chore(deps): update app dependencies to v5 (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@sanity/vercel-protection-bypass (source)	2.0.1 → 5.0.6
@sanity/vision (source)	4.6.1 → 5.22.0
@sanity/visual-editing (source)	3.0.4 → 5.3.4
groq (source)	4.6.1 → 5.22.0
sanity (source)	4.6.1 → 5.22.0
sanity-plugin-iframe-pane (source)	4.0.0 → 5.0.11

---

Release Notes

sanity-io/plugins (@​sanity/vercel-protection-bypass)

v5.0.6

Compare Source

Patch Changes

• 377a170 Thanks @​stipsan! - Upgrade @sanity/preview-url-secret to ^4.0.4

v5.0.5

Compare Source

Patch Changes

• #​532 7529052 Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to ^4.0.3

v5.0.4

Compare Source

Patch Changes

• 6397826 Thanks @​stipsan! - Improve build output and dts gen

v5.0.3

Compare Source

Patch Changes

• d3978bc Thanks @​stipsan! - Update LICENSE year

v5.0.2

Compare Source

Patch Changes

• #​351 e251678 Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to v4.0.2

v5.0.1

Compare Source

Patch Changes

• #​291 0976b5b Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to v4

v5.0.0

Compare Source

Major Changes

• 20c43ac Thanks @​stipsan! - Require Sanity Studio V5

v4.0.6

Compare Source

Patch Changes

• 7074855 Thanks @​stipsan! - Fix linter issues

v4.0.5

Compare Source

Patch Changes

• 69a8d2f Thanks @​stipsan! - Declare support for Studio v5

v4.0.4

Compare Source

Patch Changes

• #​130 4399a30 Thanks @​stipsan! - Improve quality of generated dts

v4.0.3

Compare Source

Patch Changes

• #​81 33d90c3 Thanks @​stipsan! - Improve react lazy loading

v4.0.2

Compare Source

Patch Changes

• #​30 5307c0d Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to v3

v4.0.1

Compare Source

Patch Changes

• c934098 Thanks @​stipsan! - Target React 19 in React Compiler

v4.0.0

Compare Source

Major Changes

• #​26 32fb288 Thanks @​stipsan! - Require React 19.2 or later

• #​26 32fb288 Thanks @​stipsan! - Require Sanity Studio v4

v3.1.0

Compare Source

Minor Changes

• d090d93 Thanks @​stipsan! - Add schema type for debugging

Patch Changes

• 4f82b31 Thanks @​stipsan! - Stop publishing src folder to npm

v3.0.0

Compare Source

Major Changes

• #​11 d2283b2 Thanks @​stipsan! - Set node engines to minimum v22.12 in addition to the existing required v20.19 or later

• #​11 d2283b2 Thanks @​stipsan! - Remove CJS, this package is now ESM-only

Patch Changes

• #​8 17e4495 Thanks @​renovate! - fix(deps): Update dependency @​sanity/preview-url-secret to ^2.1.16

• 2bda9e1 Thanks @​stipsan! - Reduce reliance on @sanity/preview-url-secret

v2.1.1

Patch Changes

• #​3 0c47c28 Thanks @​stipsan! - Setup npm Trusted Publishing

v2.1.0

Features

• upgrade to react compiler v1 (#​3255) (89565e6)

v2.0.2

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/preview-url-secret bumped to 2.1.15

sanity-io/sanity (@​sanity/vision)

v5.22.0

Compare Source

Sanity Studio v5.22.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit:
www.sanity.io/changelog/studio-NS4yMS4w

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author	Message	Commit
@​annez	feat(telemetry): add Studio Auth Ready + Studio Ready timing events (#​12707)	f3ba538
@​RitaDias	fix: positioning of reference input lists in documents (and modals / dialogs / popovers) (#​12721)	14f7b82
squiggler-app[bot]	fix(deps): update dependency @​sanity/cli to ^6.4.0 (#​12727)	b7bd438
@​skogsmaskin	feat(asset-sources): add persistence key for Media Library plugin (#​12670)	311ac2d
@​juice49	chore(test-studio): add slug.current ordering (#​12722)	2fdd96f
@​juice49	fix(sanity): handle groq2024 searches that sort on child paths and complex GROQ expressions (#​12722)	755a6a5
@​EoinFalconer	fix(form): support programmatic focus with inline changes enabled (#​12673)	cf9ce7d
@​jordanl17	chore: hiding types from reference docs (#​12705)	58a4869
@​EoinFalconer	fix(e2e): stabilize validation and vision test race conditions (#​12715)	9060f82
@​RitaDias	refactor: add hasAttachment tag to sentry feedback (#​12718)	f37d1fb
@​RitaDias	fix(studio): stop eagerly fetching auth for all workspaces at the start (#​12704)	f131c92
@​bjoerge	chore(agents): add code review skills (#​12702)	8226891
@​bjoerge	chore(skills): add rxjs skill (#​12698)	07ac7a7
@​jordanl17	feat(config): add hidden property to workspace configuration (#​12599)	41c0f27
@​bjoerge	fix(auth): make logout method return promise in auth store types (#​12690)	a45e005
@​bjoerge	fix(ci): use default lint output format for reliable error visibility (#​12696)	e53903b
@​bjoerge	chore(skills): update pr-description skill (#​12697)	039ab5d
@​bjoerge	fix(ci): add auth store e2e tests (#​12647)	9229abc
@​jordanl17	fix(types): correct BlockRule value type from any[] to PortableTextBlock (#​12509)	3ca5e31
@​kbrabrand	fix(sanity): cancel fetch response bodies to prevent connection blocking (#​12681)	af813e7
@​bjoerge	fix(ci): exclude markdown files from v8 coverage (#​12680)	047297d
@​juice49	fix(sanity): use @sanity/uuid to produce feedback session id (#​12682)	5c9a767
@​bjoerge	chore(e2e): show pass/fail status in PR comment and report link (#​12677)	ebed557
@​RitaDias	fix(preview): reduce redundant fetches in document preview observers (#​12624)	dd438bd
@​bjoerge	fix(ci): add auth store unit tests (#​12646)	0ab91e8
@​bjoerge	ci(e2e): skip merge-reports when tests never ran (#​12597)	6db83ba
@​juice49	test(sanity): add missing enabled prop to DivergencesTestProvider (#​12618)	f534c8f
@​juice49	fix(sanity): published id incorrectly supplied to DivergencesProvider as subject id (#​12618)	8910e18
@​juice49	fix(sanity): stale form context after switching document versions (#​12618)	8b50bc8

v5.21.0

Compare Source

Features

• vision: groq syntax highlighting (#​12594) (95a1dce)

v5.20.0

Compare Source

Sanity Studio v5.20.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit:
www.sanity.io/changelog/studio-NS4xOS4w

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author	Message	Commit
squiggler-app[bot]	chore(deps): dedupe pnpm-lock.yaml (#​12583)	449f40c
@​codythatsme	fix(types): preserve type autocomplete for defineField inside defineType (#​12576)	d566c31
squiggler-app[bot]	chore(deps): update dependency lodash-es to ^4.18.1 (#​12582)	e855996
@​jordanl17	fix(form): add deeply nested array preview types and integrate into schema (#​12489)	35af7f5
@​pedrobonamin	feat(core): adds useProjectOrganizationData hook (#​12539)	f180ebf
squiggler-app[bot]	chore(deps): update rexxars/bundle-stats digest to 1bc291f (#​12569)	48a5609
@​binoy14	ci(renovate): inline reusable workflow to fix access error (#​12567)	95a9bca
@​binoy14	ci: use main branch for action (#​12566)	bbd1304
@​binoy14	ci(renovate): add self-hosted renovate bot workflow (#​12565)	111f86e
@​juice49	fix(sanity): inline comment input re-animate on every value change (#​12564)	fa34c76
@​juice49	fix(sanity): add missing perspective when calling observeDocumentTypeFromId for references (#​12561)	80e57e9
@​bjoerge	chore(ci): expand and clarify release PR description (#​12562)	611e177
@​juice49	fix(sanity): array input with no ArrayFunctions vanishing after pane expansion (#​12559)	d7c56cd
@​juice49	feat(test-studio): add example array with no ArrayFunctions (#​12559)	4da66bc

v5.19.0

Compare Source

Sanity Studio v5.19.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit:
www.sanity.io/changelog/studio-NS4xOC4w

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author	Message	Commit
@​pedrobonamin	chore: replace deprecated placement in menuButton for popover.placement (#​12421)	867cccb
@​juice49	feat(sanity): tag version creation request during release duplication (#​12554)	5b90d9a
@​juice49	refactor(sanity): pass only document id when duplicating release (#​12554)	8f01554
@​bjoerge	test(e2e): remove unnecessary Firefox skips from PTE fullscreen tests (#​12552)	70eca29
@​bjoerge	chore(ci): bump renovate nodeMaxMemory to 2.5GB (#​12555)	63fb9e3
@​bjoerge	chore(ci): bump renovate nodeMaxMemory to 2GB (#​12553)	fa002f6
@​binoy14	fix(deps): update @​sanity/cli to v6.3.1 (#​12546)	27690b4
@​bjoerge	chore(ci): change nodeMaxMemory from string to number (#​12550)	c06062a
@​bjoerge	chore(ci): set renovate nodeMaxMemory to 1GB (#​12548)	0d380fa
renovate[bot]	chore(deps): update dependency oxfmt to ^0.43.0 (#​12450)	e374c45
@​binoy14	chore(deps): bump GitHub Actions dependencies to latest versions (#​12544)	91b4993
@​binoy14	chore(ci): add renovate concurrency limits (#​12545)	fd39d6f
renovate[bot]	chore(deps): update davelosert/vitest-coverage-report-action digest to bd52af5 (#​12535)	02f8197
@​christianhg	fix(deps): update @​portabletext packages to latest versions (#​12538)	6095f0d
@​binoy14	fix(deps): update @​sanity/cli to v6.3.0 (#​12537)	1976167
@​RitaDias	feat: add feedbackDialog and sendFeedback methods (#​12497)	0477e25
@​RitaDias	refactor: always send error reporting to sentry, always strip PII (#​12534)	4b2dc94
@​Chrilleweb	fix(sanity): log deprecation warning once (#​12526)	abc296d
@​bjoerge	feat(telemetry): track auth store timings (#​12529)	468ff0b
@​bjoerge	chore(telemetry): improve debug logging output (#​12528)	15943dd
@​TiwariLokesh	fix(core): prevent PointerOverlayDiv from blocking clicks on initial render in CommandList (#​12480)	9ca91b5
@​bjoerge	fix(auth): return stats from handleCallbackResult (#​12522)	9d4bd08
@​pedrobonamin	fix(structure): add empty state to incoming refs inspector (#​12524)	0add49d
@​pedrobonamin	fix(core): prevent task form operations from leaking into the main workspace store (#​12523)	5439954
@​stipsan	fix(deps): bump misc sanity packages (#​12470)	5c56d11
@​bjoerge	ci(e2e): optimize Playwright CI workflows (#​12519)	e5c05b0
renovate[bot]	chore(deps): update davelosert/vitest-coverage-report-action digest to 2500daf (#​12516)	89b7d7e
@​bjoerge	test(e2e): replace waitForSelector and waitForTimeout with locator APIs (#​12510)	fc5c7f3
@​bjoerge	chore(ci): replace lerna with release-notes bump command (#​12513)	6171d67
@​pedrobonamin	fix(core): publishing anonymous versions (#​12514)	a1c9e4b
renovate[bot]	chore(deps): pin dorny/paths-filter action to fbd0ab8 (#​12515)	5aee0d5
@​jordanl17	fix: show initial value template icons in new document pickers (#​12508)	990a3c4
renovate[bot]	chore(deps): update pnpm to v10.32.1 (#​12453)	d14c754
renovate[bot]	chore(deps): update dependency knip to ^5.88.1 (#​12449)	3d05c77
@​jordanl17	fix: pasting a document into a schema with read-only fields will exclude those fields from paste (#​12488)	500e413
@​jordanl17	fix(validation): allow relative URLs when scheme excludes http (#​12486)	d5c2b1c
@​markmichon	fix(release-notes): unset releaseAutomation before publishing content release (#​12505)	3643a20
renovate[bot]	chore(deps): update actions/create-github-app-token action to v3 (#​12455)	0c59a22
@​bjoerge	chore(e2e): fix test timeouts and remove unnecessary test.slow() calls (#​12499)	b6f0480

v5.18.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.17.1

Compare Source

Note: Version bump only for package @​sanity/vision

v5.17.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.16.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.15.0

Compare Source

Features

• upgrade to new @sanity/cli (#​12200) (902075d) by Espen Hovlandsdal (espen@hovlandsdal.com)

v5.14.1

Compare Source

Note: Version bump only for package @​sanity/vision

v5.14.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.13.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.12.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.11.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.10.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.9.0

Compare Source

Reverts

• rollback v5.9.0 version bump (#​12139) (4195d26) by Bjørge Næss (bjoerge@gmail.com)

v5.8.1

Compare Source

Note: Version bump only for package @​sanity/vision

v5.8.0

Compare Source

Bug Fixes

• optimize styled components when publishing to npm (#​12047) (550d11e) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v5.7.0

Compare Source

Note: Version bump only for package @​sanity/vision

v5.6.0

Compare Source

Bug Fixes

• deps: Update CodeMirror (#​11881) (ac97e5c) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v5.5.0

Compare Source

Note: Version bump only for package [@&#8

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 3am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
preview-kit-next-app-router	Ready	Preview, Comment	Apr 22, 2026 11:43am
preview-kit-next-pages-router	Error		Apr 22, 2026 11:43am
preview-kit-remix	Error		Apr 22, 2026 11:43am
preview-kit-test-studio	Error		Apr 22, 2026 11:43am

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​sanity/​vercel-protection-bypass@​2.0.1 ⏵ 5.0.6	+4			-1
	npm/​@​types/​react@​19.2.9 ⏵ 19.2.14	+1		+1
	npm/​groq@​5.22.0
	npm/​isbot@​5.1.33 ⏵ 5.1.39				+3
	npm/​@​sanity/​vision@​4.6.1 ⏵ 5.22.0			+1	-2
	npm/​sanity-plugin-iframe-pane@​4.0.0 ⏵ 5.0.11	+2			+9
	npm/​sanity@​4.6.1 ⏵ 5.22.0	+1			-2
	npm/​@​sanity/​visual-editing@​5.3.4

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm markdown-it is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/sanity@5.22.0 → npm/markdown-it@14.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report