chore(deps): update all non-major dependencies

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence
@iconify-json/lucide	^1.2.66 -> ^1.2.68
@iconify-json/simple-icons	^1.2.50 -> ^1.2.52
@nuxt/ui (source)	^4.0.0-alpha.1 -> ^4.0.0-alpha.2
@unovis/ts (source)	^1.6.0 -> ^1.6.1
@unovis/vue (source)	^1.6.0 -> ^1.6.1
pnpm (source)	10.15.1 -> 10.17.0
vue-tsc (source)	^3.0.6 -> ^3.0.7
zod (source)	^4.1.5 -> ^4.1.9

---

Release Notes

nuxt/ui (@​nuxt/ui)

v4.0.0-alpha.2

Compare Source

⚠ BREAKING CHANGES

• Form: don't mutate the form's state if transformations are enabled (#​4902)

Features

• ContentNavigation: handle collapsible false with type multiple (c42c2ab)
• locale: add Georgian language (#​4973) (996478f)
• locale: add Swiss German language (#​4962) (dcf17bb)

Bug Fixes

• Banner: ensure actions slot renders (#​4946) (5d6e1fc)
• CodeTree/Tree: improve accessibility (#​4945) (117b4b3)
• components: dot notation type support for labelKey and valueKey (#​4933) (11a0320)
• components: proxySlots reactivity (#​4969) (3173bee)
• components: standardize naming for type interfaces (#​4990) (788d2de)
• FileUpload: add missing button type (f33e43c), closes #​4935
• Form: don't mutate the form's state if transformations are enabled (#​4902) (99dbe81)
• Form: handling race condition on clear function (#​4843) (2269b48)
• InputMenu/Select/SelectMenu: show falsy value when model value is falsy (#​4882) (073dd14)
• locale: improve id name (#​4890) (1b5d741)
• Marquee: handle RTL mode (#​4887) (1846079)
• Progress: improve status-position when 0 (#​4994) (0e1e44c)
• types: export missing tv types (#​4971) (2bf273c)
• types: resolve ambient declaration error in icons type (#​4991) (6ddf899)

Performance Improvements

• module: do not block setup by importing plugin (#​4923) (695d9f7)

f5/unovis (@​unovis/ts)

v1.6.1

Compare Source

What's Changed

• Website | StackedBar | Orientation: Snippet using XYWrapper instead of XYWrapperWithInput by @​naptr in #​625
• Component | Axis: Fix Label overlapping issue by @​lee00678 in #​628
• Component | Annotation: Add calc() support to annotation position by @​lee00678 in #​624
• Timeline: Configurable positioning of small rounded segments by @​rokotyan in #​622
• Axis: Show grid when minMaxTicksOnly is true by @​rokotyan in #​621
• Component | Axis: Fix for tick labels overlapping and wrapping by @​rokotyan in #​589
• Vue | Map: Reactive data by @​ashddev in #​630
• Component | Timeline: Correct bleed calculation when showEmptySegmentsCorrectPosition is true by @​rokotyan in #​635
• Component | Axis: Fix autoMargin _getYTickTextTranslate undefined issue by @​lee00678 in #​634
• Release: 1.6.1 by @​suryahanumandla in #​637

New Contributors

• @​naptr made their first contribution in #​625
• @​ashddev made their first contribution in #​630

Full Changelog: f5/unovis@1.6...1.6.1

pnpm/pnpm (pnpm)

v10.17.0

Compare Source

Minor Changes

• The minimumReleaseAgeExclude setting now supports patterns. For instance:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - "@​eslint/*"

  Related PR: #​9984.

Patch Changes

• Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #​9978.
• When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #​9979.

v10.16.1

Compare Source

Patch Changes

• The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #​9963.
• Forcibly disable ANSI color codes when generating patch diff #​9914.

v10.16.0

Compare Source

Minor Changes

• There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

  The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

  If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

  minimumReleaseAgeExclude:
    - webpack

  Related issue: #​9921.

• Added support for finders #​9946.

  In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example:

  pnpm why minimist
  

  prints the chain of dependencies to any installed instance of minimist:

  verdaccio 5.20.1
  ├─┬ handlebars 4.7.7
  │ └── minimist 1.2.8
  └─┬ mv 2.1.1
    └─┬ mkdirp 0.5.6
      └── minimist 1.2.8
  

  What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies?

  This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why.

  Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs:

  module.exports = {
    finders: {
      react17: (ctx) => {
        return ctx.readManifest().peerDependencies?.react === "^17.0.0";
      },
    },
  };

  Now we can use this finder function by running:

  pnpm why --find-by=react17
  

  pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.

  @​apollo/client 4.0.4
  ├── @​graphql-typed-document-node/core 3.2.0
  └── graphql-tag 2.12.6
  

  It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:

  module.exports = {
    finders: {
      react17: (ctx) => {
        const manifest = ctx.readManifest();
        if (manifest.peerDependencies?.react === "^17.0.0") {
          return `license: ${manifest.license}`;
        }
        return false;
      },
    },
  };

  Every matched package will also print out the license from its package.json:

  @​apollo/client 4.0.4
  ├── @​graphql-typed-document-node/core 3.2.0
  │   license: MIT
  └── graphql-tag 2.12.6
      license: MIT
  

Patch Changes

• Fix deprecation warning printed when executing pnpm with Node.js 24 #​9529.
• Throw an error if nodeVersion is not set to an exact semver version #​9934.
• pnpm publish should be able to publish a .tar.gz file #​9927.
• Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #​9626.

vuejs/language-tools (vue-tsc)

v3.0.7

Compare Source

Bug Fixes

• fix(vscode): show welcome page only when opening a Vue file
• fix(language-core): generate slot parameters in the same way as interpolation (#​5618) - Thanks to @​KazariEX!
• fix(language-core): do not generate variables for builtin directives - Thanks to @​KazariEX!

Other Changes

• docs(vscode): add descriptions for premium feature configurations (#​5612) - Thanks to @​KazariEX!
• refactor(typescript-plugin): explicitly request parameters (#​5623)
• chore(lint): enable @typescript-eslint/no-unnecessary-condition (#​5630)
• refactor(language-server): reimplement Reactivity Visualization in typescript plugin (#​5632)
• refactor(language-server): parsing interpolations in extension client (#​5633)
• refactor(vscode): reimplement Focus Mode base on folding ranges (#​5634)
• chore(vscode): disable Focus Mode by default (#​5578)
• refactor(vscode): set delay of reactivity visualization updates to 250ms - Thanks to @​KazariEX!

colinhacks/zod (zod)

v4.1.9

Compare Source

v4.1.8

Compare Source

Commits:

• 36c4ee3 Switch back to weakmap
• a1726d5 4.1.8

v4.1.7

Compare Source

Commits:

• 0cca351 Fix variable name inconsistency in coercion documentation (#​5188)
• aa78c27 Add copy/edit buttons
• 76452d4 Update button txt
• 937f73c Fix tsconfig issue in bench
• 976b436 v4.1.6 (#​5222)
• 4309c61 Fix cidrv6 validation - cidrv6 should reject invalid strings with multiple slashes (#​5196)
• ef95a73 feat(locales): Add Lithuanian (lt) locale (#​5210)
• 3803f3f docs: update wrong contents in codeblocks in api.mdx (#​5209)
• 8a47d5c docs: update coerce example in api.mdx (#​5207)
• e87db13 feat(locales): Add Georgian (ka) locale (#​5203)
• c54b123 docs: adds @traversable/zod and @traversable/zod-test to v4 ecosystem (#​5194)
• c27a294 Fix two tiny grammatical errors in the docs. (#​5193)
• 23a2d66 docs: fix broken links in async refinements and transforms references (#​5190)
• 845a230 fix(locales): Add type name translations to Spanish locale (#​5187)
• 27f13d6 Improve regex precision and eliminate duplicates in regexes.ts (#​5181)
• a8a52b3 fix(v4): fix Khmer and Ukrainian locales (#​5177)
• 887e37c Update slugs
• e1f1948 fix(v4): ensure array defaults are shallow-cloned (#​5173)
• 9f65038 docs(ecosystem): add DRZL; fix Prisma Zod Generator placement (#​5215)
• aa6f0f0 More fixes (#​5223)
• aab3356 4.1.7

v4.1.6

Compare Source

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.