • (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
  • (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
  • (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
Commits
postcss/postcss (postcss)

v8.5.16

Compare Source

PostHog/posthog-js (posthog-js)

v1.396.6

Compare Source

1.396.6

Patch Changes
  • #​4053 45d1b36 Thanks @​posthog! - feat(web): add a graceful shutdown() to the browser client for parity with posthog-node, so isomorphic teardown code (e.g. the Nuxt module) that calls posthog.shutdown() on the client no longer throws TypeError: shutdown is not a function. It best-effort flushes the queued events and always resolves.
    (2026-07-03)

  • #​4054 f0657eb Thanks @​posthog! - fix(web): detect our own feature-flag request timeouts via a timedOut flag instead of the abort reason, so they are logged at warn (not error) on browsers that don't propagate controller.abort(reason) — keeping benign timeouts out of error tracking's console-error capture
    (2026-07-03)

  • #​4031 94a0530 Thanks @​posthog! - Improve survey display reliability:

    • posthog-js: refresh the cached $surveys definitions after a short TTL (stale-while-revalidate) so server-side changes such as switching a survey from popover to API propagate to long-lived tabs without a page reload.
    • posthog-js: add posthog.surveys.markSurveyAsSeen(surveyId, { iteration }) so custom integrators that render surveys through their own backend can honour the "already seen" and wait-period checks.
    • posthog-react-native: guarantee the survey Modal notifies its parent on close even when iOS Modal.onDismiss fails to fire, so the transparent full-screen modal can no longer stay mounted intercepting touches and freezing the app. (2026-07-03)
  • Updated dependencies [45d1b36]:

v1.396.5

Compare Source

1.396.5

Patch Changes
  • #​4050 d7cf13b Thanks @​turnipdabeets! - Prevent uncaught getComputedStyle crashes in heatmaps and autocapture when the event target is a cross-realm element (e.g. from an iframe or synthetic event)
    (2026-07-02)
  • Updated dependencies [5e7e132]:

v1.396.4

Compare Source

1.396.4
Patch Changes
  • #​4035 18e543b Thanks @​posthog! - fix(web): isolate onFeatureFlags callbacks so a throwing user handler no longer breaks the remaining callback chain or gets misattributed as an SDK error
    (2026-07-01)

  • #​4039 15bcb42 Thanks @​github-actions! - fix(replay): measure $snapshot_bytes as UTF-8 byte length instead of UTF-16 string length, so non-ASCII session replay payloads are counted accurately against the message size limit
    (2026-07-01)

v1.396.3

Compare Source

1.396.3
Patch Changes

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone Europe/London)

  • Branch creation
    • "before 7am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the renovate label Jul 6, 2026
@renovate renovate Bot requested review from a team as code owners July 6, 2026 01:05
@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
midnight-wiki Ready Ready Preview, Comment Jul 8, 2026 3:25am

Request Review

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

🚀 Preview Deployment

Deployment Ready

🔗 Preview URL: https://pr-1116-midnight-docs.vercel.app

📝 Latest commit: ca5c3eb
Updated: Jul 8, 2026, 3:25 AM UTC


This preview updates automatically when you push new commits to this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants