Update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@formatjs/intl-localematcher	^0.7.5 → ^0.8.0
@mixedbread/sdk	^0.46.0 → ^0.50.0
@next/bundle-analyzer (source)	16.1.1 → 16.1.3
@next/env (source)	16.1.1 → 16.1.3
@next/eslint-plugin-next (source)	16.1.1 → 16.1.3
@oxc-project/types (source)	^0.107.0 → ^0.108.0
@​paper-design/shaders-react	^0.0.69 → ^0.0.70
@scalar/json-magic (source)	^0.8.10 → ^0.9.0
@scalar/openapi-parser (source)	0.23.11 → 0.24.1
@takumi-rs/image-response	^0.62.7 → ^0.63.0
@tanstack/react-router (source)	1.147.1 → 1.150.0
@tanstack/react-router-devtools (source)	1.147.1 → 1.150.0
@tanstack/react-start (source)	1.147.1 → 1.150.0
@tanstack/start-static-server-functions (source)	1.147.1 → 1.150.0
algoliasearch (source)	5.46.2 → 5.46.3
next (source)	16.1.1 → 16.1.3
oxc-parser (source)	^0.107.0 → ^0.108.0
oxc-transform (source)	^0.107.0 → ^0.108.0
oxfmt (source)	^0.23.0 → ^0.24.0
pnpm (source)	10.18.3 → 10.28.0
shadcn (source)	3.6.3 → 3.7.0
turbo (source)	2.7.3 → 2.7.5
waku (source)	1.0.0-alpha.1 → 1.0.0-alpha.2

---

Release Notes

formatjs/formatjs (@​formatjs/intl-localematcher)

v0.8.0

Compare Source

Features

• @​formatjs/intl-segmenter: improve Unicode 17.0 Format/Extend transparency and upgrade deps (#​5862) (effeb9c), closes #​29 - by @​longlho

mixedbread-ai/mixedbread-ts (@​mixedbread/sdk)

v0.50.1

Compare Source

Full Changelog: v0.50.0...v0.50.1

Bug Fixes

• publish: remove extraneous npm copy from package (915f68c)

v0.50.0

Compare Source

Full Changelog: v0.49.3...v0.50.0

Features

• api: use npm oidc (589363d)

vercel/next.js (@​next/bundle-analyzer)

v16.1.3

Compare Source

v16.1.2

Compare Source

vercel/next.js (@​next/env)

v16.1.3

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#​88652)
• Fix relative same host redirects in node middleware (#​88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Turbopack: Update to swc_core v50.2.3 (#​87841) (#​88296)
  • Fixes a crash when processing mdx files with multibyte characters. (#​87713)
• Turbopack: mimalloc upgrade and enabling it on musl (#​88503) (#​87815) (#​88426)
  • Fixes a significant performance issue on musl-based Linux distributions (e.g. Alpine in Docker) related to musl's allocator.
  • Other platforms have always used mimalloc, but we previously did not use mimalloc on musl because of compilation issues that have since been resolved.

Credits

Huge thanks to @​mischnic for helping!

vercel/next.js (@​next/eslint-plugin-next)

v16.1.3

Compare Source

v16.1.2

Compare Source

scalar/scalar (@​scalar/json-magic)

v0.9.1

Patch Changes

Updated Dependencies

• @​scalar/helpers@​0.2.8
  • #​7751: fix: auth persistence

v0.9.0

Minor Changes

• #​7701: Made bundle external document extensions configurable

Patch Changes

Updated Dependencies

• @​scalar/helpers@​0.2.7
  • #​7720: feat: escape XML in json2xml

scalar/scalar (@​scalar/openapi-parser)

v0.24.1

Patch Changes

Updated Dependencies

• @​scalar/json-magic@​0.9.1

• @​scalar/openapi-upgrader@​0.1.7

v0.23.13

Patch Changes

Updated Dependencies

• @​scalar/openapi-upgrader@​0.1.7

  • #​7739: fix: upgrade form to multipart/form
  • #​7694: feat: migrate x-example and x-examples

• @​scalar/json-magic@​0.9.0

  • #​7701: Made bundle external document extensions configurable

v0.23.12

Patch Changes

• #​7719: fix: self-referencing causes infinite loop in dereference

kane50613/takumi (@​takumi-rs/image-response)

v0.63.1

Compare Source

v0.63.0

Compare Source

Patch Changes

• Updated dependencies [87a12b4]
• Updated dependencies [75b0f10]
• Updated dependencies [ec9708d]
  • @​takumi-rs/wasm@​0.63.0
  • @​takumi-rs/core@​0.63.0
  • @​takumi-rs/helpers@​0.63.0

v0.62.8

Compare Source

Patch Changes

• @​takumi-rs/core@​0.62.8
• @​takumi-rs/wasm@​0.62.8
• @​takumi-rs/helpers@​0.62.8

TanStack/router (@​tanstack/react-router)

v1.150.0

Compare Source

Version 1.150.0 - 1/14/26, 9:09 PM

Changes

Feat

• add Route.redirect and getRouteApi.redirect (#​6373) (5299f0b) by Manuel Schiller

Other

• (d10e3e8) by Tanner Linsley

Packages

• @​tanstack/router-core@​1.150.0
• @​tanstack/solid-router@​1.150.0
• @​tanstack/react-router@​1.150.0
• @​tanstack/vue-router@​1.150.0
• @​tanstack/solid-router-ssr-query@​1.150.0
• @​tanstack/react-router-ssr-query@​1.150.0
• @​tanstack/vue-router-ssr-query@​1.150.0
• @​tanstack/router-ssr-query-core@​1.150.0
• @​tanstack/zod-adapter@​1.150.0
• @​tanstack/valibot-adapter@​1.150.0
• @​tanstack/arktype-adapter@​1.150.0
• @​tanstack/router-devtools@​1.150.0
• @​tanstack/solid-router-devtools@​1.150.0
• @​tanstack/react-router-devtools@​1.150.0
• @​tanstack/vue-router-devtools@​1.150.0
• @​tanstack/router-devtools-core@​1.150.0
• @​tanstack/router-generator@​1.150.0
• @​tanstack/router-cli@​1.150.0
• @​tanstack/router-plugin@​1.150.0
• @​tanstack/router-vite-plugin@​1.150.0
• @​tanstack/solid-start@​1.150.0
• @​tanstack/solid-start-client@​1.150.0
• @​tanstack/solid-start-server@​1.150.0
• @​tanstack/vue-start@​1.150.0
• @​tanstack/vue-start-client@​1.150.0
• @​tanstack/vue-start-server@​1.150.0
• @​tanstack/start-client-core@​1.150.0
• @​tanstack/start-server-core@​1.150.0
• @​tanstack/start-storage-context@​1.150.0
• @​tanstack/react-start@​1.150.0
• @​tanstack/react-start-client@​1.150.0
• @​tanstack/react-start-server@​1.150.0
• @​tanstack/start-plugin-core@​1.150.0
• @​tanstack/start-static-server-functions@​1.150.0

v1.149.3

Compare Source

Version 1.149.3 - 1/13/26, 5:06 PM

Changes

Fix

• router-core: replaceEqualDeep max depth (#​6378) (d471ec4) by @​Sheraff

Packages

• @​tanstack/router-core@​1.149.3
• @​tanstack/solid-router@​1.149.3
• @​tanstack/react-router@​1.149.3
• @​tanstack/vue-router@​1.149.3
• @​tanstack/solid-router-ssr-query@​1.149.3
• @​tanstack/react-router-ssr-query@​1.149.3
• @​tanstack/vue-router-ssr-query@​1.149.3
• @​tanstack/router-ssr-query-core@​1.149.3
• @​tanstack/zod-adapter@​1.149.3
• @​tanstack/valibot-adapter@​1.149.3
• @​tanstack/arktype-adapter@​1.149.3
• @​tanstack/router-devtools@​1.149.3
• @​tanstack/solid-router-devtools@​1.149.3
• @​tanstack/react-router-devtools@​1.149.3
• @​tanstack/vue-router-devtools@​1.149.3
• @​tanstack/router-devtools-core@​1.149.3
• @​tanstack/router-generator@​1.149.3
• @​tanstack/router-cli@​1.149.3
• @​tanstack/router-plugin@​1.149.3
• @​tanstack/router-vite-plugin@​1.149.3
• @​tanstack/solid-start@​1.149.3
• @​tanstack/solid-start-client@​1.149.3
• @​tanstack/solid-start-server@​1.149.3
• @​tanstack/vue-start@​1.149.3
• @​tanstack/vue-start-client@​1.149.3
• @​tanstack/vue-start-server@​1.149.3
• @​tanstack/start-client-core@​1.149.3
• @​tanstack/start-server-core@​1.149.3
• @​tanstack/start-storage-context@​1.149.3
• @​tanstack/react-start@​1.149.3
• @​tanstack/react-start-client@​1.149.3
• @​tanstack/react-start-server@​1.149.3
• @​tanstack/start-plugin-core@​1.149.3
• @​tanstack/start-static-server-functions@​1.149.3

v1.147.3

Compare Source

Version 1.147.3 - 1/11/26, 2:29 AM

Changes

Fix

• cleanly separate dev styles from prod runtime (#​6356) (99bb8d2) by Manuel Schiller

Docs

• nitro-nightly (b1976d8) by Manuel Schiller

Packages

• @​tanstack/solid-router@​1.147.3
• @​tanstack/react-router@​1.147.3
• @​tanstack/vue-router@​1.147.3
• @​tanstack/start-server-core@​1.147.3
• @​tanstack/solid-router-ssr-query@​1.147.3
• @​tanstack/react-router-ssr-query@​1.147.3
• @​tanstack/vue-router-ssr-query@​1.147.3
• @​tanstack/zod-adapter@​1.147.3
• @​tanstack/valibot-adapter@​1.147.3
• @​tanstack/arktype-adapter@​1.147.3
• @​tanstack/router-devtools@​1.147.3
• @​tanstack/solid-router-devtools@​1.147.3
• @​tanstack/react-router-devtools@​1.147.3
• @​tanstack/vue-router-devtools@​1.147.3
• @​tanstack/router-plugin@​1.147.3
• @​tanstack/router-vite-plugin@​1.147.3
• @​tanstack/solid-start@​1.147.3
• @​tanstack/solid-start-client@​1.147.3
• @​tanstack/solid-start-server@​1.147.3
• @​tanstack/vue-start@​1.147.3
• @​tanstack/vue-start-client@​1.147.3
• @​tanstack/vue-start-server@​1.147.3
• @​tanstack/react-start@​1.147.3
• @​tanstack/react-start-client@​1.147.3
• @​tanstack/react-start-server@​1.147.3
• @​tanstack/start-plugin-core@​1.147.3
• @​tanstack/start-static-server-functions@​1.147.3

v1.147.2

Compare Source

Version 1.147.2 - 1/10/26, 11:39 PM

Changes

Fix

• implement safe dynamic lookup for React.use to avoid compilation… (#​6355) (2e2c868) by Manuel Schiller

Packages

• @​tanstack/react-router@​1.147.2
• @​tanstack/react-router-ssr-query@​1.147.2
• @​tanstack/zod-adapter@​1.147.2
• @​tanstack/valibot-adapter@​1.147.2
• @​tanstack/arktype-adapter@​1.147.2
• @​tanstack/router-devtools@​1.147.2
• @​tanstack/react-router-devtools@​1.147.2
• @​tanstack/router-plugin@​1.147.2
• @​tanstack/router-vite-plugin@​1.147.2
• @​tanstack/react-start@​1.147.2
• @​tanstack/react-start-client@​1.147.2
• @​tanstack/react-start-server@​1.147.2
• @​tanstack/start-plugin-core@​1.147.2
• @​tanstack/start-static-server-functions@​1.147.2
• @​tanstack/solid-start@​1.147.2
• @​tanstack/vue-start@​1.147.2

algolia/algoliasearch-client-javascript (algoliasearch)

v5.46.3

Compare Source

• cd7a174b4 fix(specs): BREAKING CHANGE — remove fields requirement from run response in CompAPI client (#​5809) by @​ClaraMuller
  Some fields from the Composition Run search response were marked as required while they were optional on the API side. This has been fixed, but might impact the client types.
• b08917039 chore(deps): dependencies 2025-12-29 (#​5792) by @​algolia-bot

vercel/next.js (next)

v16.1.3

Compare Source

v16.1.2

Compare Source

oxc-project/oxc (oxfmt)

v0.24.0

Compare Source

🚀 Features

• 86c0168 oxfmt/sort_package_json: Handle oxfmtrc.sort_scripts option (#​17738) (leaysgur)

📚 Documentation

• 62b7a01 formatter: Clarify experimentalTailwindcss configuration comments (#​17898) (Dunqing)

pnpm/pnpm (pnpm)

v10.28.0

Compare Source

v10.27.0

Compare Source

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

• Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

• Fix installation of Git dependencies using annotated tags #​10335.

  Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

• Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

• Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors

Gold Sponsors

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes

• Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
• Always resolve git references to full commits and ensure HEAD points to the commit after checkout #​10310.

Platinum Sponsors

Gold Sponsors

v10.26.0

Compare Source

v10.25.0

Compare Source

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

v10.20.0

Compare Source

Minor Changes

• Support --all option in pnpm --help to list all commands #​8628.

Patch Changes

• When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #​10100.
• create command should not verify patch info.
• Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #​10063.

v10.19.0

Compare Source

Minor Changes

• You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

  ``

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: df11ce8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
fumadocs	Ready	Preview, Comment	Jan 17, 2026 5:00am
fumadocs-marble-cms	Ready	Preview, Comment	Jan 17, 2026 5:00am
fumadocs-tanstack-start	Ready	Preview, Comment	Jan 17, 2026 5:00am

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
fumadocs-react-router	Ignored		Jan 17, 2026 5:00am

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}