chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
charm.land/bubbletea/v2	v2.0.1 → v2.0.2			require	patch
charm.land/lipgloss/v2	v2.0.0 → v2.0.1			require	patch
golang.org/x/sync	v0.19.0 → v0.20.0			require	minor
golangci/golangci-lint	v2.11.1 → v2.11.3			uses-with	patch
mvdan.cc/sh/v3	v3.12.1-0.20260124232039-e74afc18e65b → v3.13.0			require	minor
pnpm (source)	10.30.3+sha512.c961d1e0a2d8e354ecaa5166b822516668b7f44cb5bd95122d590dd81922f606f5473b6d23ec4a5be05e7fcd18e8488d47d978bbe981872f1145d06e9a740017 → 10.32.0			packageManager	minor
vue (source)	3.5.29 → 3.5.30			devDependencies	patch

---

Release Notes

charmbracelet/bubbletea (charm.land/bubbletea/v2)

v2.0.2

Compare Source

This release contains a small patch fixing a rendering that might affect Wish users running on Unix platforms.

Changelog

Fixed

• f25595a: fix(renderer): use mapNl optimization when not on Windows and no PTY input (#​1615) (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

charmbracelet/lipgloss (charm.land/lipgloss/v2)

v2.0.1

Compare Source

A small release to properly set style underline colors, as well as handling partial reads while querying the terminal.

Changelog

Fixed

• 3044146: fix: add missing underlineColorKey case in getAsColor (#​624) (@​flux627)

Docs

• 61e734b: docs: Charm logo link in upgrade guide (@​aymanbagabas)

Other stuff

• 92b13d8: ci: sync golangci-lint config (#​621) (@​github-actions[bot])

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

golangci/golangci-lint (golangci/golangci-lint)

v2.11.3

Compare Source

Released on 2026-03-10

1. Linters bug fixes
   • gosec: from v2.24.7 to 619ce21

v2.11.2

Compare Source

Released on 2026-03-07

1. Fixes
   • fmt: fix error when using the fmt command with explicit paths.

mvdan/sh (mvdan.cc/sh/v3)

v3.13.0

Compare Source

This release introduces support for Zsh in the parser and formatter, which was tracked in issue #​120 alongside the label https://github.com/mvdan/sh/labels/zsh. While support is not complete, it should be far enough for many use cases.

This release also drops support for Go 1.24 and includes many other enhancements:

• cmd/shfmt
  • Exit with a non-zero status when -l prints any filenames
  • shfmt -version is now derived from the git current tag, dropping the -ldflags workaround
• syntax
  • New nodes types and node fields are introduced alongside LangZsh
  • LangVariant is now a bitset, allowing the use of sets like "Bash-like"
  • Add InteractiveSeq and StmtsSeq iterator methods for Parser
  • Stop exposing the internal buffer in Printer via struct embedding
  • Support the use of brace expansions like declare {a,b}_c=value
  • Fix a bug where POSIX and Bash incorrectly allowed empty command lists
• interp
  • Add support for shopt -s dotglob and shopt -s extglob
  • Add support for simple uses of !(expr) extended glob patterns
  • Support more builtin flags for declare, type, read
  • Fix various bugs relating to nulls, errors, and arrays
• expand
  • Add Config.DotGlob and Config.ExtGlob for the interpreter
  • Add Variable.Flags to get the one-character declare flags
  • Do not force env vars on Windows to be uppercase
  • Fix various bugs relating to glob pattern matching
• pattern
  • Add GlobLeadingDot and ExtendedOperators for the interpreter
  • Add NegExtGlobError to mark the use of !(expr) negation patterns

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

pnpm/pnpm (pnpm)

v10.32.0: pnpm 10.32

Compare Source

Minor Changes

• Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #​10136.

Patch Changes

• Reverted change related to setting explicitly the npm config file path, which caused regressions.
• Reverted fix related to lockfile-include-tarball-url. Fixes #​10915.

Platinum Sponsors

Gold Sponsors

v10.31.0

Compare Source

vuejs/core (vue)

v3.5.30

Compare Source

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#​12514) (e725a67), closes #​10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#​13374) (1398bf8), closes #​13029
• custom-element: properly locate parent when slotted in shadow dom (#​12480) (f06c81a), closes #​12479
• custom-element: should properly patch as props for vue custom elements (#​12409) (740983e), closes #​12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#​14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#​12737) (16ef165), closes #​12735
• reactivity: handle Set with initial reactive values edge case (#​12393) (5dc27ca), closes #​8647
• runtime-core: warn about negative number in v-for (#​12308) (9438cc5)
• ssr: prevent watch from firing after async setup await (#​14547) (6cda71d), closes #​14546
• types: make generics with runtime props in defineComponent work (fix #​11374) (#​13119) (cea3cf7), closes #​13763
• types: narrow useAttrs class/style typing for TSX (#​14492) (bbb8977), closes #​14489

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25 -> 1.25.0
golang.org/x/sys	v0.41.0 -> v0.42.0