chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@nuxtjs/mdc	^0.20.0 → ^0.21.0
@sanity/core-loader (source)	2.0.6 → 2.0.7
@sanity/debug-preview-url-secret-plugin (source)	2.0.7 → 2.0.8
@sanity/preview-url-secret (source)	4.0.3 → 4.0.4
@sanity/schema (source)	5.13.0 → 5.20.0
@sanity/vision (source)	5.13.0 → 5.20.0
@sanity/visual-editing (source)	5.3.0 → 5.3.3
@types/picomatch (source)	4.0.2 → 4.0.3
@unhead/vue (source)	2.1.12 → 2.1.13
better-sqlite3	12.6.2 → 12.8.0
defu	6.1.4 → 6.1.7
docus	5.7.0 → 5.9.0
groq (source)	5.19.0 → 5.20.0
h3 (source)	1.15.6 → 1.15.11
lint-staged	16.3.2 → 16.4.0
mlly	1.8.1 → 1.8.2
picomatch	4.0.3 → 4.0.4
pkg-pr-new (source)	0.0.65 → 0.0.66
pnpm (source)	10.32.0 → 10.33.0
sanity (source)	5.13.0 → 5.20.0
styled-components (source)	6.3.11 → 6.3.12
vue-router (source)	5.0.3 → 5.0.4
vue-tsc (source)	3.2.5 → 3.2.6

---

Release Notes

nuxt-content/mdc (@​nuxtjs/mdc)

v0.21.1

Compare Source

compare changes

🏡 Chore

• Updgrade & add missing @shikijs/engine-javascript dependency (f4f3b58)

❤️ Contributors

• Farnabaz farnabaz@gmail.com

v0.21.0

Compare Source

compare changes

🩹 Fixes

• Don't memoise configs, and allow external modules to call mdc:configSources (#​471)
• Normalize lang (#​459)
• cache: Fix issue where value watch could get out of sync (#​385)

🏡 Chore

• Upgrade deps (930318c)
• Remove mkdist resolution (344ee69)
• Keep mkdist@​2.3.0 (8881f62)

❤️ Contributors

• Farnabaz farnabaz@gmail.com
• Chris Towles chris.towles@gmail.com
• Juls0730 (@​juls0730)
• Daniel Roe (@​danielroe)

sanity-io/visual-editing (@​sanity/core-loader)

v2.0.7

Bug Fixes

• deps: upgrade @sanity/client to v7.18.0 (f8bbe8e)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/visual-editing-csm bumped to 3.0.6

sanity-io/plugins (@​sanity/debug-preview-url-secret-plugin)

v2.0.8

Compare Source

Patch Changes

• 377a170 Thanks @​stipsan! - Upgrade @sanity/preview-url-secret to ^4.0.4

sanity-io/visual-editing (@​sanity/preview-url-secret)

v4.0.4

Bug Fixes

• deps: upgrade @sanity/client to v7.18.0 (f8bbe8e)

sanity-io/sanity (@​sanity/schema)

v5.20.0

Compare Source

Sanity Studio v5.20.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit:
www.sanity.io/changelog/studio-NS4xOS4w

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author	Message	Commit
squiggler-app[bot]	chore(deps): dedupe pnpm-lock.yaml (#​12583)	449f40c
@​codythatsme	fix(types): preserve type autocomplete for defineField inside defineType (#​12576)	d566c31
squiggler-app[bot]	chore(deps): update dependency lodash-es to ^4.18.1 (#​12582)	e855996
@​jordanl17	fix(form): add deeply nested array preview types and integrate into schema (#​12489)	35af7f5
@​pedrobonamin	feat(core): adds useProjectOrganizationData hook (#​12539)	f180ebf
squiggler-app[bot]	chore(deps): update rexxars/bundle-stats digest to 1bc291f (#​12569)	48a5609
@​binoy14	ci(renovate): inline reusable workflow to fix access error (#​12567)	95a9bca
@​binoy14	ci: use main branch for action (#​12566)	bbd1304
@​binoy14	ci(renovate): add self-hosted renovate bot workflow (#​12565)	111f86e
@​juice49	fix(sanity): inline comment input re-animate on every value change (#​12564)	fa34c76
@​juice49	fix(sanity): add missing perspective when calling observeDocumentTypeFromId for references (#​12561)	80e57e9
@​bjoerge	chore(ci): expand and clarify release PR description (#​12562)	611e177
@​juice49	fix(sanity): array input with no ArrayFunctions vanishing after pane expansion (#​12559)	d7c56cd
@​juice49	feat(test-studio): add example array with no ArrayFunctions (#​12559)	4da66bc

v5.19.0

Compare Source

Sanity Studio v5.19.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit:
www.sanity.io/changelog/studio-NS4xOC4w

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author	Message	Commit
@​pedrobonamin	chore: replace deprecated placement in menuButton for popover.placement (#​12421)	867cccb
@​juice49	feat(sanity): tag version creation request during release duplication (#​12554)	5b90d9a
@​juice49	refactor(sanity): pass only document id when duplicating release (#​12554)	8f01554
@​bjoerge	test(e2e): remove unnecessary Firefox skips from PTE fullscreen tests (#​12552)	70eca29
@​bjoerge	chore(ci): bump renovate nodeMaxMemory to 2.5GB (#​12555)	63fb9e3
@​bjoerge	chore(ci): bump renovate nodeMaxMemory to 2GB (#​12553)	fa002f6
@​binoy14	fix(deps): update @​sanity/cli to v6.3.1 (#​12546)	27690b4
@​bjoerge	chore(ci): change nodeMaxMemory from string to number (#​12550)	c06062a
@​bjoerge	chore(ci): set renovate nodeMaxMemory to 1GB (#​12548)	0d380fa
renovate[bot]	chore(deps): update dependency oxfmt to ^0.43.0 (#​12450)	e374c45
@​binoy14	chore(deps): bump GitHub Actions dependencies to latest versions (#​12544)	91b4993
@​binoy14	chore(ci): add renovate concurrency limits (#​12545)	fd39d6f
renovate[bot]	chore(deps): update davelosert/vitest-coverage-report-action digest to bd52af5 (#​12535)	02f8197
@​christianhg	fix(deps): update @​portabletext packages to latest versions (#​12538)	6095f0d
@​binoy14	fix(deps): update @​sanity/cli to v6.3.0 (#​12537)	1976167
@​RitaDias	feat: add feedbackDialog and sendFeedback methods (#​12497)	0477e25
@​RitaDias	refactor: always send error reporting to sentry, always strip PII (#​12534)	4b2dc94
@​Chrilleweb	fix(sanity): log deprecation warning once (#​12526)	abc296d
@​bjoerge	feat(telemetry): track auth store timings (#​12529)	468ff0b
@​bjoerge	chore(telemetry): improve debug logging output (#​12528)	15943dd
@​TiwariLokesh	fix(core): prevent PointerOverlayDiv from blocking clicks on initial render in CommandList (#​12480)	9ca91b5
@​bjoerge	fix(auth): return stats from handleCallbackResult (#​12522)	9d4bd08
@​pedrobonamin	fix(structure): add empty state to incoming refs inspector (#​12524)	0add49d
@​pedrobonamin	fix(core): prevent task form operations from leaking into the main workspace store (#​12523)	5439954
@​stipsan	fix(deps): bump misc sanity packages (#​12470)	5c56d11
@​bjoerge	ci(e2e): optimize Playwright CI workflows (#​12519)	e5c05b0
renovate[bot]	chore(deps): update davelosert/vitest-coverage-report-action digest to 2500daf (#​12516)	89b7d7e
@​bjoerge	test(e2e): replace waitForSelector and waitForTimeout with locator APIs (#​12510)	fc5c7f3
@​bjoerge	chore(ci): replace lerna with release-notes bump command (#​12513)	6171d67
@​pedrobonamin	fix(core): publishing anonymous versions (#​12514)	a1c9e4b
renovate[bot]	chore(deps): pin dorny/paths-filter action to fbd0ab8 (#​12515)	5aee0d5
@​jordanl17	fix: show initial value template icons in new document pickers (#​12508)	990a3c4
renovate[bot]	chore(deps): update pnpm to v10.32.1 (#​12453)	d14c754
renovate[bot]	chore(deps): update dependency knip to ^5.88.1 (#​12449)	3d05c77
@​jordanl17	fix: pasting a document into a schema with read-only fields will exclude those fields from paste (#​12488)	500e413
@​jordanl17	fix(validation): allow relative URLs when scheme excludes http (#​12486)	d5c2b1c
@​markmichon	fix(release-notes): unset releaseAutomation before publishing content release (#​12505)	3643a20
renovate[bot]	chore(deps): update actions/create-github-app-token action to v3 (#​12455)	0c59a22
@​bjoerge	chore(e2e): fix test timeouts and remove unnecessary test.slow() calls (#​12499)	b6f0480

v5.18.0

Compare Source

Note: Version bump only for package @​sanity/schema

v5.17.1

Compare Source

Note: Version bump only for package @​sanity/schema

v5.17.0

Compare Source

Features

• schema: add ability to control undefined/null sorting (#​12367) (d5f6875) by Bjørge Næss (bjoerge@gmail.com)

v5.16.0

Compare Source

Bug Fixes

• deps: update dependency groq-js to ^1.29.0 (#​12384) (d230b6a) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v5.15.0

Compare Source

Features

• upgrade to new @sanity/cli (#​12200) (902075d) by Espen Hovlandsdal (espen@hovlandsdal.com)

v5.14.1

Compare Source

Note: Version bump only for package @​sanity/schema

v5.14.0

Compare Source

Bug Fixes

• add warnings when element is not valid instead of crashing studio (#​12262) (1786aca) by RitaDias (rita@sanity.io)

sanity-io/visual-editing (@​sanity/visual-editing)

v5.3.3

Bug Fixes

• move onPerspectiveChange to event handler instead of useEffect (4821bfb)

v5.3.2

Bug Fixes

• only call onPerspectiveChange once the perspective is known (01fb825)

v5.3.1

Bug Fixes

• deps: upgrade @sanity/client to v7.18.0 (f8bbe8e)
• stega: fails decoding content containing zero width space chars (#​3380) (0cd1d9f)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/preview-url-secret bumped to 4.0.4
    • @​sanity/visual-editing-csm bumped to 3.0.6

unjs/unhead (@​unhead/vue)

v2.1.13

Compare Source

   🐞 Bug Fixes

• schema-org: Normalize target to array before merging potentialAction  -  by @​harlan-zw and Claude Opus 4.6 (1M context) in #​709 (22ac9)

    View changes on GitHub

WiseLibs/better-sqlite3 (better-sqlite3)

v12.8.0

Compare Source

What's Changed

• Readme: requires Node.js v20 or later by @​Prinzhorn in #​1443
• Update SQLite to version 3.51.3 in #​1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @​tstone-1 in #​1459

New Contributors

• @​tstone-1 made their first contribution in #​1459

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

unjs/defu (defu)

v6.1.7

Compare Source

compare changes

🩹 Fixes

• defu.d.cts: Export Defu types (#​157)

📦 Build

• Correct the types export entry (#​160)

❤️ Contributors

• Jakub Michálek (@​J-Michalek)
• Kricsleo (@​kricsleo)

v6.1.6

Compare Source

compare changes

📦 Build

• Fix mixed types (407b516)

❤️ Contributors

• Pooya Parsa (@​pi0)

v6.1.5

Compare Source

compare changes

🩹 Fixes

• Prevent prototype pollution via __proto__ in defaults (#​156)
• Ignore inherited enumerable properties (11ba022)

🏡 Chore

• Add tea.yaml (70cffe5)
• Update repo (23cc432)
• Fix typecheck (89df6bb)

✅ Tests

• Add more tests for plain objects (b65f603)

🤖 CI

• Bump node (9237d9c)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)

nuxt-content/docus (docus)

v5.9.0

Compare Source

Features

• assistant: accept OIDC or API key (#​1323) (b21799b)
• assistant: improve mcp page tools (#​1326) (66ea500)
• layer: add option to force color-mode (#​1310) (8d8b0a7)
• ogImage: upgrade to v6 and use primary color (#​1312) (a30dcb8)
• skills: add agent skills discovery via .well-known (#​1297) (2f7861b)

Bug Fixes

• layer: do not display edit page if github url missing (#​1327) (d056a2c)
• og: limit description size (#​1325) (1981e83)
• og: set og image as static (#​1324) (46eb49d)
• starters: use extend in nuxt config (#​1328) (c5f4580)

v5.8.1

Compare Source

Bug Fixes

• import: relative path (#​1307) (99e5b5f)

v5.8.0

Compare Source

Features

• nav: add opt-in sub-navigation (#​1298) (ba9a38b)
• skills: add /review-docs (#​1265) (43743b1)

Bug Fixes

• assistant: use baseURL for api call (#​1295) (561c629)
• i18n: use click mode for language selection (#​1305) (a9a2fff)
• mcp: derive Docus MCP page URLs from request origin (#​1302) (6043beb)
• mcp: use request fetch for raw page content (#​1304) (84ddc87)
• typescript: support nuxt typecheck in apps extending docus (#​1300) (7032533)

h3js/h3 (h3)

v1.15.11

Compare Source

compare changes

🏡 Chore

• Update defu to 6.1.6 (6125485)
• Update deps (4998dd8)
• Update cookie-es (d166186)

v1.15.10

Compare Source

compare changes

🩹 Fixes

• Preserve percent-encoded req.url in app event handler (#​1355)

❤️ Contributors

• Sergio Azócar (@​sergioazoc)

v1.15.9

Compare Source

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)
• static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
• sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

v1.15.8

Compare Source

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)

v1.15.7

Compare Source

compare changes

🩹 Fixes

• static: Narrow path traversal check to match .. as a path segment only (c049dc0)
• app: Decode percent-encoded path segments to prevent auth bypass (313ea52)

💅 Refactors

• Remove implicit event handler conversion warning (#​1340)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Wind (@​productdevbook)

lint-staged/lint-staged (lint-staged)

v16.4.0

Compare Source

Minor Changes

• #​1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Compare Source

Patch Changes

• #​1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Compare Source

Patch Changes

• #​1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

unjs/mlly (mlly)

v1.8.2

Compare Source

compare changes

🩹 Fixes

• Extract variable names ignoring function calls (#​336)
• Generic angle bracket parsing (#​341)

📖 Documentation

• Fix typo (#​333)

🏡 Chore

• Update deps (12913db)
• Lint (33495f9)
• release: V1.8.1 (ed17783)
• Update deps (1b09363)

❤️ Contributors

• Florian Heuberger (@​Flo0806)
• Pooya Parsa (@​pi0)
• AngelHdz <angel.hernandez.12@​live.com>
• Daniel Roe (@​danielroe)

micromatch/picomatch (picomatch)

v4.0.4

Compare Source

This is a security release fixing several security relevant issues.

What's Ch

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for nuxt-sanity-module ready!

Name	Link
🔨 Latest commit	20d5f93
🔍 Latest deploy log	https://app.netlify.com/projects/nuxt-sanity-module/deploys/69d67d8ae22d870008d367a2
😎 Deploy Preview	https://deploy-preview-1451--nuxt-sanity-module.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@nuxtjs/sanity@1451

commit: 20d5f93