fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@antfu/eslint-config	^8.2.0 → ^8.3.0
@babel/types (source)	^7.29.0 → ^7.29.7
@iconify-json/carbon	^1.2.20 → ^1.2.22
@iconify-json/simple-icons	^1.2.78 → ^1.2.84
@iconify/utils (source)	^3.1.0 → ^3.1.3
@proj-airi/ui (source)	^0.9.0 → ^0.10.2
@shikijs/core (source)	^4.0.2 → ^4.1.0
@shikijs/engine-javascript (source)	^4.0.2 → ^4.1.0
@shikijs/langs (source)	^4.0.2 → ^4.1.0
@shikijs/monaco (source)	^4.0.2 → ^4.1.0
@shikijs/themes (source)	^4.0.2 → ^4.1.0
@types/node (source)	^25.6.0 → ^25.9.1
@unocss/eslint-config (source)	^66.6.8 → ^66.7.0
@unocss/eslint-plugin (source)	^66.6.8 → ^66.7.0
@unocss/preset-mini (source)	^66.6.8 → ^66.7.0
@unocss/reset (source)	^66.6.8 → ^66.7.0
@vitejs/plugin-vue (source)	^6.0.6 → ^6.0.7
@volar/jsdelivr (source)	2.4.23 → 2.4.28
@volar/monaco (source)	2.4.23 → 2.4.28
@volar/typescript (source)	2.4.23 → 2.4.28
@vue/compiler-sfc (source)	^3.5.32 → ^3.5.35
@vue/language-core (source)	3.0.7-alpha.1 → 3.3.2
@vue/language-service (source)	3.0.7-alpha.1 → 3.3.2
@vue/reactivity (source)	^3.5.32 → ^3.5.35
@vue/runtime-core (source)	^3.5.32 → ^3.5.35
@vue/server-renderer (source)	^3.5.32 → ^3.5.35
@vue/shared (source)	^3.5.32 → ^3.5.35
@vue/typescript-plugin (source)	3.0.7-alpha.1 → 3.3.2
@vueuse/core (source)	^14.2.1 → ^14.3.0
@xsai/shared (source)	^0.5.0-beta.2 → ^0.5.0-beta.4
@xsai/stream-text (source)	^0.5.0-beta.2 → ^0.5.0-beta.4
bumpp	^11.0.1 → ^11.1.0
es-toolkit (source)	^1.45.1 → ^1.47.0
eslint (source)	^10.2.0 → ^10.4.0
fflate (source)	^0.8.2 → ^0.8.3
markdown-it	^14.1.1 → ^14.2.0
monaco-editor-core	^0.52.2 → ^0.55.1
pnpm (source)	10.33.0 → 10.34.0
reka-ui	^2.9.6 → ^2.9.8
splitpanes (source)	^4.0.4 → ^4.1.2
taze	^19.11.0 → ^19.14.1
tsdown (source)	^0.21.8 → ^0.22.0
tsx (source)	^4.21.0 → ^4.22.3
typescript (source)	^6.0.2 → ^6.0.3
unocss (source)	66.1.1 → 66.7.0
vite (source)	^8.0.8 → ^8.0.14
vitest (source)	^4.1.4 → ^4.1.7
volar-service-typescript (source)	^0.0.68 → ^0.0.71
vue (source)	^3.5.32 → ^3.5.35
vue-tsc (source)	^3.2.6 → ^3.3.2

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v8.3.0

Compare Source

   🚀 Features

• Make perfectionist configurable inside antfu()  -  by @​oliver139 in #​848 (ae1d6)
• stylistic: Allow easy setting brace style  -  by @​oliver139 in #​846 (bd784)
• svelte: Use recommended rules  -  by @​Jungzl in #​842 (6c839)

   🐞 Bug Fixes

• markdown: Scope user rule overrides away from md files  -  by @​antfu and Claude Opus 4.7 (1M context) in #​844 (8d25a)

    View changes on GitHub

babel/babel (@​babel/types)

v7.29.7

Compare Source

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

moeru-ai/airi (@​proj-airi/ui)

v0.10.2

Compare Source

New Contributors

• @​kmiit made their first contribution in #​1760
• @​Maaannnn made their first contribution in #​1670
• @​Sambhram1 made their first contribution in #​1774
• @​YTLLL made their first contribution in #​1784

v0.10.2

🆕 Updates

New providers

• You can now use Xiaomi MiMo for speech and transcription.¹
• ARK-compatible chat providers are now available, including BytePlus, BytePlus Coding Plan, Volcengine Coding Plan, and related OpenAI-compatible ARK endpoints.²

Agent capabilities

• Thinking models can now show reasoning updates while they respond, so long-running answers feel less like a black box.³
• MCP tools are easier to configure and test, with a rebuilt settings page, direct JSON editing, connection testing, server enable/disable controls, and better restart feedback.⁴

Interface improvements

• You can now adjust the character offset in landscape mode, making it easier to position Live2D and 3D characters across desktop, web, and mobile layouts.⁵
• Voice activity settings now expose silence duration and display threshold values correctly.⁶

🐛 Bug fixes

• Fixed a critical desktop issue where opening AIRI could briefly flash a blue border around the stage window and leave the inner window unresponsive.⁷
• Model selection is more reliable. Previously, the loaded display model and the selected character card could fall out of sync; AIRI now keeps them aligned.⁸
• Plugin tools now fail faster when they cannot respond, so broken or unavailable tools block the experience for less time.⁹
• Missing settings translations were filled in, with broader translation updates across supported languages.¹⁰¹¹¹²

✍️ Documentation

• The setup and usage manual for AIRI Tamagotchi has been refreshed.¹³

Full Changelog: moeru-ai/airi@v0.10.1...v0.10.2

v0.10.1

Compare Source

v0.10.1 Highlights

Account & AIRI Cloud

• You can now sign in with email, verify your email address, reset your password, and manage your profile from the account page.
• You can now link social accounts to your AIRI account, making it easier to manage different sign-in methods in one place.
• You can now delete your account from settings when you no longer want to keep your data.
• AIRI Cloud now supports server-side TTS with per-character Flux billing.
• We improved Flux billing reliability for TTS usage, especially when usage needs to be recorded before payment is fully settled.
• Some users could run into unstable sign-in sessions when multiple requests refreshed auth at the same time. We improved token refresh handling so sign-in state should be more reliable.

New Providers

• You can now use Amazon Bedrock as a chat provider.
• You can now use MiniMax Speech as a TTS provider.
• Artistry now supports image providers such as ComfyUI, Replicate, and Nano Banana.

Chat & Settings

• The chat input could flicker or feel unstable in some cases. We adjusted the input behavior so typing and sending messages should feel smoother.
• When a message fails, you can now retry it directly instead of recreating it manually.
• Some chat bubbles, buttons, tabs, and input scrollbars did not fit cleanly. We fixed several layout issues to make the chat UI feel more polished.
• Some provider lists in settings were hard to reach because they did not scroll correctly. We fixed this so all options should be accessible.
• Kokoro’s default model is now saved correctly on first visit.
• You can now clear OpenAI-compatible speech model fields when you want to reset them.

Artistry

• You can now use Artistry to generate or work with images through supported image providers.
• AIRI Card creation and scene settings now have better image-related controls and previews.
• Generated image results in chat are easier to inspect with the new journal preview flow.

Models & Local Inference

• You can now get clearer feedback when importing Live2D models. AIRI checks the model structure and shows a report when something looks wrong.
• We improved WebGPU-based local inference for speech, TTS, and background removal. This should make local model loading, cancellation, and recovery from GPU issues more reliable.
• Some CJK and keep-text speech processing cases could strip text incorrectly. We improved the audio text processing pipeline to handle those cases better.

Computer Use

• AIRI now has an experimental Computer Use foundation for observing the desktop and interacting with browser content.
• Browser actions are now routed through DOM-aware tools where possible, which should make web interactions more accurate than coordinate-only clicking.
• We added safer session tracking, read-only DOM inspection tools, transcript-based state tracking, and improved desktop overlay behavior.
• Some macOS cursor, display geometry, iframe coordinate, and cleanup issues were fixed to make the experimental desktop flow more stable.

Mobile & Stage

• You can now use a transparent background in Stage Pocket.
• We added an early Godot Stage preview. This is experimental, but it gives us a path toward richer stage runtimes.

For Plugin Developers

• You can now build plugins with the new Kits API, Bindings API, Tools API, and Gamelet API.
• Plugin manifests now use plugin.airi.json.
• Plugins can now provide custom widget UI.
• We added a local loopback server so plugin assets can be served more safely inside Stage Tamagotchi.
• We added an initial chess gamelet example to show how the new Gamelet API works.
• We improved plugin host structure, debugging, auto reload, asset mounting, and iframe messaging through @moeru/eventa.
• Some plugin tools were not being enabled correctly. We fixed that so plugin-provided tools can be used as expected.

Developer Tools

• We added IO Tracer to help inspect how messages, hearing, and other runtime flows move through AIRI.
• IO Tracer now has better layout behavior, clearer identifiers, and localized route metadata.
• We added the foundation for global shortcuts.

Upgrade Notes

• If you self-host AIRI, set BETTER_AUTH_SECRET before upgrading.
• If you maintain a plugin, migrate your manifest to plugin.airi.json.
• Artistry, Computer Use, Desktop Overlay, and Godot Stage are still evolving. Some details may change in future releases.

v0.10.0

Compare Source

New Contributors

• @​3361559784 made their first contributihttps://github.com/moeru-ai/airi/pull/1380l/1380
• @​ENTWOPY made their first contributihttps://github.com/moeru-ai/airi/pull/1624l/1624
• @​eidoid made their first contributihttps://github.com/moeru-ai/airi/pull/1639l/1639
• @​createmeow made their first contributihttps://github.com/moeru-ai/airi/pull/1375l/1375
• @​arkrolin made their first contributihttps://github.com/moeru-ai/airi/pull/1666l/1666
• @​drHuangMHT made their first contributihttps://github.com/moeru-ai/airi/pull/1664l/1664
• @​0xSelenicDove made their first contributihttps://github.com/moeru-ai/airi/pull/1702l/1702
• @​chaosreload made their first contributihttps://github.com/moeru-ai/airi/pull/1256l/1256
• @​officialasishkumar made their first contributihttps://github.com/moeru-ai/airi/pull/1726l/1726
• @​alicesainta made their first contributihttps://github.com/moeru-ai/airi/pull/1730l/1730
• @​fuyua9 made their first contributihttps://github.com/moeru-ai/airi/pull/1728l/1728
• @​felixtremblay made their first contributihttps://github.com/moeru-ai/airi/pull/1764l/1764

🚀 Features

• auth:
  • Email login & profile - by @​luoling8192 and @​lietblue in #​1745 (172e4)
  • Oidc jwt bearer plugin & linked social accounts - by @​luoling8192 and @​lietblue in #​1753 (0af7d)
  • Delete account - by @​luoling8192 in #​1756 (6f0b7)
• computer-use-mcp:
  • Add read-only DOM tools parity to extension bridge - by @​3361559784 in #​1733 (e145c)
  • Add transcript truth source and safe projection - by @​3361559784 in #​1734 (f92e6)
• core-agent:
  • Extract pure runtime logic from stage-ui into core-agent - by @​NashChennc in #​1524 (bf416)
• desktop:
  • Add desktop observation and overlay baseline - by @​3361559784 in #​1647 (632aa)
• docs:
  • Authors region, published at, more tweaks on ui, @​assets() fix - by @​nekomeowww (32087)
• flux:
  • Update transaction stats to use capacity from latest credit/initial transaction - by @​luoling8192 (67151)
• inference:
  • Unify and optimize WebGPU inference pipeline - by @​NJX-njx in #​1622 (147d0)
• mcp-computer-use:
  • Lay down the foundation of computer use - by @​3361559784 in #​1380 (aa742)
• pipelines-audio:
  • Universal Speech Transformer port with CJK & keep-text support - by @​0xSelenicDove in #​1702 (c259c)
• plugin-sdk:
  • Kits api, binding api, and better comments - by @​nekomeowww (0294d)
• plugin-sdk,stage-tamagotchi:
  • Rework of plugin structure, integrated kits api, now plugin manifest is plugin.airi.json - by @​nekomeowww (509c0)
• plugin-sdk-tamagotchi,airi-plugin-game-chess:
  • Tools api, gamelet api, init chess gamelet - by @​nekomeowww (33901)
• providers:
  • Add Amazon Bedrock provider - by @​chaosreload in #​1256 (a1895)
• server:
  • Use stripe product as flux pricing - by @​luoling8192 in #​1640 (93888)
  • Require BETTER_AUTH_SECRET and pass it explicitly to betterAuth - by @​luoling8192 (fc0ad)
  • Add gateway and model configuration to environment variables - by @​luoling8192 (57533)
  • Add TTS support with per-character billing - by @​luoling8192 (8967b)
• server/billing:
  • Implement debt ledger for TTS service using FluxMeter - by @​luoling8192 (a1172)
• stage-*:
  • Port artistry & chatbox enhancements - by @​dasilva333 in #​1636 (4e6da)
• stage-layouts:
  • Add an optional disableBackButton to route metadata - by @​sumimakito (82686)
• stage-pages,stage-shared,stage-ui:
  • Better OTel identifiers - by @​sumimakito (dbe85)
• stage-pocket:
  • Allow to set transparent background - by @​LemonNekoGH (c8a01)
• stage-shared:
  • Add types for IO tracing - by @​sumimakito (dd9cc)
• stage-shared,stage-ui:
  • Add store and integrations for IO tracer - by @​sumimakito (7d544)
• stage-tamagotchi:
  • Support detached devtools window with params - by @​sumimakito (3d35d)
  • Improve updater cleanup lane and admin diagnostics - by @​jensenhuangfan (c14e9)
  • Built-in local loopback http server - by @​nekomeowww (033e7)
  • Widget now supports customizable ui from plugin/extension - by @​nekomeowww (a406f)
• stage-tamagotchi,computer-use-mcp:
  • Implement browser-native DOM action routing - by @​3361559784 in #​1648 (255ce)
• stage-tamagotchi,i18n,stage-pages:
  • Localize IO Tracer title and update route metadata - by @​sumimakito (a620c)
• stage-tamagotchi,stage-pages:
  • Initialize IO trace viewer - by @​sumimakito (b0b48)
• stage-tamagotchi,stage-shared:
  • Essentials for global shortcut - by @​sumimakito (3566e)
• stage-tamagotchi,stage-ui,computer-use-mcp:
  • Intro agent-owned session and ghost pointer phases - by @​3361559784 in #​1649 (d7402)
• stage-tamagotchi,stage-ui,ui:
  • Input should not flink, added retry for errored item, adjusted button - by @​nekomeowww (a3249)
• stage-tamagotchi-godot:
  • Initiation of Godot stage - by @​Lilia-Chen in #​1697 (567fd)
  • Add Godot stage G0 sidecar preview - by @​Lilia-Chen in #​1724 (c6c04)
• stage-ui:
  • Add OTel deps and IO tracer helpers - by @​sumimakito (bc539)
  • Should handle WebGPU device-loss - by @​NJX-njx in #​1680 (f7ac6)
  • Webgpu detect improved - by @​NJX-njx in #​1681 (d8570)
  • Added AbortController for inference utils - by @​NJX-njx in #​1682 (6a50d)
  • Port model selector redesign and live2d validation - by @​dasilva333 in #​1297 (d6601)
• stage-ui,i18n:
  • Add MiniMax Speech TTS provider - by @​octo-patch in #​1594 (11ac5)
• ui:
  • Add ErrorBoundary component for error handling in Vue - by @​luoling8192 (f292a)
  • New component - by @​nekomeowww (2d099)

🐞 Bug Fixes

• background-store:
  • Rename store id to avoid collision with stage-layouts - by @​luoling8192 (7312e)
• ci:
  • Pr triage permission - by @​shinohara-rin in #​1619 (4e194)
  • Min-integrity: none for safeoutput mcp call - by @​shinohara-rin in #​1645 (b7e9c)
  • Harden pr-triage prompt against WASM guard UTF-8 crash - by @​lietblue in #​1653 (61371)
• computer-use-mcp:
  • Route target clicks through action executor - by @​3361559784 in #​1727 (2e902)
  • Harden desktop runtime cleanup - by @​3361559784 in #​1746 (40531)
  • Add macOS display geometry contract - by @​3361559784 in #​1750 (9d071)
• docs:
  • Missing handle of invalid date - by @​nekomeowww (d7baa)
• minecraft:
  • Multiple core crashes and logic bugs in Minecraft bots - by @​createmeow in #​1375 (d8631)
• pipelines-audio:
  • Resolve narrative stripping edge cases and add comprehensive tests - by @​0xSelenicDove in #​1708 (3545c)
• plugin-sdk-tamagotchi:
  • Improved naming, use @​moeru/eventa offered window-message adapter - by @​nekomeowww (2b125)
• server:
  • Now import the ui-server-auth built artifacts into docker image - by @​nekomeowww (9a598)
  • Zod is required - by @​nekomeowww (67398)
  • Trust https localhost and loopback for mkcert Vite dev - by @​lulu0119 in #​1691 (e1658)
• server-runtime:
  • Enforce auth & routing safety, fix lifecycle leaks - by @​Iro96 in #​1686 (3f829)
• server/docker:
  • Squash auth ui to server image - by @​luoling8192 (c0859)
  • Remove cache mount for pnpm install in Dockerfile - by @​luoling8192 (e36f0)
  • Switch from alpine to slim for ui-build to support canvas dependencies - by @​luoling8192 (924d3)
• spark-notify:
  • Add options to expose built-in tools for no response and spark command - by @​luoling8192 (4d4c5)
• stage-layouts:
  • Prevent using :global(...) as they gets compiled into .dark without the children selector - by @​nekomeowww (87f71)
  • Mount LoginDrawer in settings layout on mobile - by @​lulu0119 in #​1675 (a40cb)
• stage-pages:
  • Persist default Kokoro model on first visit - by @​ENTWOPY in #​1624 (4da6f)
  • Allow clearing OpenAI-compatible speech model field - by @​lulu0119 in #​1644 (bc94b)
  • Replace with vueuse utilities - by @​sumimakito (186a7)
  • Show scrollbar in module provider lists so all items are reachable - by @​octo-patch in #​1723 (44cfb)
• stage-pages,stage-shared,stage-ui:
  • Auto fit IO tracer - by @​sumimakito (bcd89)
  • Rollback 3f82942 falsy fix - by @​nekomeowww (c7cf0)
• stage-pages,stage-ui:
  • Plugin host update - by @​nekomeowww (ca4c9)
• stage-tamagotchi:
  • Fix window title - by @​eidoid in #​1639 (7309f)
  • Open devtools for beat sync in detach mode - by @​sumimakito (1744c)
  • Correctly use devtools window params - by @​sumimakito (4f28b)
  • Suppress "conflicting files found for route" warnings - by @​sumimakito (25f56)
  • Chat sync broken for cross window - by @​nekomeowww (49961)
  • Updater regressions, downgrade warnings, and cross-platform cache cleanup - by @​jensenhuangfan (02616)
  • Use electron cache path for updater cleanup - by @​jensenhuangfan (1a114)
  • Concurrent apply and auto-heal will have conflicts - by @​nekomeowww (d2d54)
  • Fix test - by @​nekomeowww (8603d)
  • Hide chat input scrollbar when content fits - by @​octo-patch in #​1687 (22b0d)
  • Stage widget tool was broken - by @​nekomeowww (3cc9c)
  • Show friendly empty state when widgets window has no id - by @​officialasishkumar in #​1726 (fe568)
  • Render server-channel QR always as dark-on-light - by @​officialasishkumar in #​1725 (4b133)
  • Harden overlay isolation and iframe coordinates - by @​3361559784 in #​1751 (5bd0b)
  • Add xwayland dev script for Wayland Electron deadlock - by @​felixtremblay in #​1764 [<s

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Footnotes

1. Commit 5205f369b by @​kmiit. ↩

2. Commit 48d52a2db by @​Maaannnn. ↩

3. Commit e50e140a7 by @​felixtremblay. ↩

4. Commit 81dbd71c3 by @​BeanDz. ↩

5. Commit 85627d34a by @​drHuangMHT. ↩

6. Commit 33cd61111 by @​Sambhram1. ↩

7. Commit e86ee2f13 by @​nekomeowww and @​Lovehsigure_520. ↩

8. Commit ef60c157d by @​nekomeowww. ↩

9. Commit 35c3471ec by @​nekomeowww. ↩

10. Commit c6e2f727d by @​hahaQWQ. ↩

11. Commit abc434152 by @​github-actions. ↩

12. Commit 39b119641 by @​luoling8192. ↩

13. Commit 1e80470f0 by @​icefair. ↩

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 7 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 27, reused 0, downloaded 0, added 0
.                                        |  WARN  deprecated @antfu/nip@0.1.1
Progress: resolved 49, reused 0, downloaded 0, added 0
Progress: resolved 98, reused 0, downloaded 0, added 0
Progress: resolved 100, reused 0, downloaded 0, added 0
Progress: resolved 102, reused 0, downloaded 0, added 0
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "tinyexec@1.2.2" (possible package takeover)

This error happened while installing the dependencies of bumpp@11.1.0

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had trusted publisher, but this version has provenance attestation. A trust downgrade may indicate a supply chain incident.

[netlify]

❌ Deploy Preview for velin-dev failed. Why did it fail? →

Name	Link
🔨 Latest commit	b624aa5
🔍 Latest deploy log	https://app.netlify.com/projects/velin-dev/deploys/6a17244ce92b52000817e68f