Skip to content

chore(deps): update all non-major dependencies#179

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#179
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@codspeed/vitest-plugin (source) ^5.5.0^5.7.1 age confidence devDependencies minor
@tanstack/react-router (source) 1.170.161.170.17 age confidence dependencies patch
@tanstack/react-start (source) 1.168.261.168.27 age confidence dependencies patch
@tanstack/react-table (source) 9.0.0-beta.169.0.0-beta.26 age confidence dependencies patch
CodSpeedHQ/action v4.17.5v4.18.1 age confidence action minor
knip (source) ^6.16.1^6.23.0 age confidence devDependencies minor
nx (source) ^22.7.5^22.7.6 age confidence devDependencies patch
prettier (source) ^3.8.4^3.9.4 age confidence devDependencies minor
react (source) 19.2.019.2.7 age confidence dependencies patch
react-dom (source) 19.2.019.2.7 age confidence dependencies patch
semver ^7.8.4^7.8.5 age confidence dependencies patch
sherif ^1.11.1^1.12.0 age confidence devDependencies minor
tsdown (source) ^0.22.2^0.22.3 age confidence devDependencies patch
undici-types (source) 8.4.18.5.0 age confidence pnpm-workspace.overrides minor
verdaccio (source) ^6.7.2^6.7.4 age confidence devDependencies patch
vitest (source) 4.1.84.1.9 age confidence devDependencies patch
vitest-evals (source) ^0.13.1^0.14.0 age confidence devDependencies minor
zizmorcore/zizmor-action v0.5.6v0.5.7 age confidence action patch

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

CodSpeedHQ/codspeed-node (@​codspeed/vitest-plugin)

v5.7.1

Compare Source

What's Changed

Full Changelog: CodSpeedHQ/codspeed-node@v5.7.0...v5.7.1

v5.7.0

Compare Source

Highlights

  • Dump full inlining information for higher optimization tiers in walltime so we can show more functions on the profiler. To test it out, set CODSPEED_WALLTIME_PROFILER=samply env variable in the codspeed action.
  • Added support for tinybench v5 and v6 in @​codspeed/tinybench-plugin

What's Changed

Full Changelog: CodSpeedHQ/codspeed-node@v5.6.0...v5.7.0

v5.6.0

Compare Source

What's Changed

Full Changelog: CodSpeedHQ/codspeed-node@v5.5.0...v5.6.0

TanStack/router (@​tanstack/react-router)

v1.170.17

Compare Source

Patch Changes
TanStack/router (@​tanstack/react-start)

v1.168.27

Compare Source

Patch Changes
TanStack/table (@​tanstack/react-table)

v9.0.0-beta.26

Compare Source

Version 9.0.0-beta.26 - 7/1/26, 6:31 AM

Changes

Fix
  • let parent rows unselect child rows when not itself selected (#​6364) (c276ccd) by Kevin Van Cott
Chore
  • refactor perf.mds (b1a80cc) by Kevin Van Cott

Packages

v9.0.0-beta.23

Compare Source

Version 9.0.0-beta.23 - 6/28/26, 11:23 PM

Changes

Fix
  • table-core: auto-remove empty arrHas filter values like the other array filters (#​6356) (82978d7) by greymoth

Packages

v9.0.0-beta.22

Compare Source

Version 9.0.0-beta.22 - 6/28/26, 10:45 PM

Changes

Fix
  • useTableContext hmr and type fixes (#​6355) (c11ad75) by Kevin Van Cott
Docs
  • rewrite tanstack form example (075ce7d) by Kevin Van Cott
  • regen api docs (0d07d77) by Kevin Van Cott

Packages

v9.0.0-beta.21

Compare Source

Version 9.0.0-beta.21 - 6/26/26, 2:03 PM

Changes

Feat

Packages

v9.0.0-beta.20

Compare Source

Version 9.0.0-beta.20 - 6/26/26, 1:41 PM

Changes

Feat
Chore

Packages

v9.0.0-beta.19

Compare Source

Version 9.0.0-beta.19 - 6/25/26, 4:08 AM

Changes

Fix
  • improve row selection api performance (#​6344) (f077ae7) by Kevin Van Cott
Docs
  • fix link (51298bb) by Kevin Van Cott
  • helpers guide, fix some example tsc errors (a7aae8b) by Kevin Van Cott
  • improve composable table guides (a471632) by Kevin Van Cott
  • rearrange docs sidebar some (4e8a35d) by Kevin Van Cott
Examples
  • standardize stress tests and remove re-render buttons (d1c84eb) by Kevin Van Cott

Packages

v9.0.0-beta.18

Compare Source

Version 9.0.0-beta.18 - 6/24/26, 1:07 PM

Changes

Fix
  • expanding and paginated row model memo (#​6342) (de74706) by Kevin Van Cott
Chore
Docs
  • update feature setup sections (17b84c3) by Kevin Van Cott

Packages

v9.0.0-beta.17

Compare Source

Version 9.0.0-beta.17 - 6/20/26, 8:27 PM

Changes

Fix
  • add checks to dictionaries for ssr (#​6338) (f237e20) by Kevin Van Cott
Chore
  • modify some typescript script generation (dde8248) by Kevin Van Cott

Packages

CodSpeedHQ/action (CodSpeedHQ/action)

v4.18.1

Compare Source

Release Notes

🚀 Features

Install codspeed-runner 4.18.1

Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CodSpeedHQ/codspeed/releases/download/v4.18.1/codspeed-runner-installer.sh | sh

Download codspeed-runner 4.18.1

File Platform Checksum
codspeed-runner-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
codspeed-runner-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
codspeed-runner-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum

Full Runner Changelog: https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md

v4.18.0

Compare Source

Release Notes

🚀 Features
🐛 Bug Fixes

Install codspeed-runner 4.18.0

Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CodSpeedHQ/codspeed/releases/download/v4.18.0/codspeed-runner-installer.sh | sh

Download codspeed-runner 4.18.0

File Platform Checksum
codspeed-runner-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
codspeed-runner-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
codspeed-runner-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum

Full Runner Changelog: https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md

v4.17.6

Compare Source

Release Notes

🚀 Features
🐛 Bug Fixes
💼 Other
🏗️ Refactor
📚 Documentation
⚙️ Internals

Install codspeed-runner 4.17.6

Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CodSpeedHQ/codspeed/releases/download/v4.17.6/codspeed-runner-installer.sh | sh

Download codspeed-runner 4.17.6

File Platform Checksum
codspeed-runner-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
codspeed-runner-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
codspeed-runner-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum

Full Runner Changelog: https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md

Full Changelog: CodSpeedHQ/action@v4.17.5...v4.17.6

webpro-nl/knip (knip)

v6.23.0: Release 6.23.0

Compare Source

v6.22.0: Release 6.22.0

Compare Source

v6.21.0: Release 6.21.0

Compare Source

v6.20.0: Release 6.20.0

Compare Source

v6.19.0: Release 6.19.0

Compare Source

v6.18.0: Release 6.18.0

Compare Source

v6.17.2: Release 6.17.2

Compare Source

v6.17.1: Release 6.17.1

Compare Source

  • Remove ignoreBinaries w/ tar (b13d0ca)
  • Wrap up docs/refs (29f3e46)
  • Update dependencies (7b2f345)
  • Fix up vscode-languageclient imports (820c233)

v6.17.0: Release 6.17.0

Compare Source

nrwl/nx (nx)

v22.7.6

Compare Source

22.7.6 (2026-06-23)
🩹 Fixes
  • misc: bump happy-dom, tmp, and form-data to patched versions (#​36013)
❤️ Thank You
prettier/prettier (prettier)

v3.9.4

Compare Source

v3.9.3

Compare Source

v3.9.2

Compare Source

v3.9.1

Compare Source

v3.9.0

Compare Source

diff

🔗 Release Notes

v3.8.5

Compare Source

facebook/react (react)

v19.2.7: 19.2.7 (June 1st, 2026)

[Compare Source](https://redirect.g

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner June 22, 2026 00:34
@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Routine dependency and tooling version bumps across the monorepo: GitHub Actions pins for CodSpeed and zizmor are updated, pnpm is upgraded to 11.8.0, vitest to 4.1.9, and several package dependencies (semver, tsdown, verdaccio, sherif, undici-types, react, react-dom, @tanstack/react-table) are bumped to newer versions.

Changes

Dependency and Tooling Version Bumps

Layer / File(s) Summary
GitHub Actions pinned version bumps
.github/workflows/benchmarks.yml, .github/workflows/zizmor.yml
CodSpeedHQ/action bumped from v4.17.5 to v4.17.6; zizmorcore/zizmor-action bumped from v0.5.6 to v0.5.7.
Root package.json and workspace toolchain bumps
package.json, pnpm-workspace.yaml
pnpm bumped from 11.7.0 to 11.8.0 in packageManager and engines; sherif bumped to ^1.12.0, vitest to 4.1.9; undici-types workspace override updated to 8.5.0.
Package and benchmark dependency bumps
packages/intent/package.json, benchmarks/intent/package.json
semver bumped to ^7.8.5, tsdown to ^0.22.3, verdaccio to ^6.7.4; @codspeed/vitest-plugin bumped to ^5.6.0, vitest to 4.1.9.
Eval fixture dependency bumps
evals/intent-discovery/fixtures/router-basic/package.json, evals/intent-discovery/fixtures/start-basic/package.json, evals/intent-discovery/fixtures/table-v9-basic/package.json
react and react-dom bumped from 19.2.0 to 19.2.7 in all three fixtures; @tanstack/react-table bumped from 9.0.0-beta.16 to 9.0.0-beta.17 in table-v9-basic.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

  • TanStack/intent#132: The main issue tracking dependency updates that are applied directly in this PR, covering all the same version bumps for toolchain and packages.

Possibly related PRs

  • TanStack/intent#164: Bumps the same CodSpeedHQ/action and zizmorcore/zizmor-action pinned revisions in the same workflow files.

Suggested reviewers

  • KevinVandy

Poem

🐇 A rabbit hops through the monorepo,
Sprinkling version bumps far and low,
pnpm, vitest, react so bright,
Semver, zizmor—all shiny and right!
Dependencies fresh, the lockfiles sing,
Hop hop hooray for each little thing! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR body is a Renovate-generated dependency table and is missing the template's Changes, Checklist, and Release Impact sections. Rewrite the description to match the repository template, including a summary of changes, checklist items, and release impact.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main purpose of the PR: updating non-major dependencies across the project.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/all-minor-patch

Comment @coderabbitai help to get the list of available commands.

@socket-security

socket-security Bot commented Jun 22, 2026

Copy link
Copy Markdown

@socket-security

socket-security Bot commented Jun 22, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@tanstack/eslint-config@0.4.0npm/nx@22.7.6npm/knip@6.23.0npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @verdaccio/ui-theme is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/verdaccio@6.7.4npm/@verdaccio/ui-theme@9.0.0-next-9.20

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@verdaccio/ui-theme@9.0.0-next-9.20. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm nx is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/nx@22.7.6

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/nx@22.7.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm seroval is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/@tanstack/react-router@1.170.17npm/@tanstack/react-start@1.168.27npm/seroval@1.5.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/seroval@1.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 0bdbc1d to e1820a8 Compare June 24, 2026 00:20
@nx-cloud

nx-cloud Bot commented Jun 24, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit e3e7362

Command Status Duration Result
nx run-many --targets=build --exclude=examples/** ✅ Succeeded <1s View ↗

☁️ Nx Cloud last updated this comment at 2026-07-01 23:35:58 UTC

@pkg-pr-new

pkg-pr-new Bot commented Jun 24, 2026

Copy link
Copy Markdown

Open in StackBlitz

npm i https://pkg.pr.new/TanStack/intent/@tanstack/intent@179

commit: f4703fc

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from e080b8e to f5b0a6d Compare June 30, 2026 02:12
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from f5b0a6d to e3e7362 Compare July 1, 2026 23:34
@renovate

renovate Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants