Update the pnpm group

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	2.4.12 → 2.4.13
@changesets/cli (source)	2.30.0 → 2.31.0
@fumadocs/cli (source)	1.3.8 → 1.3.9
@fumadocs/mdx-remote (source)	1.4.9 → 1.4.10
@sentry/nextjs (source)	10.49.0 → 10.50.0
@types/bun (source)	1.3.12 → 1.3.13
fumadocs-core (source)	16.7.16 → 16.8.3
fumadocs-mdx (source)	14.3.0 → 14.3.2
fumadocs-ui (source)	16.7.16 → 16.8.3
lucide-react (source)	1.8.0 → 1.11.0
npm (source)	11.12.1 → 11.13.0
npm (source)	11.9.0 → 11.13.0
postcss (source)	8.5.10 → 8.5.12
posthog-js (source)	1.369.2 → 1.372.1
posthog-node (source)	5.29.4 → 5.30.4
vite (source)	8.0.9 → 8.0.10

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.13

Compare Source

Patch Changes

• #​9969 c5eb92b Thanks @​officialasishkumar! - Added the nursery rule noUnnecessaryTemplateExpression, which disallows template literals that only contain string literal expressions. These can be replaced with a simpler string literal.

  For example, the following code triggers the rule:

  const a = `${"hello"}`; // can be 'hello'
  const b = `${"prefix"}_suffix`; // can be 'prefix_suffix'
  const c = `${"a"}${"b"}`; // can be 'ab'

• #​10037 f785e8c Thanks @​minseong0324! - Fixed #​9810: noMisleadingReturnType no longer reports false positives on a getter with a matching setter in the same namespace.

  class Store {
    get status(): string {
      if (Math.random() > 0.5) return "loading";
      return "idle";
    }
    set status(v: string) {}
  }

• #​10084 5e2f90c Thanks @​jiwon79! - Fixed #​10034: noUselessEscapeInRegex no longer flags escapes of ClassSetReservedPunctuator characters (&, !, #, %, ,, :, ;, <, =, >, @, `, ~) inside v-flag character classes as useless. These characters are reserved as individual code points in v-mode, so the escape is required.

  The following pattern is now considered valid:

  /[a-z\&]/v;

• #​10063 c9ffa16 Thanks @​Netail! - Added extra rule sources from ESLint CSS. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​10035 946b50e Thanks @​Netail! - Fixed #​10032: useIframeSandbox now flags if there's no initializer value.

• #​9865 68fb8d4 Thanks @​dyc3! - Added the new nursery rule useDomNodeTextContent, which prefers textContent over innerText for DOM node text access and destructuring.

  For example, the following snippet triggers the rule:

  const foo = node.innerText;

• #​10023 bd1e74f Thanks @​ematipico! - Added a new nursery rule noReactNativeDeepImports that disallows deep imports from the react-native package. Internal paths like react-native/Libraries/... are not part of the public API and may change between versions.

  For example, the following code triggers the rule:

  import View from "react-native/Libraries/Components/View/View";

• #​9885 3dce737 Thanks @​dyc3! - Added a new nursery rule useDomQuerySelector that prefers querySelector() and querySelectorAll() over older DOM query methods such as getElementById() and getElementsByClassName().

• #​9995 4da9caf Thanks @​siketyan! - Fixed #​9994: Biome now parses nested CSS rules correctly when declarations follow them inside embedded snippets.

• #​10009 b41cc5a Thanks @​Jayllyz! - Fixed #​10004: noComponentHookFactories no longer reports false positives for object methods and class methods.

• #​9988 eabf54a Thanks @​Netail! - Tweaked the diagnostics range for useAltText, useButtonType, useHtmlLang, useIframeTitle, useValidAriaRole & useIfameSandbox to report on the opening tag instead of the full tag.

• #​10043 fc65902 Thanks @​mujpao! - Fixed #​10003: Biome no longer panics when parsing Svelte files containing {#}.

• #​9815 5cc83b1 Thanks @​dyc3! - Added the new nursery rule noLoopFunc. When enabled, it warns when a function declared inside a loop captures outer variables that can change across iterations.

• #​9702 ef470ba Thanks @​ryan-m-walker! - Added the nursery rule useRegexpTest that enforces RegExp.prototype.test() over String.prototype.match() and RegExp.prototype.exec() in boolean contexts. test() returns a boolean directly, avoiding unnecessary computation of match results.

  Invalid

  if ("hello world".match(/hello/)) {
  }

  Valid

  if (/hello/.test("hello world")) {
  }

• #​9743 245307d Thanks @​leetdavid! - Fixed #​2245: Svelte <script> tag language detection when the generics attribute contains > characters (e.g., <script lang="ts" generics="T extends Record<string, unknown>">). Biome now correctly recognizes TypeScript in such script blocks.

• #​10046 0707de7 Thanks @​Conaclos! - Fixed #​10038: organizeImports now sorts imports in TypeScript modules and declaration files.

    declare module "mymodule" {
  -  	import type { B } from "b";
    	import type { A } from "a";
  +  	import type { B } from "b";
    }

• #​10012 94ccca9 Thanks @​ematipico! - Added the nursery rule noReactNativeLiteralColors, which disallows color literals inside React Native styles.

  The rule belongs to the reactNative domain. It reports properties whose name contains color and whose value is a string literal when they appear inside a StyleSheet.create(...) call or inside a JSX attribute whose name contains style.

  // Invalid
  const Hello = () => <Text style={{ backgroundColor: "#FFFFFF" }}>hi</Text>;
  
  const styles = StyleSheet.create({
    text: { color: "red" },
  });

  // Valid
  const red = "#f00";
  const styles = StyleSheet.create({
    text: { color: red },
  });

• #​10005 131019e Thanks @​ematipico! - Added the nursery rule noReactNativeRawText, which disallows raw text outside of <Text> components in React Native.

  The rule belongs to the new reactNative domain.

  // Invalid
  <View>some text</View>
  <View>{'some text'}</View>

  // Valid
  <View>
    <Text>some text</Text>
  </View>

  Additional components can be allowlisted through the skip option:

  {
    "options": {
      "skip": ["Title"]
    }
  }

• #​9911 1603f78 Thanks @​Netail! - Added the nursery rule noJsxLeakedDollar, which flags text nodes with a trailing $ if the next sibling node is a JSX expression. This could be an unintentional mistake, resulting in a '$' being rendered as text in the output.

  Invalid:

  function MyComponent({ user }) {
    return <div>Hello ${user.name}</div>;
  }

• #​9999 f42405f Thanks @​minseong0324! - Fixed noMisleadingReturnType incorrectly flagging functions with reassigned let variables.

• #​10075 295f97f Thanks @​ematipico! - Fixed #9983: Biome now parses functions declared inside Svelte #snippet blocks without throwing errors.

• #​10006 cf4c1c9 Thanks @​minseong0324! - Fixed #​9810: noMisleadingReturnType incorrectly flagging nested object literals with widened properties.

• #​10033 11ddc05 Thanks @​ematipico! - Added the nursery rule useReactNativePlatformComponents that ensures platform-specific React Native components (e.g. ProgressBarAndroid, ActivityIndicatorIOS) are only imported in files with a matching platform suffix. It also reports when Android and iOS components are mixed in the same file.

  The following code triggers the rule when the file does not have an .android.js suffix:

  // file.js
  import { ProgressBarAndroid } from "react-native";

changesets/changesets (@​changesets/cli)

v2.31.0

Compare Source

Minor Changes

• #​1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

• #​1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

• d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

• #​1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

• #​1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

• #​1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

• Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

  • @​changesets/assemble-release-plan@​6.0.10
  • @​changesets/get-dependents-graph@​2.1.4
  • @​changesets/apply-release-plan@​7.1.1
  • @​changesets/get-release-plan@​4.0.16
  • @​changesets/config@​3.1.4

fuma-nama/fumadocs (@​fumadocs/cli)

v1.3.9

Compare Source

Patch Changes

• af7ee2d: fix layout preserve plugin

getsentry/sentry-javascript (@​sentry/nextjs)

v10.50.0

Compare Source

lucide-icons/lucide (lucide-react)

v1.11.0: Version 1.11.0

Compare Source

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in #​4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in #​4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in #​4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in #​4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in #​4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in #​4315
• feat(docs): blur background of framework-select by @​Spleefies in #​4238
• feat(icon): add heart-x icon by @​swastik7805 in #​4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in #​4299
• feat(icons): added layers-minus icon by @​Spleefies in #​4005
• feat(icons): added bell-check icon by @​pettelau in #​4152

New Contributors

• @​jglu made their first contribution in #​4309
• @​pettelau made their first contribution in #​4152

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

v1.10.0: Version 1.10.0

Compare Source

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in #​4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in #​4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in #​4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in #​4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in #​4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in #​4315
• feat(docs): blur background of framework-select by @​Spleefies in #​4238
• feat(icon): add heart-x icon by @​swastik7805 in #​4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in #​4299
• feat(icons): added layers-minus icon by @​Spleefies in #​4005
• feat(icons): added bell-check icon by @​pettelau in #​4152

New Contributors

• @​jglu made their first contribution in #​4309
• @​pettelau made their first contribution in #​4152

Full Changelog: lucide-icons/lucide@1.9.0...1.10.0

v1.9.0: Version 1.9.0

Compare Source

What's Changed

• fix(packages/angular): allow string inputs for size by @​swastik7805 in #​4253
• fix(gh-icon): update colors for ColoredPath component by @​jguddas in #​4233
• feat(packages): use .mjs for ESM bundles by @​karsa-mistmere in #​4285
• fix(build-font): add collision detection to font codepoints by @​karsa-mistmere in #​4300
• feat(icons): added timeline icon by @​jguddas in #​4270

New Contributors

• @​swastik7805 made their first contribution in #​4253

Full Changelog: lucide-icons/lucide@1.8.0...1.9.0

npm/cli (npm)

v11.13.0

Compare Source

postcss/postcss (postcss)

v8.5.12

Compare Source

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

v8.5.11

Compare Source

• Fixed nested brackets parsing performance (by @​offset).

PostHog/posthog-js (posthog-js)

v1.372.1

Compare Source

1.372.1

Patch Changes

• #​3464 70508df Thanks @​dustinbyrne! - Avoid using Blob.stream() for native async gzip compression to prevent Safari NotReadableError stream failures.
  (2026-04-24)
• Updated dependencies [70508df]:
  • @​posthog/core@​1.27.5
  • @​posthog/types@​1.372.1

v1.372.0

Compare Source

1.372.0

Minor Changes

• #​3470 eaa1322 Thanks @​veryayskiy! - You cannot write to a resolve ticket. Start a new one.
  (2026-04-24)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.372.0
  • @​posthog/core@​1.27.4

v1.371.4

Compare Source

1.371.4

Patch Changes

• #​3469 3c4fc1e Thanks @​fasyy612! - bump rrweb to 0.0.60
  (2026-04-24)
• Updated dependencies []:
  • @​posthog/types@​1.371.4
  • @​posthog/core@​1.27.3

v1.371.3

Compare Source

1.371.3

Patch Changes

• #​3445 61cf83e Thanks @​dustinbyrne! - Fix session recording in the full no-external browser bundles
  (2026-04-24)
• Updated dependencies [daf028d]:
  • @​posthog/core@​1.27.2
  • @​posthog/types@​1.371.3

v1.371.2

Compare Source

1.371.2

Patch Changes

• #​3453 96f19b7 Thanks @​turnipdabeets! - Lift OTLP log serialization helpers from posthog-js into @​posthog/core so the
  upcoming React Native logs feature consumes the same builders. Browser gains
  two fixes as a side effect: NaN and ±Infinity attribute values no longer get
  silently dropped during JSON encoding, and the scope.version OTLP field is
  now populated with the SDK version (changes the server's instrumentation_scope
  column from "posthog-js@" to "posthog-js@"). (2026-04-23)
• Updated dependencies [96f19b7]:
  • @​posthog/types@​1.371.2
  • @​posthog/core@​1.27.1

v1.371.1

Compare Source

1.371.1

Patch Changes

• #​3425 2da17e8 Thanks @​marandaneto! - Classify SDK-owned persistence keys with an explicit event exposure policy so new internal persistence state must be intentionally marked as event-visible, hidden, or derived.
  (2026-04-23)
• Updated dependencies []:
  • @​posthog/types@​1.371.1

v1.371.0

Compare Source

1.371.0

Patch Changes

• #​3432 1a8b727 Thanks @​richardsolomou! - refactor: rename __add_tracing_headers to addTracingHeaders. The __ prefix signalled an internal/experimental option, but the config is a public API (documented for linking LLM traces to session replays). __add_tracing_headers continues to work as a deprecated alias on the browser SDK.

  Also exposes patchFetchForTracingHeaders from @posthog/core so non-browser SDKs can reuse the implementation. (2026-04-23)

• Updated dependencies [1a8b727]:

  • @​posthog/core@​1.27.0
  • @​posthog/types@​1.371.0

v1.370.1

Compare Source

1.370.1

Patch Changes

• #​3442 6f19ce8 Thanks @​marandaneto! - fix(surveys): guard survey seen localStorage access
  (2026-04-22)
• Updated dependencies []:
  • @​posthog/types@​1.370.1

v1.370.0

Compare Source

1.370.0

Minor Changes

• #​3389 922a1c1 Thanks @​hpouillot! - Add exception steps to error tracking (aka breadcrumbs)
  (2026-04-22)

Patch Changes

• Updated dependencies [922a1c1]:
  • @​posthog/types@​1.370.0
  • @​posthog/core@​1.26.0

v1.369.5

Compare Source

1.369.5

Patch Changes

• Updated dependencies [1a0b58d]:
  • @​posthog/core@​1.25.3
  • @​posthog/types@​1.369.5

v1.369.4

Compare Source

1.369.4

Patch Changes

• #​3362 d61bce1 Thanks @​sampennington! - fix(cookieless): start in cookieless mode when opt_out_capturing_by_default is set
  (2026-04-21)
• Updated dependencies []:
  • @​posthog/types@​1.369.4

v1.369.3

Compare Source

1.369.3

Patch Changes

• #​3419 ea08727 Thanks @​haacked! - Reinstate $feature_flag_payloads and $surveys_activated in captured event properties.
  (2026-04-18)

• #​3416 3d8b2e2 Thanks @​feliperalmeida! - Updated dependencies: - protobufjs@​7.5.5
  (2026-04-18)

• Updated dependencies []:

  • @​posthog/types@​1.369.3

PostHog/posthog-js (posthog-node)

v5.30.4

Compare Source

Patch Changes

• Updated dependencies [70508df]:
  • @​posthog/core@​1.27.5

v5.30.3

Compare Source

Patch Changes

• Updated dependencies []:
  • @​posthog/core@​1.27.4

v5.30.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​posthog/core@​1.27.3

v5.30.1

Compare Source

Patch Changes

• Updated dependencies [daf028d]:
  • @​posthog/core@​1.27.2

v5.30.0

Compare Source

Minor Changes

• #​3457 eadbcd7 Thanks @​hpouillot! - send relative file paths in frames
  (2026-04-23)

v5.29.7

Compare Source

Patch Changes

• Updated dependencies [96f19b7]:
  • @​posthog/core@​1.27.1

v5.29.6

Compare Source

Patch Changes

• Updated dependencies [1a8b727]:
  • @​posthog/core@​1.27.0

v5.29.5

Compare Source

Patch Changes

• Updated dependencies [922a1c1]:
  • @​posthog/core@​1.26.0

vitejs/vite (vite)

v8.0.10

Compare Source

Features

• update rolldown to 1.0.0-rc.17 (#​22299) (a4d06d9)

Bug Fixes

• hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#​22147) (a4d828f)
• css: show filename in CSS minification warnings for .css?inline (#​22292) (83f0a78)
• optimizer: allow user transform.target to override default in optimizeDeps (#​22273) (5c7cec6)
• remove format sniffing module resolution from JS resolver (#​22297) (b8a21cc)

Code Refactoring

• enable some typecheck rules (#​22278) (9437518)
• typecheck client directory (#​22284) (40a0847)

---

Configuration

📅 Schedule: (in timezone Asia/Almaty)

• Branch creation
  • "on friday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 77b94b3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: examples/with-zod/package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn tarball tarball data for arkenv@file:/tmp/renovate/repos/github/yamcodes/arkenv/packages/arkenv/arkenv-0.8.3.tgz (sha512-i8K81SP+xQgHOeywxro2gszZPA60WiNu2NlJaiR1zD5ch5SfWLgy5v/4XbxNRGlEc682DW/I7Jua0lNQykw+bQ==) seems to be corrupted. Trying again.
npm warn tarball tarball data for arkenv@file:/tmp/renovate/repos/github/yamcodes/arkenv/packages/arkenv/arkenv-0.8.3.tgz (sha512-i8K81SP+xQgHOeywxro2gszZPA60WiNu2NlJaiR1zD5ch5SfWLgy5v/4XbxNRGlEc682DW/I7Jua0lNQykw+bQ==) seems to be corrupted. Trying again.
npm error code ENOENT
npm error syscall open
npm error path /tmp/renovate/repos/github/yamcodes/arkenv/packages/arkenv/arkenv-0.8.3.tgz
npm error errno -2
npm error enoent ENOENT: no such file or directory, open '/tmp/renovate/repos/github/yamcodes/arkenv/packages/arkenv/arkenv-0.8.3.tgz'
npm error enoent This is related to npm not being able to find a file.
npm error enoent
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-05-01T19_06_41_162Z-debug-0.log

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/arkenv@887

npm i https://pkg.pr.new/@arkenv/bun-plugin@887

npm i https://pkg.pr.new/@arkenv/fumadocs-ui@887

npm i https://pkg.pr.new/@arkenv/vite-plugin@887

commit: 77b94b3

[arkenv-bot]

📦 Bundle Size Report

Package	Size	Limit	Diff	Status
@arkenv/vite-plugin	1.91 kB	2.93 kB	0.0%	✅

✅ All size limits passed!

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[arkenv-bot]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (Asia/Almaty)
arkenv	Ready	Preview, Comment	May 2 2026, 12:12 AM (Asia/Almaty)