chore(deps): update all non-major dependencies by renovate[bot] · Pull Request #2728

chore(deps): update all non-major dependencies by renovate[bot] · Pull Request #2728 · go-task/task

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Type	Update
charm.land/bubbles/v2	`v2.0.0` → `v2.1.0`	require	minor
charm.land/bubbletea/v2	`v2.0.1` → `v2.0.2`	require	patch
charm.land/lipgloss/v2	`v2.0.0` → `v2.0.2`	require	patch
github.com/fatih/color	`v1.18.0` → `v1.19.0`	require	minor
github.com/hashicorp/go-getter	`v1.8.4` → `v1.8.5`	require	patch
golang.org/x/sync	`v0.19.0` → `v0.20.0`	require	minor
golang.org/x/term	`v0.40.0` → `v0.41.0`	require	minor
golangci/golangci-lint	`v2.11.1` → `v2.11.4`	uses-with	patch
mvdan.cc/sh/v3	`v3.12.1-0.20260124232039-e74afc18e65b` → `v3.13.0`	require	minor
netlify-cli	`24.3.0` → `24.8.1`	devDependencies	minor
pnpm (source)	`10.30.3+sha512.c961d1e0a2d8e354ecaa5166b822516668b7f44cb5bd95122d590dd81922f606f5473b6d23ec4a5be05e7fcd18e8488d47d978bbe981872f1145d06e9a740017` → `10.33.0`	packageManager	minor
vitepress-plugin-group-icons	`1.7.1` → `1.7.3`	devDependencies	patch
vitepress-plugin-llms	`1.11.0` → `1.12.0`	devDependencies	minor
vue (source)	`3.5.29` → `3.5.31`	devDependencies	patch

Release Notes

charmbracelet/bubbles (charm.land/bubbles/v2)

Shrink ’n’ grow your textareas

The update adds a new feature to automatically resize your textarea vertically as its content changes.

ta := textarea.New()
ta.DynamicHeight = true   // Enable dynamic resizing
ta.MinHeight = 3          // Minimum visible rows
ta.MaxHeight = 10         // Maximum visible rows
ta.MaxContentHeight = 20  // Maximum rows of content

Piece of cake, right?

Enjoy! 💘

Changelog

New!

f1daacf: feat(textarea): dynamic height (#910) (@meowgorithm)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

charmbracelet/bubbletea (charm.land/bubbletea/v2)

`v2.0.2`

Compare Source

This release contains a small patch fixing a rendering that might affect Wish users running on Unix platforms.

Changelog

Fixed

f25595a: fix(renderer): use mapNl optimization when not on Windows and no PTY input (#1615) (@aymanbagabas)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

charmbracelet/lipgloss (charm.land/lipgloss/v2)

Table patch

If you don't know, we made big improvements in table rendering recently shipped in v2.0.0.

@MartinodF made a good job on improving it even further for tricky edge cases, in particular when content wrapping is enabled.

Changelog

Fixed

c289bad: fix(table): height and overflow with wrapping content (#620) (@MartinodF)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

`v2.0.1`

Compare Source

A small release to properly set style underline colors, as well as handling partial reads while querying the terminal.

Changelog

Fixed

3044146: fix: add missing underlineColorKey case in getAsColor (#624) (@flux627)

Docs

61e734b: docs: Charm logo link in upgrade guide (@aymanbagabas)

Other stuff

92b13d8: ci: sync golangci-lint config (#621) (@github-actions[bot])

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

fatih/color (github.com/fatih/color)

`v1.19.0`

Compare Source

What's Changed

Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @dependabot[bot] in #246
Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @ataypamart in #243
chore: go mod cleanup by @sashamelentyev in #244
Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @dependabot[bot] in #249
Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @dependabot[bot] in #248
Update CI and go deps by @fatih in #254
Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @dependabot[bot] in #268
fix: include escape codes in byte counts from Fprint, Fprintf by @qualidafial in #282
Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @dependabot[bot] in #277
fix: add nil check for os.Stdout to prevent panic on Windows services by @majiayu000 in #275
Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @dependabot[bot] in #259
Bump actions/checkout from 4 to 6 by @dependabot[bot] in #273
Optimize Color.Equals performance (O(n²) → O(n)) by @UnSubble in #269
Bump actions/setup-go from 5 to 6 by @dependabot[bot] in #266

New Contributors

@ataypamart made their first contribution in #243
@sashamelentyev made their first contribution in #244
@qualidafial made their first contribution in #282
@majiayu000 made their first contribution in #275
@UnSubble made their first contribution in #269

Full Changelog: fatih/color@v1.18.0...v1.19.0

hashicorp/go-getter (github.com/hashicorp/go-getter)

`v1.8.5`

Compare Source

What's Changed

[chore] : Bump the go group with 2 updates by @dependabot[bot] in #576
use %w to wrap error by @Ericwww in #475
fix: #538 http file download skipped if headResp.ContentLength is 0 by @martijnvdp in #539
chore: fix error message capitalization in checksum function by @ssagarverma in #578
[chore] : Bump the go group with 8 updates by @dependabot[bot] in #577
Fix git url with ambiguous ref by @nimasamii in #382
fix: resolve compilation errors in get_git_test.go by @CreatorHead in #579
[chore] : Bump the actions group with 2 updates by @dependabot[bot] in #582
[chore] : Bump the go group with 3 updates by @dependabot[bot] in #583
test that arbitrary files cannot be checksummed by @schmichael in #250
[chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the go group by @dependabot[bot] in #585
[chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @dependabot[bot] in #586
[chore] : Bump the go group with 3 updates by @dependabot[bot] in #588
[chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions group by @dependabot[bot] in #589
[chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in the actions group by @dependabot[bot] in #592
[chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the go group by @dependabot[bot] in #591
[chore] : Bump the go group with 5 updates by @dependabot[bot] in #593
IND-6310 - CRT Onboarding by @nasareeny in #584
Fix crt build path by @ssagarverma in #594
[chore] : Bump the go group with 3 updates by @dependabot[bot] in #596
fix: remove checkout action from set-product-version job by @ssagarverma in #598
[chore] : Bump the actions group with 4 updates by @dependabot[bot] in #595
fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0 (GO-2026-4394) by @ssagarverma in #599
Prepare go-getter for v1.8.5 release by @nasareeny in #597
[chore] : Bump the actions group with 2 updates by @dependabot[bot] in #600
sec: bump go and xrepos + redact aws tokens in url by @dduzgun-security in #604

NOTES:

Binary Distribution Update: To streamline our release process and align with other HashiCorp tools, all release binaries will now be published exclusively to the official HashiCorp release site. We will no longer attach release assets to GitHub Releases.

New Contributors

@Ericwww made their first contribution in #475
@martijnvdp made their first contribution in #539
@nimasamii made their first contribution in #382
@nasareeny made their first contribution in #584

Full Changelog: hashicorp/go-getter@v1.8.4...v1.8.5

golangci/golangci-lint (golangci/golangci-lint)

`v2.11.4`

Compare Source

Released on 2026-03-22

Linters bug fixes
- govet-modernize: from 0.42.0 to 0.43.0
- noctx: from 0.5.0 to 0.5.1
- sqlclosecheck: from 0.5.1 to 0.6.0

`v2.11.3`

Compare Source

Released on 2026-03-10

Linters bug fixes
- gosec: from v2.24.7 to 619ce21

`v2.11.2`

Compare Source

Released on 2026-03-07

Fixes
- fmt: fix error when using the fmt command with explicit paths.

mvdan/sh (mvdan.cc/sh/v3)

`v3.13.0`

Compare Source

This release introduces support for Zsh in the parser and formatter, which was tracked in issue #120 alongside the label https://github.com/mvdan/sh/labels/zsh. While support is not complete, it should be far enough for many use cases.

This release also drops support for Go 1.24 and includes many other enhancements:

cmd/shfmt
- Exit with a non-zero status when -l prints any filenames
- shfmt -version is now derived from the git current tag, dropping the -ldflags workaround
syntax
- New nodes types and node fields are introduced alongside LangZsh
- LangVariant is now a bitset, allowing the use of sets like "Bash-like"
- Add InteractiveSeq and StmtsSeq iterator methods for Parser
- Stop exposing the internal buffer in Printer via struct embedding
- Support the use of brace expansions like declare {a,b}_c=value
- Fix a bug where POSIX and Bash incorrectly allowed empty command lists
interp
- Add support for shopt -s dotglob and shopt -s extglob
- Add support for simple uses of !(expr) extended glob patterns
- Support more builtin flags for declare, type, read
- Fix various bugs relating to nulls, errors, and arrays
expand
- Add Config.DotGlob and Config.ExtGlob for the interpreter
- Add Variable.Flags to get the one-character declare flags
- Do not force env vars on Windows to be uppercase
- Fix various bugs relating to glob pattern matching
pattern
- Add GlobLeadingDot and ExtendedOperators for the interpreter
- Add NegExtGlobError to mark the use of !(expr) negation patterns

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

netlify/cli (netlify-cli)

`v24.8.1`

Compare Source

Bug Fixes

improve ax error handling around missing commands or unknown flags (0715310)

`v24.8.0`

Compare Source

Features

set branch as alias on deploy command (#8111) (c08644e)

Bug Fixes

deps: bump node-forge from 1.3.2 to 1.4.0 (#8114) (3fc2aec)
deps: bump yaml from 2.8.1 to 2.8.3 (#8101) (e95762d)

`v24.7.0`

Compare Source

Features

support --allow-anonymous deploys (#8109) (9dee49e)

Bug Fixes

deps: update netlify packages (#8105) (42a46bf)

`v24.6.2`

Compare Source

Bug Fixes

deploy DB migrations (#8103) (8d7c0a5)
deps: update dependency fastify to v5.8.3 [security] (#8096) (d3a3059)

`v24.6.1`

Compare Source

Bug Fixes

support for --json on sites (#8093) (c13e11f)

`v24.6.0`

Compare Source

Features

log output to stderr on deploy --json --verbose (#8090) (13e973c)

Bug Fixes

AX for env setting (#8091) (d77ff79)

`v24.5.1`

Compare Source

Bug Fixes

deps: update netlify packages (#8088) (85ede41)
improve the AX of creating sites when not logged in and from sites:create (#8086) (7307b65)

`v24.5.0`

Compare Source

Features

AX of ntl deploy (#8083) (3c2387e)
support a create with agent runners flow in CLI (#8066) (b100657)

Bug Fixes

deps: update netlify packages (#8084) (8634ba2)

`v24.4.1`

Compare Source

Bug Fixes

deps: bump h3 from 1.15.8 to 1.15.9 (#8075) (2baeec8)
deps: pin dependency modern-tar to v0.7.5 (#8078) (03987a2)
deps: update dependency https-proxy-agent to v8 (#8082) (6f965fd)

`v24.4.0`

Compare Source

Features

propagate @netlify/build version, primary framework and its version (#8049) (1db6f6e)
support switching to a known user (#8046) (e460e68)

Bug Fixes

deps: bump h3 from 1.15.5 to 1.15.8 (#8055) (7a1c8fa)
deps: update dependency @netlify/dev to v4.16.3 (#8053) (4460d87)
deps: update dependency @netlify/dev to v4.16.4 (#8060) (d0491da)
deps: update dependency @netlify/dev-utils to v4.4.2 (#8054) (bdb944f)
deps: update dependency @netlify/dev-utils to v4.4.3 (#8061) (78b5af9)
deps: update dependency @netlify/edge-functions to v3.0.5 (#8056) (6254a75)
deps: update dependency @netlify/edge-functions to v3.0.6 (#8063) (7646545)
deps: update dependency @netlify/functions to v5.1.4 (#8057) (18d5ccb)
deps: update dependency @netlify/functions to v5.1.5 (#8064) (77a9249)
deps: update dependency @netlify/images to v1.3.6 (#8058) (06f564b)
deps: update dependency @netlify/images to v1.3.7 (#8065) (12a3a3f)
deps: update dependency cookie to v1.1.1 (#8037) (6e6bcf5)
deps: update dependency envinfo to v7.21.0 (#8039) (08b5fc5)
deps: update netlify packages (#8047) (d57ce32)
deps: update netlify packages (#8062) (3006f8c)
deps: update netlify packages (#8067) (02632aa)
deps: upgrade deps to fix new vulnerabilities (#8070) (e3655f9)

pnpm/pnpm (pnpm)

`v10.33.0`

Compare Source

`v10.32.1`: pnpm 10.32.1

Compare Source

Patch Changes

Fix a regression where pnpm-workspace.yaml without a packages field caused all directories to be treated as workspace projects. This broke projects that use pnpm-workspace.yaml only for settings (e.g. minimumReleaseAge) without defining workspace packages #10909.

Platinum Sponsors

Gold Sponsors

`v10.32.0`: pnpm 10.32

Compare Source

Minor Changes

Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #10136.

Patch Changes

Reverted change related to setting explicitly the npm config file path, which caused regressions.
Reverted fix related to lockfile-include-tarball-url. Fixes #10915.

Platinum Sponsors

Gold Sponsors

`v10.31.0`

Compare Source

yuyinws/vitepress-plugin-group-icons (vitepress-plugin-group-icons)

`v1.7.3`

Compare Source

🚀 Features

Migrate to vite-plus - by @yuyinws in #35 (ed34c)

🐞 Bug Fixes

types: Don't bundle markdown-it types - by @brc-dd in #36 (513e7)

View changes on GitHub

`v1.7.2`

Compare Source

🚀 Features

Add decodeHtmlEntities function to handle HTML entity decoding - by @yuyinws (c4e1c)

View changes on GitHub

okineadev/vitepress-plugin-llms (vitepress-plugin-llms)

`v1.12.0`

Compare Source

🚀 Enhancements

Add ignoreFilesPerOutput option for separate file filtering for llms.txt, llms-full.txt and individual pages - by @okineadev (a48c7)

🩹 Fixes

Fix index.md resolving - by @okineadev (f46fc)

💖 Contributors

@okineadev

View changes on GitHub

`v1.11.1`

Compare Source

🩹 Fixes

Resolve build failure when generateLLMFriendlyDocsForEachPage is false (#121) - by @brick-pixel (73499)

💖 Contributors

@brick-pixel

View changes on GitHub

vuejs/core (vue)

`v3.5.31`

Compare Source

Bug Fixes

compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431
runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710
runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)
runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)
runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603
runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)
server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)
suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966
suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920
transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608
types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

`v3.5.30`

Compare Source

Bug Fixes

compat: add entities to @vue/compat deps to fix CJS edge cases (#12514) (e725a67), closes #10609
custom-element: ensure child component styles are injected in correct order before parent styles (#13374) (1398bf8), closes #13029
custom-element: properly locate parent when slotted in shadow dom (#12480) (f06c81a), closes #12479
custom-element: should properly patch as props for vue custom elements (#12409) (740983e), closes #12408
reactivity: avoid duplicate raw/proxy entries in Set.add (#14545) (d943612)
reactivity: fix reduce on reactive arrays to preserve reactivity (#12737) (16ef165), closes #12735
reactivity: handle Set with initial reactive values edge case (#12393) (5dc27ca), closes #8647
runtime-core: warn about negative number in v-for (#12308) (9438cc5)
ssr: prevent watch from firing after async setup await (#14547) ([6cda71d]

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Release Notes

Shrink ’n’ grow your textareas

Changelog

New!

Changelog

Fixed

Table patch

Changelog

Fixed

Changelog

Fixed

Docs

Other stuff

What's Changed

New Contributors

What's Changed

New Contributors

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

v10.32.1: pnpm 10.32.1

Patch Changes

Platinum Sponsors

Gold Sponsors

v10.32.0: pnpm 10.32

Minor Changes

Patch Changes

Platinum Sponsors

Gold Sponsors

🚀 Features

🐞 Bug Fixes

🚀 Features

🚀 Enhancements

🩹 Fixes

💖 Contributors

🩹 Fixes

💖 Contributors

Bug Fixes

Bug Fixes

Configuration

`v10.32.1`: pnpm 10.32.1

`v10.32.0`: pnpm 10.32