ci(deps): update maintenance dependency rollup (v1.8.x) - abandoned

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@docusaurus/core (source)	3.9.2 → 3.10.1			dependencies	minor
@docusaurus/module-type-aliases (source)	3.9.2 → 3.10.1			devDependencies	minor
@docusaurus/plugin-content-blog (source)	3.9.2 → 3.10.1			dependencies	minor
@docusaurus/preset-classic (source)	3.9.2 → 3.10.1			dependencies	minor
@docusaurus/tsconfig (source)	3.9.2 → 3.10.1			devDependencies	minor
@docusaurus/types (source)	3.9.2 → 3.10.1			devDependencies	minor
@fortawesome/react-fontawesome	3.2.0 → 3.3.1			dependencies	minor
actions/setup-node	v6.3.0 → v6.4.0			action	minor
pnpm (source)	11.0.4 → 11.0.6			devDependencies	patch	11.1.1 (+4)
pnpm/action-setup	v6.0.0 → v6.0.5			action	patch	v6.0.8 (+2)
react (source)	19.2.4 → 19.2.5			dependencies	patch	19.2.6
react-dom (source)	19.2.4 → 19.2.5			dependencies	patch	19.2.6
typescript (source)	6.0.2 → 6.0.3			devDependencies	patch
org.jetbrains.kotlinx:kotlinx-serialization-json	1.10.0 → 1.11.0			dependencies	minor
org.jetbrains.kotlinx:kotlinx-serialization-core	1.10.0 → 1.11.0			dependencies	minor
org.mockito.kotlin:mockito-kotlin	6.2.3 → 6.3.0			dependencies	minor
dev.architectury.loom:dev.architectury.loom.gradle.plugin	1.13.469 → 1.14.473			dependencies	minor
com.google.code.gson:gson	2.13.2 → 2.14.0			dependencies	minor
com.diffplug.spotless	8.3.0 → 8.4.0			plugin	minor
com.gradle.plugin-publish	2.1.0 → 2.1.1			plugin	patch

---

Release Notes

facebook/docusaurus (@​docusaurus/core)

v3.10.1

Compare Source

🐛 Bug Fix

• docusaurus-bundler
  • #​11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

• docusaurus
  • #​11982 chore: cherry-pick commits for v3.10.1 patch release (@​slorber)

Committers: 1

• Sébastien Lorber (@​slorber)

v3.10.0

Compare Source

🚀 New Feature

• docusaurus-types, docusaurus
  • #​11896 feat(core): add future.v4.mdx1CompatDisabledByDefault flag (@​slorber)
  • #​11797 feat(core): promote siteConfig.storage to stable + add future.v4.siteStorageNamespacing flag [Claude] (@​slorber)
  • #​11571 feat(core): support custom html elements in head tags (@​lebalz)
• create-docusaurus
  • #​11897 feat(create-docusaurus): update init template to .mdx extension and strict MDX syntax (@​slorber)
  • #​11696 feat(create-docusaurus): Newly initialized TS sites should use "strict: true" (@​slorber)
  • #​11611 feat(create-docusaurus): enable creation in current directory (@​Mcheung7272)
• Other
  • #​11874 feat(ci): improve npm supply chain security - improve Dependabot config (@​slorber)
  • #​11712 feat(publish): Use trusted publishing (OIDC) for canary releases (@​slorber)
• create-docusaurus, docusaurus-bundler, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-pwa, docusaurus-types, docusaurus
  • #​11802 feat(core): Docusaurus Faster is stable + v4 future flag turns it on by default (@​slorber)
• docusaurus-mdx-loader, docusaurus-utils, docusaurus
  • #​11777 feat(cli): write-heading-ids CLI now supports the --syntax and --migrate options (@​slorber)
• docusaurus-mdx-loader
  • #​11755 feat(mdx-loader): add support for explicit headingId based on MD/MDX comments (@​slorber)
• docusaurus-theme-live-codeblock, docusaurus-theme-translations
  • #​11675 feat(theme-live-codeblock): reset button + wire position prop (@​NPX2218)
• docusaurus-theme-classic, docusaurus-theme-common
  • #​11734 feat(theme): Split <DocCard>, improve extensibility, better handling of emoji icons, stable classNames (@​slorber)
  • #​11733 feat(theme): Use React context for <Tabs>, allow custom <TabItem> components (@​slorber)
• docusaurus-faster, docusaurus
  • #​11715 feat(bundler): upgrade to Rspack 1.7, remove useless experimental feature flags (@​slorber)
• docusaurus-plugin-content-pages
  • #​11666 feat(pages): add support for Markdown file path links (@​VedantMadane)
• docusaurus-mdx-loader, docusaurus-theme-classic
  • #​11642 feat(mdx-loader): add admonitions directive support for class/id shortcuts (@​lebalz)
• docusaurus-theme-classic
  • #​11635 feat(theme): add MDXComponents/Li to swizzle config (@​moskalakamil)
• docusaurus-theme-search-algolia
  • #​11581 feat(theme-search-algolia): allow overriding transformSearchClient (@​hugohaggmark)
  • #​11541 feat(theme-search-algolia): add support for DocSearch v4.3.2 and new Suggested Questions (@​NatanTechofNY)
• create-docusaurus, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-sitemap, docusaurus-types, docusaurus-utils, docusaurus
  • #​11512 feat(core): New siteConfig future.experimental_vcs API + future.experimental_faster.gitEagerVcs flag (@​slorber)

🐛 Bug Fix

• docusaurus
  • #​11844 fix(core): fix url.resolve() Node.js deprecation warning (@​slorber)
  • #​11833 fix(core): upgrade serve handler min version to for upgrade users to a secure version (@​BearAlliance)
  • #​11763 fix(cli): fix write-heading-ids CLI when no files provided (@​slorber)
  • #​11693 fix(core): Remove deprecated experiments.lazyBarrel config for RsPack (@​VedikaGupt)
  • #​11604 fix(core): webpack aliases shouldn't be created for test files and typedefs (@​slorber)
  • #​11603 fix(core): Fix openBrowser AppleScript support for Arc (@​slorber)
  • #​11579 fix(core): in isInternalUrl(), URI protocol scheme detection should implement the spec more strictly (@​slorber)
  • #​11550 fix(core): optimize i18n integration for site builds + improve inference of locale config (@​slorber)
• docusaurus-faster, docusaurus
  • #​11817 fix(faster): upgrade Rspack, fix Yarn PnP support (@​slorber)
• create-docusaurus, docusaurus-logger, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-google-gtag, docusaurus-plugin-pwa, docusaurus
  • #​11843 fix(create-docusaurus): fix support for TypeScript 6.0 + fix our CI (@​slorber)
• docusaurus-utils
  • #​11804 fix(utils): Git Eager VSC should have better DX (@​slorber)
• docusaurus-theme-classic
  • #​11796 fix(theme): restore copy-text-to-clipboard as lazy fallback for non-secure contexts (@​dmoranp)
  • #​11513 fix(a11y): add Space key support for navbar dropdowns (@​TheCyperpunk)
  • #​11565 fix(theme): Change code block line from span to div, fix Firefox text selection/copy bug (@​slorber)
• docusaurus-plugin-content-docs
  • #​11794 fix(content-docs): translate generated-index category titles in pagination links (@​dmoranp)
  • #​11743 fix(content-docs): use category key for generated-index translation lookup (@​4RH1T3CT0R7)
  • #​11616 fix(docs): breadcrumb APIs only return category/docs items, ignoring links (@​Chesars)
• docusaurus-plugin-google-gtag
  • #​11770 fix(create-docusaurus): update @​types/gtag.js to 0.0.20 (@​fresh3nough)
• docusaurus-theme-search-algolia
  • #​11683 fix(algolia): upgrade to DocSearch 4.5 + fix types (@​slorber)
  • #​11560 fix(theme-search-algolia): preserve query strings in useSearchResultUrlProcessor (@​pyrytakala)
• docusaurus-plugin-content-blog
  • #​11736 fix(content-blog): fix wrong path variable in feed XSLT CSS file validation (@​akshatsinha0)
  • #​11577 fix(blog): Fix author paginated page url: /blog/authors/<author>/page/2 (@​slorber)
  • #​11562 chore(blog): refactor blog Content, remove useless blogListPaginated attribute (@​slorber)
  • #​11559 fix(content-blog): filter unlisted posts from author pages (@​pyrytakala)
• docusaurus-theme-classic, docusaurus-theme-common
  • #​11713 fix(a11y): remove useKeyboardNavigation hook (@​nmggithub)
• docusaurus-plugin-ideal-image
  • #​11659 fix(ideal-image): <IdealImage> should forward remaining props to the underlying component (@​tempoz)
• eslint-plugin
  • #​11587 fix(eslint-plugin): specify exact type of no-untranslated-text rule options (@​andreww2012)
• docusaurus-mdx-loader
  • #​11530 fix(mdx-loader): fix url.parse deprecation warning on Node 24+ (@​kou029w)
• docusaurus-bundler, docusaurus-faster, docusaurus-theme-mermaid
  • #​11496 fix(faster): fix server build SWC / browserslist node target (@​slorber)

🏃‍♀️ Performance

• docusaurus-plugin-content-blog
  • #​11707 refactor(content-blog): decouple getTagsFile from generateBlogPosts (@​garry00107)
• create-docusaurus, docusaurus-utils, docusaurus
  • #​11684 refactor(create-docusaurus): remove useless dependencies (docusaurus-utils, execa, fs-extra) + simplify some code (@​slorber)
• create-docusaurus
  • #​11653 refactor(create-docusaurus): replace lodash with native implementation (@​torresgol10)

📝 Documentation

• docusaurus
  • #​11779 chore(website): migrate MDX heading ids to comment syntax + upgrade Crowdin parser version (@​slorber)
• Other
  • #​11784 docs(website): change recommended syntax for math equations (@​slorber)
  • #​11623 docs: Add expose-markdown-docusaurus-plugin resource (@​FlyNumber)

🤖 Dependencies

• Other
  • #​11886 chore(deps): bump react-json-view-lite from 2.3.0 to 2.5.0 (@​dependabot[bot])
  • #​11885 chore(deps): bump postcss from 8.5.4 to 8.5.8 (@​dependabot[bot])
  • #​11888 chore(deps): bump lodash from 4.17.23 to 4.18.1 (@​dependabot[bot])
  • #​11882 chore(deps): bump @​babel/core from 7.28.6 to 7.29.0 (@​dependabot[bot])
  • #​11880 chore(deps): bump fs-extra and @​types/fs-extra (@​dependabot[bot])
  • #​11861 chore(deps): bump preactjs/compressed-size-action from 2.9.0 to 2.9.1 (@​dependabot[bot])
  • #​11851 chore(deps): bump handlebars from 4.7.7 to 4.7.9 (@​dependabot[bot])
  • #​11849 chore(deps): bump convict from 6.2.4 to 6.2.5 (@​dependabot[bot])
  • #​11857 chore(deps): bump node-forge from 1.3.2 to 1.4.0 (@​dependabot[bot])
  • #​11838 chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 (@​dependabot[bot])
  • #​11822 chore(deps): bump flatted from 3.3.1 to 3.4.2 (@​dependabot[bot])
  • #​11810 chore(deps): bump marocchino/sticky-pull-request-comment from 2.9.4 to 3.0.2 (@​dependabot[bot])
  • #​11811 chore(deps): bump treosh/lighthouse-ci-action from 12.6.1 to 12.6.2 (@​dependabot[bot])
  • #​11813 chore(deps): bump socket.io-parser from 4.2.4 to 4.2.6 (@​dependabot[bot])
  • #​11806 chore(deps): bump yauzl from 3.1.3 to 3.2.1 (@​dependabot[bot])
  • #​11789 chore(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0 (@​dependabot[bot])
  • #​11790 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (@​dependabot[bot])
  • #​11776 chore(deps): bump dompurify from 3.2.5 to 3.3.2 (@​dependabot[bot])
  • #​11768 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (@​dependabot[bot])
  • #​11774 chore(deps): bump svgo from 3.2.0 to 3.3.3 (@​dependabot[bot])
  • #​11762 chore(deps): bump rollup from 2.79.2 to 2.80.0 (@​dependabot[bot])
  • #​11756 chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 (@​dependabot[bot])
  • #​11692 chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (@​dependabot[bot])
  • #​11679 chore(deps): bump lodash from 4.17.21 to 4.17.23 (@​dependabot[bot])
  • #​11674 chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 (@​dependabot[bot])
  • #​11625 chore(deps): bump preactjs/compressed-size-action from 2.8.0 to 2.9.0 - pin all remaining GitHub actions (@​dependabot[bot])
  • #​11608 chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 (@​dependabot[bot])
  • #​11609 chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 (@​dependabot[bot])
  • #​11589 chore(deps): bump mdast-util-to-hast from 13.2.0 to 13.2.1 (@​dependabot[bot])
  • #​11574 chore(deps): bump node-forge from 1.3.1 to 1.3.2 (@​dependabot[bot])
  • #​11557 chore(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 (@​dependabot[bot])
  • #​11569 chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (@​dependabot[bot])
  • #​11551 chore(deps): bump js-yaml from 4.1.0 to 4.1.1 (@​dependabot[bot])
  • #​11514 chore(deps): bump actions/upload-artifact from 4 to 5 (@​dependabot[bot])
  • #​11515 chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (@​dependabot[bot])
  • #​11504 chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (@​dependabot[bot])
  • #​11503 chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (@​dependabot[bot])
• docusaurus-bundler, docusaurus-mdx-loader
  • #​11717 chore(deps): bump webpack from 5.95.0 to 5.104.1 (@​dependabot[bot])

🔧 Maintenance

• Other
  • #​11846 chore(website): disable mdx1Compat.comments on our site (@​slorber)
  • #​11845 chore(website): Upgrade to Algolia v4.6 (@​slorber)
  • #​11795 chore(ci): canary/trusted publishing shouldn't use any caching (@​slorber)
  • #​11753 chore: Add basic AGENTS.md (@​slorber)
  • #​11639 test(jest): simplify Jest snapshotPathNormalizer.ts (@​slorber)
  • #​11626 chore(website): upgrade to DocSearch 4.4.0 + fix little website theming issues (@​slorber)
  • #​11553 chore(ci): upgrade Netlify to Node 24 (LTS) + add git backfill command (@​slorber)
• create-docusaurus, docusaurus-babel, docusaurus-bundler, docusaurus-cssnano-preset, docusaurus-faster, docusaurus-logger, docusaurus-mdx-loader, docusaurus-module-type-aliases, docusaurus-plugin-client-redirects, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-css-cascade-layers, docusaurus-plugin-debug, docusaurus-plugin-google-analytics, docusaurus-plugin-google-gtag, docusaurus-plugin-google-tag-manager, docusaurus-plugin-ideal-image, docusaurus-plugin-pwa, docusaurus-plugin-rsdoctor, docusaurus-plugin-sitemap, docusaurus-plugin-svgr, docusaurus-plugin-vercel-analytics, docusaurus-preset-classic, docusaurus-remark-plugin-npm2yarn, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-theme-live-codeblock, docusaurus-theme-mermaid, docusaurus-theme-search-algolia, docusaurus-theme-translations, docusaurus-tsconfig, docusaurus-types, docusaurus-utils-common, docusaurus-utils-validation, docusaurus-utils, docusaurus, eslint-plugin, lqip-loader, stylelint-copyright
  • #​11823 chore(ci): fixes for the npm trusted publishing workflow (@​slorber)
  • #​11819 chore(ci): add Trusted Publishing release workflow through dispatch action (@​slorber)
• docusaurus-plugin-content-docs, docusaurus-plugin-ideal-image, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-theme-mermaid, docusaurus-utils, docusaurus
  • #​11698 chore(monorepo): upgrade React packages to v19 (@​slorber)
• docusaurus-cssnano-preset, docusaurus-logger, docusaurus-mdx-loader, docusaurus-plugin-client-redirects, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-ideal-image, docusaurus-remark-plugin-npm2yarn, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-utils-validation, docusaurus-utils, docusaurus
  • #​11702 chore(monorepo): upgrade to Jest 30 (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common, docusaurus
  • #​11697 chore(monorepo): upgrade React monorepo types to v19 (@​slorber)
• docusaurus-babel
  • #​11586 chore(deps): remove unused @​babel/runtime-corejs3 dependency (@​JustinBeckwith)
• docusaurus-plugin-content-blog
  • #​11564 test(blog): Add basic tests for blog routes. (@​slorber)

🌐 Translations

• docusaurus-theme-translations
  • #​11632 feat(i18n): add Urdu (ur) default theme translations (@​hammadurrehman2006)
  • #​11533 fix(translations): complete theme translations for Algolia pt-br (@​luicfrr)

Committers: 41

• Akshat Sinha (@​akshatsinha0)
• Aleksandar Zgonjan (@​acosoft)
• Andrew Kazakov (@​andreww2012)
• Anukool Pandey (@​ANUKOOL324)
• Artem Lytkin (@​4RH1T3CT0R7)
• Balthasar Hofer (@​lebalz)
• Bhoomi Sharma (@​Bhoomi070)
• Cesar Garcia (@​Chesars)
• Denny Morán (@​dmoranp)
• Dmitriy Rotaenko (@​dmitriyrotaenko)
• Eoin Shaughnessy (@​EoinTrial)
• Gaurav Sulsule (@​garry00107)
• Gnana Eswar Gunturu (@​GnanaEswarGunturu)
• Hugo Häggmark (@​hugohaggmark)
• Ivan Torres (@​torresgol10)
• Justin Beckwith (@​JustinBeckwith)
• Kamil Moskała (@​moskalakamil)
• Kohei Watanabe (@​kou029w)
• Kuldeep Prasad Mishra (@​kmish9685)
• Kunwardeep Singh (@​work109677-sudo)
• Luiz Carlos (@​luicfrr)
• Matthew Cheung (@​Mcheung7272)
• Max Clayton Clowes (@​mcclowes)
• Misrilal (@​Misrilal-Sah)
• Muhammad Hammad ur Rehman (@​hammadurrehman2006)
• Nader Jaber (@​FlyNumber)
• Natan Yagudayev (@​NatanTechofNY)
• Neel Bansal (@​NPX2218)
• Nick Cacace (@​BearAlliance)
• Noah Gregory (@​nmggithub)
• Poetry Of Code (@​poetryofcode)
• Pyry Takala (@​pyrytakala)
• Salman Chishti (@​salmanmkc)
• Sreehari Upas (@​SreehariU)
• Sébastien Lorber (@​slorber)
• Vedant Madane (@​VedantMadane)
• Vedika Gupta (@​VedikaGupt)
• Zoey Greer (@​tempoz)
• @​TheCyperpunk
• @​snikkrs
• fre$h (@​fresh3nough

FortAwesome/react-fontawesome (@​fortawesome/react-fontawesome)

v3.3.1

Compare Source

Chores

• deps-dev: bump handlebars from 4.7.8 to 4.7.9 (f1d6d94)
• deps-dev: bump lodash-es from 4.17.23 to 4.18.1 (212496a)
• deps-dev: bump picomatch from 2.3.1 to 2.3.2 (557ceaf)
• deps: bump lodash from 4.17.23 to 4.18.1 (2d06890)
• deps: node 22.22.2, bump all dev dependencies (99ba500)

v3.3.0

Compare Source

Features

• style: add support for custom gradient fills (d14cdc5)
• style: use single prop for gradient fills, add unit tests (2282d16)

Chores

• docs: add typedoc-generated API reference docs (5894156)
• docs: clean up API docs output structure, rewrite html links (a7782b8)
• docs: update README with FontAwesome documentation links (c540f90)

CI/CD

• actions: fix publish action env setting (eb4b40a)
• actions: only run full test matrix on PRs and main (3434d60)
• actions: update deprecated actions (6382b20)
• publish: enable publishing releases from CI (5d46150)
• publish: ensure private publish uses hard main ref (f54a9c2)

actions/setup-node (actions/setup-node)

v6.4.0

Compare Source

pnpm/pnpm (pnpm)

v11.0.6

Compare Source

Patch Changes

• Fix pnpm_config_npmrc_auth_file and pnpm_config_userconfig env vars not actually loading the custom .npmrc. The env vars were parsed and assigned to the resolved config, but only after loadNpmrcConfig had already read the default ~/.npmrc — so the custom file path was set but never read. The relevant env vars are now consulted before the user-level .npmrc is loaded #​11465.
• Preserve the original key order in pnpm-workspace.yaml when updating it. Existing keys keep their position, and new keys are inserted in alphabetical position when the existing keys are already sorted (with a leading packages key allowed) or appended at the end otherwise.
• Fixed pnpm self-update on installations originally set up by pnpm v10. v10 added PNPM_HOME directly to PATH and wrote a pnpm bootstrap shim there. v11 setup writes shims under PNPM_HOME/bin instead, so when a v10 user upgrades to v11 the legacy shim at PNPM_HOME keeps pointing into the old .tools/<version> install — pnpm --version continues to report the pre-update version even though the new version was installed under global/v11. Self-update now detects this layout, refreshes the legacy shims so the upgrade actually takes effect, and prints a hint suggesting pnpm setup to migrate PATH to the v11 layout. #​11464.
• Print a warning when settings that are not allowed in the global config file (e.g. nodeLinker, hoistPattern) are present in config.yaml and silently ignored. Previously these settings were dropped without any feedback, leaving users unsure why their global configuration had no effect. The warning suggests moving those settings to a project-level pnpm-workspace.yaml, or sharing them across projects via config dependencies.
• Throw a pnpm error when overrides has an invalid shape or contains a non-string value.
• Validate all readPackage dependency map fields, including devDependencies, and reject falsy non-object invalid values instead of silently accepting them.
• Prevent crashes during pnpm config, pnpm set, and pnpm get by tolerating configDependencies install failures. For these commands, a failure to install configDependencies (for example because the registry auth token has not been written yet) is now logged at debug level and the command proceeds. All other commands still surface the install error #​10684.
• Treat allowBuilds as an install-state input and clear previously ignored builds when they are explicitly disallowed.
• Fixes #​10594, catalogs not being read from the workspace when using the catalog: protocol with the pnpm dlx / pnpx command, resulting in a catalog entry not found error.
• Accept PNPM_CONFIG_* (uppercase) environment variables in addition to pnpm_config_*. Previously, only the lowercase form was honored, so env vars renamed per the v11 migration guide (e.g. PNPM_CONFIG_USERCONFIG) silently had no effect on case-sensitive systems like macOS and Linux #​11465.

v11.0.5

Compare Source

Patch Changes

• Drop the darwin-x64 artifact from @pnpm/exe and from the GitHub release page. The Node.js SEA mechanism pnpm pack-app uses produces a binary that segfaults at startup on Intel Macs because of an upstream Node.js bug (nodejs/node#62893, tracked alongside #​59553; the Node.js team has opted not to fix it on the grounds that x64 macOS is being phased out). Re-signing with codesign or ldid doesn't help — the corruption is in LIEF's Mach-O surgery, before signing.

  Intel Mac users should install pnpm via npm install -g pnpm (uses the system Node.js, no SEA), or stay on pnpm 10.x. @pnpm/exe's preinstall on Intel Mac now exits with a clear error pointing at these alternatives.

  Closes #​11423.

• pnpm dlx (and pnpx/pnx/pnpm create) now runs the same interactive approve-builds prompt as pnpm add -g when the package being launched depends on transitive packages with install scripts. Previously, the v11 strictDepBuilds default made dlx fail with ERR_PNPM_IGNORED_BUILDS and required users to re-run with --allow-build=<pkg> for every offending dependency. dlx also now removes the partially-populated cache directory when the install fails, so a subsequent run starts clean instead of reusing a broken install whose builds were silently skipped #​11444.

• 72629fc: Fix pnpm -g ls --json and pnpm -g ls --parseable so they emit valid JSON and parseable output respectively, matching pnpm 10 behavior. Since the isolated global packages refactor in pnpm 11, the global list command had a custom path that always printed plain text and ignored --json/--parseable, which broke tools like npm-check-updates that parse the JSON output #​11440.

  pnpm -g ls --depth=<n> (with n > 0) now errors when more than one isolated global install would be involved, since each install has its own lockfile and merging their transitive trees would be incoherent. When the request can be narrowed to a single install group, the regular list flow is used and the full dependency tree is shown.

• Fixed pnpm publish to honor publishConfig.registry from package.json when publishing a single package. The native publish flow introduced in v11 was reading the registry from .npmrc only, ignoring the per-package override #​11419.

• When strictPeerDependencies is true, the ERR_PNPM_PEER_DEP_ISSUES error once again renders the peer dependency issues inline using the same format as pnpm peers check, so users (and CI tools like Renovate) can see what failed without running pnpm peers check separately #​11439.

• The WARN and error code labels in pnpm's output now wrap in brackets ([WARN], [ERR_PNPM_FOO]). Previously the labels relied entirely on a colored background to stand out, which meant they blended into the surrounding text in terminals without color (e.g. when NO_COLOR is set or output is piped). The brackets are painted in the same color as the badge background, so they appear as ordinary padding in color-capable terminals — only the no-color rendering changes.

pnpm/action-setup (pnpm/action-setup)

v6.0.5

Compare Source

What's Changed

• fix: append (not prepend) action node dir to PATH for npm bootstrap by @​zkochan in #​241

Full Changelog: pnpm/action-setup@v6.0.4...v6.0.5

v6.0.4

Compare Source

What's Changed

• fix: use npm co-located with the action node binary by @​benquarmby in #​239

New Contributors

• @​benquarmby made their first contribution in #​239

Full Changelog: pnpm/action-setup@v6.0.3...v6.0.4

v6.0.3

Compare Source

Updated pnpm to v11.0.0-rc.5

Full Changelog: pnpm/action-setup@v6.0.2...v6.0.3

v6.0.2

Compare Source

What's Changed

• fix: pnpm self-update binary shadowed by bootstrap on PATH by @​oniani1 in #​230

New Contributors

• @​oniani1 made their first contribution in #​230

Full Changelog: pnpm/action-setup@v6.0.1...v6.0.2

v6.0.1

Compare Source

Update pnpm to v11.0.0-rc.2. pnpm-lock.yaml will not be saved with two documents unless the packageManager is set via devEngines.packageManager. Related issue: #​228

facebook/react (react)

v19.2.5: 19.2.5 (April 8th, 2026)

Compare Source

React Server Components

• Add more cycle protections (#​36236 by @​eps1lon and @​unstubbable)

microsoft/TypeScript (typescript)

v6.0.3

Compare Source

Kotlin/kotlinx.serialization (org.jetbrains.kotlinx:kotlinx-serialization-json)

v1.11.0

==================

This release is based on Kotlin 2.3.20 and provides new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs,
classes JsonException, JsonDecodingException, and JsonEncodingException are now public.
They have relevant public properties, such as shortMessage, path, offset, and others.
This API is currently experimental, and we're going to improve it further in the subsequent releases.
See the linked issues for the details: #​1930, #​1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason.
Such behavior may pose additional challenges for logging, analytics, and other systems, since
a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic.
To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration.
Disable it to hide user input from exception messages.
IMPORTANT: This behavior will be enabled by default when this property becomes stable.
See #​2590 for more details.

Bugfixes and improvements

• CBOR: Relax value range check when decoding numbers (#​3167)
• Use a specialized writeDecimalLong method for IO stream integrations in Json (#​3152)

mockito/mockito-kotlin (org.mockito.kotlin:mockito-kotlin)

v6.3.0

^{Changelog generated by Shipkit Changelog Gradle Plugin}

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 5am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.