chore(deps): update non-major #97

renovate · 2025-12-03T20:04:02Z

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Type	Update
@portabletext/react	`3.0.11` -> `3.2.4`	dependencies	minor
@sanity/client (source)	`6.15.1` -> `6.29.1`	dependencies	minor
@sanity/icons (source)	`2.10.3` -> `2.11.8`	dependencies	minor
@sanity/image-url (source)	`1.0.2` -> `1.2.0`	dependencies	minor
@sanity/preview-url-secret (source)	`1.6.4` -> `1.6.21`	dependencies	patch
@sanity/vision (source)	`3.31.0` -> `3.99.0`	dependencies	minor
@sanity/visual-editing (source)	`1.6.0` -> `1.8.22`	dependencies	minor
@tailwindcss/typography	`0.5.10` -> `0.5.19`	dependencies	patch
@types/react (source)	`18.2.63` -> `18.3.27`	devDependencies	minor
@vercel/og	`0.6.2` -> `0.8.6`	dependencies	minor
autoprefixer	`10.4.18` -> `10.4.23`	devDependencies	patch
eslint (source)	`8.57.0` -> `8.57.1`	devDependencies	patch
eslint-config-next (source)	`14.1.2` -> `14.2.35`	devDependencies	minor
eslint-plugin-simple-import-sort	`12.0.0` -> `12.1.1`	devDependencies	minor
next-sanity (source)	`8.1.3` -> `8.5.5`	dependencies	minor
peter-evans/create-pull-request (changelog)	`a4f52f8` -> `c5a7806`	action	digest
postcss (source)	`8.4.35` -> `8.5.6`	devDependencies	minor
prettier (source)	`3.2.5` -> `3.7.4`	devDependencies	minor
prettier-plugin-packagejson	`2.4.12` -> `2.5.20`	devDependencies	minor
prettier-plugin-tailwindcss	`0.5.11` -> `0.7.2`	devDependencies	minor
react (source)	`18.2.0` -> `18.3.1`	dependencies	minor
react-dom (source)	`18.2.0` -> `18.3.1`	dependencies	minor
react-is (source)	`18.2.0` -> `18.3.1`	dependencies	minor
react-lite-youtube-embed	`2.4.0` -> `2.6.0`	dependencies	minor
sanity (source)	`3.31.0` -> `3.99.0`	dependencies	minor
styled-components (source)	`6.1.8` -> `6.1.19`	dependencies	patch
tailwindcss (source)	`3.4.1` -> `3.4.19`	devDependencies	patch
tibdex/github-app-token → actions/create-github-app-token	`v2` -> `v1`	action	replacement
typescript (source)	`5.3.3` -> `5.9.3`	devDependencies	minor

This is a special PR that replaces tibdex/github-app-token with the community suggested minimal stable replacement version.

Release Notes

portabletext/react-portabletext (@portabletext/react)

Patch Changes

#198 2c36798 Thanks @renovate! - fix(deps): update dependency @portabletext/toolkit to ^2.0.18
e03756d Thanks @stipsan! - fix(deps): update dependency @portabletext/types to ^2.0.14

`v3.2.2`

Compare Source

Patch Changes

0a33f02 Thanks @stipsan! - Update LICENSE year to 2025

`v3.2.1`

Compare Source

Bug Fixes

deps: update dependency @portabletext/toolkit to ^2.0.17 (#193) (34e8a5a)

`v3.2.0`

Compare Source

Features

support react 19 (#185) (61f7620)

Bug Fixes

deps: update dependency @portabletext/toolkit to ^2.0.16 (#180) (14237ac)

`v3.1.0`

Compare Source

Features

support react 19 (#170) (4d3cce4)

`v3.0.18`

Compare Source

Bug Fixes

deps: update dependency @portabletext/toolkit to ^2.0.15 (#165) (677ff11)
deps: update dependency @portabletext/types to ^2.0.13 (#163) (4d14c07)

`v3.0.17`

Compare Source

Bug Fixes

deps: update dependency @portabletext/toolkit to ^2.0.14 (#157) (6f180af)

`v3.0.16`

Compare Source

Bug Fixes

deps: update dependency @portabletext/types to ^2.0.12 (#154) (a745844)

`v3.0.15`

Compare Source

Bug Fixes

deps: update dependency @portabletext/toolkit to ^2.0.13 (#148) (c631eeb)

`v3.0.14`

Compare Source

Bug Fixes

deps: update dependency @portabletext/types to ^2.0.11 (#146) (22e3259)

`v3.0.13`

Compare Source

Bug Fixes

deps: update dependency @portabletext/toolkit to ^2.0.12 (#144) (8b5cd00)
deps: update dependency @portabletext/types to ^2.0.10 (#134) (143b21f)

`v3.0.12`

Compare Source

Bug Fixes

add PortableTextBlock export (2a41d9f)
deps: update dependency @portabletext/toolkit to ^2.0.11 (#139) (b430be3)
deps: update dependency @portabletext/types to ^2.0.9 (df552d8)

sanity-io/client (@sanity/client)

`v6.29.1`

Compare Source

Bug Fixes

dependency update, import condition (d8109b9)

`v6.29.0`

Compare Source

Features

add experimental support for resources (#1040) (9f15a36)
live: add goaway event (#1055) (7c57d3d)

`v6.28.4`

Compare Source

Bug Fixes

do not set withCredentials if token is set (#1037) (0d0730a)
remove client side validation of api perspective (#1036) (f10b170)

`v6.28.3`

Compare Source

Bug Fixes

docs: invalid changelog url (#1029) (0ddde6f)
invalid changelog url (0ddde6f)

`v6.28.2`

Compare Source

Bug Fixes

docs: make dataset and project related types public (#1026) (b0a622a)

`v6.28.1`

Compare Source

Bug Fixes

trigger semantic release version bump (#1024) (6ccc8bd)

`v6.28.0`

Compare Source

Features

listener: add support for includeAllVersions (#1003) (fff3a76)

Bug Fixes

deprecate previewDrafts-perspective in favor of drafts (#1007) (3b03ac5)
lift restriction on release perspective name (#1005) (cdfacc9)
live: dedupe event source instances (#990) (a26714d)

`v6.27.2`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.6.7 (#989) (b36339c)
live: includeDrafts no longer require vX (#991) (22e50aa)

`v6.27.1`

Compare Source

Bug Fixes

csm: handle Cannot read properties of undefined (cb80d68)

`v6.27.0`

Compare Source

Features

csm: support releases in applySourceDocuments (#981) (ab82a35)

`v6.26.1`

Compare Source

Bug Fixes

stega: append perspective to edit links (#979) (65ce82d)
stega: remove isDraft search param (#978) (08d189d)

`v6.26.0`

Compare Source

Features

csm: add document id utils (#976) (0d4cd76)

`v6.25.0`

Compare Source

Features

request: add flag to disable logging api warnings (#925) (3f90ab0)

`v6.24.4`

Compare Source

Bug Fixes

allow mutation selection without passing a patch builder (#964) (fd70208)
deps: update dependency get-it to ^8.6.6 (#960) (941203d)

`v6.24.3`

Compare Source

Bug Fixes

deps: update non-major (#955) (37b88bf)

`v6.24.2`

Compare Source

Bug Fixes

deps: update non-major (#952) (479ea80)

`v6.24.1`

Compare Source

Bug Fixes

make validateApiPerspective a TS asserter (#936) (baaa62c)

`v6.24.0`

Compare Source

Features

query: add support for release perspectives (#934) (59bd477)

Bug Fixes

export validateApiPerspective (b73ae46)

`v6.23.0`

Compare Source

Features

query: add cacheMode support (#933) (01b6576)

Bug Fixes

types: add (abort) signal to raw request typings (#926) (fcd9a16)

`v6.22.5`

Compare Source

Bug Fixes

stega: 2x faster encoding of portable text (#920) (8ae6d30)

`v6.22.4`

Compare Source

Bug Fixes

stega: add textTheme to deny list (39edfe1)
stega: ignore paths that end with Id (81aa664)

`v6.22.3`

Compare Source

Bug Fixes

live: detect CORS errors (#910) (553cb38)

`v6.22.2`

Compare Source

Bug Fixes

live: add withCredentials and tag support (#898) (4f882c9)

`v6.22.1`

Compare Source

Bug Fixes

add missing listenerName property on welcome event (#894) (6173089)

`v6.22.0`

Compare Source

Features

live: add experimental includeDrafts option (#890) (e1406b1)

Bug Fixes

deps: update dependency get-it to ^8.6.5 (#885) (847ad5b)

`v6.21.3`

Compare Source

Bug Fixes

deprecate studioHost, externalStudioHost in typings (#879) (ebe840b)
support signal on getDocument(s) to cancel requests (#881) (13d71bb)

`v6.21.2`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.6.4 (#876) (e71b985)

`v6.21.1`

Compare Source

Bug Fixes

add support for includeMutations listen parameter (#872) (5f0a991)

`v6.21.0`

Compare Source

Features

codegen: Allow query reponse types to be overridden through SanityQueries (#858) (c25d51a)

`v6.20.2`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.6.3 (#866) (0661f5d)

`v6.20.1`

Compare Source

Bug Fixes

add warning about setting both useCdn and withCredentials to true (#849) (ae01edb)
deps: update dependency get-it to ^8.6.1 (#856) (ced69bc)

`v6.20.0`

Compare Source

Features

the client.live.events() API is now stable (#843) (d03fc09)

`v6.19.2`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.6.0 (#846) (85afc9e)

`v6.19.1`

Compare Source

Bug Fixes

types: adjust action types to reflect Actions API (#830) (e116c62)

`v6.19.0`

Compare Source

Features

add actions API in client (#818) (03c15a9)

`v6.18.3`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.5.0 (#824) (f4fc8f6)

`v6.18.2`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.30 (#811) (6598ce8)

`v6.18.1`

Compare Source

Bug Fixes

race condition in client.listen memory leak (#805) (d2e468a)

`v6.18.0`

Compare Source

Features

add experimental new live events API (#797) (de0cec7)

`v6.17.3`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.29 (#796) (7cfec3e)

`v6.17.2`

Compare Source

Bug Fixes

stega: remove try/catch block from stegaClean (#788) (06aaad2)

`v6.17.1`

Compare Source

Bug Fixes

deps: update dependency @vercel/stega to v0.1.2 (#784) (7297ead)
deps: update dependency get-it to v8.4.28 (#786) (47985fc)
prevent listener leak on unsubscribe before eventsource module load (#783) (f38b64e)

`v6.17.0`

Compare Source

Features

update SanityProject to include metadata.cliInitializedAt (#779) (77bf6f6)

`v6.16.0`

Compare Source

Features

add stegaClean method, deprecate vercelStegaCleanAll (#773) (2749586)

Bug Fixes

deps: update dependency @vercel/stega to v0.1.1 (#771) (aea84ce)

`v6.15.20`

Compare Source

Bug Fixes

deps: update dependency @sanity/eventsource to ^5.0.2 (#754) (754183f)

`v6.15.19`

Compare Source

Bug Fixes

handle bug affecting next 14.2.2 during static pregeneration (#748) (28493e2)

`v6.15.18`

Compare Source

Bug Fixes

allow setting middleware on requester (#742) (65d45be)

`v6.15.17`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.26 (96ea964)

`v6.15.16`

Compare Source

Bug Fixes

createClient from @sanity/client/stega is deprecated (4d0a03f)
requester from @sanity/client/stega is deprecated (f29263d)
use the correct stega export conditions for react-native (06af163)

`v6.15.15`

Compare Source

Bug Fixes

add react-native export conditions (cc0fd76)
deps: update dependency get-it to ^8.4.24 (0d5952c)

`v6.15.14`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.23 (#720) (11a6299)

`v6.15.13`

Compare Source

Bug Fixes

improve bun support (ac37787)

`v6.15.12`

Compare Source

Bug Fixes

add bun export condition (57e814f)
deps: update dependency get-it to ^8.4.19 (#705) (fa3e10c)

`v6.15.11`

Compare Source

Bug Fixes

stega: update default filter to skip paths that contain "type" (#689) (1c6e4ea)

`v6.15.10`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.18 (#686) (c4dab41)

`v6.15.9`

Compare Source

Bug Fixes

deps: update dependency terser to ^5.30.2 (#679) (7ad406b)

`v6.15.8`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.16 (#668) (cea5c1c)
deps: update dependency get-it to ^8.4.17 (#677) (694298f)

`v6.15.7`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.15 (#661) (20af691)

`v6.15.6`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.14 (#647) (e7c1930)

`v6.15.5`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.13 (8c0bb8d)

`v6.15.4`

Compare Source

Bug Fixes

deps: update dependency get-it to ^8.4.11 (#633) (67ba08a)

`v6.15.3`

Compare Source

Bug Fixes

resolve turbopack regression (#627) (fdb999a)

`v6.15.2`

Compare Source

Bug Fixes

deps: update dependency @sanity/eventsource to ^5.0.2 (#754) (754183f)

sanity-io/icons (@sanity/icons)

`v2.11.8`

Compare Source

Bug Fixes

improve esm.sh compat (ce00433)

`v2.11.7`

Compare Source

Bug Fixes

deps: update non-major (#67) (c57cf81)

`v2.11.6`

Compare Source

Bug Fixes

include LICENSE (66eaf7b)

`v2.11.5`

Compare Source

Bug Fixes

deps: update non-major (#63) (4ff867e)

`v2.11.4`

Compare Source

Bug Fixes

deps: update dependency @sanity/pkg-utils to ^5.1.4 (#62) (049266e)

`v2.11.3`

Compare Source

Bug Fixes

improve ESM export (0c411c5)

`v2.11.2`

Compare Source

Bug Fixes

enable provenance (#59) (77d2afd)

[`v2.11.0`](https:/

Configuration

📅 Schedule: Branch creation - On day 1 of the month, every 3 months ( * * 1 */3 * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

vercel · 2025-12-03T20:04:09Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
sanity-template-vercel-visual-editing	Ready	Preview, Comment	Dec 18, 2025 11:30pm

socket-security · 2025-12-03T20:22:27Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
npm/eslint@8.57.0 ⏵ 8.57.1		⁺¹
npm/eslint-config-next@14.1.2 ⏵ 14.2.35
npm/prettier-plugin-packagejson@2.4.12 ⏵ 2.5.20	⁺¹	⁺¹	⁺⁵
npm/@types/react@18.2.63 ⏵ 18.3.27	⁺¹	⁺¹	^-2
npm/eslint-plugin-simple-import-sort@12.0.0 ⏵ 12.1.1	⁺¹	⁺¹
npm/postcss@8.4.35 ⏵ 8.5.6	⁺¹	⁺¹
npm/@vercel/og@0.6.2 ⏵ 0.8.6	^-4	⁺¹	⁺⁵
npm/@sanity/icons@2.10.3 ⏵ 2.11.8	⁺¹	⁺²	⁺¹
npm/react@18.2.0 ⏵ 18.3.1	⁺¹	⁺¹
npm/tailwindcss@3.4.1 ⏵ 3.4.19	⁺¹
npm/styled-components@6.1.8 ⏵ 6.1.19	⁺¹	⁺¹
npm/autoprefixer@10.4.18 ⏵ 10.4.23	⁺¹	^-2
npm/typescript@5.3.3 ⏵ 5.9.3
npm/prettier@3.2.5 ⏵ 3.7.4	^-7
github/peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc ⏵ c5a7806660adbe173f04e3e038b0ccdcd758773c	⁺¹
npm/react-dom@18.2.0 ⏵ 18.3.1	⁺¹	⁺¹
npm/@tailwindcss/typography@0.5.10 ⏵ 0.5.19	⁺¹	⁺²⁰
npm/react-lite-youtube-embed@2.4.0 ⏵ 2.6.0	⁺¹
npm/@sanity/image-url@1.0.2 ⏵ 1.2.0			⁺⁵
npm/@portabletext/react@3.0.11 ⏵ 3.2.4	⁺¹		^-1
npm/@sanity/vision@3.31.0 ⏵ 3.99.0	^-1	⁺¹
npm/sanity@3.31.0 ⏵ 3.99.0	⁺¹
npm/react-is@18.3.1
npm/prettier-plugin-tailwindcss@0.5.11 ⏵ 0.7.2
npm/@sanity/visual-editing@1.5.2 ⏵ 1.8.22			⁺²
npm/next-sanity@8.1.3 ⏵ 8.5.5	⁺¹		⁺¹
npm/@sanity/client@6.15.1 ⏵ 6.29.1	⁺¹		^-1
npm/@sanity/preview-url-secret@1.6.4 ⏵ 1.6.21	⁺¹	⁺¹	^-1

View full report

socket-security · 2025-12-03T20:22:29Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		License policy violation: npm `typescript` License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) From: package-lock.json → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `vite` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package-lock.json → `npm/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

renovate bot added 📦 deps 🤖 bot labels Dec 3, 2025

renovate bot requested a review from a team December 3, 2025 20:04

vercel bot deployed to Preview December 3, 2025 20:05 View deployment

renovate bot force-pushed the renovate/non-major branch from f680826 to 0c27934 Compare December 4, 2025 16:47

vercel bot deployed to Preview December 4, 2025 16:49 View deployment

renovate bot force-pushed the renovate/non-major branch from 0c27934 to 41a5afa Compare December 6, 2025 05:51

vercel bot deployed to Preview December 6, 2025 05:54 View deployment

renovate bot force-pushed the renovate/non-major branch from 41a5afa to d34dd30 Compare December 13, 2025 23:42

vercel bot deployed to Preview December 13, 2025 23:44 View deployment

renovate bot force-pushed the renovate/non-major branch from d34dd30 to 19a56f6 Compare December 14, 2025 23:37

vercel bot deployed to Preview December 14, 2025 23:39 View deployment

renovate bot force-pushed the renovate/non-major branch from 19a56f6 to f2bfc05 Compare December 15, 2025 15:16

vercel bot deployed to Preview December 15, 2025 15:17 View deployment

renovate bot force-pushed the renovate/non-major branch from f2bfc05 to c630c88 Compare December 18, 2025 00:55

vercel bot deployed to Preview December 18, 2025 00:57 View deployment

chore(deps): update non-major

44daa0a

renovate bot force-pushed the renovate/non-major branch from c630c88 to 44daa0a Compare December 18, 2025 23:29

vercel bot deployed to Preview December 18, 2025 23:30 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update non-major #97

chore(deps): update non-major #97

Uh oh!

renovate bot commented Dec 3, 2025 •

edited

Loading

Uh oh!

vercel bot commented Dec 3, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Dec 3, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Dec 3, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

chore(deps): update non-major #97

Are you sure you want to change the base?

chore(deps): update non-major #97

Uh oh!

Conversation

renovate bot commented Dec 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Patch Changes

Patch Changes

Patch Changes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

renovate bot commented Dec 3, 2025 •

edited

Loading