chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@ai-sdk/vue (source)	^3.0.137 → ^3.0.141
ai (source)	>=6.0.137 → >=6.0.141
ai (source)	^6.0.137 → ^6.0.141
drizzle-orm (source)	>=0.45.1 → >=0.45.2
drizzle-orm (source)	^0.45.1 → ^0.45.2
evlog (source)	^2.9.0 → ^2.10.0
happy-dom	^20.8.4 → ^20.8.9
shaders	^2.4.78 → ^2.5.84
tsdown (source)	^0.21.4 → ^0.21.7
turbo (source)	^2.8.20 → ^2.8.21
vite (source)	^8.0.2 → ^8.0.3
vitest (source)	^4.1.1 → ^4.1.2
zod-to-json-schema	^3.25.1 → ^3.25.2

---

Release Notes

vercel/ai (@​ai-sdk/vue)

v3.0.141

Compare Source

Patch Changes

• ai@​6.0.139

v3.0.140

Compare Source

Patch Changes

• ai@​6.0.138

v3.0.139

Compare Source

Patch Changes

• ai@​6.0.137

v3.0.138

Compare Source

Patch Changes

• ai@​6.0.136

drizzle-team/drizzle-orm (drizzle-orm)

v0.45.2

Compare Source

• Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped
  causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

HugoRCD/evlog (evlog)

v2.10.0

Compare Source

What's Changed

Features 🚀

• feat: add HyperDX drain adapter by @​izadoesdev in #​225
• feat(evlog): allow to configure request credentials in client logs & browser drain by @​MrLightful in #​232
• feat(next): support instrumentation.ts hooks by @​mnismt in #​188

Bug Fixes 🐞

• fix(evlog): replace require() with dynamic import() for workers compat by @​shubh73 in #​228

Dependency Updates 📦

• chore(deps): update dependency typescript to v6 by @​renovate[bot] in #​231
• chore(deps): update all non-major dependencies by @​renovate[bot] in #​229
• chore(deps): lock file maintenance by @​renovate[bot] in #​230

Performance Improvements ⚡️

• chore(bench): update size baseline by @​github-actions[bot] in #​227
• chore(bench): update size baseline by @​github-actions[bot] in #​233

New Contributors

• @​izadoesdev made their first contribution in #​225
• @​mnismt made their first contribution in #​188

Full Changelog: https://github.com/HugoRCD/evlog/compare/evlog@2.9.0...evlog@2.10.0

capricorn86/happy-dom (happy-dom)

v20.8.9

Compare Source

👷‍♂️ Patch fixes

• Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @​capricorn86 in task #​2117
  • A security advisory (GHSA-w4gp-fjgq-3q4g) was reported for this security vulnerability. Big thanks to @​r74tech for reporting this!

v20.8.8

Compare Source

👷‍♂️ Patch fixes

• Fixes issue where export names can be interpolated as executable code in ESM - By @​capricorn86 in task #​2113
  • A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @​tndud042713 for reporting this!

v20.8.7

Compare Source

👷‍♂️ Patch fixes

• Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @​YevheniiKotyrlo in task #​1845

v20.8.6

Compare Source

👷‍♂️ Patch fixes

• Request.formData() should honor "Content-Type" header - By @​brianhelba in task #​2106

v20.8.5

Compare Source

👷‍♂️ Patch fixes

• Fixes error thrown when modifying DOM structure in connectedCallback() - By @​capricorn86 in task #​2110

rolldown/tsdown (tsdown)

v0.21.7

Compare Source

   🚀 Features

• Add module option for attw and publint to allow passing imported modules directly  -  by @​sxzz (31e90)

   🐞 Bug Fixes

• deps: Add skipNodeModulesBundle dep subpath e2e tests and fix docs  -  by @​sxzz (deff7)

    View changes on GitHub

v0.21.6

Compare Source

   🚀 Features

• Upgrade rolldown to v1.0.0-rc.12  -  by @​sxzz (51292)
• config:
  • Pass root config to workspace config functions  -  by @​sxzz (76169)
  • Use mergeConfig for workspace config merging and support variadic overrides  -  by @​sxzz (148aa)
• dts:
  • Add cjsReexport option to eliminate dual module type hazard  -  by @​mandarini and @​sxzz in #​856 (875c1)
• exports:
  • Add bin option to auto-generate package.json bin field  -  by @​sxzz in #​869 (7ebd6)

   🐞 Bug Fixes

• css:
  • Compile preprocessor langs in virtual CSS modules  -  by @​sxzz in #​865 (7b2e0)
  • Strip .module from CSS output filenames  -  by @​sxzz in #​866 (03ade)
  • Default splitting to true in unbundle mode for CSS inject  -  by @​sxzz in #​867 (a4da6)
  • Split CSS plugin into pre/post phases for scoped CSS support  -  by @​sxzz in #​870 (ff0c4)
• entry:
  • Correctly output relative paths in logger output  -  by @​sxzz (00050)

    View changes on GitHub

v0.21.5

Compare Source

   🚀 Features

• Update rolldown to 1.0.0-rc.10  -  by @​wChenonly in #​845 (41411)
• Support typescript v6  -  by @​ocavue in #​858 (bffc4)

   🐞 Bug Fixes

• css:
  • Run final minification on merged CSS output  -  by @​sxzz in #​853 (475df)
  • Don't override internal importer  -  by @​Laupetin in #​860 (af40e)
  • Use aliased exports for CSS module keys  -  by @​wChenonly and @​sxzz in #​840 (bb6de)
• deps:
  • External optionalDependencies by default  -  by @​sxzz (cd24d)
  • Resolve subpath extensions for packages without exports field  -  by @​sxzz in #​863 (c5150)
  • Correctly resolve root @types packages for dts deep imports  -  by @​brc-dd and @​sxzz in #​852 (0b276)

    View changes on GitHub

vercel/turborepo (turbo)

v2.8.21: Turborepo v2.8.21

Compare Source

What's Changed

Docs

• fix: Strip JSX components from heading anchors and TOC entries by @​anthonyshew in #​12404

eslint

• fix(eslint-plugin-turbo): Guard against missing tasks/pipeline in forEachTaskDef by @​sleitor in #​12411

@​turbo/repository

• feat: Add packagesFromLockfile() NAPI binding to @turbo/repository by @​anthonyshew in #​12454
• release(library): 0.0.1-canary.21 by @​github-actions[bot] in #​12455

Examples

• fix(examples): Update of with-svelte example by @​floriansalihovic in #​11952
• fix: Use script-shell=bash for cross-platform with-shell-commands example by @​Goldyvaiiii in #​12436

Changelog

• docs: Add link to Docker guide in prune --docker flag section by @​styfle in #​12401
• feat: Add global configuration key behind futureFlags.globalConfiguration by @​anthonyshew in #​12399
• chore: Update CODEOWNERS to remove /docs owner by @​anthonyshew in #​12402
• fix: Move docs app icons into app/ directory by @​anthonyshew in #​12403
• feat: Add experimental structured logging with --json and --log-file flags by @​anthonyshew in #​12405
• docs: Downgrade Next.js by @​anthonyshew in #​12408
• chore: Deprecate the turbo scan command by @​anthonyshew in #​12406
• chore: Upgrade Next.js by @​anthonyshew in #​12415
• Revert "fix: Flush stale mouse tracking events from stdin during TUI cleanup" by @​anthonyshew in #​12416
• fix: Add NixOS environment variables to default passthroughs by @​anthonyshew in #​12417
• fix: Resolve security vulnerabilities in tar and rustls-webpki by @​anthonyshew in #​12418
• docs: Promote turbo query from experimental to stable by @​anthonyshew in #​12421
• docs: Clarify turbo-ignore's future by @​anthonyshew in #​12422
• feat: Rework turbo ls to use query internals and add turbo query ls shorthand by @​anthonyshew in #​12424
• docs: Clarify environment variables across packages dependency behavior by @​ramanverse in #​12390
• docs: Expand subpath imports example by @​lilianakatrina684-a11y in #​12412
• fix: Preserve source dependencies when adding workspace deps in turbo-gen by @​sleitor in #​11935
• docs: Add Git history requirements to turbo query affected docs by @​anthonyshew in #​12426
• fix: Prevent horizontal overflow from long inline code on narrow viewports by @​anthonyshew in #​12428
• feat: Send git SHA and dirty hash to remote cache by @​mehulkar in #​12427
• fix: Upgrade tokio to 1.47.1+ to fix pidfd_reaper panic by @​anthonyshew in #​12431
• docs: Add AI guide to sidebar navigation by @​anthonyshew in #​12438
• docs: Move experimentalObservability into futureFlags section by @​anthonyshew in #​12439
• fix: Skip Unix domain sockets and other special files during file hashing by @​anthonyshew in #​12445
• fix: Preserve dedupePeers and unknown pnpm lockfile settings by @​attehuhtakangas in #​12443
• fix: Align dry run cache status with normal run by checking caching guards by @​anthonyshew in #​12448
• fix: Resolve turbo watch hang with mixed interruptible persistent tasks by @​anthonyshew in #​12449
• fix: Avoid setsid() in PTY spawn to prevent macOS Gatekeeper CPU spikes by @​anthonyshew in #​12452
• refactor: Move cache hit SHA context to verbose logging by @​mehulkar in #​12435
• docs: Add missing --force flag documentation by @​Goldyvaiiii in #​12440
• fix: Prevent panic in turbo watch with persistent tasks by @​anthonyshew in #​12459
• fix: Support turbo watch in single-package workspaces by @​anthonyshew in #​12460
• fix: Missing deps after npm lockfile parsing by @​anthonyshew in #​12464
• docs: Add AI agent detection and automatic markdown rewrites by @​molebox in #​12462
• fix: Resolve generator name conflicts across workspaces by @​anthonyshew in #​12467
• fix: Remove root package.json from --affected global triggers by @​anthonyshew in #​12469
• fix: Show run summary after TUI exits by @​anthonyshew in #​12471

New Contributors

• @​ramanverse made their first contribution in #​12390
• @​lilianakatrina684-a11y made their first contribution in #​12412
• @​floriansalihovic made their first contribution in #​11952
• @​Goldyvaiiii made their first contribution in #​12436
• @​attehuhtakangas made their first contribution in #​12443

Full Changelog: vercel/turborepo@v2.8.20...v2.8.21

vitejs/vite (vite)

v8.0.3

Compare Source

Features

• update rolldown to 1.0.0-rc.12 (#​22024) (84164ef)

Bug Fixes

• html: cache unfiltered CSS list to prevent missing styles across entries (#​22017) (5464190)
• module-runner: handle non-ascii characters in base64 sourcemaps (#​21985) (77c95bf)
• module-runner: skip re-import if the runner is closed (#​22020) (ee2c2cd)
• optimizer: scan is not resolving sub path import if used in a glob import (#​22018) (ddfe20d)
• ssr: ssrTransform incorrectly rewrites meta identifier inside import.meta when a binding named meta exists (#​22019) (cff5f0c)

Miscellaneous Chores

• deps: bump picomatch from 4.0.3 to 4.0.4 (#​22027) (7e56003)

Tests

• html: add tests for getCssFilesForChunk (#​22016) (43fbbf9)

vitest-dev/vitest (vitest)

v4.1.2

Compare Source

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (#​9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in #​9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in #​9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in #​9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in #​9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in #​9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in #​9851 (6f97b)

    View changes on GitHub

StefanTerdell/zod-to-json-schema (zod-to-json-schema)

v3.25.2

Compare Source

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
evlog-docs	Building	Preview, Comment, Open in v0	Mar 30, 2026 1:06am

[pkg-pr-new]

npm i https://pkg.pr.new/evlog@237

npm i https://pkg.pr.new/@evlog/nuxthub@237

commit: 60319d7