chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
github.com/Masterminds/semver/v3	v3.4.0 → v3.5.0			require	minor
github.com/alecthomas/chroma/v2	v2.23.1 → v2.24.1			require	minor
github.com/fsnotify/fsnotify	v1.9.0 → v1.10.1			require	minor
golangci/golangci-lint	v2.11.4 → v2.12.2			uses-with	minor
netlify-cli	26.0.0 → 26.0.1			devDependencies	patch
pnpm (source)	10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319 → 10.33.4			packageManager	patch
vitepress-plugin-llms	1.12.1 → 1.12.2			devDependencies	patch
vue (source)	3.5.32 → 3.5.34			devDependencies	patch

---

Release Notes

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.5.0

Compare Source

What's Changed

• Adding more prerelease tests by @​mattfarina in #​273
• Update constraint error messages by @​mattfarina in #​278
• Fix edge cases by @​mattfarina in #​279
• Adding some checks in by @​mattfarina in #​280
• Updating deps by @​mattfarina in #​281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in #​283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in #​284
• Updating gitignore for devcontainers by @​mattfarina in #​286
• Fixing some quality issues by @​mattfarina in #​287

New Contributors

• @​dependabot[bot] made their first contribution in #​282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

alecthomas/chroma (github.com/alecthomas/chroma/v2)

v2.24.1

Compare Source

Changelog

• d2a3784 fix: fallback bug

v2.24.0

Compare Source

Changelog

• 0b841ee chore: go mod tidy
• 10fcb68 chore(deps): update ubuntu docker tag to v26 (#​1251)
• 2218de6 chore(deps): update all non-major dependencies (#​1236)
• 2099887 Update Solarized Light to use correct background color (#​1250)
• ce43442 Add Lateralus lexer (#​1249)
• 2b00673 fix: commenting issues on gas lexer (#​1247)
• 8d04def Add NameOther entry to github-dark theme (#​1240)
• f2db790 chore(deps): update all non-major dependencies (#​1234)
• fc18a48 Include embedded font license in COPYING file (#​1233)
• e11ef85 chore(deps): update all non-major dependencies (#​1211)
• 79e0fa7 Add ERB lexer (#​1228)
• b59560d Add Spade lexer (#​1229)
• 83b5491 Import Luau lexer (#​1209)
• da72a97 Add JetBrains Darcula theme (#​1226)
• 8087957 styles: case-insensitive style registration and lookup (#​1223)
• 10daf04 Add .json5 to json Lexer (#​1224)
• dccba78 Add AMPL lexer (#​1219)
• ee4ad0a Fix MySQL lexer single comment render error (#​1214)
• b160804 Add using Keyword to JavaScript (#​1215)
• 17e5911 Pop type state when encountering punctuation for graphql (#​1210)
• 893841b Show error message in chromad (#​1208)
• fef8258 Fix error handling in needRules() (#​1207)
• d8a3315 Update the PHP lexer (#​1206)
• 353c35b Add the Kanagawa themes (#​1198)
• 41448fe Update the Materialize lexer (#​1201)
• 020d1c0 Add .qrc as extension for XML (#​1205)
• 6a63b3a Add meson.options as filename for Meson (#​1204)
• d398caf Import Gettext lexer (#​1202)
• 43245c9 chore(deps): update dependency biome to v2.3.12 (#​1200)
• 8215091 feat: add scdoc support (#​1199)
• 3fce7ab chore(deps): update all non-major dependencies (#​1188)

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#​754)

• inotify, windows: don't rename sibling watches sharing a path prefix
  (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#​731)

• inotify: send Rename event if recursive watch is renamed (#​696)

• inotify: avoid copying event buffers when reading names (#​741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

• windows: fix nil pointer dereference in remWatch (#​736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

golangci/golangci-lint (golangci/golangci-lint)

v2.12.2

Compare Source

Released on 2026-05-06

1. Linters bug fixes
   • gomodguard_v2: fix blocked configuration
   • gomodguard_v2: from 2.1.0 to 2.1.3
   • iface: from 1.4.1 to 1.4.2

v2.12.1

Compare Source

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Compare Source

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d to c99c5cf (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce21 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

netlify/cli (netlify-cli)

v26.0.1

Compare Source

Bug Fixes

• adjust import path to account for function specific directory (#​8221) (e439393)
• deps: update dependency @​fastify/static to v9.1.1 [security] (#​8165) (c3ffebf)
• don't use inquirer for non-interactive variant of "database migrations new" command (#​8232) (41fc777)
• filter out more user error messages (#​8230) (c94f4b7)

pnpm/pnpm (pnpm)

v10.33.4: pnpm 10.33.4

Compare Source

Patch Changes

• Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.

  A new gitHosted: true field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.

• Fix a regression where pnpm --recursive --filter '!<pkg>' run/exec/test/add would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative --filter arguments are provided, matching the documented behavior. To include the root, pass --include-workspace-root #​11341.

Platinum Sponsors

Gold Sponsors

v10.33.3

Compare Source

v10.33.2

Compare Source

v10.33.1: pnpm 10.33.1

Compare Source

Patch Changes

• When a project's packageManager field selects pnpm v11 or newer, commands that v10 would have passed through to npm (version, login, logout, publish, unpublish, deprecate, dist-tag, docs, ping, search, star, stars, unstar, whoami, etc.) are now handed over to the wanted pnpm, which implements them natively. Previously they silently shelled out to npm — making, for example, pnpm version --help print npm's help on a project with packageManager: pnpm@11.0.0-rc.3 #​11328.

Platinum Sponsors

Gold Sponsors

okineadev/vitepress-plugin-llms (vitepress-plugin-llms)

v1.12.2

Compare Source

    🚀 Enhancements

• llms-full.txt: Sort all pages according to VitePress sidebar  -  by @​okineadev (6a58f)

Previously, pages in llms-full.txt were sorted alphabetically, but now they are sorted sequentially as intended, relative to the sidebar as it is done in llms.txt

   💖 Contributors

• @​okineadev

     View changes on GitHub

vuejs/core (vue)

v3.5.34

Compare Source

Bug Fixes

• compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#​14758) (7f46fd4), closes #​14729
• compiler-sfc: preserve hash hrefs on <image> elements (#​14756) (090b2e3)
• compiler-sfc: resolve type re-exports inside declare global (#​14766) (acfffe3)
• reactivity: prevent orphan effect when created in a stopped scope (#​14778) (c8e2d4a), closes #​14777
• runtime-core: avoid symbol coercion during props validation (#​8539) (23d4fb5), closes #​8487
• suspense: avoid DOM leak with out-in transition in v-if fragment (#​14762) (9667e0d), closes #​14761

v3.5.33

Compare Source

Bug Fixes

• compiler-sfc: handle nested :deep in selector pseudos (#​14725) (bb9d265), closes #​14724
• reactivity: unlink effect scopes on out-of-order off (#​14734) (e7659be), closes #​14733
• runtime-dom: preserve textarea resize dimensions (#​14747) (11fb2fd), closes #​14741
• teleport: don't move teleport children if not mounted (#​14702) (6a61f44), closes #​14701
• transition: preserve placeholder for conditional explicit default slots (#​14748) (45990ce), closes #​14727

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/dlclark/regexp2	v1.11.5 -> v1.12.0