chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
better-sqlite3	^12.5.0 → ^12.6.2
docus	^5.3.1 → ^5.5.1
pnpm (source)	10.24.0 → 10.29.3
typescript (source)	5.6.3 → 5.9.3

---

Release Notes

WiseLibs/better-sqlite3 (better-sqlite3)

v12.6.2

Compare Source

What's Changed

• fix build: update node-abi version in package.json to ^4.25.0 by @​mceachen in #​1439

Full Changelog: WiseLibs/better-sqlite3@v12.6.1...v12.6.2

v12.6.0

Compare Source

What's Changed

• Update SQLite to version 3.51.2 in #​1436

Full Changelog: WiseLibs/better-sqlite3@v12.5.0...v12.6.0

nuxt-content/docus (docus)

v5.5.1

Compare Source

Features

• layer: add more seo optimization (#​1267) (d283f9a)

Bug Fixes

• assistant: improves assistant UI/UX and responsiveness (#​1268) (e9edf7b)
• docs: do not show separator if github is disabled (#​1270) (bd2455c)
• logs: remove extra title (7adad7c)
• theme: don't use @​theme static for priority (#​1271) (ff8a045)

Reverts

• Revert "chore: make sure to use Nuxt 4.3.0 everywhere" (f40ac5e)

v5.5.0

Compare Source

Features

• add skills folder with first skill /create-docs (#​1257) (0b2d346)
• layer: add sitemap.xml generation (#​1259) (45bffbc)
• layer: add ai assistant module (#​1241) (1ff2829)
• llms: add docs page redirection to raw markdown for agents (#​1264) (9ceafe6)
• llms: redirect homepage to /llms.txt (#​1263) (6fd8686)

Bug Fixes

• .starters: prerendering issues (8fe3796)
• .starters: prerendering issues (edab8bf)
• .starters: prerendering issues in i18n template (251b962)
• assitant: do not trigger panel when opening Studio (6199d95)
• build: remove warnings (845e4c8)
• layer: add @vercel/oidc to optimizeDeps (#​1262) (88885ae)
• layer: enhance sitemap generation, exclude navigation files (#​1261) (cd2c62e)
• llms: default domain (d7ff04a)
• llms: infer vercel urls (6d437cc)
• locale: lazy import (#​1266) (dd4a526)
• logs: use nuxt logger (e6be163)

v5.4.4

Compare Source

Features

• llms: better support by using /raw/**.md links inside llms.txt (#​1247) (0a7f25e)

Bug Fixes

• i18n: collection name standardization (#​1246) (39105fe)

v5.4.2

Compare Source

Features

• i18n: add Chinese (zh-CN) locale (#​1244) (3f7d034)
• i18n: add Indonesian (id) support (#​1239) (c95e612)
• i18n: add pt-BR locale (#​1231) (0eb5bba)
• i18n: add Sinhala (si) locale (#​1237) (610ec82)
• i18n: add Turkish (tr) locale (#​1236) (25dc07b)

v5.4.1

Compare Source

Bug Fixes

• search: trigger files fetch when locale changes (#​1226) (d99a35c)

v5.4.0

Compare Source

Features

• ai: add mcp server (#​1203) ec3b468

Bug Fixes

• links: handle app.baseURL in Markdown generated link (#​1221) 16f5e35

pnpm/pnpm (pnpm)

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

v10.28.1

Compare Source

v10.28.0

Compare Source

v10.27.0

Compare Source

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

• Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

• Fix installation of Git dependencies using annotated tags #​10335.

  Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

• Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

• Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors

Gold Sponsors

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes

• Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
• Always resolve git references to full commits and ensure HEAD points to the commit after checkout #​10310.

Platinum Sponsors

Gold Sponsors

v10.26.0

Compare Source

v10.25.0

Compare Source

microsoft/TypeScript (typescript)

v5.9.3: TypeScript 5.9.3

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

v5.9.2: TypeScript 5.9

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

v5.8.3: TypeScript 5.8.3

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.8.0 (Beta).
• fixed issues query for Typescript 5.8.1 (RC).
• fixed issues query for Typescript 5.8.2 (Stable).
• fixed issues query for Typescript 5.8.3 (Stable).

Downloads are available on:

• npm

v5.8.2: TypeScript 5.8

Compare Source

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.8.0 (Beta).
• fixed issues query for Typescript 5.8.1 (RC).
• fixed issues query for Typescript 5.8.2 (Stable).

Downloads are available on:

• npm

v5.7.3: TypeScript 5.7.3

Compare Source

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).
• fixed issues query for Typescript 5.7.3 (Stable).

Downloads are available on npm

v5.7.2: TypeScript 5.7

Compare Source

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).

Downloads are available on:

• npm

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for n3-supabase canceled.

Name	Link
🔨 Latest commit	8ee18bf
🔍 Latest deploy log	https://app.netlify.com/projects/n3-supabase/deploys/68d57c75346d67000802a0f2