Skip to content

fix(deps): update non-major#22

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major
Open

fix(deps): update non-major#22
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major

Conversation

@renovate

@renovate renovate Bot commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@radix-ui/react-checkbox (source) ^1.1.1^1.3.5 age confidence
@​radix-ui/react-icons ^1.3.0^1.3.2 age confidence
@radix-ui/react-label (source) ^2.1.0^2.1.10 age confidence
@radix-ui/react-select (source) ^2.1.1^2.3.1 age confidence
@radix-ui/react-slider (source) ^1.2.0^1.4.1 age confidence
@sanity/prettier-config ^1.0.3^1.0.6 age confidence
@sanity/styled-components (source) 6.1.18-canary.46.1.24 age confidence
@types/node (source) ^22.1.0^22.20.0 age confidence
@types/react (source) ^18.3.12^18.3.31 age confidence
@types/react-dom (source) ^18.3.1^18.3.7 age confidence
class-variance-authority ^0.7.0^0.7.1 age confidence
culori ^4.0.1^4.0.2 age confidence
fuse.js (source) ^7.0.0^7.4.2 age confidence
prettier-plugin-tailwindcss ^0.6.8^0.8.0 age confidence
styled-components (source) 6.1.186.4.3 age confidence
tailwind-merge ^2.4.0^2.6.1 age confidence
tailwindcss (source) ^3.4.14^3.4.19 age confidence
typescript (source) 5.6.35.9.3 age confidence

Release Notes

radix-ui/primitives (@​radix-ui/react-checkbox)

v1.3.5

  • Updated dependencies: @radix-ui/react-primitive@2.1.6

v1.3.4

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-use-size@1.1.2

v1.3.3

  • Updated dependencies: @radix-ui/react-presence@1.1.5, @radix-ui/primitive@1.1.3, @radix-ui/react-context@1.1.3, @radix-ui/react-primitive@2.1.4

v1.3.2

  • Replace deprecated 'ElementRef' with 'ComponentRef' (#​3426)
  • Updated dependencies: @radix-ui/react-primitive@2.1.3

v1.3.1

  • Fix type error emitted in build artifacts
  • Updated dependencies: @radix-ui/react-primitive@2.1.2

v1.3.0

  • Add unstable Provider, Trigger and BubbleInput parts to Checkbox (#​3459)
  • Updated dependencies: @radix-ui/react-primitive@2.1.1

v1.2.3

  • Updated dependencies: @radix-ui/react-presence@1.1.4

v1.2.2

  • Updated dependencies: @radix-ui/react-use-controllable-state@1.2.2

v1.2.1

  • Updated dependencies: @radix-ui/react-use-controllable-state@1.2.1

v1.2.0

  • All form controls with internal bubble inputs now use the Radix Primitive component by default. This will allow us to expose these components directly so users can better control this behavior in the future.
  • Minor improvements to useControllableState to enhance performance, reduce surface area for bugs, and log warnings when misused (#​3455)
  • Updated dependencies: @radix-ui/react-use-controllable-state@1.2.0, @radix-ui/react-primitive@2.1.0

v1.1.5

Compare Source

v1.1.4

Compare Source

v1.1.3

Compare Source

radix-ui/primitives (@​radix-ui/react-label)

v2.1.10

  • Updated dependencies: @radix-ui/react-primitive@2.1.6

v2.1.9

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-primitive@2.1.5

v2.1.8

  • Updated dependencies: @radix-ui/react-primitive@2.1.4

v2.1.7

  • Replace deprecated 'ElementRef' with 'ComponentRef' (#​3426)
  • Updated dependencies: @radix-ui/react-primitive@2.1.3

v2.1.6

  • Updated dependencies: @radix-ui/react-primitive@2.1.2

v2.1.5

  • Updated dependencies: @radix-ui/react-primitive@2.1.1

v2.1.4

  • Updated dependencies: @radix-ui/react-primitive@2.1.0

v2.1.3

Compare Source

v2.1.2

Compare Source

v2.1.1

Compare Source

  • Updated dependencies: @radix-ui/react-primitive@2.1.6
radix-ui/primitives (@​radix-ui/react-select)

v2.3.1

  • Allowed a Select.Item with an empty string value to act as a "clear" option. Selecting it resets the selection back to the placeholder, restoring the native <select> behavior for optional selects.
  • Fixed a bug where typeahead search resulted in focusing an element that no longer exists.
  • Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-popper@1.3.1, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

v2.3.0

  • Added unstable Provider and BubbleInput parts to Select. Select.unstable_Provider sets up Select's context and state without implicitly rendering the hidden native select, and Select.unstable_BubbleInput exposes that previously internal native select so consumers can recompose it explicitly. Select continues to render both by default.
  • Added support for presence-based exit animations in Select
  • Fixed Select hidden input so it submits empty string when no value is selected
  • Fixed placeholder rendering when a controlled Select is reset to an empty value
  • Added missing __selectScope prop to PopperContent component
  • Fixed Select closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Fixed SelectValue logging invalid prop errors when used with both asChild and a placeholder
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-visually-hidden@1.2.5

v2.2.6

  • Updated dependencies: @radix-ui/react-slot@1.2.4, @radix-ui/react-popper@1.2.8, @radix-ui/react-focus-guards@1.1.3, @radix-ui/primitive@1.1.3, @radix-ui/react-context@1.1.3, @radix-ui/react-collection@1.1.8, @radix-ui/react-primitive@2.1.4, @radix-ui/react-dismissable-layer@1.1.11, @radix-ui/react-focus-scope@1.1.8, @radix-ui/react-portal@1.1.10, @radix-ui/react-visually-hidden@1.2.4

v2.2.5

  • Replace deprecated 'ElementRef' with 'ComponentRef' (#​3426)
  • Updated dependencies: @radix-ui/react-dismissable-layer@1.1.10, @radix-ui/react-visually-hidden@1.2.3, @radix-ui/react-focus-scope@1.1.7, @radix-ui/react-popper@1.2.7, @radix-ui/react-portal@1.1.9, @radix-ui/react-slot@1.2.3, @radix-ui/react-collection@1.1.7, @radix-ui/react-primitive@2.1.3

v2.2.4

  • Updated dependencies: @radix-ui/react-slot@1.2.2, @radix-ui/react-collection@1.1.6, @radix-ui/react-primitive@2.1.2, @radix-ui/react-dismissable-layer@1.1.9, @radix-ui/react-focus-scope@1.1.6, @radix-ui/react-popper@1.2.6, @radix-ui/react-portal@1.1.8, @radix-ui/react-visually-hidden@1.2.2

v2.2.3

  • Updated dependencies: @radix-ui/react-slot@1.2.1, @radix-ui/react-collection@1.1.5, @radix-ui/react-primitive@2.1.1, @radix-ui/react-dismissable-layer@1.1.8, @radix-ui/react-focus-scope@1.1.5, @radix-ui/react-popper@1.2.5, @radix-ui/react-portal@1.1.7, @radix-ui/react-visually-hidden@1.2.1

v2.2.2

  • Updated dependencies: @radix-ui/react-use-controllable-state@1.2.2

v2.2.1

  • Updated dependencies: @radix-ui/react-use-controllable-state@1.2.1

v2.2.0

  • All form controls with internal bubble inputs now use the Radix Primitive component by default. This will allow us to expose these components directly so users can better control this behavior in the future.
  • Minor improvements to useControllableState to enhance performance, reduce surface area for bugs, and log warnings when misused (#​3455)
  • Updated dependencies: @radix-ui/react-collection@1.1.4, @radix-ui/react-use-controllable-state@1.2.0, @radix-ui/react-visually-hidden@1.2.0, @radix-ui/react-primitive@2.1.0, @radix-ui/react-dismissable-layer@1.1.7, @radix-ui/react-focus-scope@1.1.4, @radix-ui/react-popper@1.2.4, @radix-ui/react-portal@1.1.6

v2.1.7

Compare Source

v2.1.6

Compare Source

v2.1.5

Compare Source

v2.1.4

Compare Source

v2.1.3

Compare Source

radix-ui/primitives (@​radix-ui/react-slider)

v1.4.1

  • Fixed Duplicate index signature errors that surfaced when consuming multiple packages together.
  • Updated dependencies: @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10

v1.4.0

  • Added unstable ThumbProvider, ThumbTrigger, and BubbleInput parts to Slider. SliderThumb was previously a single component that implicitly rendered a hidden native input for form submission. It is now composed from these new parts, which are exposed so consumers can decouple the bubble input from the thumb (for example, to render or customize it independently) instead of relying on SliderThumb to render it implicitly. SliderThumb continues to render all three by default, so existing usage is unaffected.
  • Added focusVisible for non-keyboard interactions with slider thumbs for progressively enabling styles using :focus-visible alongside programmatic focus management
  • Fixed Slider focus bugs in scrollable context
  • Fixed a Slider bug where very small step values made the thumbs unresponsive
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-use-size@1.1.2

v1.3.6

  • Updated dependencies: @radix-ui/primitive@1.1.3, @radix-ui/react-context@1.1.3, @radix-ui/react-collection@1.1.8, @radix-ui/react-primitive@2.1.4

v1.3.5

  • Replace deprecated 'ElementRef' with 'ComponentRef' (#​3426)
  • Updated dependencies: @radix-ui/react-collection@1.1.7, @radix-ui/react-primitive@2.1.3

v1.3.4

  • Updated dependencies: @radix-ui/react-collection@1.1.6, @radix-ui/react-primitive@2.1.2

v1.3.3

  • Updated dependencies: @radix-ui/react-collection@1.1.5, @radix-ui/react-primitive@2.1.1

v1.3.2

  • Updated dependencies: @radix-ui/react-use-controllable-state@1.2.2

v1.3.1

  • Updated dependencies: @radix-ui/react-use-controllable-state@1.2.1

v1.3.0

  • All form controls with internal bubble inputs now use the Radix Primitive component by default. This will allow us to expose these components directly so users can better control this behavior in the future.
  • Updated dependencies: @radix-ui/react-collection@1.1.4, @radix-ui/react-use-controllable-state@1.2.0, @radix-ui/react-primitive@2.1.0

v1.2.4

Compare Source

v1.2.3

Compare Source

v1.2.2

Compare Source

sanity-io/prettier-config (@​sanity/prettier-config)

v1.0.6

Compare Source

Bug Fixes

v1.0.5

Compare Source

Bug Fixes

v1.0.4

Compare Source

Bug Fixes
  • deps: update prettier-plugin-packagejson to v2.5.15 (e3c8ee5)
sanity-io/styled-components-last-resort (@​sanity/styled-components)

v6.1.24

Compare Source

Patch Changes

v6.1.23

Compare Source

Patch Changes

v6.1.22

Compare Source

Patch Changes

v6.1.21

Compare Source

Patch Changes

v6.1.19

Compare Source

Patch Changes
  • db218de Thanks @​stipsan! - Add support for setting SC_ATTR with process.env.SANITY_SC_ATTR

v6.1.18

Patch Changes
joe-bell/cva (class-variance-authority)

v0.7.1

Compare Source

What's Changed

New Contributors

Full Changelog: joe-bell/cva@v0.7.0...v0.7.1

Evercoder/culori (culori)

v4.0.2

Compare Source

Bug fixes

  • Changed XYZ <-> Oklab conversion matrices to match those used in the css-color-4 spec (#​237, #​249, #​255)
  • toGamut() throws a more useful error than simply crashing then mode color space does not have lightness and chroma components (#​261)
  • Changed reference component value ranges for lab / lch / lab65 / lch65 to match CSS spec (#​260)
krisk/Fuse (fuse.js)

v7.4.2

Compare Source

v7.4.1

Compare Source

v7.4.0

Compare Source

v7.3.0

Compare Source

Features
  • add BigInt support for indexing and search (0ae662c), closes #​814
  • add static Fuse.match() for single string matching (460eb5b)
  • add token search — per-term fuzzy matching with IDF scoring (68c1dcf)
  • getFn null return, escaped pipe in extended search, empty query returns all (d33b735), closes #​800 #​765 #​728
  • removeAt() now returns the removed item (8cec7e2), closes #​675
  • search: support keyless string entries in logical queries (8695556), closes #​736
Bug Fixes
  • index: coerce non-string array values to strings during indexing (db0e181), closes #​738
  • index: strip getFn from keys in toJSON() for safe serialization (0f2a69b), closes #​798
  • lint: suppress unused var in toJSON destructure (d63c0e8)
  • merge overlapping match indices in extended search (06c5e97)
  • search: handle non-decomposable diacritics in stripDiacritics (5a01f29), closes home-assistant/frontend#30399 #​816
  • search: handle quoted tokens with inner spaces and quotes in extended search (c226523), closes #​810
  • search: inverse patterns now work correctly across multiple keys (9351882), closes #​712

v7.2.0

Compare Source

Features
  • add Fuse.use() for runtime plugin registration (8546a9b)
Performance
  • inline Bitap score computation to reduce object allocation in hot loops (8546a9b)
  • batch removeAll for O(n) bulk removes instead of O(n*k) (8546a9b)
  • heap-based top-k selection when limit is set (8546a9b)
  • cache compiled searcher for repeated queries (8546a9b)
Bug Fixes
  • search: deduplicate and merge overlapping match indices (60c393a), closes #​735
  • search: preserve original array indices in nested path traversal (a1451be), closes #​786
  • types: correct key type in FuseSortFunctionMatch (fecee16), closes #​811
  • types: correct keys type in parseIndex parameter (58c7c73), closes #​794

v7.1.0

Compare Source

Features
  • add ignore diacritics (e0fcdb1)
  • add option to ignore diacritics (fb012b7)
Bug Fixes
tailwindlabs/prettier-plugin-tailwindcss (prettier-plugin-tailwindcss)

v0.8.0

Compare Source

Changed
  • Require at least Prettier 3.7.x (#​420)
Added
  • Export public sorting APIs to /sorter (#​438)
Fixed
  • Remove top-level await (#​420)
  • Improve load-time performance (#​420)
  • Improve config resolution caching with directory-based cache (#​432)
  • Load compatible plugins on demand and tighten plugin detection (#​437)
  • Load v3/v4 modules only when needed (#​439)
  • Remove recast/ast-types deps and optimize dynamic JS attribute handling (#​440)
  • Remove unused deps (#​441)
  • Use the plugin that has already been imported rather than dynamically importing it again (#​442)
  • Skip visiting non-node children (#​443)
  • Optimize whitespace-only class detection (#​429)
  • Fix v3 config loading with Jiti re-exports (#​448)
  • Collapse whitespace in template literals with adjacent quasis (#​427)
  • Improve canCollapseWhitespaceIn handling for "tailwindPreserveWhitespace": true (#​428)

v0.7.4

Compare Source

Same as v0.7.2, since v0.7.3 contained breaking changes.

v0.7.3

Compare Source

Changed
  • Remove top-level await (#​420)
  • Improve load-time performance (#​420)
Fixed
  • Collapse whitespace in template literals with adjacent quasis (#​427)

v0.7.2

Compare Source

Fixed
  • Load compatible plugins sequentially to work around race conditions in Node.js (#​412)
  • Fix compatibility with prettier-plugin-svelte when using Prettier v3.7+ (#​418)

v0.7.1

Compare Source

Fixed
  • Match against correct name of dynamic attributes when using regexes (#​410)

v0.7.0

Compare Source

Added
  • Format quotes in @source, @plugin, and @config (#​387)
  • Sort in function calls in Twig (#​358)
  • Sort in callable template literals (#​367)
  • Sort in function calls mixed with property accesses (#​367)
  • Support regular expression patterns for attributes (#​405)
  • Support regular expression patterns for function names (#​405)
Changed
  • Improved monorepo support by loading Tailwind CSS relative to the input file instead of prettier config file (#​386)
  • Improved monorepo support by loading v3 configs relative to the input file instead of prettier config file (#​386)
  • Fallback to Tailwind CSS v4 instead of v3 by default (#​390)
  • Don't augment global Prettier ParserOptions and RequiredOptions types (#​354)
  • Drop support for prettier-plugin-import-sort (#​385)
Fixed
  • Handle quote escapes in LESS when sorting @apply (#​392)
  • Fix whitespace removal inside nested concat and template expressions (#​396)

v0.6.14

Compare Source

  • Add support for OXC + Hermes Prettier plugins (#​376, #​380)
  • Sort template literals in Angular expressions (#​377)
  • Don't repeatedly add backslashes to escape sequences when formatting (#​381)

v0.6.13

Compare Source

  • Prevent Svelte files from breaking when there are duplicate classes (#​359)
  • Ensure prettier-plugin-multiline-arrays and prettier-plugin-jsdoc work when used together with this plugin (#​372)

v0.6.12

Compare Source

  • Add internal (unsupported) option to load Tailwind CSS using a different package name (#​366)

v0.6.11

Compare Source

  • Support TypeScript configs and plugins when using v4 (#​342)

v0.6.10

Compare Source

  • Add support for @zackad/prettier-plugin-twig (#​327)
  • Drop support for @zackad/prettier-plugin-twig-melody (#​327)
  • Update Prettier options types (#​325)
  • Don't remove whitespace inside template literals in Svelte (#​332)

v0.6.9

Compare Source

  • Introduce tailwindStylesheet option to replace tailwindEntryPoint (#​330)
styled-components/styled-components (styled-components)

v6.4.3

Compare Source

Patch Changes
  • f692ec2: Fix a TypeScript error when wrapping a component whose props can't be statically read, such as Mantine v7's polymorphic-factory components (Button, Card, Menu.Item, and similar). These styled components no longer reject every prop, including children; arbitrary props are accepted again at the JSX call site and via .attrs(), while components with readable prop types stay fully type-checked.
  • f692ec2: Keep TypeScript attribute autocomplete working while you type props on a polymorphic styled component. When a component renders a different element through as (for example as="video"), beginning to type a new prop name could make the whole suggestion list vanish; the rendered element's props now keep autocompleting as you go.

v6.4.2

Compare Source

Patch Changes
  • 9945904: Restore TypeScript prop autocomplete inside the JSX of a styled component once the first attribute is typed.
  • 9945904: Apply all chain levels' styles when an extended styled component renders with the as prop under Preact's react-compat.
  • 9945904: Respect a custom toString on plain value objects (e.g. design tokens) when interpolated into a styled component, rather than walking the object's keys as CSS declarations.
  • 9945904: Fix a TypeScript error when wrapping a component whose props include an as prop with a non-string type (such as Next.js Link's as?: Url). The styled component now accepts either the styled-components polymorphism value or the wrapped component's own as type, so spreading the wrapped component's props onto the styled component is assignable again.
  • 9945904: Restore reliable styling in production browser bundles built without a runtime process global.

v6.4.1

Compare Source

Patch Changes
  • 49d09ae: Fix a performance regression in 6.4.0 where dynamic createGlobalStyle components caused significant re-render slowdowns. Also restores pre-6.4 cascade ordering when multiple instances of the same createGlobalStyle coexist.
  • eca95b2: Fix outdated dev-mode error messages for keyframes-in-untagged-strings and component-selector references that still pointed at www.styled-components.com and described behavior from styled-components v3.

v6.4.0

Compare Source

Minor Changes
  • b0f3d29: .attrs() improvements: props supplied via attrs are now automatically made optional on the resulting component (previously required even when attrs provided a default). Also fixes a bug where the attrs callback received a mutable props object that could be changed by subsequent attrs processing; it now receives an immutable snapshot.

  • 2a973d8: Dropped IE11 support: ES2015 build target, inlined unitless CSS properties (removing @​emotion/unitless dependency), removed legacy React class statics from hoist and other unnecessary code.

  • 9e07d95: Add createTheme(defaultTheme, options?) for CSS variable theming that works across RSC and client components.

    Returns an object with the same shape where every leaf is var(--prefix-path, fallback). Pass it to ThemeProvider for stable class name hashes across themes (no hydration mismatch on light/dark switch).

    const theme = createTheme({ colors: { primary: '#&#8203;0070f3' } });
    // theme.colors.primary → "var(--sc-colors-primary, #&#8203;0070f3)"
    // theme.raw → original object
    // theme.vars.colors.primary → "--sc-colors-primary"
    // theme.resolve(el?) → computed values from DOM (client-only)
    // theme.GlobalStyle → component that emits CSS var declarations

    vars exposes bare CSS custom property names (same shape as the theme) for use in createGlobalStyle dark mode overrides without hand-writing variable names

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 3am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate using a curated preset maintained by Sanity. View repository job log here

@vercel

vercel Bot commented Mar 23, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
concurrent-styled-components Error Error Jun 27, 2026 7:13pm

Request Review

@socket-security

socket-security Bot commented Mar 23, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm culori is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/culori@4.0.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/culori@4.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm typescript

License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt)

From: package.jsonnpm/typescript@5.9.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@5.9.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/non-major branch from e0b98bc to 5012840 Compare March 27, 2026 11:17
@renovate renovate Bot force-pushed the renovate/non-major branch from 5012840 to d2415f1 Compare April 3, 2026 10:51
@renovate renovate Bot force-pushed the renovate/non-major branch from d2415f1 to 841eef0 Compare April 3, 2026 14:53
@renovate renovate Bot force-pushed the renovate/non-major branch from 841eef0 to 2966ae3 Compare April 5, 2026 22:24
@renovate renovate Bot force-pushed the renovate/non-major branch from 2966ae3 to 1e17089 Compare April 7, 2026 19:07
@renovate renovate Bot force-pushed the renovate/non-major branch from 1e17089 to 1d38052 Compare April 8, 2026 15:59
@renovate renovate Bot force-pushed the renovate/non-major branch from 1d38052 to 18703ab Compare April 10, 2026 23:02
@renovate renovate Bot force-pushed the renovate/non-major branch from 18703ab to 1312760 Compare April 12, 2026 18:34
@renovate renovate Bot force-pushed the renovate/non-major branch from 1312760 to a140bc9 Compare April 18, 2026 15:12
@renovate renovate Bot force-pushed the renovate/non-major branch from a140bc9 to b9fe659 Compare April 24, 2026 17:01
@renovate renovate Bot force-pushed the renovate/non-major branch from b9fe659 to 7e79d2d Compare April 26, 2026 10:53
@renovate renovate Bot force-pushed the renovate/non-major branch from 7e79d2d to 4ab2f9c Compare April 29, 2026 17:03
@renovate renovate Bot force-pushed the renovate/non-major branch from ea88630 to a8b6beb Compare May 11, 2026 23:34
@renovate renovate Bot force-pushed the renovate/non-major branch 2 times, most recently from 48ad710 to 98c5ac5 Compare May 19, 2026 19:33
@renovate renovate Bot force-pushed the renovate/non-major branch from 98c5ac5 to 56a7e73 Compare May 22, 2026 17:33
@renovate renovate Bot force-pushed the renovate/non-major branch from 56a7e73 to 4f4a6b0 Compare June 1, 2026 23:46
@renovate renovate Bot force-pushed the renovate/non-major branch from 4f4a6b0 to 27129c7 Compare June 2, 2026 20:46
@renovate renovate Bot force-pushed the renovate/non-major branch from 27129c7 to 66596fe Compare June 5, 2026 03:03
@renovate renovate Bot force-pushed the renovate/non-major branch from 66596fe to 146b656 Compare June 5, 2026 23:38
@renovate renovate Bot force-pushed the renovate/non-major branch from 146b656 to aa6cca8 Compare June 9, 2026 00:31
@renovate renovate Bot force-pushed the renovate/non-major branch from aa6cca8 to c619c58 Compare June 9, 2026 07:59
@renovate renovate Bot force-pushed the renovate/non-major branch from c619c58 to 9e39e34 Compare June 11, 2026 04:08
@renovate renovate Bot force-pushed the renovate/non-major branch from 9e39e34 to ad48a68 Compare June 19, 2026 02:03
@renovate renovate Bot force-pushed the renovate/non-major branch from ad48a68 to c5219a1 Compare June 20, 2026 15:30
@renovate renovate Bot changed the title chore(deps): update non-major fix(deps): update non-major Jun 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants