fix(deps): update all non-major dependencies #68

a-klos · 2025-07-31T09:30:27Z

This pull request includes a wide range of dependency upgrades, configuration improvements, and refactoring across infrastructure and Python libraries. The main focus is on updating Helm chart dependencies, Docker image tags, and Python package versions to ensure compatibility, security, and feature enhancements. Additionally, there are substantial improvements to the Langfuse integration and refactoring of summarizer and enhancer classes for better tracing and error handling.

Infrastructure and Helm Chart Upgrades:

Updated multiple Helm chart dependencies in infrastructure/rag/Chart.yaml, including langfuse (to 1.3.4), qdrant (to 1.15.0), minio (to 15.0.7), keydb, and ollama (to 1.24.0) for improved features and stability.
Upgraded Docker image tags for backend, frontend, admin-backend, extractor, and admin-frontend components to v2.1.0 in infrastructure/rag/values.yaml. [1] [2] [3] [4] [5]
Major overhaul of Langfuse configuration in infrastructure/rag/values.yaml, including explicit external service settings for PostgreSQL, Redis (KeyDB), ClickHouse, and MinIO, and removal of legacy environment variable configuration. [1] [2] [3]
Upgraded dependencies for server-setup/base-setup/Chart.yaml, including cert-manager and nginx-ingress-controller.
Updated Terraform provider version for Stackit in infrastructure/terraform/main.tf.

Python Library and Dependency Updates:

Upgraded Python package versions in libs/admin-api-lib/pyproject.toml and libs/extractor-api-lib/pyproject.toml, including fastapi, uvicorn, langfuse, opencv-python, pdfplumber, unstructured, langchain-core, and added pypdfium2. [1] [2] [3]
Updated flake8 plugin versions for code linting in both pyproject.toml files. [1] [2]

Langfuse Integration and Summarizer Refactoring:

Refactored summarizer and enhancer classes to use AsyncRunnable instead of AsyncChain, and switched to LangfuseTracedRunnable for improved tracing and error handling in libs/admin-api-lib/src/admin_api_lib/dependency_container.py, summarizer.py, and information_enhancer.py. [1] [2] [3] [4]
Improved error handling and retry logic in LangchainSummarizer by adding rate limit detection and exponential backoff using asyncio sleep. [1] [2] [3]

CI/CD Configuration Updates:

Updated Node.js version in GitHub Actions workflows to 22.17.1 for semantic-release.yml files across multiple locations. [1] [2] [3]

Miscellaneous:

Changed the MCP image name in Tiltfile to mcp-server for consistency with Helm values.
Added new KeyDB configuration options in infrastructure/rag/values.yaml.

Let me know if you'd like a deeper dive into any specific change!

This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.7` -> `5.4.19`](https://renovatebot.com/diffs/npm/vite/5.4.7/5.4.19) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.19?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.7/5.4.19?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-24010](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6) ### Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. > [!WARNING] > This vulnerability even applies to users that only run the Vite dev server on the local machine and does not expose the dev server to the network. ### Upgrade Path Users that does not match either of the following conditions should be able to upgrade to a newer version of Vite that fixes the vulnerability without any additional configuration. - Using the backend integration feature - Using a reverse proxy in front of Vite - Accessing the development server via a domain other than `localhost` or `*.localhost` - Using a plugin / framework that connects to the WebSocket server on their own from the browser #### Using the backend integration feature If you are using the backend integration feature and not setting [`server.origin`](https://vite.dev/config/server-options.html#server-origin), you need to add the origin of the backend server to the [`server.cors.origin`](https://redirect.github.com/expressjs/cors#configuration-options) option. Make sure to set a specific origin rather than `*`, otherwise any origin can access your development server. #### Using a reverse proxy in front of Vite If you are using a reverse proxy in front of Vite and sending requests to Vite with a hostname other than `localhost` or `*.localhost`, you need to add the hostname to the new [`server.allowedHosts`](https://vite.dev/config/server-options.html#server-allowedhosts) option. For example, if the reverse proxy is sending requests to `http://vite:5173`, you need to add `vite` to the `server.allowedHosts` option. #### Accessing the development server via a domain other than `localhost` or `*.localhost` You need to add the hostname to the new [`server.allowedHosts`](https://vite.dev/config/server-options.html#server-allowedhosts) option. For example, if you are accessing the development server via `http://foo.example.com:8080`, you need to add `foo.example.com` to the `server.allowedHosts` option. #### Using a plugin / framework that connects to the WebSocket server on their own from the browser If you are using a plugin / framework, try upgrading to a newer version of Vite that fixes the vulnerability. If the WebSocket connection appears not to be working, the plugin / framework may have a code that connects to the WebSocket server on their own from the browser. In that case, you can either: - fix the plugin / framework code to the make it compatible with the new version of Vite - set `legacy.skipWebSocketTokenCheck: true` to opt-out the fix for [2] while the plugin / framework is incompatible with the new version of Vite - When enabling this option, **make sure that you are aware of the security implications** described in the impact section of [2] above. ### Mitigation without upgrading Vite #### [1]: Permissive default CORS settings Set `server.cors` to `false` or limit `server.cors.origin` to trusted origins. #### [2]: Lack of validation on the Origin header for WebSocket connections There aren't any mitigations for this. #### [3]: Lack of validation on the Host header for HTTP requests Use Chrome 94+ or use HTTPS for the development server. ### Details There are three causes that allowed malicious websites to send any requests to the development server: #### [1]: Permissive default CORS settings Vite sets the [`Access-Control-Allow-Origin`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) header depending on [`server.cors`](https://vite.dev/config/server-options.html#server-cors) option. The default value was `true` which sets `Access-Control-Allow-Origin: *`. This allows websites on any origin to `fetch` contents served on the development server. Attack scenario: 1. The attacker serves a malicious web page (`http://malicious.example.com`). 2. The user accesses the malicious web page. 3. The attacker sends a `fetch('http://127.0.0.1:5173/main.js')` request by JS in that malicious web page. This request is normally blocked by same-origin policy, but that's not the case for the reasons above. 4. The attacker gets the content of `http://127.0.0.1:5173/main.js`. #### [2]: Lack of validation on the Origin header for WebSocket connections Vite starts a WebSocket server to handle HMR and other functionalities. This WebSocket server [did not perform validation on the Origin header](https://redirect.github.com/vitejs/vite/blob/v6.0.7/packages/vite/src/node/server/ws.ts#L145-L157) and was vulnerable to Cross-Site WebSocket Hijacking (CSWSH) attacks. With that attack, an attacker can read and write messages on the WebSocket connection. Vite only sends some information over the WebSocket connection ([list of the file paths that changed, the file content where the errored happened, etc.](https://redirect.github.com/vitejs/vite/blob/v6.0.7/packages/vite/types/hmrPayload.d.ts#L12-L72)), but plugins can send arbitrary messages and may include more sensitive information. Attack scenario: 1. The attacker serves a malicious web page (`http://malicious.example.com`). 2. The user accesses the malicious web page. 3. The attacker runs `new WebSocket('http://127.0.0.1:5173', 'vite-hmr')` by JS in that malicious web page. 4. The user edits some files. 5. Vite sends some HMR messages over WebSocket. 6. The attacker gets the content of the HMR messages. #### [3]: Lack of validation on the Host header for HTTP requests Unless [`server.https`](https://vite.dev/config/server-options.html#server-https) is set, Vite starts the development server on HTTP. Non-HTTPS servers are vulnerable to DNS rebinding attacks without validation on the Host header. But Vite did not perform validation on the Host header. By exploiting this vulnerability, an attacker can send arbitrary requests to the development server bypassing the same-origin policy. 1. The attacker serves a malicious web page that is served on **HTTP** (`http://malicious.example.com:5173`) (HTTPS won't work). 2. The user accesses the malicious web page. 3. The attacker changes the DNS to point to 127.0.0.1 (or other private addresses). 4. The attacker sends a `fetch('/main.js')` request by JS in that malicious web page. 5. The attacker gets the content of `http://127.0.0.1:5173/main.js` bypassing the same origin policy. ### Impact #### [1]: Permissive default CORS settings Users with the default `server.cors` option may: - get the source code stolen by malicious websites - give the attacker access to functionalities that are not supposed to be exposed externally - Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behind `server.proxy` may have those functionalities. #### [2]: Lack of validation on the Origin header for WebSocket connections All users may get the file paths of the files that changed and the file content where the error happened be stolen by malicious websites. For users that is using a plugin that sends messages over WebSocket, that content may be stolen by malicious websites. For users that is using a plugin that has a functionality that is triggered by messages over WebSocket, that functionality may be exploited by malicious websites. #### [3]: Lack of validation on the Host header for HTTP requests Users using HTTP for the development server and using a browser that is not Chrome 94+ may: - get the source code stolen by malicious websites - give the attacker access to functionalities that are not supposed to be exposed externally - Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behind `server.proxy` may have those functionalities. Chrome 94+ users are not affected for [3], because [sending a request to a private network page from public non-HTTPS page is forbidden](https://developer.chrome.com/blog/private-network-access-update#chrome_94) since Chrome 94. ### Related Information Safari has [a bug that blocks requests to loopback addresses from HTTPS origins](https://bugs.webkit.org/show_bug.cgi?id=171934). This means when the user is using Safari and Vite is listening on lookback addresses, there's another condition of "the malicious web page is served on HTTP" to make [1] and [2] to work. ### PoC #### [2]: Lack of validation on the Origin header for WebSocket connections 1. I used the `react` template which utilizes HMR functionality. ``` npm create vite@latest my-vue-app-react -- --template react ``` 2. Then on a malicious server, serve the following POC html: ```html <!doctype html> <html lang="en"> <head> <meta charset="utf-8" /> <title>vite CSWSH</title> </head> <body> <div id="logs"></div> <script> const div = document.querySelectorAll('#logs')[0]; const ws = new WebSocket('ws://localhost:5173','vite-hmr'); ws.onmessage = event => { const logLine = document.createElement('p'); logLine.innerHTML = event.data; div.append(logLine); }; </script> </body> </html> ``` 3. Kick off Vite ``` npm run dev ``` 4. Load the development server (open `http://localhost:5173/`) as well as the malicious page in the browser. 5. Edit `src/App.jsx` file and intentionally place a syntax error 6. Notice how the malicious page can view the websocket messages and a snippet of the source code is exposed Here's a video demonstrating the POC: https://github.com/user-attachments/assets/a4ad05cd-0b34-461c-9ff6-d7c8663d6961 #### [CVE-2025-30208](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w) ### Summary The contents of arbitrary files can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Details `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. ### PoC ```bash $ npm create vite@latest $ cd vite-project/ $ npm install $ npm run dev $ echo "top secret content" > /tmp/secret.txt # expected behaviour $ curl "http://localhost:5173/@fs/tmp/secret.txt" <body> <h1>403 Restricted</h1> <p>The request url "/tmp/secret.txt" is outside of Vite serving allow list. # security bypassed $ curl "http://localhost:5173/@fs/tmp/secret.txt?import&raw??" export default "top secret content\n" //# sourceMappingURL=data:application/json;base64,eyJ2... ``` #### [CVE-2025-31125](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8) ### Summary The contents of arbitrary files can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Details - base64 encoded content of non-allowed files is exposed using `?inline&import` (originally reported as `?import&?inline=1.wasm?init`) - content of non-allowed files is exposed using `?raw?import` `/@fs/` isn't needed to reproduce the issue for files inside the project root. ### PoC Original report (check details above for simplified cases): The ?import&?inline=1.wasm?init ending allows attackers to read arbitrary files and returns the file content if it exists. Base64 decoding needs to be performed twice ``` $ npm create vite@latest $ cd vite-project/ $ npm install $ npm run dev ``` Example full URL `http://localhost:5173/@fs/C:/windows/win.ini?import&?inline=1.wasm?init` #### [CVE-2025-31486](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x) ### Summary The contents of arbitrary files can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Details #### `.svg` Requests ending with `.svg` are loaded at this line. https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290 By adding `?.svg` with `?.wasm?init` or with `sec-fetch-dest: script` header, the restriction was able to bypass. This bypass is only possible if the file is smaller than [`build.assetsInlineLimit`](https://vite.dev/config/build-options.html#build-assetsinlinelimit) (default: 4kB) and when using Vite 6.0+. #### relative paths The check was applied before the id normalization. This allowed requests to bypass with relative paths (e.g. `../../`). ### PoC ```bash npm create vite@latest cd vite-project/ npm install npm run dev ``` send request to read `etc/passwd` ```bash curl 'http://127.0.0.1:5173/etc/passwd?.svg?.wasm?init' ``` ```bash curl 'http://127.0.0.1:5173/@fs/x/x/x/vite-project/?/../../../../../etc/passwd?import&?raw' ``` #### [CVE-2025-32395](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4) ### Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. ### Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) - running the Vite dev server on runtimes that are not Deno (e.g. Node, Bun) ### Details [HTTP 1.1 spec (RFC 9112) does not allow `#` in `request-target`](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2). Although an attacker can send such a request. For those requests with an invalid `request-line` (it includes `request-target`), the spec [recommends to reject them with 400 or 301](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2-4). The same can be said for HTTP 2 ([ref1](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-2.4.1), [ref2](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-3), [ref3](https://datatracker.ietf.org/doc/html/rfc9113#section-8.1.1-3)). On Node and Bun, those requests are not rejected internally and is passed to the user land. For those requests, the value of [`http.IncomingMessage.url`](https://nodejs.org/docs/latest-v22.x/api/http.html#messageurl) contains `#`. Vite assumed `req.url` won't contain `#` when checking `server.fs.deny`, allowing those kinds of requests to bypass the check. On Deno, those requests are not rejected internally and is passed to the user land as well. But for those requests, the value of `http.IncomingMessage.url` did not contain `#`. ### PoC ``` npm create vite@latest cd vite-project/ npm install npm run dev ``` send request to read `/etc/passwd` ``` curl --request-target /@fs/Users/doggy/Desktop/vite-project/#/../../../../../etc/passwd http://127.0.0.1:5173 ``` #### [CVE-2025-46565](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3) ### Summary The contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching pattern can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. Only files that are under [project `root`](https://vite.dev/config/shared-options.html#root) and are denied by a file matching pattern can be bypassed. - Examples of file matching patterns: `.env`, `.env.*`, `*.{crt,pem}`, `**/.env` - Examples of other patterns: `**/.git/**`, `.git/**`, `.git/**/*` ### Details [`server.fs.deny`](https://vite.dev/config/server-options.html#server-fs-deny) can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (`/.`). ### PoC ``` npm create vite@latest cd vite-project/ cat "secret" > .env npm install npm run dev curl --request-target /.env/. http://localhost:5173 ``` ![image](https://redirect.github.com/user-attachments/assets/822f4416-aa42-461f-8c95-a88d155e674b) ![image](https://redirect.github.com/user-attachments/assets/42902144-863a-4afb-ac5b-fc16effa37cc) --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v5.4.19`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.19) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.18...v5.4.19) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.19/packages/vite/CHANGELOG.md) for details. ### [`v5.4.18`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.18) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.17...v5.4.18) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.18/packages/vite/CHANGELOG.md) for details. ### [`v5.4.17`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.17) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.16...v5.4.17) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.17/packages/vite/CHANGELOG.md) for details. ### [`v5.4.16`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.16) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.15...v5.4.16) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.16/packages/vite/CHANGELOG.md) for details. ### [`v5.4.15`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.15) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.14...v5.4.15) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.15/packages/vite/CHANGELOG.md) for details. ### [`v5.4.14`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.14) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.13...v5.4.14) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.14/packages/vite/CHANGELOG.md) for details. ### [`v5.4.13`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.13) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.12...v5.4.13) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.13/packages/vite/CHANGELOG.md) for details. ### [`v5.4.12`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.12) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.11...v5.4.12) This version contains a breaking change due to security fixes. See https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6 for more details. Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.12/packages/vite/CHANGELOG.md) for details. ### [`v5.4.11`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#600-2024-11-26) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.10...v5.4.11) ![Vite 6 is out!](../../docs/public/og-image-announcing-vite6.png) Today, we're taking another big step in Vite's story. The Vite [team](https://vite.dev/team), [contributors](https://redirect.github.com/vitejs/vite/graphs/contributors), and ecosystem partners are excited to announce the release of the next Vite major: - **[Vite 6.0 announcement blog post](https://vite.dev/blog/announcing-vite6.html)** - [Docs](https://vite.dev/) - Translations: [简体中文](https://cn.vite.dev/), [日本語](https://ja.vite.dev/), [Español](https://es.vite.dev/), [Português](https://pt.vite.dev/), [한국어](https://ko.vite.dev/), [Deutsch](https://de.vite.dev/) - [Migration Guide](https://vite.dev/guide/migration.html) We want to thank the more than [1K contributors to Vite Core](https://redirect.github.com/vitejs/vite/graphs/contributors) and the maintainers and contributors of Vite plugins, integrations, tools, and translations that have helped us craft this new major. We invite you to get involved and help us improve Vite for the whole ecosystem. Learn more at our [Contributing Guide](https://redirect.github.com/vitejs/vite/blob/main/CONTRIBUTING.md). ##### ⚠ BREAKING CHANGES - drop node 21 support in version ranges ([#18729](https://redirect.github.com/vitejs/vite/issues/18729)) - **deps:** update dependency dotenv-expand to v12 ([#18697](https://redirect.github.com/vitejs/vite/issues/18697)) - **resolve:** allow removing conditions ([#18395](https://redirect.github.com/vitejs/vite/issues/18395)) - **html:** support more asset sources ([#11138](https://redirect.github.com/vitejs/vite/issues/11138)) - remove fs.cachedChecks option ([#18493](https://redirect.github.com/vitejs/vite/issues/18493)) - proxy bypass with WebSocket ([#18070](https://redirect.github.com/vitejs/vite/issues/18070)) - **css:** remove default import in ssr dev ([#17922](https://redirect.github.com/vitejs/vite/issues/17922)) - **lib:** use package name for css output file name ([#18488](https://redirect.github.com/vitejs/vite/issues/18488)) - update to chokidar v4 ([#18453](https://redirect.github.com/vitejs/vite/issues/18453)) - support `file://` resolution ([#18422](https://redirect.github.com/vitejs/vite/issues/18422)) - **deps:** update postcss-load-config to v6 ([#15235](https://redirect.github.com/vitejs/vite/issues/15235)) - **css:** change default sass api to modern/modern-compiler ([#17937](https://redirect.github.com/vitejs/vite/issues/17937)) - **css:** load postcss config within workspace root only ([#18440](https://redirect.github.com/vitejs/vite/issues/18440)) - default `build.cssMinify` to `'esbuild'` for SSR ([#15637](https://redirect.github.com/vitejs/vite/issues/15637)) - **json:** add `json.stringify: 'auto'` and make that the default ([#18303](https://redirect.github.com/vitejs/vite/issues/18303)) - bump minimal terser version to 5.16.0 ([#18209](https://redirect.github.com/vitejs/vite/issues/18209)) - **deps:** migrate `fast-glob` to `tinyglobby` ([#18243](https://redirect.github.com/vitejs/vite/issues/18243)) ##### Features - add support for .cur type ([#18680](https://redirect.github.com/vitejs/vite/issues/18680)) ([5ec9eed](https://redirect.github.com/vitejs/vite/commit/5ec9eedc80bbf39a33b498198ba07ed1bd9cacc7)) - drop node 21 support in version ranges ([#18729](https://redirect.github.com/vitejs/vite/issues/18729)) ([a384d8f](https://redirect.github.com/vitejs/vite/commit/a384d8fd39162190675abcfea31ba657383a3d03)) - enable HMR by default on ModuleRunner side ([#18749](https://redirect.github.com/vitejs/vite/issues/18749)) ([4d2abc7](https://redirect.github.com/vitejs/vite/commit/4d2abc7bba95cf516ce7341d5d8f349d61b75224)) - support `module-sync` condition when loading config if enabled ([#18650](https://redirect.github.com/vitejs/vite/issues/18650)) ([cf5028d](https://redirect.github.com/vitejs/vite/commit/cf5028d4bf0a0d59b4a98323beaadc268204056b)) - add `isSsrTargetWebWorker` flag to `configEnvironment` hook ([#18620](https://redirect.github.com/vitejs/vite/issues/18620)) ([3f5fab0](https://redirect.github.com/vitejs/vite/commit/3f5fab04aa64c0e9b45068e842f033583b365de0)) - add `ssr.resolve.mainFields` option ([#18646](https://redirect.github.com/vitejs/vite/issues/18646)) ([a6f5f5b](https://redirect.github.com/vitejs/vite/commit/a6f5f5baca7a5d2064f5f4cb689764ad939fab4b)) - expose default mainFields/conditions ([#18648](https://redirect.github.com/vitejs/vite/issues/18648)) ([c12c653](https://redirect.github.com/vitejs/vite/commit/c12c653ca5fab354e0f71394e2fbe636dccf6b2f)) - extended applyToEnvironment and perEnvironmentPlugin ([#18544](https://redirect.github.com/vitejs/vite/issues/18544)) ([8fa70cd](https://redirect.github.com/vitejs/vite/commit/8fa70cdfa65ce8254ab8da8be0d92614126764c0)) - **optimizer:** allow users to specify their esbuild `platform` option ([#18611](https://redirect.github.com/vitejs/vite/issues/18611)) ([0924879](https://redirect.github.com/vitejs/vite/commit/09248795ca79a7053b803af8977c3422f5cd5824)) - show error when accessing variables not exposed in CJS build ([#18649](https://redirect.github.com/vitejs/vite/issues/18649)) ([87c5502](https://redirect.github.com/vitejs/vite/commit/87c55022490d4710934c482abf5fbd4fcda9c3c9)) - **asset:** add `?inline` and `?no-inline` queries to control inlining ([#15454](https://redirect.github.com/vitejs/vite/issues/15454)) ([9162172](https://redirect.github.com/vitejs/vite/commit/9162172e039ae67ad4ee8dce18f04b7444f7d9de)) - **asset:** inline svg in dev if within limit ([#18581](https://redirect.github.com/vitejs/vite/issues/18581)) ([f08b146](https://redirect.github.com/vitejs/vite/commit/f08b1463db50f39b571faa871d05c92b10f3434c)) - use a single transport for fetchModule and HMR support ([#18362](https://redirect.github.com/vitejs/vite/issues/18362)) ([78dc490](https://redirect.github.com/vitejs/vite/commit/78dc4902ffef7f316e84d21648b04dc62dd0ae0a)) - **html:** support more asset sources ([#11138](https://redirect.github.com/vitejs/vite/issues/11138)) ([8a7af50](https://redirect.github.com/vitejs/vite/commit/8a7af50b5ddf72f21098406e9668bc609b323899)) - **resolve:** allow removing conditions ([#18395](https://redirect.github.com/vitejs/vite/issues/18395)) ([d002e7d](https://redirect.github.com/vitejs/vite/commit/d002e7d05a0f23110f9185b39222819bcdfffc16)) - **html:** support `vite-ignore` attribute to opt-out of processing ([#18494](https://redirect.github.com/vitejs/vite/issues/18494)) ([d951310](https://redirect.github.com/vitejs/vite/commit/d9513104e21175e1d23e0f614df55cd53291ab4e)) - **lib:** use package name for css output file name ([#18488](https://redirect.github.com/vitejs/vite/issues/18488)) ([61cbf6f](https://redirect.github.com/vitejs/vite/commit/61cbf6f2cfcd5afc91fe0a0ad56abfc36a32f1ab)) - log complete config in debug mode ([#18289](https://redirect.github.com/vitejs/vite/issues/18289)) ([04f6736](https://redirect.github.com/vitejs/vite/commit/04f6736fd7ac3da22141929c01a151f5a6fe4e45)) - proxy bypass with WebSocket ([#18070](https://redirect.github.com/vitejs/vite/issues/18070)) ([3c9836d](https://redirect.github.com/vitejs/vite/commit/3c9836d96f118ff5748916241bc3871a54247ad1)) - support `file://` resolution ([#18422](https://redirect.github.com/vitejs/vite/issues/18422)) ([6a7e313](https://redirect.github.com/vitejs/vite/commit/6a7e313754dce5faa5cd7c1e2343448cd7f3a2a2)) - update to chokidar v4 ([#18453](https://redirect.github.com/vitejs/vite/issues/18453)) ([192d555](https://redirect.github.com/vitejs/vite/commit/192d555f88bba7576e8a40cc027e8a11e006079c)) - allow custom `console` in `createLogger` ([#18379](https://redirect.github.com/vitejs/vite/issues/18379)) ([0c497d9](https://redirect.github.com/vitejs/vite/commit/0c497d9cb63bd4a6bb8e01c0e3b843890a239d23)) - **css:** add more stricter typing of lightningcss ([#18460](https://redirect.github.com/vitejs/vite/issues/18460)) ([b9b925e](https://redirect.github.com/vitejs/vite/commit/b9b925eb3f911ab63972124dc8ab0455449b925d)) - **css:** change default sass api to modern/modern-compiler ([#17937](https://redirect.github.com/vitejs/vite/issues/17937)) ([d4e0442](https://redirect.github.com/vitejs/vite/commit/d4e0442f9d6adc70b72ea0713dc8abb4b1f75ae4)) - read `sec-fetch-dest` header to detect JS in transform ([#9981](https://redirect.github.com/vitejs/vite/issues/9981)) ([e51dc40](https://redirect.github.com/vitejs/vite/commit/e51dc40b5907cf14d7aefaaf01fb8865a852ef15)) - **css:** load postcss config within workspace root only ([#18440](https://redirect.github.com/vitejs/vite/issues/18440)) ([d23a493](https://redirect.github.com/vitejs/vite/commit/d23a493cc4b54a2e2b2c1337b3b1f0c9b1be311e)) - **json:** add `json.stringify: 'auto'` and make that the default ([#18303](https://redirect.github.com/vitejs/vite/issues/18303)) ([b80daa7](https://redirect.github.com/vitejs/vite/commit/b80daa7c0970645dca569d572892648f66c6799c)) - add .git to deny list by default ([#18382](https://redirect.github.com/vitejs/vite/issues/18382)) ([105ca12](https://redirect.github.com/vitejs/vite/commit/105ca12b34e466dc9de838643954a873ac1ce804)) - add `environment::listen` ([#18263](https://redirect.github.com/vitejs/vite/issues/18263)) ([4d5f51d](https://redirect.github.com/vitejs/vite/commit/4d5f51d13f92cc8224a028c27df12834a0667659)) - enable dependencies discovery and pre-bundling in ssr environments ([#18358](https://redirect.github.com/vitejs/vite/issues/18358)) ([9b21f69](https://redirect.github.com/vitejs/vite/commit/9b21f69405271f1b864fa934a96adcb0e1a2bc4d)) - restrict characters useable for environment name ([#18255](https://redirect.github.com/vitejs/vite/issues/18255)) ([9ab6180](https://redirect.github.com/vitejs/vite/commit/9ab6180d3a20be71eb7aedef000f8c4ae3591c40)) - support arbitrary module namespace identifier imports from cjs deps ([#18236](https://redirect.github.com/vitejs/vite/issues/18236)) ([4389a91](https://redirect.github.com/vitejs/vite/commit/4389a917f8f5e8e67222809fb7b166bb97f6d02c)) - introduce RunnableDevEnvironment ([#18190](https://redirect.github.com/vitejs/vite/issues/18190)) ([fb292f2](https://redirect.github.com/vitejs/vite/commit/fb292f226f988e80fee4f4aea878eb3d5d229022)) - support `this.environment` in `options` and `onLog` hook ([#18142](https://redirect.github.com/vitejs/vite/issues/18142)) ([7722c06](https://redirect.github.com/vitejs/vite/commit/7722c061646bc8587f55f560bfe06b2a9643639a)) - **css:** support es2023 build target for lightningcss ([#17998](https://redirect.github.com/vitejs/vite/issues/17998)) ([1a76300](https://redirect.github.com/vitejs/vite/commit/1a76300cd16827f0640924fdc21747ce140c35fb)) - Environment API ([#16471](https://redirect.github.com/vitejs/vite/issues/16471)) ([242f550](https://redirect.github.com/vitejs/vite/commit/242f550eb46c93896fca6b55495578921e29a8af)) - expose `EnvironmentOptions` type ([#18080](https://redirect.github.com/vitejs/vite/issues/18080)) ([35cf59c](https://redirect.github.com/vitejs/vite/commit/35cf59c9d53ef544eb5f2fe2f9ff4d6cb225e63b)) ##### Bug Fixes - `createRunnableDevEnvironment` returns `RunnableDevEnvironment`, not `DevEnvironment` ([#18673](https://redirect.github.com/vitejs/vite/issues/18673)) ([74221c3](https://redirect.github.com/vitejs/vite/commit/74221c391bffd61b9ef39b7c0f9ea2e405913a6f)) - `getModulesByFile` should return a `serverModule` ([#18715](https://redirect.github.com/vitejs/vite/issues/18715)) ([b80d5ec](https://redirect.github.com/vitejs/vite/commit/b80d5ecbbcc374bd8f32b2ed5ceb3cbfffaae77b)) - catch error in full reload handler ([#18713](https://redirect.github.com/vitejs/vite/issues/18713)) ([a10e741](https://redirect.github.com/vitejs/vite/commit/a10e7410656d3614cbfd07ba772776ff334a8d60)) - **client:** overlay not appearing when multiple vite clients were loaded ([#18647](https://redirect.github.com/vitejs/vite/issues/18647)) ([27d70b5](https://redirect.github.com/vitejs/vite/commit/27d70b5fa61f1c1a836d52809549cb57569f42a4)) - **deps:** update all non-major dependencies ([#18691](https://redirect.github.com/vitejs/vite/issues/18691)) ([f005461](https://redirect.github.com/vitejs/vite/commit/f005461ecce89ada21cb0c021f7af460b5479736)) - **deps:** update dependency dotenv-expand to v12 ([#18697](https://redirect.github.com/vitejs/vite/issues/18697)) ([0c658de](https://redirect.github.com/vitejs/vite/commit/0c658de41f4c1576c526a8c48a8ea0a019c6311c)) - display pre-transform error details ([#18764](https://redirect.github.com/vitejs/vite/issues/18764)) ([554f45f](https://redirect.github.com/vitejs/vite/commit/554f45f4d820c57c0874ebe48ef2fddfafdd0750)) - exit code on `SIGTERM` ([#18741](https://redirect.github.com/vitejs/vite/issues/18741)) ([cc55e36](https://redirect.github.com/vitejs/vite/commit/cc55e36dd39fef134568f53acc66514cbb7175ea)) - expose missing `InterceptorOptions` type ([#18766](https://redirect.github.com/vitejs/vite/issues/18766)) ([6252c60](https://redirect.github.com/vitejs/vite/commit/6252c6035695365c93773fbe06a4b2a307e86368)) - **html:** fix inline proxy modules invalidation ([#18696](https://redirect.github.com/vitejs/vite/issues/18696)) ([8ab04b7](https://redirect.github.com/vitejs/vite/commit/8ab04b70ada119fbca2fc5a53c36f233423febbe)) - log error when send in module runner failed ([#18753](https://redirect.github.com/vitejs/vite/issues/18753)) ([ba821bb](https://redirect.github.com/vitejs/vite/commit/ba821bb63eca6d8a9199ee2253ef2607375f5702)) - **module-runner:** make evaluator optional ([#18672](https://redirect.github.com/vitejs/vite/issues/18672)) ([fd1283f](https://redirect.github.com/vitejs/vite/commit/fd1283fe27cc1a19b5c7d9d72664832e4daa1bbf)) - **optimizer:** detect npm / yarn / pnpm dependency changes correctly ([#17336](https://redirect.github.com/vitejs/vite/issues/17336)) ([#18560](https://redirect.github.com/vitejs/vite/issues/18560)) ([818cf3e](https://redirect.github.com/vitejs/vite/commit/818cf3e7bf1b6c2dc56e7cd8f056bc1d185c2cd7)) - **optimizer:** trigger onCrawlEnd after manual included deps are registered ([#18733](https://redirect.github.com/vitejs/vite/issues/18733)) ([dc60410](https://redirect.github.com/vitejs/vite/commit/dc6041099ccd5767764fb8c99a169869bbd13f16)) - **optimizer:** workaround firefox's false warning for no sources source map ([#18665](https://redirect.github.com/vitejs/vite/issues/18665)) ([473424e](https://redirect.github.com/vitejs/vite/commit/473424ee8d6b743c1565bf0749deb5d9fbedcea7)) - **ssr:** replace `__vite_ssr_identity__` with `(0, ...)` and inject `;` between statements ([#18748](https://redirect.github.com/vitejs/vite/issues/18748)) ([94546be](https://redirect.github.com/vitejs/vite/commit/94546be18354a457bced5107aa31533b09e304ec)) - cjs build for perEnvironmentState et al ([#18656](https://redirect.github.com/vitejs/vite/issues/18656)) ([95c4b3c](https://redirect.github.com/vitejs/vite/commit/95c4b3c371dc7fb12c28cb1307f6f389887eb1e1)) - **html:** externalize `rollup.external` scripts correctly ([#18618](https://redirect.github.com/vitejs/vite/issues/18618)) ([55461b4](https://redirect.github.com/vitejs/vite/commit/55461b43329db6a5e737eab591163a8681ba9230)) - include more modules to prefix-only module list ([#18667](https://redirect.github.com/vitejs/vite/issues/18667)) ([5a2103f](https://redirect.github.com/vitejs/vite/commit/5a2103f0d486a7725c23c70710b11559c00e9b93)) - **ssr:** format `ssrTransform` parse error ([#18644](https://redirect.github.com/vitejs/vite/issues/18644)) ([d9be921](https://redirect.github.com/vitejs/vite/commit/d9be92187cb17d740856af27d0ab60c84e04d58c)) - **ssr:** preserve fetchModule error details ([#18626](https://redirect.github.com/vitejs/vite/issues/18626)) ([866a433](https://redirect.github.com/vitejs/vite/commit/866a433a34ab2f6d2910506e781b346091de1b9e)) - browser field should not be included by default for `consumer: 'server'` ([#18575](https://redirect.github.com/vitejs/vite/issues/18575)) ([87b2347](https://redirect.github.com/vitejs/vite/commit/87b2347a13ea8ae8282f0f1e2233212c040bfed8)) - **client:** detect ws close correctly ([#18548](https://redirect.github.com/vitejs/vite/issues/18548)) ([637d31b](https://redirect.github.com/vitejs/vite/commit/637d31bcc59d964e51f7969093cc369deee88ca1)) - **resolve:** run ensureVersionQuery for SSR ([#18591](https://redirect.github.com/vitejs/vite/issues/18591)) ([63207e5](https://redirect.github.com/vitejs/vite/commit/63207e5d0fbedc8ddddb7d1faaa8ea9a45a118d4)) - use `server.perEnvironmentStartEndDuringDev` ([#18549](https://redirect.github.com/vitejs/vite/issues/18549)) ([fe30349](https://redirect.github.com/vitejs/vite/commit/fe30349d350ef08bccd56404ccc3e6d6e0a2e156)) - allow nested dependency selector to be used for `optimizeDeps.include` for SSR ([#18506](https://redirect.github.com/vitejs/vite/issues/18506)) ([826c81a](https://redirect.github.com/vitejs/vite/commit/826c81a40bb25914d55cd2e96b548f1a2c384a19)) - asset `new URL(,import.meta.url)` match ([#18194](https://redirect.github.com/vitejs/vite/issues/18194)) ([5286a90](https://redirect.github.com/vitejs/vite/commit/5286a90a3c1b693384f99903582a1f70b7b44945)) - close watcher if it's disabled ([#18521](https://redirect.github.com/vitejs/vite/issues/18521)) ([85bd0e9](https://redirect.github.com/vitejs/vite/commit/85bd0e9b0dc637c7645f2b56f93071d6e1ec149c)) - **config:** write temporary vite config to node\_modules ([#18509](https://redirect.github.com/vitejs/vite/issues/18509)) ([72eaef5](https://redirect.github.com/vitejs/vite/commit/72eaef5300d20b7163050461733c3208a4013e1e)) - **css:** `cssCodeSplit` uses the current environment configuration ([#18486](https://redirect.github.com/vitejs/vite/issues/18486)) ([eefe895](https://redirect.github.com/vitejs/vite/commit/eefe8957167681b85f0e1b07bc5feefa307cccb0)) - **json:** don't `json.stringify` arrays ([#18541](https://redirect.github.com/vitejs/vite/issues/18541)) ([fa50b03](https://redirect.github.com/vitejs/vite/commit/fa50b03390dae280293174f65f850522599b9ab7)) - **less:** prevent rebasing `[@import](https://redirect.github.com/import) url(...)` ([#17857](https://redirect.github.com/vitejs/vite/issues/17857)) ([aec5fdd](https://redirect.github.com/vitejs/vite/commit/aec5fdd72e3aeb2aa26796001b98f3f330be86d1)) - **lib:** only resolve css bundle name if have styles ([#18530](https://redirect.github.com/vitejs/vite/issues/18530)) ([5d6dc49](https://redirect.github.com/vitejs/vite/commit/5d6dc491b6bb78613694eaf686e2e305b71af5e1)) - **scss:** improve error logs ([#18522](https://redirect.github.com/vitejs/vite/issues/18522)) ([3194a6a](https://redirect.github.com/vitejs/vite/commit/3194a6a60714a3978f5e4b39d6223f32a8dc01ef)) - `define` in environment config was not working ([#18515](https://redirect.github.com/vitejs/vite/issues/18515)) ([052799e](https://redirect.github.com/vitejs/vite/commit/052799e8939cfcdd7a7ff48daf45a766bf6cc546)) - **build:** apply resolve.external/noExternal to server environments ([#18495](https://redirect.github.com/vitejs/vite/issues/18495)) ([5a967cb](https://redirect.github.com/vitejs/vite/commit/5a967cb596c7c4b0548be1d9025bc1e34b36169a)) - **config:** remove error if require resolve to esm ([#18437](https://redirect.github.com/vitejs/vite/issues/18437)) ([f886f75](https://redirect.github.com/vitejs/vite/commit/f886f75396cdb5a43ec5377bbbaaffc0e8ae03e9)) - consider URLs with any protocol to be external ([#17369](https://redirect.github.com/vitejs/vite/issues/17369)) ([a0336bd](https://redirect.github.com/vitejs/vite/commit/a0336bd5197bb4427251be4c975e30fb596c658f)) - **css:** remove default import in ssr dev ([#17922](https://redirect.github.com/vitejs/vite/issues/17922)) ([eccf663](https://redirect.github.com/vitejs/vite/commit/eccf663e35a17458425860895bb30b3b0613ea96)) - use picomatch to align with tinyglobby ([#18503](https://redirect.github.com/vitejs/vite/issues/18503)) ([437795d](https://redirect.github.com/vitejs/vite/commit/437795db8307ce4491d066bcaaa5bd9432193773)) - **css:** `cssCodeSplit` in `environments.xxx.build` is invalid ([#18464](https://redirect.github.com/vitejs/vite/issues/18464)) ([993e71c](https://redirect.github.com/vitejs/vite/commit/993e71c4cb227bd8c347b918f52ccd83f85a645a)) - **css:** make sass types work with sass-embedded ([#18459](https://redirect.github.com/vitejs/vite/issues/18459)) ([89f8303](https://redirect.github.com/vitejs/vite/commit/89f8303e727791aa7be6f35833a708b6a50e9120)) - **deps:** update all non-major dependencies ([#18484](https://redirect.github.com/vitejs/vite/issues/18484)) ([2ec12df](https://redirect.github.com/vitejs/vite/commit/2ec12df98d07eb4c986737e86a4a9f8066724658)) - handle warmup glob hang ([#18462](https://redirect.github.com/vitejs/vite/issues/18462)) ([409fa5c](https://redirect.github.com/vitejs/vite/commit/409fa5c9dee0e394bcdc3b111f5b2e4261131ca0)) - **manifest:** non entry CSS chunk src was wrong ([#18133](https://redirect.github.com/vitejs/vite/issues/18133)) ([c148676](https://redirect.github.com/vitejs/vite/commit/c148676c90dc4823bc6bdeb8ba1e36386c5d9654)) - **module-runner:** delay function eval until module runner instantiation ([#18480](https://redirect.github.com/vitejs/vite/issues/18480)) ([472afbd](https://redirect.github.com/vitejs/vite/commit/472afbd010db3f1c7a59826c7bf4067191b7f48a)) - **plugins:** noop if config hook returns same config reference ([#18467](https://redirect.github.com/vitejs/vite/issues/18467)) ([bd540d5](https://redirect.github.com/vitejs/vite/commit/bd540d52eb609ca12dad8e2f3fe8011821bda878)) - return the same instance of ModuleNode for the same EnvironmentModuleNode ([#18455](https://redirect.github.com/vitejs/vite/issues/18455)) ([5ead461](https://redirect.github.com/vitejs/vite/commit/5ead461b374d76ceb134063477eaf3f97fe3da97)) - set scripts imported by HTML moduleSideEffects=true ([#18411](https://redirect.github.com/vitejs/vite/issues/18411)) ([2ebe4b4](https://redirect.github.com/vitejs/vite/commit/2ebe4b44430dd311028f72520ac977bb202ce50b)) - use websocket to test server liveness before client reload ([#17891](https://redirect.github.com/vitejs/vite/issues/17891)) ([7f9f8c6](https://redirect.github.com/vitejs/vite/commit/7f9f8c6851d1eb49a72dcb6c134873148a2e81eb)) - add typing to `CSSOptions.preprocessorOptions` ([#18001](https://redirect.github.com/vitejs/vite/issues/18001)) ([7eeb6f2](https://redirect.github.com/vitejs/vite/commit/7eeb6f2f97abf5dfc71c225b9cff9779baf2ed2f)) - default `build.cssMinify` to `'esbuild'` for SSR ([#15637](https://redirect.github.com/vitejs/vite/issues/15637)) ([f1d3bf7](https://redirect.github.com/vitejs/vite/commit/f1d3bf74cc7f12e759442fd7111d07e2c0262a67)) - **dev:** prevent double URL encoding in server.open on macOS ([#18443](https://redirect.github.com/vitejs/vite/issues/18443)) ([56b7176](https://redirect.github.com/vitejs/vite/commit/56b71768f3ee498962fba898804086299382bb59)) - **preview:** set resolvedUrls null after close ([#18445](https://redirect.github.com/vitejs/vite/issues/18445)) ([65014a3](https://redirect.github.com/vitejs/vite/commit/65014a32ef618619c5a34b729d67340d9253bdd5)) - **ssr:** inject identity function at the top ([#18449](https://redirect.github.com/vitejs/vite/issues/18449)) ([0ab20a3](https://redirect.github.com/vitejs/vite/commit/0ab20a3ee26eacf302415b3087732497d0a2f358)) - **ssr:** preserve source maps for hoisted imports (fix [#16355](https://redirect.github.com/vitejs/vite/issues/16355)) ([#16356](https://redirect.github.com/vitejs/vite/issues/16356)) ([8e382a6](https://redirect.github.com/vitejs/vite/commit/8e382a6a1fed2cd41051b81f9cd9c94b484352a5)) - augment hash for CSS files to prevent chromium erroring by loading previous files ([#18367](https://redirect.github.com/vitejs/vite/issues/18367)) ([a569f42](https://redirect.github.com/vitejs/vite/commit/a569f42ee93229308be7a327b7a71e79f3d58b01)) - **cli:** `--watch` should not override `build.watch` options ([#18390](https://redirect.github.com/vitejs/vite/issues/18390)) ([b2965c8](https://redirect.github.com/vitejs/vite/commit/b2965c8e9f74410bc8047a05528c74b68a3856d7)) - **css:** don't transform sass function calls with namespace ([#18414](https://redirect.github.com/vitejs/vite/issues/18414)) ([dbb2604](https://redirect.github.com/vitejs/vite/commit/dbb260499f894d495bcff3dcdf5635d015a2f563)) - **deps:** update `open` dependency to 10.1.0 ([#18349](https://redirect.github.com/vitejs/vite/issues/18349)) ([5cca4bf](https://redirect.github.com/vitejs/vite/commit/5cca4bfd3202c7aea690acf63f60bfe57fa165de)) - **deps:** update all non-major dependencies ([#18345](https://redirect.github.com/vitejs/vite/issues/18345)) ([5552583](https://redirect.github.com/vitejs/vite/commit/5552583a2272cd4208b30ad60e99d984e34645f0)) - more robust plugin.sharedDuringBuild ([#18351](https://redirect.github.com/vitejs/vite/issues/18351)) ([47b1270](https://redirect.github.com/vitejs/vite/commit/47b12706ce2d0c009d6078a61e16e81a04c9f49c)) - **ssr:** `this` in exported function should be `undefined` ([#18329](https://redirect.github.com/vitejs/vite/issues/18329)) ([bae6a37](https://redirect.github.com/vitejs/vite/commit/bae6a37628c4870f3db92351e8af2a7b4a07e248)) - **worker:** rewrite rollup `output.format` with `worker.format` on worker build error ([#18165](https://redirect.github.com/vitejs/vite/issues/18165)) ([dc82334](https://redirect.github.com/vitejs/vite/commit/dc823347bb857a9f63eee7e027a52236d7e331e0)) - `injectQuery` double encoding ([#18246](https://redirect.github.com/vitejs/vite/issues/18246)) ([2c5f948](https://redirect.github.com/vitejs/vite/commit/2c5f948d0646f6a0237570ab5d36b06d31cb94c9)) - add position to import analysis resolve exception ([#18344](https://redirect.github.com/vitejs/vite/issues/18344)) ([0fe95d4](https://redirect.github.com/vitejs/vite/commit/0fe95d4a71930cf55acd628efef59e6eae0f77f7)) - **assets:** make srcset parsing HTML spec compliant ([#16323](https://redirect.github.com/vitejs/vite/issues/16323)) ([#18242](https://redirect.github.com/vitejs/vite/issues/18242)) ([0e6d4a5](https://redirect.github.com/vitejs/vite/commit/0e6d4a5e23cdfb2ec433f687e455b9827269527c)) - **css:** dont remove JS chunk for pure CSS chunk when the export is used ([#18307](https://redirect.github.com/vitejs/vite/issues/18307)) ([889bfc0](https://redirect.github.com/vitejs/vite/commit/889bfc0ada6d6cd356bb7a92efdce96298f82fef)) - **deps:** bump tsconfck ([#18322](https://redirect.github.com/vitejs/vite/issues/18322)) ([67783b2](https://redirect.github.com/vitejs/vite/commit/67783b2d5513e013bf74844186eb9b2b70d17d5c)) - **deps:** update all non-major dependencies ([#18292](https://redirect.github.com/vitejs/vite/issues/18292)) ([5cac054](https://redirect.github.com/vitejs/vite/commit/5cac0544dca2764f0114aac38e9922a0c13d7ef4)) - destroy the runner when runnable environment is closed ([#18282](https://redirect.github.com/vitejs/vite/issues/18282)) ([5212d09](https://redirect.github.com/vitejs/vite/commit/5212d09579a82bc09b149c77e996d0e5c3972455)) - handle yarn command fail when root does not exist ([#18141](https://redirect.github.com/vitejs/vite/issues/18141)) ([460aaff](https://redirect.github.com/vitejs/vite/commit/460aaffbf134a9eda6e092a564afc2eeebf8f935)) - **hmr:** don't try to rewrite imports for direct CSS soft invalidation ([#18252](https://redirect.github.com/vitejs/vite/issues/18252)) ([a03bb0e](https://redirect.github.com/vitejs/vite/commit/a03bb0e2ba35af314c57fc98600bb76566592239)) - make it easier to configure environment runner ([#18273](https://redirect.github.com/vitejs/vite/issues/18273)) ([fb35a78](https://redirect.github.com/vitejs/vite/commit/fb35a7800e21ed2c6f9d0f843898afa1fcc87795)) - **middleware-mode:** call all hot.listen when server restart ([#18261](https://redirect.github.com/vitejs/vite/issues/18261)) ([007773b](https://redirect.github.com/vitejs/vite/commit/007773b550e7c6bcaeb8d88970fd6dfe999d5a4a)) - **optimizer:** don't externalize transitive dep package name with asset extension ([#18152](https://redirect.github.com/vitejs/vite/issues/18152)) ([fafc7e2](https://redirect.github.com/vitejs/vite/commit/fafc7e28d3395292fbc2f2355417dcc15871ab1e)) - **resolve:** fix resolve cache key for external conditions ([#18332](https://redirect.github.com/vitejs/vite/issues/18332)) ([93d286c](https://redirect.github.com/vitejs/vite/commit/93d286c4c1af0b379002a6ff495e82bb87acd65c)) - **resolve:** fix resolve cache to consider `conditions` and more ([#18302](https://redirect.github.com/vitejs/vite/issues/18302)) ([2017a33](https://redirect.github.com/vitejs/vite/commit/2017a330f5576dfc9db1538e0b899a1776cd100a)) - **types:** add more overload to `defineConfig` ([#18299](https://redirect.github.com/vitejs/vite/issues/18299)) ([94e34cf](https://redirect.github.com/vitejs/vite/commit/94e34cf1dfe6fdb331b6508e830b2cc446000aac)) - asset import should skip handling data URIs ([#18163](https://redirect.github.com/vitejs/vite/issues/18163)) ([70813c7](https://redirect.github.com/vitejs/vite/commit/70813c7f05fc9a45d102a53514ecac23831e6d6b)) - cache the runnable environment module runner ([#18215](https://redirect.github.com/vitejs/vite/issues/18215)) ([95020ab](https://redirect.github.com/vitejs/vite/commit/95020ab49e12d143262859e095025cf02423c1d9)) - call `this.hot.close` for non-ws HotChannel ([#18212](https://redirect.github.com/vitejs/vite/issues/18212)) ([bad0ccc](https://redirect.github.com/vitejs/vite/commit/bad0cccee80c02fa309f274220f6d324d03c3b19)) - close HotChannel on environment close ([#18206](https://redirect.github.com/vitejs/vite/issues/18206)) ([2d148e3](https://redirect.github.com/vitejs/vite/commit/2d148e347e8fbcc6f0e4e627a20acc81d9ced3e0)) - **config:** treat all files as ESM on deno ([#18081](https://redirect.github.com/vitejs/vite/issues/18081)) ([c1ed8a5](https://redirect.github.com/vitejs/vite/commit/c1ed8a595a02ec7f8f5a8d23f97b2f21d3834ab1)) - **css:** ensure sass compiler initialized only once ([#18128](https://redirect.github.com/vitejs/vite/issues/18128)) ([4cc5322](https://redirect.github.com/vitejs/vite/commit/4cc53224e9b207aa6a5a111e40ed0a0464cf37f4)) - **css:** fix lightningcss dep url resolution with custom root ([#18125](https://redirect.github.com/vitejs/vite/issues/18125)) ([eb08f60](https://redirect.github.com/vitejs/vite/commit/eb08f605ddadef99a5d68f55de143e3e47c91618)) - **css:** fix missing source file warning with sass modern api custom importer ([#18113](https://redirect.github.com/vitejs/vite/issues/18113)) ([d7763a5](https://redirect.github.com/vitejs/vite/commit/d7763a5615a238cb1b5dceb7bdfc4aac7678fb0a)) - **data-uri:** only match ids starting with `data:` ([#18241](https://redirect.github.com/vitejs/vite/issues/18241)) ([ec0efe8](https://redirect.github.com/vitejs/vite/commit/ec0efe8a06d0271ef0154f38fb9beabcd4b1bd89)) - **deps:** update all non-major dependencies ([#18170](https://redirect.github.com/vitejs/vite/issues/18170)) ([c8aea5a](https://redirect.github.com/vitejs/vite/commit/c8aea5ae0af90dc6796ef3bdd612d1eb819f157b)) - **deps:** upgrade rollup 4.22.4+ to ensure avoiding XSS ([#18180](https://redirect.github.com/vitejs/vite/issues/18180)) ([ea1d0b9](https://redirect.github.com/vitejs/vite/commit/ea1d0b9af9b28b57166d4ca67bece21650221a04)) - **html:** make build-html plugin work with `sharedPlugins` ([#18214](https://redirect.github.com/vitejs/vite/issues/18214)) ([34041b9](https://redirect.github.com/vitejs/vite/commit/34041b9d8ea39aa9138d0c2417bfbe39cc9aabdc)) - **mixedModuleGraph:** handle undefined id in getModulesByFile ([#18201](https://redirect.github.com/vitejs/vite/issues/18201)) ([768a50f](https://redirect.github.com/vitejs/vite/commit/768a50f7ac668dbf876feef557d8c0f8ff32b8ff)) - **optimizer:** re-optimize when changing config `webCompatible` ([#18221](https://redirect.github.com/vitejs/vite/issues/18221)) ([a44b0a2](https://redirect.github.com/vitejs/vite/commit/a44b0a2690812788aaaba00fd3acd2c6fa36669b)) - require serialization for `HMRConnection.send` on implementation side ([#18186](https://redirect.github.com/vitejs/vite/issues/18186)) ([9470011](https://redirect.github.com/vitejs/vite/commit/9470011570503a917021915c47e6a2f36aae16b5)) - **ssr:** fix source map remapping with multiple sources ([#18150](https://redirect.github.com/vitejs/vite/issues/18150)) ([e003a2c](https://redirect.github.com/vitejs/vite/commit/e003a2ca73b04648e14ebf40f3616838e2da3d6d)) - use `config.consumer` instead of `options?.ssr` / `config.build.ssr` ([#18140](https://redirect.github.com/vitejs/vite/issues/18140)) ([21ec1ce](https://redirect.github.com/vitejs/vite/commit/21ec1ce7f041efa5cd781924f7bc536ab406a197)) - **vite:** refactor "module cache" to "evaluated modules", pass down module to "runInlinedModule" ([#18092](https://redirect.github.com/vitejs/vite/issues/18092)) ([e83beff](https://redirect.github.com/vitejs/vite/commit/e83beff596072f9c7a42f6e2410f154668981d71)) - avoid DOM Clobbering gadget in `getRelativeUrlFromDocument` ([#18115](https://redirect.github.com/vitejs/vite/issues/18115)) ([ade1d89](https://redirect.github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad)) - fs raw query ([#18112](https://redirect.github.com/vitejs/vite/issues/18112)) ([9d2413c](https://redirect.github.com/vitejs/vite/commit/9d2413c8b64bfb1dfd953340b4e1b5972d5440aa)) - **preload:** throw error preloading module as well ([#18098](https://redirect.github.com/vitejs/vite/issues/18098)) ([ba56cf4](https://redirect.github.com/vitejs/vite/commit/ba56cf43b5480f8519349f7d7fe60718e9af5f1a)) - allow scanning exports from `script module` in svelte ([#18063](https://redirect.github.com/vitejs/vite/issues/18063)) ([7d699aa](https://redirect.github.com/vitejs/vite/commit/7d699aa98155cbf281e3f7f6a8796dcb3b4b0fd6)) - **build:** declare `preload-helper` has no side effects ([#18057](https://redirect.github.com/vitejs/vite/issues/18057)) ([587ad7b](https://redirect.github.com/vitejs/vite/commit/587ad7b17beba50279eaf46b06c5bf5559c4f36e)) - **css:** fallback to mainthread if logger or pkgImporter option is set for sass ([#18071](https://redirect.github.com/vitejs/vite/issues/18071)) ([d81dc59](https://redirect.github.com/vitejs/vite/commit/d81dc59473b1053bf48c45a9d45f87ee6ecf2c02)) - **dynamicImportVars:** correct glob pattern for paths with parentheses ([#17940](https://redirect.github.com/vitejs/vite/issues/17940)) ([2a391a7](https://redirect.github.com/vitejs/vite/commit/2a391a7df6e5b4a8d9e8313fba7ddf003df41e12)) - ensure req.url matches moduleByEtag URL to avoid incorrect 304 ([#17997](https://redirect.github.com/vitejs/vite/issues/17997)) ([abf04c3](https://redirect.github.com/vitejs/vite/commit/abf04c3a84f4d9962a6f9697ca26cd639fa76e87)) - **html:** escape html attribute ([#18067](https://redirect.github.com/vitejs/vite/issues/18067)) ([5983f36](https://redirect.github.com/vitejs/vite/commit/5983f366d499f74d473097154bbbcc8e51476dc4)) - incorrect environment consumer option resolution ([#18079](https://redirect.github.com/vitejs/vite/issues/18079)) ([0e3467e](https://redirect.github.com/vitejs/vite/commit/0e3467e503aef45119260fe75b399b26f7a80b66)) - **preload:** allow ignoring dep errors ([#18046](https://redirect.github.com/vitejs/vite/issues/18046)) ([3fb2889](https://redirect.github.com/vitejs/vite/commit/3fb28896d916e03cef1b5bd6877ac184c7ec8003)) - store backwards compatible `ssrModule` and `ssrError` ([#18031](https://redirect.github.com/vitejs/vite/issues/18031)) ([cf8ced5](https://redirect.github.com/vitejs/vite/commit/cf8ced56ea4932e917e2c4ef3d04a87f0ab4f20b)) ##### Performance Improvements - reduce bundle size for `Object.keys(import.meta.glob(...))` / `Object.values(import.meta.glob(...))` ([#18666](https://redirect.github.com/vitejs/vite/issues/18666)) ([ed99a2c](https://redirect.github.com/vitejs/vite/commit/ed99a2cd31e8d3c2b791885bcc4b188570539e45)) - **worker:** inline worker without base64 ([#18752](https://redirect.github.com/vitejs/vite/issues/18752)) ([90c66c9](https://redirect.github.com/vitejs/vite/commit/90c66c95aba3d2edd86637a77adc699f3fd6c1ff)) - remove strip-ansi for a node built-in ([#18630](https://redirect.github.com/vitejs/vite/issues/18630)) ([5182272](https://redirect.github.com/vitejs/vite/commit/5182272d52fc092a6219c8efe73ecb3f8e65a0b5)) - **css:** skip style.css extraction if code-split css ([#18470](https://redirect.github.com/vitejs/vite/issues/18470)) ([34fdb6b](https://redirect.github.com/vitejs/vite/commit/34fdb6bef558724330d2411b9666facef669b3a0)) - call `module.enableCompileCache()` ([#18323](https://redirect.github.com/vitejs/vite/issues/18323)) ([18f1dad](https://redirect.github.com/vitejs/vite/commit/18f1daddd125b07dcb8c32056ee0cec61bd65971)) - use `crypto.hash` when available ([#18317](https://redirect.github.com/vitejs/vite/issues/18317)) ([2a14884](https://redirect.github.com/vitejs/vite/commit/2a148844cf2382a5377b75066351f00207843352)) ##### Documentation - rename `HotUpdateContext` to `HotUpdateOptions` ([#18718](https://redirect.github.com/vitejs/vite/issues/18718)) ([824c347](https://redirect.github.com/vitejs/vite/commit/824c347fa21aaf5bbf811994385b790db4287ab0)) - add jsdocs to flags in BuilderOptions ([#18516](https://redirect.github.com/vitejs/vite/issues/18516)) ([1507068](https://redirect.github.com/vitejs/vite/commit/1507068b6d460cf54336fe7e8d3539fdb4564bfb)) - missing changes guides ([#18491](https://redirect.github.com/vitejs/v </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>

This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [requests](https://requests.readthedocs.io) ([source](https://redirect.github.com/psf/requests), [changelog](https://redirect.github.com/psf/requests/blob/master/HISTORY.md)) | `2.32.3` -> `2.32.4` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.32.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.32.3/2.32.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-47081](https://redirect.github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7) ### Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. ### Workarounds For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)). ### References [https://github.com/psf/requests/pull/6965](https://redirect.github.com/psf/requests/pull/6965) https://seclists.org/fulldisclosure/2025/Jun/2 --- ### Release Notes <details> <summary>psf/requests (requests)</summary> ### [`v2.32.4`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2324-2025-06-10) [Compare Source](https://redirect.github.com/psf/requests/compare/v2.32.3...v2.32.4) **Security** - CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. **Improvements** - Numerous documentation improvements **Deprecations** - Added support for pypy 3.11 for Linux and macOS. - Dropped support for pypy 3.9 following its end of support. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>

This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [vue-i18n](https://redirect.github.com/intlify/vue-i18n/tree/master/packages/vue-i18n#readme) ([source](https://redirect.github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n)) | [`9.14.4` -> `9.14.5`](https://renovatebot.com/diffs/npm/vue-i18n/9.14.4/9.14.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vue-i18n/9.14.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vue-i18n/9.14.4/9.14.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-53892](https://redirect.github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph) ### Summary The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, this setting fails to prevent execution of certain tag-based payloads, such as `<img src=x onerror=...>`, if the interpolated value is inserted inside an HTML context using v-html. This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html. ### Details When escapeParameterHtml: true is enabled, it correctly escapes common injection points. However, it does not sanitize entire attribute contexts, which can be used as XSS vectors via: `<img src=x onerror=alert(1)> ` ### PoC In your Vue I18n configuration: ``` const i18n = createI18n({ escapeParameterHtml: true, messages: { en: { vulnerable: 'Caution: <img src=x onerror="{payload}">' } } }); ``` Use this interpolated payload: `const payload = '<script>alert("xss")</script>';` Render the translation using v-html (even not using v-html): `<p v-html="$t('vulnerable', { payload })"></p> ` Expected: escaped content should render as text, not execute. Actual: script executes in some environments (or the payload is partially parsed as HTML). ### Impact This creates a DOM-based Cross-Site Scripting (XSS) vulnerability despite enabling a security option (escapeParameterHtml) . --- ### Release Notes <details> <summary>intlify/vue-i18n (vue-i18n)</summary> ### [`v9.14.5`](https://redirect.github.com/intlify/vue-i18n/releases/tag/v9.14.5) [Compare Source](https://redirect.github.com/intlify/vue-i18n/compare/v9.14.4...v9.14.5)  #### What's Changed ##### 🔒 Security Fixes - fix: DOM-based XSS via tag attributes for escape parameter by [@kazupon](https://redirect.github.com/kazupon) in [https://github.com/intlify/vue-i18n/pull/2230](https://redirect.github.com/intlify/vue-i18n/pull/2230) **Full Changelog**: intlify/vue-i18n@v9.14.4...v9.14.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>

This PR contains the following updates: | Package | Change | Age | Confidence | Type | Update | Pending | |---|---|---|---|---|---|---| | [@heroicons/vue](https://redirect.github.com/tailwindlabs/heroicons) | [`2.1.5` -> `2.2.0`](https://renovatebot.com/diffs/npm/@heroicons%2fvue/2.1.5/2.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@heroicons%2fvue/2.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@heroicons%2fvue/2.1.5/2.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [@nx/web](https://nx.dev) ([source](https://redirect.github.com/nrwl/nx/tree/HEAD/packages/web)) | [`18.0.4` -> `18.3.5`](https://renovatebot.com/diffs/npm/@nx%2fweb/18.0.4/18.3.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@nx%2fweb/18.3.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nx%2fweb/18.0.4/18.3.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [@rushstack/eslint-patch](https://rushstack.io) ([source](https://redirect.github.com/microsoft/rushstack/tree/HEAD/eslint/eslint-patch)) | [`1.10.4` -> `1.12.0`](https://renovatebot.com/diffs/npm/@rushstack%2feslint-patch/1.10.4/1.12.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@rushstack%2feslint-patch/1.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@rushstack%2feslint-patch/1.10.4/1.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [@semantic-release/github](https://redirect.github.com/semantic-release/github) | [`11.0.1` -> `11.0.3`](https://renovatebot.com/diffs/npm/@semantic-release%2fgithub/11.0.1/11.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@semantic-release%2fgithub/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@semantic-release%2fgithub/11.0.1/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [@tailwindcss/typography](https://redirect.github.com/tailwindlabs/tailwindcss-typography) | [`0.5.15` -> `0.5.16`](https://renovatebot.com/diffs/npm/@tailwindcss%2ftypography/0.5.15/0.5.16) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@tailwindcss%2ftypography/0.5.16?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tailwindcss%2ftypography/0.5.15/0.5.16?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | [@tsconfig/node21](https://redirect.github.com/tsconfig/bases) ([source](https://redirect.github.com/tsconfig/bases/tree/HEAD/bases)) | [`21.0.3` -> `21.0.4`](https://renovatebot.com/diffs/npm/@tsconfig%2fnode21/21.0.3/21.0.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@tsconfig%2fnode21/21.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tsconfig%2fnode21/21.0.3/21.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`18.19.45` -> `18.19.120`](https://renovatebot.com/diffs/npm/@types%2fnode/18.19.45/18.19.120) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/18.19.120?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/18.19.45/18.19.120?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | `18.19.121` | | [@vitejs/plugin-vue](https://redirect.github.com/vitejs/vite-plugin-vue/tree/main/packages/plugin-vue#readme) ([source](https://redirect.github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue)) | [`5.1.2` -> `5.2.4`](https://renovatebot.com/diffs/npm/@vitejs%2fplugin-vue/5.1.2/5.2.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vitejs%2fplugin-vue/5.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitejs%2fplugin-vue/5.1.2/5.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [autoprefixer](https://redirect.github.com/postcss/autoprefixer) | [`10.4.20` -> `10.4.21`](https://renovatebot.com/diffs/npm/autoprefixer/10.4.20/10.4.21) | [![age](https://developer.mend.io/api/mc/badges/age/npm/autoprefixer/10.4.21?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/autoprefixer/10.4.20/10.4.21?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [axios](https://axios-http.com) ([source](https://redirect.github.com/axios/axios)) | [`1.9.0` -> `1.11.0`](https://renovatebot.com/diffs/npm/axios/1.9.0/1.11.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/axios/1.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/axios/1.9.0/1.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [boto3](https://redirect.github.com/boto/boto3) | `1.39.3` -> `1.39.12` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/boto3/1.39.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/boto3/1.39.3/1.39.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | `1.39.17` (+4) | | [botocore](https://redirect.github.com/boto/botocore) | `1.39.3` -> `1.39.12` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/botocore/1.39.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/botocore/1.39.3/1.39.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | `1.39.17` (+4) | | [cert-manager](https://cert-manager.io) ([source](https://redirect.github.com/cert-manager/cert-manager)) | `v1.12.3` -> `v1.18.2` | [![age](https://developer.mend.io/api/mc/badges/age/helm/cert-manager/v1.18.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/cert-manager/v1.12.3/v1.18.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | [coverage](https://redirect.github.com/nedbat/coveragepy) | `7.8.0` -> `7.9.2` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.8.0/7.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev | minor | `7.10.1` (+1) | | [cypress](https://cypress.io) ([source](https://redirect.github.com/cypress-io/cypress)) | [`13.13.3` -> `13.17.0`](https://renovatebot.com/diffs/npm/cypress/13.13.3/13.17.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/cypress/13.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/cypress/13.13.3/13.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [daisyui](https://daisyui.com) ([source](https://redirect.github.com/saadeghi/daisyui/tree/HEAD/packages/daisyui)) | [`4.12.10` -> `4.12.24`](https://renovatebot.com/diffs/npm/daisyui/4.12.10/4.12.24) | [![age](https://developer.mend.io/api/mc/badges/age/npm/daisyui/4.12.24?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/daisyui/4.12.10/4.12.24?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [debugpy](https://aka.ms/debugpy) ([source](https://redirect.github.com/microsoft/debugpy)) | `1.8.14` -> `1.8.15` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/debugpy/1.8.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/debugpy/1.8.14/1.8.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev | patch | | | [debugpy](https://aka.ms/debugpy) ([source](https://redirect.github.com/microsoft/debugpy)) | `1.8.14` -> `1.8.15` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/debugpy/1.8.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/debugpy/1.8.14/1.8.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | [dependency-injector](https://redirect.github.com/ets-labs/python-dependency-injector) | `4.46.0` -> `4.48.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/dependency-injector/4.48.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/dependency-injector/4.46.0/4.48.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [eslint](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint)) | [`8.46.0` -> `8.57.1`](https://renovatebot.com/diffs/npm/eslint/8.46.0/8.57.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/8.57.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/8.46.0/8.57.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [eslint-plugin-cypress](https://redirect.github.com/cypress-io/eslint-plugin-cypress) | [`2.15.1` -> `2.15.2`](https://renovatebot.com/diffs/npm/eslint-plugin-cypress/2.15.1/2.15.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-cypress/2.15.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-cypress/2.15.1/2.15.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [eslint-plugin-import](https://redirect.github.com/import-js/eslint-plugin-import) | [`2.27.5` -> `2.32.0`](https://renovatebot.com/diffs/npm/eslint-plugin-import/2.27.5/2.32.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-import/2.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-import/2.27.5/2.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [eslint-plugin-vue](https://eslint.vuejs.org) ([source](https://redirect.github.com/vuejs/eslint-plugin-vue)) | [`9.27.0` -> `9.33.0`](https://renovatebot.com/diffs/npm/eslint-plugin-vue/9.27.0/9.33.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-vue/9.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-vue/9.27.0/9.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [fastapi](https://redirect.github.com/fastapi/fastapi) ([changelog](https://fastapi.tiangolo.com/release-notes/)) | `^0.115.2` -> `^0.116.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/fastapi/0.116.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/fastapi/0.115.14/0.116.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [fastapi](https://redirect.github.com/fastapi/fastapi) ([changelog](https://fastapi.tiangolo.com/release-notes/)) | `^0.115.12` -> `^0.116.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/fastapi/0.116.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/fastapi/0.115.14/0.116.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [fastembed](https://redirect.github.com/qdrant/fastembed) | `^0.6.1` -> `^0.7.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/fastembed/0.7.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/fastembed/0.6.1/0.7.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [fastmcp](https://redirect.github.com/jlowin/fastmcp) | `2.8.1` -> `2.10.6` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/fastmcp/2.10.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/fastmcp/2.8.1/2.10.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | fasttext | `main` -> `4a44513` | | | dependencies | digest | | | [flake8](https://redirect.github.com/pycqa/flake8) ([changelog](https://flake8.pycqa.org/en/latest/release-notes/index.html)) | `7.2.0` -> `7.3.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/flake8/7.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/flake8/7.2.0/7.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev | minor | | | [flake8-annotations-complexity](https://redirect.github.com/best-doctor/flake8-annotations-complexity) | `^0.0.8` -> `^0.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/flake8-annotations-complexity/0.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/flake8-annotations-complexity/0.0.8/0.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev | minor | | | [flake8-simplify](https://redirect.github.com/MartinThoma/flake8-simplify) | `^0.21.0` -> `^0.22.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/flake8-simplify/0.22.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/flake8-simplify/0.21.0/0.22.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev | minor | | | [flake8-simplify](https://redirect.github.com/MartinThoma/flake8-simplify) | `^0.21.0` -> `^0.22.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/flake8-simplify/0.22.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/flake8-simplify/0.21.0/0.22.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [ghcr.io/langfuse/langfuse](https://redirect.github.com/langfuse/langfuse) | `3.27.2` -> `3.88.1` | [![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2flangfuse%2flangfuse/3.88.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2flangfuse%2flangfuse/3.27.2/3.88.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | ghcr.io/stackitcloud/rag-template/admin-backend | `v2.0.0` -> `v2.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fstackitcloud%2frag-template%2fadmin-backend/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fstackitcloud%2frag-template%2fadmin-backend/v2.0.0/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | ghcr.io/stackitcloud/rag-template/admin-frontend | `v2.0.0` -> `v2.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fstackitcloud%2frag-template%2fadmin-frontend/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fstackitcloud%2frag-template%2fadmin-frontend/v2.0.0/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | ghcr.io/stackitcloud/rag-template/document-extractor | `v2.0.0` -> `v2.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fstackitcloud%2frag-template%2fdocument-extractor/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fstackitcloud%2frag-template%2fdocument-extractor/v2.0.0/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | ghcr.io/stackitcloud/rag-template/frontend | `v2.0.0` -> `v2.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fstackitcloud%2frag-template%2ffrontend/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fstackitcloud%2frag-template%2ffrontend/v2.0.0/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | ghcr.io/stackitcloud/rag-template/mcp-server | `v2.0.0` -> `v2.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fstackitcloud%2frag-template%2fmcp-server/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fstackitcloud%2frag-template%2fmcp-server/v2.0.0/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | ghcr.io/stackitcloud/rag-template/rag-backend | `v2.0.0` -> `v2.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fstackitcloud%2frag-template%2frag-backend/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fstackitcloud%2frag-template%2frag-backend/v2.0.0/v2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | [jsdom](https://redirect.github.com/jsdom/jsdom) | [`24.1.1` -> `24.1.3`](https://renovatebot.com/diffs/npm/jsdom/24.1.1/24.1.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jsdom/24.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jsdom/24.1.1/24.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [langchain-community](https://redirect.github.com/langchain-ai/langchain-community) ([changelog](https://redirect.github.com/langchain-ai/langchain/releases?q=tag%3A%22langchain-community%3D%3D0%22&expanded=true)) | `0.3.23` -> `0.3.27` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/langchain-community/0.3.27?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/langchain-community/0.3.23/0.3.27?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | [langchain-community](https://redirect.github.com/langchain-ai/langchain-community) ([changelog](https://redirect.github.com/langchain-ai/langchain/releases?q=tag%3A%22langchain-community%3D%3D0%22&expanded=true)) | `0.3.24` -> `0.3.27` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/langchain-community/0.3.27?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/langchain-community/0.3.24/0.3.27?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | [langchain-core](https://redirect.github.com/langchain-ai/langchain) ([changelog](https://redirect.github.com/langchain-ai/langchain/releases?q=tag%3A%22langchain-core%3D%3D0%22&expanded=true)) | `0.3.68` -> `0.3.72` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/langchain-core/0.3.72?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/langchain-core/0.3.68/0.3.72?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | [langchain-core](https://redirect.github.com/langchain-ai/langchain) ([changelog](https://redirect.github.com/langchain-ai/langchain/releases?q=tag%3A%22langchain-core%3D%3D0%22&expanded=true)) | `0.3.63` -> `0.3.72` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/langchain-core/0.3.72?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/langchain-core/0.3.63/0.3.72?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | [langchain-ollama](https://redirect.github.com/langchain-ai/langchain) ([changelog](https://redirect.github.com/langchain-ai/langchain/releases?q=tag%3A%22langchain-ollama%3D%3D0%22&expanded=true)) | `0.3.3` -> `0.3.6` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/langchain-ollama/0.3.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/langchain-ollama/0.3.3/0.3.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | [langchain-openai](https://redirect.github.com/langchain-ai/langchain) ([changelog](https://redirect.github.com/langchain-ai/langchain/releases?q=tag%3A%22langchain-openai%3D%3D0%22&expanded=true)) | `0.3.27` -> `0.3.28` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/langchain-openai/0.3.28?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/langchain-openai/0.3.27/0.3.28?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | langfuse | `3.0.0` -> `3.2.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/langfuse/3.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/langfuse/3.0.0/3.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [langfuse](https://langfuse.com/) ([source](https://redirect.github.com/langfuse/langfuse-k8s)) | `0.12.1` -> `0.13.1` | [![age](https://developer.mend.io/api/mc/badges/age/helm/langfuse/0.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/langfuse/0.12.1/0.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | [langgraph](https://redirect.github.com/langchain-ai/langgraph) | `^0.4.2` -> `^0.5.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/langgraph/0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/langgraph/0.4.10/0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `0.6.2` (+2) | | [minio](https://bitnami.com) ([source](https://redirect.github.com/bitnami/charts/tree/HEAD/bitnami/minio)) | `15.0.3` -> `15.0.7` | [![age](https://developer.mend.io/api/mc/badges/age/helm/minio/15.0.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/minio/15.0.3/15.0.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | patch | | | [nginx-ingress-controller](https://bitnami.com) ([source](https://redirect.github.com/bitnami/charts/tree/HEAD/bitnami/nginx-ingress-controller)) | `11.4.1` -> `11.6.27` | [![age](https://developer.mend.io/api/mc/badges/age/helm/nginx-ingress-controller/11.6.27?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/nginx-ingress-controller/11.4.1/11.6.27?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | [node](https://redirect.github.com/actions/node-versions) | `22.13.1` -> `22.17.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-releases/actions%2fnode-versions/22.17.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-releases/actions%2fnode-versions/22.13.1/22.17.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | uses-with | minor | | | [numpy](https://redirect.github.com/numpy/numpy) ([changelog](https://numpy.org/doc/stable/release)) | `2.2.6` -> `2.3.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/numpy/2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/numpy/2.2.6/2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `2.3.2` | | [nx](https://nx.dev) ([source](https://redirect.github.com/nrwl/nx/tree/HEAD/packages/nx)) | [`17.1.3` -> `17.3.2`](https://renovatebot.com/diffs/npm/nx/17.1.3/17.3.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nx/17.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nx/17.1.3/17.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [ollama](https://ollama.ai/) ([source](https://redirect.github.com/otwld/ollama-helm)) | `1.1.0` -> `1.24.0` | [![age](https://developer.mend.io/api/mc/badges/age/helm/ollama/1.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/ollama/1.1.0/1.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | `1.25.0` | | [openai](https://redirect.github.com/openai/openai-python) | `1.93.1` -> `1.97.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/openai/1.97.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/openai/1.93.1/1.97.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `1.98.0` (+1) | | [opencv-python](https://redirect.github.com/opencv/opencv-python) | `4.11.0.86` -> `4.12.0.88` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/opencv-python/4.12.0.88?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/opencv-python/4.11.0.86/4.12.0.88?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [pdfplumber](https://redirect.github.com/jsvine/pdfplumber) | `0.11.6` -> `0.11.7` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pdfplumber/0.11.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pdfplumber/0.11.6/0.11.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | | [pep8-naming](https://redirect.github.com/PyCQA/pep8-naming) ([changelog](https://redirect.github.com/PyCQA/pep8-naming/blob/main/CHANGELOG.rst)) | `^0.14.1` -> `^0.15.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pep8-naming/0.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pep8-naming/0.14.1/0.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev | minor | | | [pinia](https://pinia.vuejs.org) ([source](https://redirect.github.com/vuejs/pinia)) | [`2.2.2` -> `2.3.1`](https://renovatebot.com/diffs/npm/pinia/2.2.2/2.3.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/pinia/2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pinia/2.2.2/2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [postcss](https://postcss.org/) ([source](https://redirect.github.com/postcss/postcss)) | [`8.4.47` -> `8.5.6`](https://renovatebot.com/diffs/npm/postcss/8.4.47/8.5.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/postcss/8.5.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/postcss/8.4.47/8.5.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [pydantic-settings](https://redirect.github.com/pydantic/pydantic-settings) ([changelog](https://redirect.github.com/pydantic/pydantic-settings/releases)) | `2.9.1` -> `2.10.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pydantic-settings/2.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pydantic-settings/2.9.1/2.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [pytest](https://redirect.github.com/pytest-dev/pytest) ([changelog](https://docs.pytest.org/en/stable/changelog.html)) | `8.3.5` -> `8.4.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pytest/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pytest/8.3.5/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev | minor | | | [pytest-asyncio](https://redirect.github.com/pytest-dev/pytest-asyncio) ([changelog](https://pytest-asyncio.readthedocs.io/en/latest/reference/changelog.html)) | `1.0.0` -> `1.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pytest-asyncio/1.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pytest-asyncio/1.0.0/1.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev | minor | | | python | `3.11.11` -> `3.13.5` | [![age](https://developer.mend.io/api/mc/badges/age/docker/python/3.13.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/python/3.11.11/3.13.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | | | python | `3.11.7-bookworm` -> `3.13.5-bookworm` | [![age](https://developer.mend.io/api/mc/badges/age/docker/python/3.13.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/python/3.11.7/3.13.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | minor | | | python | `3.11.7-bookworm` -> `3.13.5-bookworm` | [![age](https://developer.mend.io/api/mc/badges/age/docker/python/3.13.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/python/3.11.7/3.13.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | stage | minor | | | [qdrant](https://qdrant.tech) ([source](https://redirect.github.com/qdrant/qdrant-helm)) | `1.12.6` -> `1.15.0` | [![age](https://developer.mend.io/api/mc/badges/age/helm/qdrant/1.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/qdrant/1.12.6/1.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | `1.15.1` | | [qdrant-client](https://redirect.github.com/qdrant/qdrant-client) | `1.14.3` -> `1.15.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/qdrant-client/1.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/qdrant-client/1.14.3/1.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | ragas | `^0.2.15` -> `^0.3.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/ragas/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/ragas/0.2.15/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [stackit](https://registry.terraform.io/providers/stackitcloud/stackit) ([source](https://redirect.github.com/stackitcloud/terraform-provider-stackit)) | `~> 0.50.0` -> `~> 0.58.0` | [![age](https://developer.mend.io/api/mc/badges/age/terraform-provider/stackitcloud%2fstackit/0.58.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/terraform-provider/stackitcloud%2fstackit/0.50.0/0.58.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | required_provider | minor | `0.58.2` | | [tailwindcss](https://tailwindcss.com) ([source](https://redirect.github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss)) | [`3.4.10` -> `3.4.17`](https://renovatebot.com/diffs/npm/tailwindcss/3.4.10/3.4.17) | [![age](https://developer.mend.io/api/mc/badges/age/npm/tailwindcss/3.4.17?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/tailwindcss/3.4.10/3.4.17?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [typescript](https://www.typescriptlang.org/) ([source](https://redirect.github.com/microsoft/TypeScript)) | [`~5.3.3` -> `~5.8.0`](https://renovatebot.com/diffs/npm/typescript/5.3.3/5.8.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/typescript/5.8.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript/5.3.3/5.8.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [unstructured](https://redirect.github.com/Unstructured-IO/unstructured) | `0.17.2` -> `0.18.11` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/unstructured/0.18.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/unstructured/0.17.2/0.18.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [uvicorn](https://redirect.github.com/encode/uvicorn) ([changelog](https://www.uvicorn.org/release-notes)) | `^0.34.2` -> `^0.35.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/uvicorn/0.35.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/uvicorn/0.34.3/0.35.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [vite-tsconfig-paths](https://redirect.github.com/aleclarson/vite-tsconfig-paths) | [`~4.2.0` -> `~4.3.0`](https://renovatebot.com/diffs/npm/vite-tsconfig-paths/4.2.3/4.3.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-tsconfig-paths/4.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-tsconfig-paths/4.2.3/4.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | | [vue](https://redirect.github.com/vuejs/core/tree/main/packages/vue#readme) ([source](https://redirect.github.com/vuejs/core)) | [`3.4.38` -> `3.5.18`](https://renovatebot.com/diffs/npm/vue/3.4.38/3.5.18) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vue/3.5.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vue/3.4.38/3.5.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [vue-router](https://redirect.github.com/vuejs/router) | [`4.4.3` -> `4.5.1`](https://renovatebot.com/diffs/npm/vue-router/4.4.3/4.5.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vue-router/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vue-router/4.4.3/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | --- ### Release Notes <details> <summary>tailwindlabs/heroicons (@heroicons/vue)</summary> ### [`v2.2.0`](https://redirect.github.com/tailwindlabs/heroicons/blob/HEAD/CHANGELOG.md#220---2024-11-18) [Compare Source](https://redirect.github.com/tailwindlabs/heroicons/compare/v2.1.5...v2.2.0) ##### Added - Add React 19 support ([#1247](https://redirect.github.com/tailwindlabs/heroicons/pull/1247)) ##### Fixed - Removed unnecessary clipping path from `solid/arrow-left-circle` ([#1211](https://redirect.github.com/tailwindlabs/heroicons/pull/1211)) </details> <details> <summary>nrwl/nx (@nx/web)</summary> ### [`v18.3.5`](https://redirect.github.com/nrwl/nx/releases/tag/18.3.5) [Compare Source](https://redirect.github.com/nrwl/nx/compare/18.3.4...18.3.5) #### 18.3.5 (2024-05-15) ##### 🩹 Fixes - **core:** fix affected detection for inputs after named inputs ([#23354](https://redirect.github.com/nrwl/nx/pull/23354)) ##### ❤️ Thank You - Jason Jean [@FrozenPandaz](https://redirect.github.com/FrozenPandaz) ### [`v18.3.4`](https://redirect.github.com/nrwl/nx/releases/tag/18.3.4) [Compare Source](https://redirect.github.com/nrwl/nx/compare/18.3.3...18.3.4) #### 18.3.4 (2024-04-25) ##### 🚀 Features - **core:** add root level forwardAllArgs ([#22753](https://redirect.github.com/nrwl/nx/pull/22753)) ##### 🩹 Fixes - **core:** different commands should not be considered compatible targets ([#22863](https://redirect.github.com/nrwl/nx/pull/22863)) - **core:** fix pnpm install order on ci workflows ([#22580](https://redirect.github.com/nrwl/nx/pull/22580)) - **core:** workspace context glob respects exclude ([#22939](https://redirect.github.com/nrwl/nx/pull/22939)) - **core:** handle events that do not have paths ([#22947](https://redirect.github.com/nrwl/nx/pull/22947)) - **core:** fix exclude for empty array ([#22951](https://redirect.github.com/nrwl/nx/pull/22951)) - **core:** move a few api points to return root maps directly ([#22949](https://redirect.github.com/nrwl/nx/pull/22949)) - **core:** regression register ts transpiler for local plugin ([#22964](https://redirect.github.com/nrwl/nx/pull/22964)) - **core:** handle created directories when watching on linux ([#22980](https://redirect.github.com/nrwl/nx/pull/22980)) - **core:** ensure create nodes functions are properly parallelized ([#23005](https://redirect.github.com/nrwl/nx/pull/23005)) - **gradle:** change gradle command to be relative path ([#22963](https://redirect.github.com/nrwl/nx/pull/22963)) - **gradle:** should skip println in project report ([#22862](https://redirect.github.com/nrwl/nx/pull/22862)) - **gradle:** get gradlew path with projectRoot joins workspaceRoot ([#22988](https://redirect.github.com/nrwl/nx/pull/22988)) - **graph:** don't listen to system theme changes in console ([#22938](https://redirect.github.com/nrwl/nx/pull/22938)) - **linter:** do not infer lint tasks for projects without files to lint ([#22944](https://redirect.github.com/nrwl/nx/pull/22944)) - **misc:** fix publish script ([#22981](https://redirect.github.com/nrwl/nx/pull/22981)) - **misc:** perf logging shouldn't be enabled twice ([#23012](https://redirect.github.com/nrwl/nx/pull/23012)) - **node:** e2e target fails out of the box ([#22987](https://redirect.github.com/nrwl/nx/pull/22987)) - **repo:** downgrade to macos-13 in publish workflow ([#22961](https://redirect.github.com/nrwl/nx/pull/22961)) - **storybook:** handle inherited config correctly when identifying the framework used for inferred tasks ([#22953](https://redirect.github.com/nrwl/nx/pull/22953)) ##### ❤️ Thank You - Colum Ferry [@Coly010](https://redirect.github.com/Coly010) - Craigory Coppola [@AgentEnder](https://redirect.github.com/AgentEnder) - Emily Xiong [@xiongemi](https://redirect.github.com/xiongemi) - Jack Hsu [@jaysoo](https://redirect.github.com/jaysoo) - Jason Jean [@FrozenPandaz](https://redirect.github.com/FrozenPandaz) - Jonathan Cammisuli - Leosvel Pérez Espinosa [@leosvelperez](https://redirect.github.com/leosvelperez) - MaxKless [@MaxKless](https://redirect.github.com/MaxKless) - Miroslav Jonaš [@meeroslav](https://redirect.github.com/meeroslav) - Nicholas Cunningham [@ndcunningham](https://redirect.github.com/ndcunningham) - Richard Roozenboom [@Roozenboom](https://redirect.github.com/Roozenboom) ### [`v18.3.3`](https://redirect.github.com/nrwl/nx/releases/tag/18.3.3) [Compare Source](https://redirect.github.com/nrwl/nx/compare/18.3.2...18.3.3) #### 18.3.3 (2024-04-20) ##### 🩹 Fixes - **angular:** fix loading postcss configuration in ng-packagr executors ([#22900](https://redirect.github.com/nrwl/nx/pull/22900)) - **core:** group command exit listeners to avoid warning ([#22892](https://redirect.github.com/nrwl/nx/pull/22892)) - **core:** handle plugin errors from isolation correctly ([#22890](https://redirect.github.com/nrwl/nx/pull/22890)) - **core:** disable pty on windows until stable ([#22910](https://redirect.github.com/nrwl/nx/pull/22910)) - **core:** fix cursor being hidden and process shutdown for ctrl c ([#22895](https://redirect.github.com/nrwl/nx/pull/22895)) - **misc:** add --verbose support to nx graph ([#22889](https://redirect.github.com/nrwl/nx/pull/22889)) - **misc:** mark migration for escaping env vars as skipped in nx repair ([#22916](https://redirect.github.com/nrwl/nx/pull/22916)) - **misc:** don't clear node\_modules require cache ([#22907](https://redirect.github.com/nrwl/nx/pull/22907)) - **testing:** bust require cache in jest plugin so configs reload ([#22893](https://redirect.github.com/nrwl/nx/pull/22893)) - **vue:** do not add verbatimImportSyntax to tsconfig ([#22905](https://redirect.github.com/nrwl/nx/pull/22905)) ##### ❤️ Thank You - Colum Ferry [@Coly010](https://redirect.github.com/Coly010) - Craigory Coppola [@AgentEnder](https://redirect.github.com/AgentEnder) - Jason Jean [@FrozenPandaz](https://redirect.github.com/FrozenPandaz) - Leosvel Pérez Espinosa [@leosvelperez](https://redirect.github.com/leosvelperez) ### [`v18.3.2`](https://redirect.github.com/nrwl/nx/releases/tag/18.3.2) [Compare Source](https://redirect.github.com/nrwl/nx/compare/18.3.1...18.3.2) #### 18.3.2 (2024-04-18) ##### 🚀 Features - **core:** load native files from tmp location instead of node\_modules ([#22648](https://redirect.github.com/nrwl/nx/pull/22648)) ##### 🩹 Fixes - **bundling:** handle circular dependencies in [@nx/esbuild](https://redirect.github.com/nx/esbuild) getExtraDependencies ([#22644](https://redirect.github.com/nrwl/nx/pull/22644)) - **core:** load config util supports absolute paths on windows ([#22837](https://redirect.github.com/nrwl/nx/pull/22837)) - **core:** keep plugin workers until main process shutdown ([#22860](https://redirect.github.com/nrwl/nx/pull/22860)) - **core:** handle schema validation errors running commands directly ([#22864](https://redirect.github.com/nrwl/nx/pull/22864)) - **core:** forward args provided to the nx add command to the invoked init generator ([#22855](https://redirect.github.com/nrwl/nx/pull/22855)) - **core:** fix hashing of external dependencies ([#22865](https://redirect.github.com/nrwl/nx/pull/22865)) - **nx-cloud:** ensure root .env files are loaded during dte ([#22859](https://redirect.github.com/nrwl/nx/pull/22859)) - **testing:** fix jest ci target names ([#22858](https://redirect.github.com/nrwl/nx/pull/22858)) ##### ❤️ Thank You - Colum Ferry [@Coly010](https://redirect.github.com/Coly010) - Craigory Coppola [@AgentEnder](https://redirect.github.com/AgentEnder) - Jason Jean [@FrozenPandaz](https://redirect.github.com/FrozenPandaz) - Kyle Cannon [@kylecannon](https://redirect.github.com/kylecannon) - Leosvel Pérez Espinosa [@leosvelperez](https://redirect.github.com/leosvelperez) - MaxKless [@MaxKless](https://redirect.github.com/MaxKless) ### [`v18.3.1`](https://redirect.github.com/nrwl/nx/releases/tag/18.3.1) [Compare Source](https://redirect.github.com/nrwl/nx/compare/18.3.0...18.3.1) #### 18.3.1 (2024-04-17) ##### 🩹 Fixes - **core:** repair sourcemap creation in createNodes ([#22851](https://redirect.github.com/nrwl/nx/pull/22851)) ##### ❤️ Thank You - MaxKless [@MaxKless](https://redirect.github.com/MaxKless) ### [`v18.3.0`](https://redirect.github.com/nrwl/nx/releases/tag/18.3.0) [Compare Source](https://redirect.github.com/nrwl/nx/compare/18.2.4...18.3.0) #### 18.3.0 (2024-04-16) ##### 🚀 Features - **core:** add metadata to targets ([#22655](https://redirect.github.com/nrwl/nx/pull/22655)) - **core:** list crystal plugins with nx report ([#22649](https://redirect.github.com/nrwl/nx/pull/22649)) - **core:** re-enable running plugins in isolation ([#22527](https://redirect.github.com/nrwl/nx/pull/22527)) - **core:** load root .env files on daemon ([#22786](https://redirect.github.com/nrwl/nx/pull/22786)) - **js:** add swc cli options --strip-leading-paths ([#22193](https://redirect.github.com/nrwl/nx/pull/22193)) - **js:** add swc cli options --strip-leading-paths " ([#22193](https://redirect.github.com/nrwl/nx/pull/22193), [#22832](https://redirect.github.com/nrwl/nx/pull/22832)) - **misc:** non conflicting init/add flow ([#22791](https://redirect.github.com/nrwl/nx/pull/22791)) - **nuxt:** update [@nuxt/eslint-config](https://redirect.github.com/nuxt/eslint-config) to a stable version ([#22804](https://redirect.github.com/nrwl/nx/pull/22804)) - **nx-dev:** link Nx Launch Conf videos ([#22690](https://redirect.github.com/nrwl/nx/pull/22690)) - **nx-dev:** remember selected tabs ([#22699](https://redirect.github.com/nrwl/nx/pull/22699)) - **nx-dev:** add contact pages ([#22815](https://redirect.github.com/nrwl/nx/pull/22815)) - **nx-dev:** banner for webinar ([#22824](https://redirect.github.com/nrwl/nx/pull/22824)) - **testing:** add ability to split jest tests ([#22662](https://redirect.github.com/nrwl/nx/pull/22662)) - **testing:** add metadata to playwright targets ([#22768](https://redirect.github.com/nrwl/nx/pull/22768)) - **vite:** migrate to latest vite-plugin-dts ([#22614](https://redirect.github.com/nrwl/nx/pull/22614)) ##### 🩹 Fixes - **angular:** prevent false positive validation due to option default value in dev-server executor ([#22606](https://redirect.github.com/nrwl/nx/pull/22606)) - **angular:** respect skipPackageJson correctly in library generator ([#22608](https://redirect.github.com/nrwl/nx/pull/22608)) - **angular:** fix @nx/angular/src/utils entry point ([#22609](https://redirect.github.com/nrwl/nx/pull/22609)) - **angular:** fix dynamic module federation generation ([#22724](https://redirect.github.com/nrwl/nx/pull/22724)) - **angular:** respect skipPackageJson correctly across generators ([#22777](https://redirect.github.com/nrwl/nx/pull/22777)) - **angular:** execute wrapped schematics post tasks and log messages ([#22780](https://redirect.github.com/nrwl/nx/pull/22780)) - **bundling:** support exported array of options for rollup ([#22703](https://redirect.github.com/nrwl/nx/pull/22703)) - **bundling:** print errors from rollup build ([#22707](https://redirect.github.com/nrwl/nx/pull/22707)) - **bundling:** show codeframes for Rollup build errors ([#22845](https://redirect.github.com/nrwl/nx/pull/22845)) - **core:** do not assume workspace inputs cause all projects to be af… ([#22573](https://redirect.github.com/nrwl/nx/pull/22573)) - **core:** write terminal output to cache folder ([#22673](https://redirect.github.com/nrwl/nx/pull/22673)) - **core:** errors from create dependencies should show properly ([#22695](https://redirect.github.com/nrwl/nx/pull/22695)) - **core:** not passing props of run-commands to underlying command ([#22595](https://redirect.github.com/nrwl/nx/pull/22595)) - **core:** update pty version to add windows specific flags ([#22711](https://redirect.github.com/nrwl/nx/pull/22711)) - **core:** detect imports from template literals in dynamic imports ([#22749](https://redirect.github.com/nrwl/nx/pull/22749)) - **core:** attach cli args from target options explicitly with '=' ([#22756](https://redirect.github.com/nrwl/nx/pull/22756)) - **core:** fix plugin exclude option ([#22738](https://redirect.github.com/nrwl/nx/pull/22738)) - **core:** improve `isCI` to better detect other providers ([#22694](https://redirect.github.com/nrwl/nx/pull/22694)) - **core:** errors thrown when creating projects should prevent running targets ([#22807](https://redirect.github.com/nrwl/nx/pull/22807)) - **core:** use name instead of .prototype.name when comparing errors ([#22840](https://redirect.github.com/nrwl/nx/pull/22840)) - **core:** fix init logging and package.json updates ([#22843](https://redirect.github.com/nrwl/nx/pull/22843)) - **devkit:** update peer dependency on nx to include Nx 19 ([#22811](https://redirect.github.com/nrwl/nx/pull/22811)) - **js:** update jest snapshot after vite-plugin-dts bump ([#22621](https://redirect.github.com/nrwl/nx/pull/22621)) - **js:** append target when generating tmp tsconfig to prevent conflicts [#21396](https://redirect.github.com/nrwl/nx/issues/21396) ([#22671](https://redirect.github.com/nrwl/nx/pull/22671), [#21396](https://redirect.github.com/nrwl/nx/issues/21396)) - **js:** propagate error from child process to [@nx/js](https://redirect.github.com/nx/js):node executor ([#22705](https://redirect.github.com/nrwl/nx/pull/22705)) - **js:** do not default to commonjs type field in package.json ([#22819](https://redirect.github.com/nrwl/nx/pull/22819)) - **misc:** fix optional branch tracking on ci pipeline ([#22652](https://redirect.github.com/nrwl/nx/pull/22652)) - **module-federation:** serve dynamic remotes statically in their own processes ([#22688](https://redirect.github.com/nrwl/nx/pull/22688)) - **nextjs:** Adding tailwind should work when creating an app OOTB ([#22709](https://redirect.github.com/nrwl/nx/pull/22709)) - **nuxt:** use loadConfigFile from devkit rather than [@nuxt/kit](https://redirect.github.com/nuxt/kit) ([#22571](https://redirect.github.com/nrwl/nx/pull/22571)) - **nx-dev:** Update urls that are 404 ([#22653](https://redirect.github.com/nrwl/nx/pull/22653)) - **react-native:** storybook relative paths ([#22031](https://redirect.github.com/nrwl/nx/pull/22031)) - **react-native:** should ask for app name when preset is react native ([#22761](https://redirect.github.com/nrwl/nx/pull/22761)) - **react-native:** fix unable to resolve on windows ([#22759](https://redirect.github.com/nrwl/nx/pull/22759)) - **release:** respect root .npmrc registry settings for publishing ([12afa20210](https://redirect.github.com/nrwl/nx/commit/12afa20210)) - **release:** do not try to interpolate packageRoot for root project ([#22771](https://redirect.github.com/nrwl/nx/pull/22771)) - **testing:** fix playwright executor uiPort option schema ([#22610](https://redirect.github.com/nrwl/nx/pull/22610)) - **testing:** app generators should create correct e2e config at generation time ([#22565](https://redirect.github.com/nrwl/nx/pull/22565)) - **vite:** ensure cache is created correctly for separate vite and vitest config files [#22244](https://redirect.github.com/nrwl/nx/issues/22244) ([#22618](https://redirect.github.com/nrwl/nx/pull/22618), [#22244](https://redirect.github.com/nrwl/nx/issues/22244)) - **vite:** pass cli arguments as options to vitest ([#22355](https://redirect.github.com/nrwl/nx/pull/22355)) - **webpack:** bring back previous SVG and SVGR behavior for React projects ([#22628](https://redirect.github.com/nrwl/nx/pull/22628)) - **webpack:** support standard webpack config with [@nx/webpack](https://redirect.github.com/nx/webpack):dev-server ([#22660](https://redirect.github.com/nrwl/nx/pull/22660)) - **webpack:** remove url-loader from dependencies since it is replaced by asset modules ([#22698](https://redirect.github.com/nrwl/nx/pull/22698)) - **webpack:** typo for outputPath ([#22734](https://redirect.github.com/nrwl/nx/pull/22734)) - **webpack:** Should work when absolute paths are supplied as output ([#22736](https://redirect.github.com/nrwl/nx/pull/22736)) ##### ❤️ Thank You - Altan Stalker - arekkubaczkowski [@arekkubaczkowski](https://redirect.github.com/arekkubaczkowski) - Austin Fahsl [@fahslaj](https://redirect.github.com/fahslaj) - Benjamin Cabanes [@bcabanes](https://redirect.github.com/bcabanes) - Colum Ferry [@Coly010](https://redirect.github.com/Coly010) - Craigory Coppola [@AgentEnder](https://redirect.github.com/AgentEnder) - Emily Xiong [@xiongemi](https://redirect.github.com/xiongemi) - Every [@hongxuWei](https://redirect.github.com/hongxuWei) - Isaac Mann [@isaacplmann](https://redirect.github.com/isaacplmann) - Jack Hsu [@jaysoo](https://redirect.github.com/jaysoo) - Jason Jean [@FrozenPandaz](https://redirect.github.com/FrozenPandaz) - Juri Strumpflohner [@juristr](https://redirect.github.com/juristr) - Leosvel Pérez Espinosa [@leosvelperez](https://redirect.github.com/leosvelperez) - Lucca Miranda [@luckened](https://redirect.github.com/luckened) - MaxKless [@MaxKless](https://redirect.github.com/MaxKless) - Miroslav Jonaš [@meeroslav](https://redirect.github.com/meeroslav) - Nicholas Cunningham [@ndcunningham](https://redirect.github.com/ndcunningham) - Thomas Dekiere - Younes Jaaidi ### [`v18.2.4`](https://redirect.github.com/nrwl/nx/releases/tag/18.2.4) [Compare Source](https://redirect.github.com/nrwl/nx/compare/18.2.3...18.2.4) #### 18.2.4 (2024-04-09) ##### 🩹 Fixes - **angular:** fix dynamic module federation generation ([#22724](https://redirect.github.com/nrwl/nx/pull/22724)) - **core:** update pty version to add windows specific flags ([#22711](https://redirect.github.com/nrwl/nx/pull/22711)) - **nextjs:** Adding tailwind should work when creating an app OOTB ([#22709](https://redirect.github.com/nrwl/nx/pull/22709)) ##### ❤️ Thank You - Craigory Coppola [@AgentEnder](https://redirect.github.com/AgentEnder) - Leosvel Pérez Espinosa [@leosvelperez](https://redirect.github.com/leosvelperez) - Nicholas Cunningham [@ndcunningham](https://redirect.github.com/ndcunningham) ### [`v18.2.3`](https://redirect.github.com/nrwl/nx/releases/tag/18.2.3) [Compare Source](https://redirect.github.com/nrwl/nx/compare/18.2.2...18.2.3) #### 18.2.3 (2024-04-05) ##### 🚀 Features - **core:** list crystal plugins with nx report ([#22649](https://redirect.github.com/nrwl/nx/pull/22649)) ##### 🩹 Fixes - **bundling:** print errors from rollup build ([#22707](https://redirect.github.com/nrwl/nx/pull/22707)) - **core:** write terminal output to cache folder ([#22673](https://redirect.github.com/nrwl/nx/pull/22673)) - **core:** errors from create dependencies should show properly ([#22695](https://redirect.github.com/nrwl/nx/pull/22695)) - **core:** not passing props of run-commands to underlying command ([#22595](https://redirect.github.com/nrwl/nx/pull/22595)) - **js:** update jest snapshot after vite-plugin-dts bump ([#22621](https://redirect.github.com/nrwl/nx/pull/22621)) - **js:** append target when generating tmp tsconfig to prevent conflicts [#21396](https://redirect.github.com/nrwl/nx/issues/21396) ([#22671](https://redirect.github.com/nrwl/nx/pull/22671), [#21396](https://redirect.github.com/nrwl/nx/issues/21396)) - **js:** propagate error from child process to [@nx/js](https://redirect.github.com/nx/js):node executor ([#22705](https://redirect.github.com/nrwl/nx/pull/22705)) - **misc:** fix optional branch tracking on ci pipeline ([#22652](https://redirect.github.com/nrwl/nx/pull/22652)) - **module-federation:** serve dynamic remotes statically in their own processes ([#22688](https://redirect.github.com/nrwl/nx/pull/22688)) - **nx-dev:** Update urls that are 404 ([#22653](https://redirect.github.com/nrwl/nx/pull/22653)) - **release:** respect root .npmrc registry settings for publishing ([9dd97c43a1](https://redirect.github.com/nrwl/nx/commit/9dd97c43a1)) - **testing:** fix playwright executor uiPort option schema ([#22610](https://redirect.github.com/nrwl/nx/pull/22610)) - **testing:** app generators should create correct e2e config at generation time ([#22565](https://redirect.github.com/nrwl/nx/pull/22565)) - **vite:** ensure cache is created correctly for separate vite and vitest config files [#22244](https://redirect.github.com/nrwl/nx/issues/22244) ([#22618](https://redirect.github.com/nrwl/nx/pull/22618), [#22244](https://redirect.github.com/nrwl/nx/issues/22244)) - **webpack:** bring back previous SVG and SVGR behavior for React projects ([#22628](https://redirect.github.com/nrwl/nx/pull/22628)) - **webpack:** support standard webpack config with [@nx/webpack](https://redirect.github.com/nx/webpack):dev-server ([#22660](https://redirect.github.com/nrwl/nx/pull/22660)) - **webpack:** remove url-loader from dependencies since it is replaced by asset modules ([#22698](https://redirect.github.com/nrwl/nx/pull/22698)) ##### ❤️ Thank You - Altan Stalker - Austin Fahsl [@fahslaj](https://redirect.github.com/fahslaj) - Colum Ferry [@Coly010](https://redirect.github.com/Coly010) - Craigory Coppola [@AgentEnder](https://redirect.github.com/AgentEnder) - Emily Xiong [@xiongemi](https://redirect.github.com/xiongemi) - Jack Hsu [@jaysoo](https://redirect.github.com/jaysoo) - Leosvel Pérez Espinosa [@leosvelperez](https://redirect.github.com/leosvelperez) - Miroslav Jonaš [@meeroslav](https://redirect.github.com/meeroslav) - Nicholas Cunningham [@ndcunningham](https://redirect.github.com/ndcunningham) ### [`v18.2.2`](https:/ Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>

… deps-main

…ies in extractor-api-lib and document-extractor

a-klos · 2025-08-01T06:52:27Z

this issue #59 will be fixed here

- Updated langfuse dependency version from 0.13.1 to 1.3.4 in Chart.yaml and Chart.lock. - Added keydb dependency in Chart.yaml with version 0.48.0. - Enhanced langfuse configuration in values.yaml with resource limits and requests. - Refactored the tracing mechanism by replacing LangfuseTracedGraph with LangfuseTracedRunnable across various modules. - Introduced AsyncRunnable as a base class for asynchronous chains, replacing AsyncChain. - Updated the LangchainSummarizer to handle rate limits with retries. - Improved error handling and logging in LangfuseRagasEvaluator. - Added new files for async_runnable and traced_runnable implementations. - Updated chat endpoint to utilize the new traced runnable structure.

… modules

a-klos and others added 7 commits July 31, 2025 10:08

fix: rename mcp image name to mcp-server for consistency

8f5363d

Merge branch 'deps-main' of github.com:stackitcloud/rag-template into…

5815f10

… deps-main

fix(deps): downgrade pypdfium2 to version 4.30.0 and update dependenc…

a74d916

…ies in extractor-api-lib and document-extractor

a-klos marked this pull request as draft July 31, 2025 13:51

a-klos added 5 commits August 4, 2025 09:01

merge

e172376

refactor: clean up code formatting and improve readability in various…

5da7878

… modules

chore: merge main

e77c29b

chore: update content hash in poetry.lock

98e821f

a-klos marked this pull request as ready for review August 6, 2025 08:40

Merge branch 'main' into deps-main

fb9d156

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update all non-major dependencies #68

fix(deps): update all non-major dependencies #68

Uh oh!

a-klos commented Jul 31, 2025 •

edited

Loading

Uh oh!

a-klos commented Aug 1, 2025

Uh oh!

Uh oh!

fix(deps): update all non-major dependencies #68

Are you sure you want to change the base?

fix(deps): update all non-major dependencies #68

Uh oh!

Conversation

a-klos commented Jul 31, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

a-klos commented Aug 1, 2025

Uh oh!

Uh oh!

a-klos commented Jul 31, 2025 •

edited

Loading