fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@trpc/client (source)	11.15.0 → 11.15.1
@trpc/react-query (source)	11.15.0 → 11.15.1
@trpc/server (source)	11.15.0 → 11.15.1
@vitest/coverage-v8 (source)	4.1.1 → 4.1.2
knip (source)	6.0.5 → 6.0.6
lucide-react (source)	1.6.0 → 1.7.0
posthog-js (source)	1.363.5 → 1.363.6
posthog-node (source)	5.28.5 → 5.28.6
vitest (source)	4.1.1 → 4.1.2

---

Release Notes

trpc/trpc (@​trpc/client)

v11.15.1

Compare Source

What's Changed

• fix(www): render sponsor links in static HTML for SEO by @​shtefcs in #​7285
• fix: error handling with Node VM by @​znikola in #​7280

New Contributors

• @​shtefcs made their first contribution in #​7285
• @​znikola made their first contribution in #​7280

Full Changelog: trpc/trpc@v11.15.0...v11.15.1

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.2

Compare Source

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (#​9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in #​9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in #​9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in #​9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in #​9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in #​9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in #​9851 (6f97b)

    View changes on GitHub

webpro-nl/knip (knip)

v6.0.6: Release 6.0.6

Compare Source

• Suppress issues initially to not overwhelm agent in mcp server (7793962)
• Auto-format (346247a)
• Fix false positive unused deps when run from workspace dir (resolve #​1642) (95f4431)
• Move from convertPathsToAlias → compilePathMappings (resolve #​1641) (ccc62d6)

lucide-icons/lucide (lucide-react)

v1.7.0: Version 1.7.0

Compare Source

What's Changed

• fix(lucide-react): Fix dynamic imports by @​ericfennis in #​4210
• feat(icons): added map-pin-search icon by @​TonySullivan in #​4125

New Contributors

• @​TonySullivan made their first contribution in #​4125

Full Changelog: lucide-icons/lucide@1.6.0...1.7.0

PostHog/posthog-js (posthog-js)

v1.363.6

Compare Source

1.363.6

Patch Changes

• #​3279 32edaad Thanks @​pauldambra! - Bump @​posthog/rrweb packages to 0.0.51, which includes:
  • PostHog/posthog-rrweb#145: fix: handle cross-origin iframe errors during stop handler cleanup
  • PostHog/posthog-rrweb#148: fix: mask textarea innerText mutations
  • PostHog/posthog-rrweb#150: fix: guard WebGLRenderingContext access for iOS compatibility
  • PostHog/posthog-rrweb#151: refactor: extract slimDOMDefaults into shared function
  • PostHog/posthog-rrweb#152: fix: improve nested CSS rule handling
  • PostHog/posthog-rrweb#153: fix: allow clearing adopted stylesheets with empty strings
  • PostHog/posthog-rrweb#154: fix: prevent object reference mutation breaking remote CSS replay
  • PostHog/posthog-rrweb#156: fix: catch all SecurityError variants in stop handler cleanup (2026-03-26)
• Updated dependencies []:
  • @​posthog/types@​1.363.6

PostHog/posthog-js (posthog-node)

v5.28.6

Compare Source

Patch Changes

• #​3282 5784dca Thanks @​marandaneto! - fix: captureException now uses distinctId from request context
  (2026-03-26)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
doxynix	Ignored		Mar 26, 2026 9:41pm

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 3 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 398a0d9.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

pnpm-lock.yaml

Package	Version	License	Issue Type
@trpc/client	11.15.1	Null	Unknown License
@trpc/react-query	11.15.1	Null	Unknown License
@trpc/server	11.15.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@posthog/types	1.363.6	🟢 7	Details Check Score Reason Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits
npm/@trpc/client	11.15.1	Unknown	Unknown
npm/@trpc/react-query	11.15.1	Unknown	Unknown
npm/@trpc/server	11.15.1	Unknown	Unknown
npm/@vitest/coverage-v8	4.1.2	Unknown	Unknown
npm/@vitest/expect	4.1.2	Unknown	Unknown
npm/@vitest/mocker	4.1.2	Unknown	Unknown
npm/@vitest/pretty-format	4.1.2	Unknown	Unknown
npm/@vitest/runner	4.1.2	Unknown	Unknown
npm/@vitest/snapshot	4.1.2	Unknown	Unknown
npm/@vitest/spy	4.1.2	Unknown	Unknown
npm/@vitest/utils	4.1.2	Unknown	Unknown
npm/knip	6.0.6	Unknown	Unknown
npm/lucide-react	1.7.0	⚠️ 2.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy ⚠️ 0 security policy file not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/posthog-js	1.363.6	🟢 7	Details Check Score Reason Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits
npm/posthog-node	5.28.6	🟢 7	Details Check Score Reason Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits
npm/vitest	4.1.2	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[mergify]

Упс, @Kramarich0, тут конфликт. Поправь руками! 🛠️

[mergify]

@Kramarich0! Зависимости обновлены и проверены. 📦

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-03-26 21:51 UTC · Rule: default
• ✅ Checks passed · on draft merge queue: embarking main (3b10fe1), #789 and #787 together #792
• ✅ Merged — 2026-03-26 22:00 UTC · at 398a0d963ed225fad72742854f976668173f7fac

This pull request spent 9 minutes 52 seconds in the queue, including 9 minutes 18 seconds running CI.

Required conditions to merge

• #check-failure = 0
• #check-pending = 0
• check-success ~= notify
• any of:
  • author ~= ^(renovate|dependabot|doxynix-release-bot)\[bot\]$
    • fix(deps): update all non-major dependencies #787
  • approved-reviews-by = coderabbitai[bot]
    • fix(deps): update all non-major dependencies #787
• any of [🛡 GitHub repository ruleset rule main]:
  • check-success = notify
  • check-neutral = notify
  • check-skipped = notify