fix(deps): update patch updates (patch)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@anolilab/multi-semantic-release (source)	^4.1.0 → ^4.1.1
@c15t/react (source)	^1.8.2 → ^1.8.3
@netlify/vite-plugin-tanstack-start (source)	^1.2.6 → ^1.2.9
pkg-pr-new (source)	^0.0.62 → ^0.0.63
pnpm (source)	10.28.0 → 10.28.2
react-day-picker (source)	^9.13.0 → ^9.13.2
sort-package-json	^3.6.0 → ^3.6.1
vite-tsconfig-paths	^6.0.4 → ^6.0.5
zod (source)	^4.3.5 → ^4.3.6

---

Release Notes

anolilab/semantic-release (@​anolilab/multi-semantic-release)

v4.1.1

Compare Source

Dependencies

• @​anolilab/semantic-release-clean-package-json: upgraded to 5.2.0
• @​anolilab/semantic-release-pnpm: upgraded to 5.0.0

c15t/c15t (@​c15t/react)

v1.8.3

Compare Source

Patch Changes

• 6c28663: Full Changelog: https://c15t.com/changelog/2026-01-19-v1.8.3
• Updated dependencies [6c28663]
  • c15t@​1.8.3

netlify/primitives (@​netlify/vite-plugin-tanstack-start)

v1.2.9

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​netlify/vite-plugin bumped from ^2.8.0 to ^2.9.0

v1.2.8

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​netlify/vite-plugin bumped from ^2.7.20 to ^2.8.0

v1.2.7

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​netlify/vite-plugin bumped from ^2.7.19 to ^2.7.20

stackblitz-labs/pkg.pr.new (pkg-pr-new)

v0.0.63

Compare Source

pnpm/pnpm (pnpm)

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

v10.28.1

Compare Source

gpbl/react-day-picker (react-day-picker)

v9.13.2

Compare Source

What's Changed

• fix(build): add correct type declaration for style.css export by @​NotNestor in #​2897
• fix(locale): correct Northern Sami (se) and Japanese Hiragana (ja-Hira) labels by @​gpbl in #​2898

New Contributors

• @​NotNestor made their first contribution in #​2897

Full Changelog: gpbl/react-day-picker@v9.13.1...v9.13.2

v9.13.1

Compare Source

Persian calendar improvements.

What's Changed

• feat: add narrow weekday format for Persian calendar by @​rezaaa in #​2895

New Contributors

• @​rezaaa made their first contribution in #​2895

Full Changelog: gpbl/react-day-picker@v9.13.0...v9.13.1

keithamus/sort-package-json (sort-package-json)

v3.6.1

Compare Source

Bug Fixes

• stop forcing exports "types" to be first (#​398) (15e1140)

aleclarson/vite-tsconfig-paths (vite-tsconfig-paths)

v6.0.5

Compare Source

colinhacks/zod (zod)

v4.3.6

Compare Source

Commits:

• 9977fb0 Add brand.dev to sponsors
• f4b7bae Update pullfrog.yml (#​5634)
• 251d716 Clean up workflow_call
• edd4132 fix: add missing User-agent to robots.txt and allow all (#​5646)
• 85db85e fix: typo in codec.test.ts file (#​5628)
• cbf77bb Avoid non null assertion (#​5638)
• dfbbf1c Avoid re-exported star modules (#​5656)
• 762e911 Generalize numeric key handling
• ca3c862 v4.3.6

---

Configuration

📅 Schedule: Branch creation - "after 10:00 before 19:00 every weekday except after 13:00 before 14:00" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for ai-models-table ready!

Name	Link
🔨 Latest commit	087df8f
🔍 Latest deploy log	https://app.netlify.com/projects/ai-models-table/deploys/698f04135a81160007d3a567
😎 Deploy Preview	https://deploy-preview-54--ai-models-table.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Thank you for following the naming conventions! 🙏