chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@antfu/eslint-config	7.7.2 → 7.7.3
@iconify-json/tabler	1.2.31 → 1.2.33
@libsql/client (source)	0.17.0 → 0.17.2
@nuxthub/core (source)	0.10.6 → 0.10.7
@types/chrome (source)	0.1.37 → 0.1.39
@unocss/nuxt (source)	66.6.2 → 66.6.7
@unocss/reset (source)	66.6.2 → 66.6.7
ai (source)	6.0.105 → 6.0.146
drizzle-kit (source)	0.31.9 → 0.31.10
drizzle-orm (source)	0.45.1 → 0.45.2
pnpm (source)	10.32.1 → 10.33.0
reka-ui	2.9.2 → 2.9.3
unocss (source)	66.5.1 → 66.6.7
unocss (source)	66.6.6 → 66.6.7
unstorage (source)	1.17.4 → 1.17.5
vue-tsc (source)	3.2.5 → 3.2.6
workers-ai-provider	3.1.2 → 3.1.10
wrangler (source)	4.74.0 → 4.80.0
wxt (source)	0.20.19 → 0.20.20

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v7.7.3

Compare Source

   🐞 Bug Fixes

• Disable some e18e rules  -  by @​antfu (7edec)

    View changes on GitHub

tursodatabase/libsql-client-ts (@​libsql/client)

v0.17.2

Compare Source

v0.17.1

Compare Source

nuxt-hub/core (@​nuxthub/core)

v0.10.7

Compare Source

compare changes

🚀 Enhancements

• db: Add support for database replica (#​808)
• cli: Add "name" and "custom" arguments for db generate cli command (#​816)
• cli: Add --force flag to skip confirmation when dropping all tables (#​834)
• db: Add hub.db.applyMigrationsDuringDev: boolean option (#​837)
• db: Use drizzle studio d1 driver (#​846)

🩹 Fixes

• db: Generate schema types during prepare (#​795)
• Change Cloudflare D1 API URI (#​794)
• devtools: Point Drizzle Studio to correct D1 database file (#​806)
• db: Create package.json during prepare (#​797)
• db: Resolve Nuxt aliases in schema bundling (#​802)
• db: Correct D1 migrations_dir path in wrangler.json (#​814)
• playground: Fix get todos database query (#​819)
• Fix incorrect license in README (#​829)
• db: Resolve @​nuxthub/db from rootDir for pnpm workspaces (#​828)
• db: Bundle cache schema entries (#​833)
• db: Respect explicit libsql driver on Cloudflare (#​842)
• db: Pass driver options to postgres-js (#​844)

📖 Documentation

• Fix typo in schema documentation (#​807)
• Add environments, CI/CD guide, and env vars reference (#​804)
• Add nuxt-studio (64f9105)
• Make formatting in db migrate command usage consistant (#​822)
• Update migration handling for Cloudflare D1 (#​848)
• blob: Clarify nuxt image dev config (#​851)
• Fix typo in url (d4e24b3)

🏡 Chore

• Update deps (7a8ec94)
• Update deps" (a5f46e9)
• release: V0.10.6 (ea6305c)
• Don't pass empty params to kit cli (43dc045)

❤️ Contributors

• Rihan Arfan (@​RihanArfan)
• Max maximogarciamtnez@gmail.com
• M Reinhard (@​michaelreinhard1)
• Branislav Juhás (@​branislavjuhaas)
• Miguelrk miguelromerokaram@gmail.com
• Hareland (@​hareland)
• Darius Haskell (@​hsklnet)
• Sébastien Chopin (@​atinux)
• Jens Becker mail@jens.pub
• Nogic (@​nogic1008)

unocss/unocss (@​unocss/nuxt)

v66.6.7

Compare Source

   🚀 Features

• rule-utils: Add details-content pseudo to pseudo.ts  -  by @​henrikvilhelmberglund in #​5138 (2a2c9)

   🐞 Bug Fixes

• eslint-plugin: Update types for Linter compatibility  -  by @​Jungzl in #​5147 (f18d7)
• inspector: No longer hijack printUrls  -  by @​antfu (d00a6)
• language-server,vscode: Honor workspace roots for unocss config discovery  -  by @​Jungzl and GPT-5.4 in #​5145 (062bf)
• preset-wind4: Fix option variable-prefix not working  -  by @​micaiguai in #​5142 (f1094)

    View changes on GitHub

v66.6.6

Compare Source

   🐞 Bug Fixes

• svelte-scoped: Generate in buildEnd() to make presetWind4 on-dem…  -  by @​henrikvilhelmberglund in #​5133 (06d7c)

    View changes on GitHub

v66.6.5

Compare Source

   🐞 Bug Fixes

• config: Enhance loadConfig to track user custom config presence  -  by @​zyyv in #​5132 (76f65)

    View changes on GitHub

v66.6.4

Compare Source

   🚀 Features

• core: Add noScope key determines whether to wrap the selector  -  by @​zyyv and Copilot in #​5130 (5b67c)

    View changes on GitHub

vercel/ai (ai)

v6.0.146

Compare Source

Patch Changes

• Updated dependencies [5f439a1]
  • @​ai-sdk/gateway@​3.0.88

v6.0.145

Compare Source

Patch Changes

• Updated dependencies [ffd431a]
  • @​ai-sdk/gateway@​3.0.87

v6.0.144

Compare Source

Patch Changes

• 0469aed: fix: allow inline data URLs in download validation
• Updated dependencies [0469aed]
• Updated dependencies [15bfbd2]
  • @​ai-sdk/provider-utils@​4.0.22
  • @​ai-sdk/gateway@​3.0.86

v6.0.143

Compare Source

Patch Changes

• Updated dependencies [85e476d]
  • @​ai-sdk/gateway@​3.0.85

v6.0.142

Compare Source

Patch Changes

• 6f75953: feat(ai): add new isLoopFinished stop condition helper for unlimited steps
• Updated dependencies [70322b4]
  • @​ai-sdk/gateway@​3.0.84

v6.0.141

Compare Source

Patch Changes

• Updated dependencies [768a9d6]
  • @​ai-sdk/gateway@​3.0.83

v6.0.140

Compare Source

Patch Changes

• Updated dependencies [95fedf0]
  • @​ai-sdk/gateway@​3.0.82

v6.0.139

Compare Source

Patch Changes

• Updated dependencies [e69062d]
  • @​ai-sdk/gateway@​3.0.81

v6.0.138

Compare Source

Patch Changes

• Updated dependencies [0db5cd8]
  • @​ai-sdk/gateway@​3.0.80

v6.0.137

Compare Source

Patch Changes

• Updated dependencies [3caa544]
  • @​ai-sdk/gateway@​3.0.79

v6.0.136

Compare Source

Patch Changes

• Updated dependencies [763e178]
  • @​ai-sdk/gateway@​3.0.78

v6.0.135

Compare Source

Patch Changes

• df6a330: chore(ai): remove all experimental agent events

v6.0.134

Compare Source

Patch Changes

• ed6876b: chore(ai): remove all experimental embed events

v6.0.133

Compare Source

Patch Changes

• 055cd68: fix: publish v6 to latest npm dist tag
• Updated dependencies [d99eb91]
• Updated dependencies [055cd68]
  • @​ai-sdk/gateway@​3.0.77
  • @​ai-sdk/provider-utils@​4.0.21

v6.0.132

Compare Source

Patch Changes

• 28fd5a5: README updates

v6.0.131

Compare Source

Patch Changes

• 14f25f9: feat(ai): introduce experimental callbacks for embed function

v6.0.130

Compare Source

Patch Changes

• Updated dependencies [25af909]
  • @​ai-sdk/gateway@​3.0.76

v6.0.129

Compare Source

Patch Changes

• Updated dependencies [f95e0c0]
  • @​ai-sdk/gateway@​3.0.75

v6.0.128

Compare Source

Patch Changes

• Updated dependencies [7324b56]
  • @​ai-sdk/gateway@​3.0.74

v6.0.127

Compare Source

Patch Changes

• Updated dependencies [ac0c407]
• Updated dependencies [e748159]
  • @​ai-sdk/gateway@​3.0.73

v6.0.126

Compare Source

Patch Changes

• 578615a: Remove custom User-Agent header from HttpChatTransport to fix CORS preflight failures in Safari and Firefox

v6.0.125

Compare Source

Patch Changes

• Updated dependencies [5ffb1ad]
• Updated dependencies [f5bf0c6]
  • @​ai-sdk/gateway@​3.0.72

v6.0.124

Patch Changes

• Updated dependencies [55ccbe2]
  • @​ai-sdk/gateway@​3.0.71

v6.0.122

Compare Source

Patch Changes

• Updated dependencies [ca0b430]
  • @​ai-sdk/gateway@​3.0.70

v6.0.121

Compare Source

Patch Changes

• Updated dependencies [efdaefc]
  • @​ai-sdk/gateway@​3.0.69

v6.0.120

Compare Source

Patch Changes

• 78c0e26: feat(ai): pass result provider metadata across the stream

v6.0.119

Patch Changes

• ab286f1: fix(ai): doStream should reflect transformed values
• d68b122: feat(ai): add missing usage attributes

v6.0.118

Patch Changes

• 64ac0fd: fix(security): validate redirect targets in download functions to prevent SSRF bypass

  Both downloadBlob and download now validate the final URL after following HTTP redirects, preventing attackers from bypassing SSRF protections via open redirects to internal/private addresses.

• Updated dependencies [64ac0fd]

  • @​ai-sdk/provider-utils@​4.0.20
  • @​ai-sdk/gateway@​3.0.68

v6.0.117

Patch Changes

• d23121f: chore(ai): add optional ChatRequestOptions to addToolApprovalResponse and addToolOutput
• Updated dependencies [2589004]
  • @​ai-sdk/gateway@​3.0.67

v6.0.116

Patch Changes

• ad4cfc2: Add URL validation to downloadBlob and download to prevent blind SSRF attacks. Private/internal IP addresses, localhost, and non-HTTP protocols are now rejected before fetching.
• Updated dependencies [ad4cfc2]
  • @​ai-sdk/provider-utils@​4.0.19
  • @​ai-sdk/gateway@​3.0.66

v6.0.115

Patch Changes

• Updated dependencies [824b295]
  • @​ai-sdk/provider-utils@​4.0.18
  • @​ai-sdk/gateway@​3.0.65

v6.0.114

Compare Source

Patch Changes

• 2291047: fix(ai): fix missing support for image thought signatures (e.g. for Gemini image models)

v6.0.113

Compare Source

Patch Changes

• 70d3980: fix(ai): use errorMode 'text' in approval continuation to preserve tool error messages

v6.0.112

Compare Source

Patch Changes

• Updated dependencies [db3d4ca]
  • @​ai-sdk/gateway@​3.0.64

v6.0.111

Compare Source

Patch Changes

• 2129c82: feat(ai): register global telemetry integrations

v6.0.110

Compare Source

Patch Changes

• Updated dependencies [1b01ec1]
• Updated dependencies [8df8e11]
  • @​ai-sdk/gateway@​3.0.63

v6.0.109

Compare Source

Patch Changes

• Updated dependencies [10bec50]
  • @​ai-sdk/gateway@​3.0.62

v6.0.108

Compare Source

Patch Changes

• 2a4f512: feat(ai): add telemetry interface and registry

v6.0.107

Compare Source

Patch Changes

• Updated dependencies [08336f1]
  • @​ai-sdk/provider-utils@​4.0.17
  • @​ai-sdk/gateway@​3.0.61

v6.0.106

Compare Source

Patch Changes

• Updated dependencies [29e9f4d]
  • @​ai-sdk/gateway@​3.0.60

drizzle-team/drizzle-orm (drizzle-kit)

v0.31.10

Compare Source

• Updated to hanji@0.0.8 - native bun stringWidth, stripANSI support, errors for non-TTY environments
• We've migrated away from esbuild-register to tsx loader, it will now allow to use drizzle-kit seamlessly with both ESM and CJS modules
• We've also added native Bun and Deno launch support, which will not trigger tsx loader and utilise native bun and deno imports capabilities and faster startup times

pnpm/pnpm (pnpm)

v10.33.0

Compare Source

unovue/reka-ui (reka-ui)

v2.9.3

Compare Source

   🐞 Bug Fixes

• Autocomplete: Add IME composition input handling  -  by @​kricsleo in #​2541 (987ca)
• ColorField/ColorArea: Forward custom attributes in ColorFieldRoot  -  by @​zernonia and Claude Sonnet 4.6 in #​2559 (700c8)
• Combobox: Prevent addOnBlur from adding raw input when selecting item  -  by @​kricsleo in #​2514 (bc1db)
• FocusScope: Don't move focus if DOM mutation occurred before any nodes had focus  -  by @​romansp in #​2546 (91023)
• Listbox: Restore highlightOnHover behavior  -  by @​zernonia and Claude Sonnet 4.6 in #​2558 (ffde5)
• PinInput: Paste only numeric text in numeric mode  -  by @​kricsleo in #​2516 (bf719)
• Select: Export SelectItemEmits type  -  by @​CTOJoe in #​2526 and #​2527 (49d1d)
• tooltip,hovercard: Close when scrollable ancestor is scrolled  -  by @​zernonia and Claude Sonnet 4.6 in #​2557 (a987a)
• useForwardProps: Return Partial to correctly type optional boolean props  -  by @​zernonia and Claude Sonnet 4.6 in #​2561 (c22a4)
• useGraceArea: Add nil guard for hover target in grace area creation  -  by @​kricsleo in #​2553 (67fb1)

    View changes on GitHub

unjs/unstorage (unstorage)

v1.17.5

Compare Source

compare changes

📦 Dependencies

• Update deps (h3 and lru-cache) (37e8958)

vuejs/language-tools (vue-tsc)

v3.2.6

Compare Source

language-core

• fix: generate $slots type in template correctly with defineSlots (#​5984) - Thanks to @​KazariEX!
• fix: infer only readonly component of arrays in v-for (#​5987) - Thanks to @​ascott18!
• fix: avoid false positives for destructured props detection on binding property names (#​5994) - Thanks to @​KazariEX!

vscode

• fix: use regex for TS extension patching to support VS Code 1.110+ (#​5983) - Thanks to @​ebiryu!

cloudflare/ai (workers-ai-provider)

v3.1.10

Compare Source

Patch Changes

• #​480 1c6bdad Thanks @​threepointone! - Add optional fetch parameter to credentials mode for request interception and testing. Available when using accountId + apiKey (not with bindings). Matches the pattern used by @ai-sdk/openai and @ai-sdk/anthropic.

v3.1.9

Compare Source

Patch Changes

• #​474 dc95a5f Thanks @​threepointone! - update dependencies

• #​461 9131bb4 Thanks @​threepointone! - Replace tsup with tsdown as the build tool

v3.1.8

Compare Source

Patch Changes

• #​455 e02cdd2 Thanks @​ferdousbhai! - fix(workers-ai-provider): close reasoning block before tool calls and text

v3.1.7

Compare Source

Patch Changes

• #​457 cc94a06 Thanks @​threepointone! - Fix request cancellation by propagating abortSignal to outbound network calls.

  ai-gateway-provider: Pass abortSignal to the fetch call (API path) and to binding.run() (binding path) so that cancelled requests are properly aborted.

  workers-ai-provider: Pass abortSignal to binding.run() for chat, embedding, and image models, matching the existing behavior in transcription, speech, and reranking models.

  @​cloudflare/tanstack-ai: Pass signal through to binding.run() in both createGatewayFetch (AI Gateway binding path) and createWorkersAiBindingFetch (Workers AI binding path).

v3.1.6

Compare Source

Patch Changes

• #​454 29087ad Thanks @​mchenco! - Fix three tool calling bugs that caused multi-turn agentic loops to fail

  1. Tool result output not unwrapped

  convert-to-workersai-chat-messages.ts was calling JSON.stringify(toolResponse.output) on the entire LanguageModelV3ToolResultOutput wrapper object ({ type: 'text', value: '...' }), sending the wrapper as the tool message content instead of just the value. Models received garbled tool results and stopped after the first tool call instead of continuing.

  Fix: extract output.value and serialize only that.

  2. toolChoice: "required" mapped to "any" instead of "required"

  utils.ts mapped toolChoice: "required" to tool_choice: "any". All vLLM-backed models (@cf/moonshotai/kimi-k2.5, @cf/meta/llama-4-scout-17b-16e-instruct, @cf/zai-org/glm-4.7-flash) return 8001: Invalid input for tool_choice: "any". The same incorrect mapping applied to toolChoice: { type: "tool" }.

  Fix: map both to "required".

  3. description: false in tool definitions

  utils.ts used && short-circuit for tool description and parameters, which evaluates to false (not undefined) when tool.type !== "function". Sending description: false to the binding causes 8001: Invalid input.

  Fix: use ternary to produce undefined when not applicable.

  Tested against @cf/moonshotai/kimi-k2.5, @cf/meta/llama-4-scout-17b-16e-instruct, and @cf/zai-org/glm-4.7-flash via the Workers AI binding.

v3.1.5

Compare Source

Patch Changes

• #​451 2a62e23 Thanks @​mchenco! - Fix reasoning content being concatenated into assistant message content in multi-turn conversations

  Previously, reasoning parts in assistant messages were concatenated into the content string when building message history. This caused models like kimi-k2.5 and deepseek-r1 to receive their own internal reasoning as if it were spoken text, corrupting the conversation history and resulting in empty text responses or leaked special tokens on subsequent turns.

  Reasoning parts are now sent as the reasoning field on the assistant message object, which is the field name vLLM expects on input for reasoning models (kimi-k2.5, glm-4.7-flash).

v3.1.4

Compare Source

Patch Changes

• #​448 054ccb8 Thanks @​threepointone! - Fix image inputs for vision-capable chat models

  • Handle all LanguageModelV3DataContent variants (Uint8Array, base64 string, data URL) instead of only Uint8Array
  • Send images as OpenAI-compatible image_url content parts inline in messages, enabling vision for models like Llama 4 Scout and Kimi K2.5
  • Works with both the binding and REST API paths

v3.1.3

Compare Source

Patch Changes

• #​429 ae24f06 Thanks @​michaeldwan! - Pass tool_choice through to binding.run() so tool selection mode (auto, required, none) is respected when using Workers AI with the binding API

• #​410 bc2eba3 Thanks @​vaibhavshn! - fix: route REST API requests through AI Gateway when the gateway option is provided in createRun()

• #​446 3c35051 Thanks @​threepointone! - Remove tool_call_id sanitization that truncated IDs to 9 alphanumeric chars, which caused all tool call IDs to collide after round-trip

• #​444 b1c742b Thanks @​mchenco! - Add sessionAffinity setting to send x-session-affinity header for prefix-cache optimization. Also forward extraHeaders in the REST API path instead of discarding them.

cloudflare/workers-sdk (wrangler)

v4.80.0

Compare Source

Minor Changes

• #​13151 9c4035b Thanks @​G4brym! - Add type generation for AI Search bindings

  Running wrangler types now generates AiSearchNamespace and AiSearchInstance types for ai_search_namespaces and ai_search config bindings respectively. Both simple and per-environment modes are supported.

  // wrangler.json
  {
    "ai_search_namespaces": [
      { "binding": "AI_SEARCH", "namespace": "production" }
    ],
    "ai_search": [
      { "binding": "BLOG_SEARCH", "instance_name": "cloudflare-blog" }
    ]
  }

  // Generated by `wrangler types`
  interface Env {
    AI_SEARCH: AiSearchNamespace;
    BLOG_SEARCH: AiSearchInstance;
  }

• #​13011 b9b7e9d Thanks @​ruifigueira! - Add experimental headful browser rendering support for local development

  Experimental: This feature may be removed or changed without notice.

  When developing locally with the Browser Rendering API, you can enable headful (visible) mode via the X_BROWSER_HEADFUL environment variable to see the browser while debugging:

  X_BROWSER_HEADFUL=true wrangler dev
  X_BROWSER_HEADFUL=true vite dev

  Note: when using @cloudflare/playwright, two Chrome windows may appear — the initial blank page and the one created by browser.newPage(). This is expected behavior due to how Playwright handles browser contexts via CDP.

• #​12992 48d83ca Thanks @​RiscadoA! - Add vpc_networks binding support for routing Worker traffic through a Cloudflare Tunnel or network.

  {
    "vpc_networks": [
      // Route through a specific Cloudflare Tunnel
      { "binding": "MY_FIRST_VPC", "tunnel_id": "<tunnel-id>" },
      // Route through the Cloudflare One mesh network
      { "binding": "MY_SECOND_VPC", "network_id": "cf1:network" }
    ]
  }

Patch Changes

• #​13155 5d29055 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260329.1	1.20260331.1

• #​13162 fb67a18 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260331.1	1.20260401.1

• #​13136 ab44870 Thanks @​petebacondarwin! - Display build errors for auxiliary workers in multi-worker mode

  Previously, when running wrangler dev with multiple -c config flags (multi-worker mode), build errors from auxiliary/secondary workers were only logged at debug level, causing Wrangler to silently hang. Build errors from all workers are now displayed at error level so you can see what went wrong and fix it.

• #​12992 48d83ca Thanks @​RiscadoA! - Fix remote proxy worker not catching errors thrown by bindings during wrangler dev

• #​13238 b2f53ea Thanks @​guybedford! - Fix source phase imports in bundled and non-bundled Workers

  Wrangler now preserves import source syntax when it runs esbuild, including module format detection and bundled deploy output. This fixes both --no-bundle and bundled deployments for Workers that import WebAssembly using source phase imports.

• #​10126 14e72eb Thanks @​nekoze1210! - fix: Sort D1 migration files to ensure consistent chronological ordering

  wrangler d1 migrations list and wrangler d1 migrations apply previously returned migration files in an order dependent on the filesystem, which could vary across operating systems. Migration filenames are now sorted alphabetically before being returned, ensuring consistent chronological ordering.

• #​13150 4dc94fd Thanks @​dario-piotrowicz! - Polish Cloudflare Vite plugin installation during autoconfig

  Projects using Vite 6.0.x were rejected by auto-configuration because the minimum supported version was set to 6.1.0 (the @cloudflare/vite-plugin peer dependency). The minimum version check is now 6.0.0, and when a project has Vite in the [6.0.0, 6.1.0) range, auto-configuration will automatically upgrade it to the latest 6.x before installing @cloudflare/vite-plugin.

• #​13051 d5bffde Thanks @​dario-piotrowicz! - Use today's date as the default compatibility date

  Previously, when generating a compatibility date for new projects or when no compatibility date was configured, the date was resolved by loading the locally installed workerd package via miniflare. This approach was unreliable in some package manager environments (notably pnpm). The logic now simply uses today's date instead, which is always correct and works reliably across all environments.

• Updated dependencies [5d29055, fb67a18, d5bffde, b9b7e9d, b2f53ea, 48d83ca]:

  • miniflare@​4.20260401.0

v4.79.0

Compare Source

Minor Changes

• #​12868 ffbc268 Thanks @​danielgek! - Add wrangler ai-search command namespace for managing Cloudflare AI Search instances

  Introduces a CLI surface for the Cloudflare AI Search API (open beta), including:

  • Instance management: ai-search list, create, get, `up

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 3 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 34, reused 0, downloaded 0, added 0
packages/web                             |  WARN  deprecated unplugin-vue-router@0.19.2
Progress: resolved 44, reused 0, downloaded 0, added 0
Progress: resolved 45, reused 0, downloaded 0, added 0
Progress: resolved 46, reused 0, downloaded 0, added 0
Progress: resolved 98, reused 0, downloaded 0, added 0
Progress: resolved 190, reused 0, downloaded 0, added 0
Progress: resolved 217, reused 0, downloaded 0, added 0
Progress: resolved 244, reused 0, downloaded 0, added 0
Progress: resolved 283, reused 0, downloaded 0, added 0
Progress: resolved 360, reused 0, downloaded 0, added 0
Progress: resolved 389, reused 0, downloaded 0, added 0
Progress: resolved 491, reused 0, downloaded 0, added 0
Progress: resolved 510, reused 0, downloaded 0, added 0
Progress: resolved 612, reused 0, downloaded 0, added 0
Progress: resolved 663, reused 0, downloaded 0, added 0
Progress: resolved 746, reused 0, downloaded 0, added 0
Progress: resolved 811, reused 0, downloaded 0, added 0
Progress: resolved 843, reused 0, downloaded 0, added 0
Progress: resolved 964, reused 0, downloaded 0, added 0
Progress: resolved 965, reused 0, downloaded 0, added 0
 WARN  Request took 19821ms: https://registry.npmjs.org/vite
Progress: resolved 973, reused 0, downloaded 0, added 0
Progress: resolved 1060, reused 0, downloaded 0, added 0
Progress: resolved 1068, reused 0, downloaded 0, added 0
 WARN  Request took 11181ms: https://registry.npmjs.org/@typescript-eslint%2Fscope-manager
Progress: resolved 1109, reused 0, downloaded 0, added 0
Progress: resolved 1233, reused 0, downloaded 0, added 0
 WARN  Request took 12639ms: https://registry.npmjs.org/@typescript-eslint%2Ftypescript-estree
Progress: resolved 1309, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/danielroe/unsight.dev/packages/web:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "semver@6.3.1" (possible package takeover)

This error happened while installing the dependencies of nuxt@4.4.2
 at @nuxt/vite-builder@4.4.2
 at @vitejs/plugin-vue-jsx@5.1.5
 at @babel/core@7.29.0

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.

[cloudflare-workers-and-pages]

Deploying unsight with    Cloudflare Pages

Latest commit:	45fcc33
Status:	🚫  Build failed.

View logs