Skip to content

Comments

chore(deps): update minor#44

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/minor
Open

chore(deps): update minor#44
renovate[bot] wants to merge 1 commit intomainfrom
renovate/minor

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 16, 2026

This PR contains the following updates:

Package Type Update Change Pending OpenSSF
@base-ui/react (source) dependencies minor 1.1.01.2.0 OpenSSF Scorecard
dotenv dependencies minor 17.2.317.3.1 OpenSSF Scorecard
pnpm (source) engines minor 10.28.210.30.0 10.30.2 (+1) OpenSSF Scorecard
react-resizable-panels (source) dependencies minor 4.5.24.6.4 4.6.5 OpenSSF Scorecard
undici (source) dependencies minor 7.19.27.22.0 OpenSSF Scorecard

Release Notes

mui/base-ui (@​base-ui/react)

v1.2.0

Compare Source

Feb 12, 2026

General changes
Autocomplete
Avatar
Button
Checkbox
Combobox
Context Menu
Drawer
Field
Input
Menu
Navigation Menu
Number Field
Popover
Preview Card
Progress
Radio Group
Scroll Area
Select
Slider
Switch
Tabs
Toast
Toggle
Toggle Group
Tooltip

All contributors of this release in alphabetical order : @​antonfrolovsky, @​arturbien, @​atomiks, @​CiscoFran10, @​CrawlerCode, @​flaviendelangle, @​guisehn, @​jijiseong, @​LukasTy, @​markocupic024, @​mattrothenberg, @​mdm317, @​michaelhazan, @​michaldudak, @​mj12albert, @​obeattie, @​OliverSpeir, @​oliviertassinari, @​sai6855, @​sarthakmalik0810, @​solastley, @​ZeeshanTamboli

motdotla/dotenv (dotenv)

v17.3.1

Compare Source

Changed
  • Fix as2 example command in README and update spanish README

v17.3.0

Compare Source

Added
  • Add a new README section on dotenv’s approach to the agentic future.
Changed
  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

v17.2.4

Compare Source

Changed
  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#​915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.
pnpm/pnpm (pnpm)

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

  • pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

  • Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
  • Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Bit

Gold Sponsors

Sanity Discord Vite
SerpApi CodeRabbit Workleap
Stackblitz Nx

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

  • The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
  • Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
  • Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

  • Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

  • Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

  • Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

  • Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

  • Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

  • Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

  • Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

  • update tar to version 7.5.7 to fix security issue

    Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

  • Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

  • Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

  • pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

  • Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite
bvaughn/react-resizable-panels (react-resizable-panels)

v4.6.4

Compare Source

  • 664, 665: Resize actions sometimes "jump" on touch devices

v4.6.3

Compare Source

  • Fixed a problem with project logo not displaying correctly in the README for the Firefox browser.

v4.6.2

Compare Source

  • 660: Group guards against layouts with mis-ordered Panel id keys

v4.6.1

Compare Source

  • 658: Imperative Panel and Group APIs ignored disabled status when resizing panels; this is an explicit override of the disabled state and is required to support conditionally disabled groups.
  • 658: Separator component does not set a cursor: not-allowed style if the parent Group has cursors disabled.

v4.6.0

Compare Source

  • 657: Allow Panel and Separator components to be disabled

v4.5.9

Compare Source

  • 649: Optimization: Replace useForceUpdate with useSyncExternalStore to avoid side effect of swallowing "click" events in certain cases
  • 654: Bugfix Imperative Group method setLayout persists layout to in-memory cache
  • 652: Re-enable collapsible panel bugfix after fixing another reported issue

v4.5.8

Compare Source

  • 651: Disabled the change to collapsible panel behavior that was originally made in 635 due to another reported regression

v4.5.7

Compare Source

  • 646: Re-enable the collapsible Panel from 4.5.3 that was disabled in 4.5.6
  • 648: Bugfix: Reset Separator hover-state on Document "pointerout"

v4.5.6

Compare Source

  • 644: Disabled the change to collapsible panel behavior that was originally made in 635

v4.5.5

Compare Source

  • 641: Removed aria-orientation role from root Group element as this was invalid according to the ARIA spec; (for more information see the discussion on issue #​640)
  • 642: Bugfix: Fix collapsible Panel regression introduced in 4.5.3

v4.5.4

Compare Source

  • 638: Panel avoids unnecessary re-renders in response to mouse-hover state.

v4.5.3

Compare Source

  • 635: Expand pre-collapsed panels if drug past the halfway point for more consistent collapse/expand behavior.
  • 631: Bugfix: Panels set max-width and max-height to 100% to fix potential CSS overflow bug.
nodejs/undici (undici)

v7.22.0

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.21.0...v7.22.0

v7.21.0

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

v7.20.0

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.19.2...v7.20.0


Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the deps: minor label Feb 16, 2026
@renovate
Copy link
Contributor Author

renovate bot commented Feb 16, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml
 ERR_PNPM_UNSUPPORTED_ENGINE  Unsupported environment (bad pnpm and/or Node.js version)

Your pnpm version is incompatible with "/tmp/renovate/repos/github/allthingslinux/portal".

Expected version: 10.30.0
Got: 10.28.2

This is happening because the package's manifest has an engines.pnpm field specified.
To fix this issue, install the required pnpm version globally.

To install the latest version of pnpm, run "pnpm i -g pnpm".
To check your pnpm version, run "pnpm -v".

Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

@renovate renovate bot changed the title chore(deps): update minor chore(deps): update minor - autoclosed Feb 18, 2026
@renovate renovate bot closed this Feb 18, 2026
@renovate renovate bot deleted the renovate/minor branch February 18, 2026 02:57
@renovate renovate bot changed the title chore(deps): update minor - autoclosed chore(deps): update minor Feb 23, 2026
@renovate renovate bot reopened this Feb 23, 2026
@renovate renovate bot force-pushed the renovate/minor branch 2 times, most recently from b920e60 to 9af3fbc Compare February 23, 2026 05:12
| datasource | package                | from    | to      |
| ---------- | ---------------------- | ------- | ------- |
| npm        | @base-ui/react         | 1.1.0   | 1.2.0   |
| npm        | dotenv                 | 17.2.3  | 17.3.1  |
| npm        | pnpm                   | 10.28.2 | 10.30.0 |
| npm        | react-resizable-panels | 4.5.2   | 4.6.4   |
| npm        | undici                 | 7.19.2  | 7.22.0  |
"packageManager": "pnpm@10.28.2",
"engines": {
"pnpm": "10.28.2",
"pnpm": "10.30.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The PR description claims to update several dependencies, but these changes are missing from package.json. The packageManager version is also not updated, creating an inconsistency.
Severity: MEDIUM

Suggested Fix

Ensure the dependency versions in package.json match the versions specified in the PR description. Update @base-ui/react, dotenv, react-resizable-panels, and undici. Also, update the packageManager field to pnpm@10.30.0 to match the engines.pnpm version. Finally, run pnpm install to regenerate the pnpm-lock.yaml file.

Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L143

Potential issue: The pull request description indicates updates for four dependencies
(`@base-ui/react`, `dotenv`, `react-resizable-panels`, `undici`), but these version
changes are not reflected in the `package.json` file. The application will continue to
use the old, un-updated versions of these packages. Additionally, there is a mismatch
between the `engines.pnpm` version, which was updated to `10.30.0`, and the
`packageManager` field, which remains at `10.28.2`. This inconsistency could lead to
issues for developers. The `pnpm-lock.yaml` file also remains unchanged, confirming the
dependencies were not updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants