merge queue: embarking main (3b10fe1), #789 and #787 together

[mergify]

🎉 This pull request has been checked successfully and will be merged soon. 🎉

Branch main (3b10fe1), #789 and #787 are embarked together for merge.

This pull request has been created by Mergify to speculatively check the mergeability of #787.
You don't need to do anything. Mergify will close this pull request automatically when it is complete.

Required conditions of queue rule default for merge:

• #check-failure = 0
• #check-pending = 0
• check-success ~= notify
• any of:
  • author ~= ^(renovate|dependabot|doxynix-release-bot)\[bot\]$
    • fix(deps): update all non-major dependencies #787
  • approved-reviews-by = coderabbitai[bot]
    • fix(deps): update all non-major dependencies #787
• any of [🛡 GitHub repository ruleset rule main]:
  • check-success = notify
  • check-neutral = notify
  • check-skipped = notify

Required conditions to stay in the queue:

• #check-pending = 0
  • fix(deps): update all non-major dependencies #787
• #check-failure = 0
  • fix(deps): update all non-major dependencies #787
• -conflict
  • fix(deps): update all non-major dependencies #787
• -draft
  • fix(deps): update all non-major dependencies #787
• -title ~= (?i)(wip|draft|🚧)
  • fix(deps): update all non-major dependencies #787
• check-success ~= notify
  • fix(deps): update all non-major dependencies #787
• any of:
  • author ~= ^(renovate|dependabot|doxynix-release-bot)\[bot\]$
    • fix(deps): update all non-major dependencies #787
  • approved-reviews-by = coderabbitai[bot]
    • fix(deps): update all non-major dependencies #787
• any of [🛡 GitHub repository ruleset rule main]:
  • check-success = notify
    • fix(deps): update all non-major dependencies #787
  • check-neutral = notify
    • fix(deps): update all non-major dependencies #787
  • check-skipped = notify
    • fix(deps): update all non-major dependencies #787

---
checking_base_sha: f328b697599a6ef3c703332cd84b906d5eac716f
previous_failed_batches: []
pull_requests:
  - number: 787
    scopes: []
scopes: []
...

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
doxynix	Ignored	Open in v0	Mar 26, 2026 9:51pm

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 3 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 46e0ff1.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

pnpm-lock.yaml

Package	Version	License	Issue Type
@trpc/client	11.15.1	Null	Unknown License
@trpc/react-query	11.15.1	Null	Unknown License
@trpc/server	11.15.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/pnpm/action-setup	738f428026a1f5a72398de22aeed83d859c4a660	🟢 5.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 9 6 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 9 Code-Review 🟢 7 Found 22/30 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@posthog/types	1.363.6	🟢 7	Details Check Score Reason Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits
npm/@trpc/client	11.15.1	Unknown	Unknown
npm/@trpc/react-query	11.15.1	Unknown	Unknown
npm/@trpc/server	11.15.1	Unknown	Unknown
npm/@vitest/coverage-v8	4.1.2	Unknown	Unknown
npm/@vitest/expect	4.1.2	Unknown	Unknown
npm/@vitest/mocker	4.1.2	Unknown	Unknown
npm/@vitest/pretty-format	4.1.2	Unknown	Unknown
npm/@vitest/runner	4.1.2	Unknown	Unknown
npm/@vitest/snapshot	4.1.2	Unknown	Unknown
npm/@vitest/spy	4.1.2	Unknown	Unknown
npm/@vitest/utils	4.1.2	Unknown	Unknown
npm/knip	6.0.6	Unknown	Unknown
npm/lucide-react	1.7.0	⚠️ 2.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy ⚠️ 0 security policy file not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/posthog-js	1.363.6	🟢 7	Details Check Score Reason Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits
npm/posthog-node	5.28.6	🟢 7	Details Check Score Reason Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits
npm/vitest	4.1.2	Unknown	Unknown

Scanned Files

• .github/workflows/release.yml
• pnpm-lock.yaml

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!