chore(deps): update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@antfu/eslint-config	^6.1.0 → ^6.7.3			pnpm.catalog.dev	minor
@commitlint/cli (source)	^20.1.0 → ^20.3.1			pnpm.catalog.dev	minor
@commitlint/config-conventional (source)	^20.0.0 → ^20.3.1			pnpm.catalog.dev	minor
@iconify-json/fluent	^1.2.34 → ^1.2.36			pnpm.catalog.dev	patch
@iconify-json/lucide	^1.2.71 → ^1.2.85			pnpm.catalog.dev	patch
@iconify-json/simple-icons	^1.2.56 → ^1.2.66			pnpm.catalog.dev	patch
@internationalized/date (source)	^3.10.0 → ^3.10.1			pnpm.catalog.integrations	patch
@nuxt/ui (source)	^4.2.1 → ^4.3.0			pnpm.catalog.integrations	minor
@openai/agents (source)	^0.2.1 → ^0.3.7			pnpm.catalog.integrations	minor
@paralleldrive/cuid2	2.2.2 → 2.3.1			pnpm.catalog.integrations	minor
@pinia/nuxt (source)	^0.11.2 → ^0.11.3			pnpm.catalog.integrations	patch
@tma.js/sdk-vue (source)	^1.0.8 → ^1.0.15			pnpm.catalog.integrations	patch
@types/node (source)	^24.9.2 → ^24.10.8			pnpm.catalog.types	minor
@types/pg (source)	8.15.5 → 8.16.0			devDependencies	minor
@unovis/ts (source)	^1.6.1 → ^1.6.2			pnpm.catalog.integrations	patch
@unovis/vue (source)	^1.6.1 → ^1.6.2			pnpm.catalog.integrations	patch
@vitest/browser-playwright (source)	^4.0.5 → ^4.0.17			pnpm.catalog.test	patch
@vitest/coverage-v8 (source)	^4.0.5 → ^4.0.17			pnpm.catalog.test	patch
arktype (source)	^2.1.22 → ^2.1.29			pnpm.catalog.integrations	patch
bumpp	^10.3.1 → ^10.4.0			pnpm.catalog.dev	minor
drizzle-cuid2	2.1.0 → 2.2.0			dependencies	minor
drizzle-kit (source)	0.31.5 → 0.31.8			devDependencies	patch
drizzle-orm (source)	0.44.6 → 0.45.1			dependencies	minor
grammy (source)	^1.38.3 → ^1.39.2			pnpm.catalog.integrations	minor
ioredis	^5.8.2 → ^5.9.1			pnpm.catalog.integrations	minor
libphonenumber-js	^1.12.25 → ^1.12.34			pnpm.catalog.integrations	patch
nitropack	^2.12.9 → ^2.13.0			pnpm.catalog.dev	minor
node (source)	>=24.11.0 → >=24.13.0			engines	minor
node	24.11.0-alpine → 24.12.0-alpine			final	minor
node	24.11.0-slim → 24.12.0-slim			final	minor
nuxt-auth-utils	^0.5.26 → ^0.5.27			pnpm.catalog.dev	patch
openai	^6.7.0 → ^6.16.0			pnpm.catalog.integrations	minor
pinia (source)	^3.0.3 → ^3.0.4			pnpm.catalog.integrations	patch
playwright (source)	^1.56.1 → ^1.57.0			pnpm.catalog.test	minor
pnpm (source)	10.20.0 → 10.28.0			packageManager	minor
pnpm (source)	>=10.20.0 → >=10.28.0			engines	minor
sharp (source, changelog)	^0.34.4 → ^0.34.5			pnpm.catalog.integrations	patch
vite (source)	^7.3.0 → ^7.3.1			pnpm.catalog.dev	patch
vitest (source)	^4.0.5 → ^4.0.17			pnpm.catalog.test	patch
vue-tsc (source)	^3.1.8 → ^3.2.2			pnpm.catalog.dev	minor

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v6.7.3

Compare Source

   🐞 Bug Fixes

• pnpm: Remove catalogMode in the enforced settings  -  by @​antfu (4fc09)

    View changes on GitHub

v6.7.2

Compare Source

   🐞 Bug Fixes

• Update react rules to match eslint-react v2  -  by @​Rel1cx in #​795 (6b425)
• pnpm: Add ignore for @​types/vscode in json-enforce-catalog  -  by @​jinghaihan in #​794 (95685)

    View changes on GitHub

v6.7.1

Compare Source

   🐞 Bug Fixes

• pnpm: Do not set catalogMode when catalogs is not enabled  -  by @​antfu (0471e)

    View changes on GitHub

v6.7.0

Compare Source

   🚀 Features

• Add more options to toggle configs  -  by @​antfu (203b8)

   🐞 Bug Fixes

• pnpm: Respect yaml and jsonc config in the factory, close #​791  -  by @​antfu in #​791 (3e0c5)

    View changes on GitHub

v6.6.1

Compare Source

   🐞 Bug Fixes

• pnpm: Detection  -  by @​antfu (e649f)

    View changes on GitHub

v6.6.0

Compare Source

   🐞 Bug Fixes

• pnpm: Enforce catalog usage based on smart detection  -  by @​antfu (654c0)

    View changes on GitHub

v6.5.1

Compare Source

   🐞 Bug Fixes

• Adopt to tsdown extension change, close #​786, close #​787  -  by @​antfu in #​786 and #​787 (c16d3)

    View changes on GitHub

v6.5.0

Compare Source

   🚀 Features

• react: React compiler preset  -  by @​hyoban in #​784 (663e0)

   🐞 Bug Fixes

• Spelling of required-scrpts  -  by @​christopher-buss in #​785 (26185)
• pnpm: Remove cleanupUnusedCatalogs setting  -  by @​antfu (f712a)

    View changes on GitHub

v6.4.2

Compare Source

   🐞 Bug Fixes

• pnpm: Move pnpm-workspace.yaml sorting config from yaml to pnpm  -  by @​antfu (fc2b1)

    View changes on GitHub

v6.4.1

Compare Source

No significant changes

    View changes on GitHub

v6.3.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (2d2b6)

   🐞 Bug Fixes

• Ts error from cb29b1a  -  by @​daflyinbed in #​782 (b4e49)

    View changes on GitHub

v6.2.0

Compare Source

   🚀 Features

• Accepting functions for ignores, close #​776  -  by @​antfu in #​776 (63b13)

    View changes on GitHub

conventional-changelog/commitlint (@​commitlint/cli)

v20.3.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.3.0

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.2.0

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v20.3.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v20.3.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v20.2.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

adobe/react-spectrum (@​internationalized/date)

v3.10.1

Compare Source

nuxt/ui (@​nuxt/ui)

v4.3.0

Compare Source

Features

• AuthForm: allow all input types (#​5565) (1f9009f)
• ContextMenu/DropdownMenu: expose sub prop on content slots (#​5609) (b09e6bc)
• defineShortcuts: add layoutIndependent option (#​4251) (ece0568)
• Editor: new component (#​5407) (38765c3)
• extractShortcuts: add separator option (#​5642) (4e71271)
• FormField: add orientation prop (#​5632) (b74ec6e)
• InputMenu/Select/SelectMenu: add modelModifiers prop (#​5559) (a92ee7b)
• locale: add Basque language (#​5689) (748d78f)
• locale: add English (United Kingdom) language (#​5561) (b0139f0)
• locale: add Lao language (#​5556) (f5f9885)
• module: generate [@source](https://redirect.github.com/source) for nuxt layers (#​5630) (de98a72)
• ProseCodeTree: add items prop (cb34ca5)
• ScrollArea: new component (#​5245) (effbb18)
• Slideover: add inset prop (05bd995)
• unplugin: add router option to disable router (#​5213) (b34cf8a)
• unplugin: add scanPackages option (#​5510) (4e57139)

Bug Fixes

• BlogPost/ChangelogVersion/PageFeature/User: allow tab focus (47d93d3), closes #​5635
• Carousel: consistent stopOnInteraction behavior (#​5489) (36a7861)
• Carousel: improve dots focus styles (cc90fb8)
• ColorModeButton: improve icon class merging (2ce9af2)
• ContentSearch/DasboardSearch: set full height on mobile to prevent jump (70317e5)
• DashboardResizeHandle: allow hover over panel with z-index (07147f1)
• EditorDragHandle: add missing UButton import (1b850bb)
• EditorToolbar: map dropdown items recursively to support kind (feb756d)
• FormField: hide error if error prop is false (#​5599) (6b7fe25)
• InputDate/InputTime: add missing field group variant (#​5596) (cb3cec2)
• PageCard/PageCTA/PageSection: handle reverse prop under lg screens (#​5545) (60b430c)
• ProseA/ProseCallout/ProseCard: improve focus styles (df5f8c2)
• Slider: add aria-label to thumb (#​5313) (f99ec46)
• Table: only forward necessary props (#​5527) (b0b209e)
• Table: properly position pinned columns based on size (e885b0e), closes #​4721 #​3927

openai/openai-agents-js (@​openai/agents)

v0.3.7

Compare Source

What's Changed

• fix: Fix a bug where MCP servers don't use clientSessionTimeoutSeconds (re-fix for #​781) by @​seratch in #​787
• chore: update versions by @​github-actions[bot] in #​788

Documents

• Update documents for new responses.compact session by @​seratch in #​784
• Update all translated document pages by @​github-actions[bot] in #​786
• Adjust sessions docs and upgrade dev/docs dependencies by @​seratch in #​789
• Update all translated document pages by @​github-actions[bot] in #​790

Full Changelog: openai/openai-agents-js@v0.3.6...v0.3.7

v0.3.6

Compare Source

What's Changed

• feat: Add responses.compact-wired session feature by @​seratch in #​760
• fix: Add usage data integration to #​760 feature addition by @​seratch in #​785
• fix: Enable creating/disposing Computer per agent run ref: #​663 by @​seratch in #​771
• fix: Fix a bug where MCP servers don't use clientSessionTimeoutSeconds by @​seratch in #​781
• fix(agents-openai): #​777 add gpt-image-1-mini and gpt-image-1.5 support to imageGenerationTool by @​JoelCCodes in #​776
• fix: #​775 tracing: previousSpan is not correctly set by @​seratch in #​782
• feat: Literal unions: preserve completions by narrowing string branches by @​seratch in #​783
• Upgrade GitHub Actions to latest versions by @​salmanmkc in #​774
• Upgrade GitHub Actions for Node 24 compatibility by @​salmanmkc in #​773
• pnpm 10.26.0 by @​seratch in #​780
• chore: update versions by @​github-actions[bot] in #​779

Documents

• docs: document updates for #​749 streaming for agents as tools by @​seratch in #​755
• Update all translated document pages by @​github-actions[bot] in #​769

New Contributors

• @​salmanmkc made their first contribution in #​774
• @​JoelCCodes made their first contribution in #​776

Full Changelog: openai/openai-agents-js@v0.3.5...v0.3.6

v0.3.5

Compare Source

What's Changed

• feat(realtime): Add usage field to input audio transcription completed event by @​lion8 in #​724
• fix: support input_file for chat completions when possible by @​danielmklein in #​735
• Upgrade dev and docs dependencies by @​seratch in #​738
• chore(deps): bump @​modelcontextprotocol/sdk from 1.12.1 to 1.24.0 in the npm_and_yarn group across 1 directory by @​dependabot[bot] in #​737
• Fix #​732 Ensure SpanData types are exported by @​lattwood in #​731
• fix(agents-extensions): ##​711 improve AI SDK error details in tracing by @​AryanBagade in #​740
• feat(agents-extensions): #​628 add Anthropic extended thinking support by @​AryanBagade in #​742
• Upgrade pnpm to 10.25.0 by @​seratch in #​743
• fix: #​701 prevent duplicate function_call items in session history after resuming from interruption by @​mjschock in #​702
• fix: #​745 Export OpenAIConversationsSessionOptions by @​seratch in #​747
• fix: #​753 Emit agent_tool_end event when function tools throw errors by @​aasullivan in #​754
• fix: propagate providerData for function_calls in chat completions converter by @​danielmklein in #​746
• feat: track token usage while streaming responses for openai models by @​ianyimi in #​750
• feat: Add onStream/on(key) handlers to an agent as tool by @​seratch in #​749
• fix: event data adjustment for #​749 by @​seratch in #​764
• feat: #​762 Add turnInput (optional) to agent_start event hooks by @​seratch in #​765
• chore: update versions by @​github-actions[bot] in #​728

Documents

• fix(security): patch CVE-2025-66478 Next.js RCE vulnerability by @​ben-vargas in #​736
• docs(ai-sdk): #​758 document actual scripts and prerequisites by @​Harrrryz in #​759
• docs: Upgrading to GPT-5.2 by @​cguo-oai in #​766
• Update all translated document pages by @​github-actions[bot] in #​767

New Contributors

• @​lion8 made their first contribution in #​724
• @​danielmklein made their first contribution in #​735
• @​ben-vargas made their first contribution in #​736
• @​lattwood made their first contribution in #​731
• @​AryanBagade made their first contribution in #​740
• @​mjschock made their first contribution in #​702
• @​Harrrryz made their first contribution in #​759
• @​cguo-oai made their first contribution in #​766

Full Changelog: openai/openai-agents-js@v0.3.4...v0.3.5

v0.3.4

Compare Source

What's Changed

• docs: document updates for #​687 runInParallel option for input guardrails by @​seratch in #​688
• fix: #​699 Forward fetch parameter to SSEClientTransport in MCPServerSSE by @​aasullivan in #​700
• feat: Add ToolOptions to agents-core package export by @​ianyimi in #​704
• fix: strip leading {} from streaming tool call arguments (Bedrock) by @​anton-tw in #​712
• fix: #​708 data: string in an input_image message item does not work with some providers by @​seratch in #​717
• fix: preserve Gemini thought_signature in multi-turn tool calls by @​shibu-web in #​718
• feat: #​713 Access tool call items in an output guardrail by @​seratch in #​716
• feat: #​695 Customizable MCP list tool caching by @​seratch in #​715
• Upgrade pnpm to 10.24.0 by @​seratch in #​720
• chore: update versions by @​github-actions[bot] in #​714

New Contributors

• @​aasullivan made their first contribution in #​700
• @​ianyimi made their first contribution in #​704
• @​anton-tw made their first contribution in #​712
• @​shibu-web made their first contribution in #​718

Full Changelog: openai/openai-agents-js@v0.3.3...v0.3.4

v0.3.3

Compare Source

What's Changed

• feat: Add prompt_cache_retention option to ModelSettings by @​seratch in #​668
• fix: #​638 add unit tests demonstrating how to get usage in streaming mode by @​seratch in #​673
• fix: #​316 developer-friendly message for output type errors by @​seratch in #​672
• fix: #​675 top-level voice param in realtime session config does not work by @​seratch in #​677
• fix: #​683 Failing to run MCP servers when deserializing run state data by @​seratch in #​685
• fix: #​523 transcript removal issue when being interrupted by @​seratch in #​674
• feat: #​678 Add a list of per-request usage data to Usage by @​seratch in #​686
• feat: #​679 Add runInParallel option to input guardrail initialization by @​seratch in #​687
• chore: update versions by @​github-actions[bot] in #​671

Full Changelog: openai/openai-agents-js@v0.3.2...v0.3.3

v0.3.2

Compare Source

What's Changed

• feat: Add reasoning.effort: none parameter for gpt-5.1 by @​seratch in #​657
• fix: Omit tools parameter when prompt ID is set but tools in the agent is absent by @​seratch in #​658
• fix: #​638 Add usage data from stream on response (Chat Completions) by @​rclayton-godaddy in #​652
• chore: update versions by @​github-actions[bot] in #​661

New Contributors

• @​rclayton-godaddy made their first contribution in #​652

Full Changelog: openai/openai-agents-js@v0.3.1...v0.3.2

v0.3.1

Compare Source

What's Changed

• docs: Add the Sessions feature document page by @​seratch in #​627
• docs: Add Realtime SIP document section by @​seratch in #​632
• Update all translated document pages by @​github-actions[bot] in #​644
• Add shell and apply patch by @​dkundel-openai in #​653
• chore: update versions by @​github-actions[bot] in #​654

Full Changelog: openai/openai-agents-js@v0.3.0...v0.3.1

v0.3.0

Compare Source

Key Changes

• #​420 Memory feature using sessions store - see the document page and examples for details
• #​624 SIP protocol support in realtime agent runner - see the document page and the Twilio SIP example app for details

What's Changed

• Upgrade Astro version for serving document site by @​seratch in #​619
• docs: fix spelling mistake in tools.mdx by @​tobiasbueschel in #​621
• fix: non-OpenAI models w/ OpenRouter send an empty string when calling tools by @​ertembiyik in #​499
• fix: #​613 Listen to peerConnection state in OpenAIRealtimeWebRTC to detect disconnects by @​IM594 in #​620
• Upgrade pnpm to 10.20.0 by @​seratch in #​626
• feat: fix [#​272](https://redir

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​tma.js/​sdk-vue@​1.0.8 ⏵ 1.0.15	+1		-1	+3
	@​vitest/​coverage-v8@​4.0.5 ⏵ 4.0.17	+1
	@​commitlint/​cli@​20.1.0 ⏵ 20.3.1
	@​types/​pg@​8.15.5 ⏵ 8.16.0	+1		+1
	@​iconify-json/​simple-icons@​1.2.56 ⏵ 1.2.66				+1
	@​iconify-json/​fluent@​1.2.34 ⏵ 1.2.36	+3			-4
	@​iconify-json/​lucide@​1.2.71 ⏵ 1.2.85			+1	+1
	drizzle-cuid2@​2.1.0 ⏵ 2.2.0	+1		+1	+9
	@​types/​node@​24.10.8
	bumpp@​10.3.1 ⏵ 10.4.0	-2			+3
	@​pinia/​nuxt@​0.11.2 ⏵ 0.11.3	+1		+11
	@​vitest/​browser-playwright@​4.0.5 ⏵ 4.0.17			+1	+2
	@​internationalized/​date@​3.10.0 ⏵ 3.10.1	+1		+1
	drizzle-orm@​0.44.6 ⏵ 0.45.1	+1		+1	+2
	arktype@​2.1.22 ⏵ 2.1.29			+1	-1
	@​unovis/​vue@​1.6.1 ⏵ 1.6.2	+1		+1	-1
	@​antfu/​eslint-config@​6.1.0 ⏵ 6.7.3	-2
	@​unovis/​ts@​1.6.1 ⏵ 1.6.2	+3			+1
	@​commitlint/​config-conventional@​20.0.0 ⏵ 20.3.1
	drizzle-kit@​0.31.5 ⏵ 0.31.8	+1		+1	+2
	@​nuxt/​ui@​4.2.1 ⏵ 4.3.0
	@​openai/​agents@​0.2.1 ⏵ 0.3.7	+1		+1	-1

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud