chore(deps): update app dependencies to v5 (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@sanity/vercel-protection-bypass (source)	2.0.1 → 5.0.5
@sanity/vision (source)	4.6.1 → 5.17.1
@sanity/visual-editing (source)	3.0.4 → 5.3.1
groq (source)	4.6.1 → 5.17.1
sanity (source)	4.6.1 → 5.17.1
sanity-plugin-iframe-pane (source)	4.0.0 → 5.0.10

---

Release Notes

sanity-io/plugins (@​sanity/vercel-protection-bypass)

v5.0.5

Compare Source

Patch Changes

• #​532 7529052 Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to ^4.0.3

v5.0.4

Compare Source

Patch Changes

• 6397826 Thanks @​stipsan! - Improve build output and dts gen

v5.0.3

Compare Source

Patch Changes

• d3978bc Thanks @​stipsan! - Update LICENSE year

v5.0.2

Compare Source

Patch Changes

• #​351 e251678 Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to v4.0.2

v5.0.1

Compare Source

Patch Changes

• #​291 0976b5b Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to v4

v5.0.0

Compare Source

Major Changes

• 20c43ac Thanks @​stipsan! - Require Sanity Studio V5

v4.0.6

Compare Source

Patch Changes

• 7074855 Thanks @​stipsan! - Fix linter issues

v4.0.5

Compare Source

Patch Changes

• 69a8d2f Thanks @​stipsan! - Declare support for Studio v5

v4.0.4

Compare Source

Patch Changes

• #​130 4399a30 Thanks @​stipsan! - Improve quality of generated dts

v4.0.3

Compare Source

Patch Changes

• #​81 33d90c3 Thanks @​stipsan! - Improve react lazy loading

v4.0.2

Compare Source

Patch Changes

• #​30 5307c0d Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to v3

v4.0.1

Compare Source

Patch Changes

• c934098 Thanks @​stipsan! - Target React 19 in React Compiler

v4.0.0

Compare Source

Major Changes

• #​26 32fb288 Thanks @​stipsan! - Require React 19.2 or later

• #​26 32fb288 Thanks @​stipsan! - Require Sanity Studio v4

v3.1.0

Compare Source

Minor Changes

• d090d93 Thanks @​stipsan! - Add schema type for debugging

Patch Changes

• 4f82b31 Thanks @​stipsan! - Stop publishing src folder to npm

v3.0.0

Compare Source

Major Changes

• #​11 d2283b2 Thanks @​stipsan! - Set node engines to minimum v22.12 in addition to the existing required v20.19 or later

• #​11 d2283b2 Thanks @​stipsan! - Remove CJS, this package is now ESM-only

Patch Changes

• #​8 17e4495 Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to ^2.1.16

• 2bda9e1 Thanks @​stipsan! - Reduce reliance on @sanity/preview-url-secret

v2.1.1

Patch Changes

• #​3 0c47c28 Thanks @​stipsan! - Setup npm Trusted Publishing

v2.1.0

Features

• upgrade to react compiler v1 (#​3255) (89565e6)

v2.0.2

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/preview-url-secret bumped to 2.1.15

sanity-io/sanity (@​sanity/vision)

v5.17.1

Compare Source

Note: Version bump only for package @​sanity/vision

v5.17.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.16.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.15.0

Compare Source

Features

• upgrade to new @sanity/cli (#​12200) (902075d) by Espen Hovlandsdal (espen@hovlandsdal.com)

v5.14.1

Compare Source

Note: Version bump only for package @​sanity/vision

v5.14.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.13.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.12.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.11.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.10.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.9.0

Compare Source

Reverts

• rollback v5.9.0 version bump (#​12139) (4195d26) by Bjørge Næss (bjoerge@gmail.com)

v5.8.1

Compare Source

Note: Version bump only for package @​sanity/vision

v5.8.0

Compare Source

Bug Fixes

• optimize styled components when publishing to npm (#​12047) (550d11e) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v5.7.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.6.0

Compare Source

Bug Fixes

• deps: Update CodeMirror (#​11881) (ac97e5c) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v5.5.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.4.0

Compare Source

Bug Fixes

• vision: allow custom domains for saved query recall (#​11821) (dbf74ce) by Eoin Falconer (eoin.falc@gmail.com)

v5.3.1

Compare Source

Note: Version bump only for package @​sanity/vision

v5.3.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.2.0

Compare Source

Bug Fixes

• deps: Update CodeMirror (#​11640) (33ffc37) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v5.1.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.0.1

Compare Source

Note: Version bump only for package @​sanity/vision

v5.0.0

Compare Source

⚠ BREAKING CHANGES

• drop support for react < 19.2 (#​11383)

Bug Fixes

• drop support for react < 19.2 (#​11383) (169be63) by Bjørge Næss (bjoerge@gmail.com)

v4.22.0

Compare Source

Bug Fixes

• deps: add sanity to peerDependencies in @​sanity/vision (#​11480) (69cd79b) by Robbie Wadley (robbiethewadley@gmail.com)
• use the same peer dependency range for vision as regular plugins (#​11499) (e4e65b4) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v4.21.1

Compare Source

Note: Version bump only for package @​sanity/vision

v4.21.0

Compare Source

Note: Version bump only for package @​sanity/vision

v4.20.3

Compare Source

Note: Version bump only for package @​sanity/vision

v4.20.2

Compare Source

Note: Version bump only for package @​sanity/vision

v4.20.1

Compare Source

Note: Version bump only for package @​sanity/vision

v4.20.0

Compare Source

Bug Fixes

• deps: Update CodeMirror (#​11256) (6d0897f) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.19.0

Compare Source

Note: Version bump only for package @​sanity/vision

v4.18.0

Compare Source

Note: Version bump only for package @​sanity/vision

v4.17.0

Compare Source

Note: Version bump only for package @​sanity/vision

v4.16.0

Compare Source

Bug Fixes

• deps: Update CodeMirror (#​11182) (d90e127) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: upgrade react compiler to v1 (#​10834) (2573cb1) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v4.15.0

Compare Source

Note: Version bump only for package @​sanity/vision

v4.14.2

Compare Source

Note: Version bump only for package @​sanity/vision

v4.14.1

Compare Source

Note: Version bump only for package @​sanity/vision

v4.14.0

Compare Source

Features

• vision perspective scheduled drafts (#​10999) (4876ac2) by Jordan Lawrence (<jordanl17@​me.com>)

Bug Fixes

• deps: update dependency @​sanity/client to ^7.12.1 (#​11029) (df2aa67) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.13.0

Compare Source

Bug Fixes

• deps: catalog vitest, jsdom add overrides (a54467e) by Bjørge Næss (bjoerge@gmail.com)
• use www for sanity website urls (#​10994) (de66f58) by Bjørge Næss (bjoerge@gmail.com)

v4.12.0

Compare Source

Note: Version bump only for package @​sanity/vision

v4.11.0

Compare Source

Bug Fixes

• deps: Update CodeMirror (#​10876) (2a973f2) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: update dependency react-rx to ^4.2.2 (#​10879) (eae61c8) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.10.3

Compare Source

Bug Fixes

• deps: update dependency @​sanity/client to ^7.12.0 (#​10802) (391127a)

v4.10.2

Compare Source

Note: Version bump only for package @​sanity/vision

v4.10.1

Compare Source

Note: Version bump only for package @​sanity/vision

v4.10.0

Compare Source

Bug Fixes

• deps: update dependency @​sanity/client to ^7.11.2 (#​10667) (3d3ea0d)
• deps: update dependency @​sanity/ui to ^3.1.3 (#​10673) (43d4d8e)
• deps: update dependency @​sanity/ui to ^3.1.4 (#​10691) (cbab31b)
• deps: update dependency @​sanity/ui to ^3.1.5 (#​10706) (1387e57)
• deps: update dependency react-rx to ^4.2.1 (#​10717) (4d26a51)

v4.9.0

Compare Source

Bug Fixes

• deps: update dependency @​sanity/ui to ^3.1.0 (#​10627) (1a708b5)

v4.8.1

Compare Source

Note: Version bump only for package @​sanity/vision

v4.8.0

Compare Source

Bug Fixes

• deps: update dependency @​sanity/client to ^7.11.1 (#​10593) (96d3546)

v4.7.0

Compare Source

Bug Fixes

• deps: Update CodeMirror (#​10543) (47a88bc)
• deps: update dependency @​sanity/client to ^7.11.0 (#​10518) (5cfeba6)
• deps: update dependency @​sanity/ui to ^3.0.11 (#​10538) (aa025d4)
• deps: update dependency @​sanity/ui to ^3.0.14 (#​10557) (8a1f41f)

sanity-io/visual-editing (@​sanity/visual-editing)

v5.3.1

Bug Fixes

• deps: upgrade @sanity/client to v7.18.0 (f8bbe8e)
• stega: fails decoding content containing zero width space chars (#​3380) (0cd1d9f)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/preview-url-secret bumped to 4.0.4
    • @​sanity/visual-editing-csm bumped to 3.0.6

v5.3.0

Features

• add usePresentationQuery hook to @​sanity/visual-editing/react (#​3375) (f0d7cf3)

v5.2.1

Bug Fixes

• always unset env on unmount (c482b4b)

v5.2.0

Features

• react: port experimental hooks from next-sanity (#​3368) (efc897a)

v5.1.2

Bug Fixes

• deps: update non-major (bce7118)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/insert-menu bumped to 3.0.4
    • @​sanity/preview-url-secret bumped to 4.0.3
    • @​sanity/visual-editing-csm bumped to 3.0.5

v5.1.1

Bug Fixes

• bump to a stable version of @sanity/mutate (#​3347) (793dced)

v5.1.0

Features

• add onPerspectiveChange event (#​3333) (db9dff8)

v5.0.4

Bug Fixes

• replace some catalog: prefixes with regular semver (0f7fe31)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/insert-menu bumped to 3.0.3
    • @​sanity/preview-url-secret bumped to 4.0.2
    • @​sanity/visual-editing-csm bumped to 3.0.4

v5.0.3

Bug Fixes

• use @sanity/tsconfig and upgrade @sanity/pkg-utils (#​3318) (e624b3b)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/insert-menu bumped to 3.0.2
    • @​sanity/preview-url-secret bumped to 4.0.1
    • @​sanity/visual-editing-csm bumped to 3.0.3

v5.0.2

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/insert-menu bumped to 3.0.1
    • @​sanity/visual-editing-csm bumped to 3.0.2

v5.0.1

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/visual-editing-csm bumped to 3.0.1

v5.0.0

⚠ BREAKING CHANGES

• drop CJS, only ESM is supported
• require react 19.2 or later
• require next.js v16 or later
• Migrate to react-router@7 and replace the @sanity/visual-editing/remix imports with @sanity/visual-editing/react-router

Features

• require react 19.2 or later (15f01ef)

Bug Fixes

• deps: update dependency @​sanity/comlink to ^4.0.1 (f5cc4b8)
• deps: Update dependency @​sanity/presentation-comlink to ^2.0.1 (3303056)
• drop CJS, only ESM is supported (7da75a7)
• remove remix (e5e814f)
• require next.js v16 or later (e2ca298)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/insert-menu bumped to 3.0.0
    • @​sanity/preview-url-secret bumped to 4.0.0
    • @​sanity/visual-editing-csm bumped to 3.0.0

v4.0.3

Bug Fixes

• deps: upgrade @vercel/stega (4b8a95c)
• remove get-random-values-esm as dependency (#​3288) (d49d977)

v4.0.2

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/preview-url-secret bumped to 3.0.0

v4.0.1

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/preview-url-secret bumped to 2.1.16

v4.0.0

⚠ BREAKING CHANGES

• deps: Update dependency @​sanity/presentation-comlink to v2 (#​3272)
• deps: Update dependency @​sanity/comlink to v4 (#​3271)

Bug Fixes

• deps: Update dependency @​sanity/comlink to v4 (#​3271) (a9f6ba7)
• deps: Update dependency @​sanity/presentation-comlink to v2 (#​3272) (ffa0f6a)

v3.2.4

Bug Fixes

• if in frame open links in same frame (ee88227)

v3.2.3

Bug Fixes

• show overlays inside of non-presentation iframes (#​3261) (7e089cf)

v3.2.2

Bug Fixes

• handle perspective for "Open in Studio" links (#​3259) (39d5369)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/visual-editing-csm bumped to 2.0.26

v3.2.1

Bug Fixes

• comlink has moved to a new repo (8ee9b2d)

v3.2.0

Features

• upgrade to react compiler v1 (#​3255) (89565e6)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.1.0
    • @​sanity/insert-menu bumped to 2.1.0
    • @​sanity/presentation-comlink bumped to 1.0.30
    • @​sanity/visual-editing-csm bumped to 2.0.25

v3.1.0

Features

• allow next v16 (732241a)

v3.0.5

Bug Fixes

• deps: update non-major (bce7118)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/insert-menu bumped to 3.0.4
    • @​sanity/preview-url-secret bumped to 4.0.3
    • @​sanity/visual-editing-csm bumped to 3.0.5

sanity-io/sanity (groq)

v5.17.1

Compare Source

Note: Version bump only for package groq

v5.17.0

Compare Source

Note: Version bump only for package groq

v5.16.0

Compare Source

Note: Version bump only for package groq

v5.15.0

Compare Source

Features

• upgrade to new @sanity/cli (#​12200) (902075d) by Espen Hovlandsdal (espen@hovlandsdal.com)

v5.14.1

Compare Source

Note: Version bump only for package groq

v5.14.0

Compare Source

Note: Version bump only for package groq

v5.13.0

Compare Source

Bug Fixes

• groq: resolve CJS type export issue by removing groq.d.cts (#​12293) (9485b3c) by Copilot (198982749+Copilot@users.noreply.github.com)

v5.12.0

Compare Source

Note: Version bump only for package groq

v5.11.0

Compare Source

Note: Version bump only for package groq

v5.10.0

Compare Source

Note: Version bump only for package groq

v5.9.0

Compare Source

Reverts

• rollback v5.9.0 version bump (#​12139) (4195d26) by Bjørge Næss (bjoerge@gmail.com)

v5.8.1

Compare Source

Note: Version bump only for package groq

v5.8.0

Compare Source

Note: Version bump only for package groq

v5.7.0

Compare Source

Note: Version bump only for package groq

v5.6.0

Compare Source

Note: Version bump only for package gro

---

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
preview-kit-next-app-router	Ready	Preview, Comment	Mar 21, 2026 2:39pm
preview-kit-next-pages-router	Error		Mar 21, 2026 2:39pm
preview-kit-remix	Error		Mar 21, 2026 2:39pm
preview-kit-test-studio	Error		Mar 21, 2026 2:39pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​sanity/​vercel-protection-bypass@​2.0.1 ⏵ 5.0.5	+3			+1
	npm/​@​types/​react@​19.2.9 ⏵ 19.2.14	+1		+1
	npm/​groq@​5.17.1
	npm/​isbot@​5.1.33 ⏵ 5.1.36	+1			+2
	npm/​@​sanity/​vision@​4.6.1 ⏵ 5.17.1	+1		+1
	npm/​sanity-plugin-iframe-pane@​4.0.0 ⏵ 5.0.10	+2			+8
	npm/​sanity@​4.6.1 ⏵ 5.17.1	+1
	npm/​@​sanity/​visual-editing@​5.3.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @vercel/stega is 70.0% likely obfuscated Confidence: 0.70 Location: Package overview From: pnpm-lock.yaml → npm/sanity@5.17.1 → npm/@sanity/visual-editing@5.3.1 → npm/@vercel/stega@1.1.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@vercel/stega@1.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm markdown-it is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/sanity@5.17.1 → npm/markdown-it@14.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report