Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Deprecations / Replacements

Warning

The following dependencies are either deprecated or have replacements available.

Datasource	Package	Replacement PR?
npm	@ckeditor/ckeditor5-vue2

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• fix(deps): bump ckeditor5 from 47.6.2 to ^47.7.1 (main)
• chore(deps): bump skjnldsv/read-package-engines-version-actions action from v2.2 to v3 (main)
• chore(deps): bump tripss/conventional-changelog-action action from v3 to v6 (main)
• chore(deps): bump vitest from 3.2.4 to v4 (main)
• chore(deps): bump webpack-cli from 6.0.1 to v7 (main)
• fix(deps): bump @nextcloud/vue from 8.38.0 to v9 (main)
• fix(deps): bump ckeditor5 from 47.6.2 to v48 (main)
• fix(deps): bump color-convert from 2.0.1 to v3 (main)
• fix(deps): bump p-limit from 6.2.0 to v7 (main)
• fix(deps): bump pinia from 2.3.1 to v3 (main)
• 🔐 Create all rate-limited PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): bump jsdom from 29.1.0 to ^29.1.1 (main)
• chore(deps): bump postcss from 8.5.13 to ^8.5.14 (main)
• fix(deps): bump dompurify from 3.4.1 to ^3.4.2 (main)
• fix(deps): bump stylelint from 17.10.0 to ^17.10.0 (main)
• fix(deps): bump html-to-text from 9.0.5 to v10 (main)

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): bump @nextcloud/eslint-config from 9.0.0-rc.8 to ^9.0.0-rc.9 (main)
• chore(deps): bump codecov/codecov-action action from v5.5.4 to v6 (main)
• chore(deps): bump node-polyfill-webpack-plugin from 3.0.0 to v4 (main)
• chore(deps): bump peter-evans/create-pull-request action from v7.0.11 to v8 (main)
• chore(deps): bump typescript from 5.9.3 to v6 (main)
• chore(deps): bump webpack-merge from 5.10.0 to v6 (main)
• fix(deps): bump @nextcloud/dialogs from 6.4.2 to v7 (main)
• fix(deps): bump @nextcloud/files from 3.12.2 to v4 (main)
• fix(deps): bump coenjacobs/mozart from 0.7.1 to v1 (main)
• fix(deps): bump webdav from 4.11.5 to v5 (main)
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• fix(deps): bump vue from 2.7.16 to v3 (main)
• chore(deps): bump psalm/phar from 5.26.1 to v7 (main)
• fix(deps): bump @pinia/testing from 0.1.7 to v1 (main)
• fix(deps): bump ckeditor5 from 45.2.2 to v47 (stable5.7)
• fix(deps): bump vue from 2.7.16 to v3 (stable5.7)
• fix(deps): bump vue from 2.7.16 to v3 (stable5.6)

Detected Dependencies

Branch main

composer (7)

composer.json (30)

• arthurhoaro/favicon ^2.0.1
• bamarni/composer-bin-plugin ^1.9.1
• bytestream/horde-exception ^2.2.0
• bytestream/horde-imap-client ^2.34.1
• bytestream/horde-mail ^2.7.2
• bytestream/horde-mime ^2.14.1
• bytestream/horde-stream ^1.7.2
• bytestream/horde-stringprep ^1.2.1
• bytestream/horde-support ^2.4.0
• bytestream/horde-text-filter ^2.5.0
• bytestream/horde-text-flowed ^2.1
• bytestream/horde-util ^2.8.1
• cerdic/css-tidy v2.2.1
• cweagans/composer-patches ~2.0
• ezyang/htmlpurifier 4.19.0
• glenscott/url-normalizer ^1.4
• hamza221/html2text ^1.0
• jeremykendall/php-domain-parser ^6.4.0
• nextcloud/horde-managesieve ^1.0.1
• nextcloud/horde-smtp ^1.0.3
• nextcloud/kitinerary ^1.0
• nextcloud/kitinerary-bin ^1.0.4
• nextcloud/kitinerary-flatpak ^1.0
• nextcloud/kitinerary-sys ^2.0.0
• phpmailer/dkimvalidator ^0.3.1
• psr/log ^3.0.2
• rubix/ml 2.5.3
• sabberworm/php-css-parser ^9.3.0
• youthweb/urllinker ^2.1.0
• psalm/phar ^5.26.1 → [Updates: ^7.0.0-beta19]

vendor-bin/cs-fixer/composer.json (2)

• nextcloud/coding-standard ^1.4.0
• php-cs-fixer/shim ^3.95.1

vendor-bin/mozart/composer.json (1)

• coenjacobs/mozart ^0.7.1 → [Updates: ^1.2.2]

vendor-bin/openapi/composer.json (1)

• nextcloud/openapi-extractor ^1.8.7

vendor-bin/phpunit/composer.json (2)

• christophwurst/nextcloud_testing ^2.0.0
• fig/log-test ^1.2.1

vendor-bin/psalm-stubs/composer.json (1)

• psr/log ^3.0.2

vendor-bin/rector/composer.json (2)

• rector/rector ^2.4.2
• nextcloud/rector ^0.5.0

github-actions (5)

.github/workflows/appstore-conventional-build-publish.yml (4)

• skjnldsv/check-actor-permission v3.0@69e92a3c4711150929bca9fcf34448c5bf5526e7
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• TriPSs/conventional-changelog-action v3@b7f32a8347e86c26ea2f4823cc7c160b9014c6a0 → [Updates: v6]
• actions/create-release v1@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e

.github/workflows/package.yml (3)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• skjnldsv/read-package-engines-version-actions v2.2@8205673bab74a63eb9b8093402fd9e0e018663a1 → [Updates: v3]
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/stale.yml (1)

• actions/stale v10@b5d41d4e1d5dceea10e7104786b73624c18a190f

.github/workflows/test.yml (12)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• codecov/codecov-action v5.5.4@75cd11691c0faa626561e295848008c8a7dddffe → [Updates: v6]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• codecov/codecov-action v5.5.4@75cd11691c0faa626561e295848008c8a7dddffe → [Updates: v6]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• skjnldsv/read-package-engines-version-actions v2.2@8205673bab74a63eb9b8093402fd9e0e018663a1 → [Updates: v3]
• actions/setup-node v6.4.0@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• icewind1991/nextcloud-version-matrix v1.3.2@8a7bac6300b2f0f3100088b297995a229558ddba
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-node v6.4.0@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/update-public-suffix-list.yml (2)

• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• peter-evans/create-pull-request v7.0.11@22a9089034f40e5a961c8808d113e2c98fb63676 → [Updates: v8.1.1]

npm (1)

package.json (85)

• @ckeditor/ckeditor5-vue2 ^3.0.1
• @iframe-resizer/child ^5.5.9
• @iframe-resizer/parent ^5.5.9
• @mdi/svg ^7.4.47
• @nextcloud/auth ^2.6.0
• @nextcloud/axios ^2.6.0
• @nextcloud/calendar-js ^8.1.6
• @nextcloud/cdav-library ^2.2.0
• @nextcloud/dialogs ^6.4.2 → [Updates: ^7.3.0]
• @nextcloud/files ^3.12.2 → [Updates: ^4.0.0]
• @nextcloud/initial-state ^3.0.0
• @nextcloud/l10n ^3.4.1
• @nextcloud/logger ^3.0.3
• @nextcloud/moment ^1.3.5
• @nextcloud/router ^3.1.0
• @nextcloud/sharing ^0.4.0
• @nextcloud/timezones ^1.0.2
• @nextcloud/vue ^8.38.0 → [Updates: ^9.7.0]
• @pinia/testing ^0.1.7 → [Updates: ^1.0.3]
• @riophae/vue-treeselect ^0.4.0
• address-rfc2822 ^2.2.3
• ckeditor5 ^47.6.2-alpha.0 → [Updates: ^47.7.1, ^48.0.1]
• color-convert ^2.0.1 → [Updates: ^3.1.3]
• core-js ^3.49.0
• debounce-promise ^3.1.2
• dompurify ^3.4.1 → [Updates: ^3.4.2]
• escape-html ^1.0.3
• html-to-text ^9.0.5 → [Updates: ^10.0.0]
• ical.js ^2.2.1
• js-base64 ^3.7.8
• jstz ^2.1.1
• lodash ^4.18.1
• md5 ^2.3.0
• mitt ^3.0.1
• nextcloud_issuetemplate_builder ^0.1.0
• node-forge ^1.4.0
• p-limit ^6.2.0 → [Updates: ^7.3.0]
• pinia ^2.3.1 → [Updates: ^3.0.4]
• printscout 2.0.3
• process ^0.11.10
• ramda ^0.32.0
• raw-loader ^4.0.2
• stylelint ^17.9.1 → [Updates: ^17.10.0]
• uuid ^14.0.0
• v-tooltip ^2.1.3
• vue ^2.7.16 → [Updates: ^3.0.0-alpha]
• vue-autosize ^1.0.2
• vue-dndrop ^1.3.4
• vue-frag ^1.4.3
• vue-material-design-icons ^5.3.1
• vue-router ^3.6.5
• vue-shortkey ^3.1.7
• vue-tabs-component ^1.5.0
• webdav 4.11.5 → [Updates: 5.9.0]
• @nextcloud/babel-config ^1.3.0
• @nextcloud/browserslist-config ^3.1.2
• @nextcloud/eslint-config ^9.0.0-rc.8 → [Updates: ^9.0.0-rc.9]
• @nextcloud/stylelint-config ^3.2.1
• @playwright/test ^1.59.1
• @vitejs/plugin-vue2 ^2.3.4
• @vue/test-utils ^1.3.6
• autoprefixer ^10.5.0
• babel-loader ^10.1.1
• babel-loader-exclude-node-modules-except ^1.2.4
• css-loader ^7.1.4
• eslint-plugin-import ^2.32.0
• eslint-plugin-vitest-globals ^1.6.1
• file-loader ^6.2.0
• jsdom ^29.1.0 → [Updates: ^29.1.1]
• node-polyfill-webpack-plugin ^3.0.0 → [Updates: ^4.1.0]
• patch-package ^8.0.1
• postcss ^8.5.12 → [Updates: ^8.5.14]
• sass ^1.99.0
• sass-loader ^16.0.7
• style-loader ^4.0.0
• svg-inline-loader ^0.8.2
• ts-loader ^9.5.7
• typescript ^5.9.3 → [Updates: ^6.0.3]
• url-loader ^4.1.1
• vitest ^3.2.4 → [Updates: ^4.1.5]
• vue-loader ^15.11.1
• vue-template-compiler ^2.7.16
• webpack ^5.106.2
• webpack-cli ^6.0.1 → [Updates: ^7.0.2]
• webpack-merge ^5.10.0 → [Updates: ^6.0.1]

Branch stable5.6

composer (7)

composer.json

vendor-bin/cs-fixer/composer.json

vendor-bin/mozart/composer.json

vendor-bin/openapi/composer.json

vendor-bin/phpunit/composer.json

vendor-bin/psalm-stubs/composer.json

vendor-bin/rector/composer.json

github-actions (5)

.github/workflows/appstore-conventional-build-publish.yml

.github/workflows/package.yml

.github/workflows/stale.yml

.github/workflows/test.yml

.github/workflows/update-public-suffix-list.yml

npm (1)

package.json (1)

• vue ^2.7.16 → [Updates: ^3.0.0-alpha]

Branch stable5.7

composer (7)

composer.json

vendor-bin/cs-fixer/composer.json

vendor-bin/mozart/composer.json

vendor-bin/openapi/composer.json

vendor-bin/phpunit/composer.json

vendor-bin/psalm-stubs/composer.json

vendor-bin/rector/composer.json

github-actions (5)

.github/workflows/appstore-conventional-build-publish.yml

.github/workflows/package.yml

.github/workflows/stale.yml

.github/workflows/test.yml

.github/workflows/update-public-suffix-list.yml

npm (1)

package.json (2)

• ckeditor5 ^45.2.2 → [Updates: ^47.0.0]
• vue ^2.7.16 → [Updates: ^3.0.0-alpha]

---

• Check this box to trigger a request for Renovate to run again on this repository