fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@sentry/node (source)	^10.53.1 → ^10.56.0			dependencies	minor
@vitest/coverage-v8 (source)	^4.1.7 → ^4.1.8			devDependencies	patch
actions/checkout	v6.0.2 → v6.0.3			action	patch
oxfmt (source)	^0.51.0 → ^0.53.0			devDependencies	minor
oxlint (source)	^1.66.0 → ^1.68.0			devDependencies	minor
pnpm (source)	10.33.4 → 10.34.1			packageManager	minor
prisma-json-types-generator (source)	^5.0.0 → ^5.1.0			devDependencies	minor
taze	^19.13.0 → ^19.14.1			devDependencies	minor
tsdown (source)	^0.22.0 → ^0.22.1			devDependencies	patch
vitest (source)	^4.1.7 → ^4.1.8			devDependencies	patch

---

Release Notes

getsentry/sentry-javascript (@​sentry/node)

v10.56.0

Compare Source

Important Changes

• feat(deno): Redis diagnostics channel based integration for Deno (#​21087)

  Adds Redis integration support for Deno, covering both redis and ioredis clients.

Other Changes

• feat(cloudflare): Only capture workflow step error on final retry attempt (#​21025)
• feat(hono): Emit warning if @sentry/node was imported instead of @sentry/hono/node (#​21240)
• feat(node): Use ioredis tracing channels (#​21187)
• fix(browser): Correctly parse sampleRate when consistentTraceSampling is enabled (#​21281)
• fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Agents (#​21101)
• fix(cloudflare): Wait for span links to be set (#​21167)
• fix(core): Use WeakRef for Span-Scope circular references (#​21242)
• fix(node): Vendor InstrumentationNodeModuleFile to fix Bun --bytecode crash (#​21262)
• fix(profiling-node): Ensure node version support warning includes latest 26 (#​21229)

Internal Changes

• chore: Ignore scheduled_tasks.lock (#​21252)
• chore: Promote lint warnings to errors (#​21213)
• chore(docs): Document how to support a new node version (#​21228)
• chore(size-limit): Weekly auto-bump (#​21243)
• chore(skills): Add linear-project-status skill (#​21214)
• chore(skills): Add linear-project-update skill (#​21233)
• chore(skills): Improve triage-issue skill (#​21257)
• chore(skills): Update linear-project-status skill with more details & context (#​21234)
• feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic (#​21263)
• feat(server-utils): Initial scaffolding (#​21200)
• ref(cloudflare): Move D1 instrumentation (#​21266)
• ref(node): Refactor usage of hrTime utilities from @opentelemetry/core (#​21191)
• ref(node): Stop mutating OTel RPC metadata to set http.route (#​21193)
• ref(opentelemetry): Vendor minimal TraceState implementation (#​21192)
• test(browser): Add unit test for http client header collection behavior (#​21273)
• test(browser): Move browser integration tests to dataCollection (#​21282)
• test(cloudflare): Remove vitest in CF e2e tests (#​21259)

Bundle size 📦

Path	Size
@​sentry/browser	26.57 KB
@​sentry/browser - with treeshaking flags	25.05 KB
@​sentry/browser (incl. Tracing)	44.19 KB
@​sentry/browser (incl. Tracing + Span Streaming)	46.37 KB
@​sentry/browser (incl. Tracing, Profiling)	49.06 KB
@​sentry/browser (incl. Tracing, Replay)	82.86 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.67 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	87.45 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.78 KB
@​sentry/browser (incl. Feedback)	43.32 KB
@​sentry/browser (incl. sendFeedback)	31.27 KB
@​sentry/browser (incl. FeedbackAsync)	36.24 KB
@​sentry/browser (incl. Metrics)	27.61 KB
@​sentry/browser (incl. Logs)	27.85 KB
@​sentry/browser (incl. Metrics & Logs)	28.53 KB
@​sentry/react	28.35 KB
@​sentry/react (incl. Tracing)	46.41 KB
@​sentry/vue	31.46 KB
@​sentry/vue (incl. Tracing)	46.06 KB
@​sentry/svelte	26.59 KB
CDN Bundle	28.88 KB
CDN Bundle (incl. Tracing)	46.7 KB
CDN Bundle (incl. Logs, Metrics)	30.35 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.91 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.69 KB
CDN Bundle (incl. Tracing, Replay)	83.19 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	84.33 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.92 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	90.04 KB
CDN Bundle - uncompressed	85.64 KB
CDN Bundle (incl. Tracing) - uncompressed	140.75 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	90.03 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	144.42 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	211.83 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	256.74 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	260.4 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	270.12 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	273.77 KB
@​sentry/nextjs (client)	48.88 KB
@​sentry/sveltekit (client)	44.64 KB
@​sentry/core/server	74.16 KB
@​sentry/core/browser	61.61 KB
@​sentry/node-core	60.25 KB
@​sentry/node	127.35 KB
@​sentry/node - without tracing	72.33 KB
@​sentry/aws-serverless	84.24 KB
@​sentry/cloudflare (withSentry) - minified	167.82 KB
@​sentry/cloudflare (withSentry)	419.43 KB

v10.55.0

Compare Source

Important Changes

• feat(hono): Promote @sentry/hono to stable and deprecate honoIntegration (#​21208)

  The @sentry/hono SDK is now stable. See the Sentry Hono SDK docs to get started.

• docs(tanstackstart-react): Promote SDK status to beta (#​21175)

  This release promotes the @sentry/tanstackstart-react SDK to beta. For details on how to use it, check out the
  Sentry TanStack Start SDK docs. Please reach out on
  GitHub if you have any feedback or concerns.

• feat(hono): Add shouldHandleError option to sentry() middleware (#​21205)

  The sentry() middleware now accepts a shouldHandleError callback to control which errors are captured and sent to Sentry. By default, 3xx/4xx HTTP errors are ignored and 5xx errors and plain Error objects are captured. Return true from the callback to capture an error, false to suppress it.

  app.use(
    sentry(app, {
      dsn: '__DSN__',
      shouldHandleError(error) {
        const status = (error as { status?: number })?.status;
        // Capture 401/403 in addition to the default 5xx errors
        return status === 401 || status === 403 || typeof status !== 'number' || status >= 500;
      },
    }),
  );

• test(tanstackstart-react): Move initialization to client entry point (#​21161)

  Change the recommended setup for the SDK to do Sentry.init() in the client entry file to capture telemetry that is emitted ahead of page hydration.

• feat(tanstackstart-react): Add distributed tracing (#​21144)

  Server and client traces are now automatically connected, allowing you to see the full request lifecycle from server-side rendering through client-side hydration in a single trace.

• feat(tanstackstart-react): Add server-side route parametrization (#​21147)

  Server transaction names are now parametrized automatically (e.g., GET /users/123 becomes GET /users/$userId), improving transaction grouping in Sentry.

• feat(tanstackstart-react): Show readable server function names in traces (#​21190)

  Server function spans now show human-readable names (e.g., GET /_serverFn/greet instead of GET /_serverFn/a10e70b3...). The tanstackstart.function.hash.sha256 span attribute has been renamed to tanstackstart.function.id.

Other Changes

• feat(core): Migrate request data to dataCollection (#​21071)
• feat(hono): Add warning in Bun for double init (#​21195)
• feat(hono): Instrument main-app inline middleware spans (#​20999)
• feat(metrics): Migrate metrics to use dataCollection instead of sendDefaultPii (#​21078)
• feat(tanstackstart-react): Enable component tracking (#​21149)
• feat(tanstackstart-react): Filter noisy dev transactions (#​21145)
• fix(cloudflare): Use original waitUntil to not create a deadlock (#​21197)
• fix(elysia): Widen accepted Elysia app type to support Elysia options (#​21164)
• fix(tanstackstart-react): Add server-side replayIntegration no-op stub (#​21148)

Internal Changes

• chore(changelog): clarify array attributes impact on beforeSend* callbacks (#​21186)
• chore(ci): Update bugbot instructions (#​21168)
• chore(sentry-cli): Upgrade to 2.58.6 (#​21165)
• chore(size-limit): weekly auto-bump (#​21123)
• feat(deps-dev): Bump @​sveltejs/kit from 2.52.2 to 2.60.1 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages (#​21162)
• fix(e2e): Fix astro-6 e2e test build by relaxing astro version range (#​21211)
• meta(agents): Update AI commit attribution guidance (#​21166)
• ref(browser): Extract browser-specific normalize code out of core (#​21172)
• ref(node): Stop custom-handling normalization of Domain/DomainEmitter (#​21182)
• ref(node): Stop using registerSpanErrorInstrumentation() on server (#​21169)
• test(nitro-3): Update e2e tests for h3 route handler tracing (#​21152)
• test(nuxt): Fix flaky test and add note about hydration timing to skill (#​21054)

v10.54.0

Compare Source

Important Changes

• feat(core): Support array attributes for spans, logs, and metrics (#​20427)

  Arrays of primitive values (string, number, boolean) are now accepted as attribute values. Arrays containing non-primitive elements will be dropped and won't show up in Sentry. Array attributes on logs and metrics were previously stringified and will now be sent as actual arrays instead. If you have custom rules that process attribute values in any beforeSend* callbacks (e.g., data scrubbing), you may need to update them to correctly handle array values.

  For instance, here's how you can update a beforeSendLog callback to handle arrays:

  beforeSendLog: log => {
    const attributes = log.attributes;
    Object.keys(attributes).forEach(key => {
      const value = attributes[key];
      if (typeof value === 'string') {
        attributes[key] = scrubData(value);
      }
      if (Array.isArray(value)) {
        attributes[key] = value.map(v => (typeof v === 'string' ? scrubData(v) : v));
      }
    });
    return log;
  };

• feat(browser): Add fetchStreamPerformanceIntegration for streamed response tracking (#​20778)

  A new integration that tracks the performance of streamed fetch responses. Use this to measure time-to-first-byte and streaming duration for APIs that return chunked/streamed data. This replaces the now deprecated trackFetchStreamPerformance option.

• feat(core): Add dataCollection client option (#​20965)

  Adds a new dataCollection client option for controlling what data the SDK collects and sends to Sentry. This provides a centralized way to configure data collection behavior across different SDK features. In the future, this option will be used for fine-granular data filtering, while the simple sendDefaultPii boolean option will be deprecated and removed in a future release.

• feat(hono): Add hono.request spans for internal .request() calls (#​20843)

  The Hono SDK now creates spans for internal .request() calls, providing better visibility into request handling within Hono applications.

Other Changes

• feat(core): Add data collection filtering utilities (#​20989)
• feat(core): Convert scope contexts to segment span attributes in span streaming (#​20828)
• feat(core): Emit sentry.sdk.integrations on streamed segment spans (#​20428)
• feat(core): HTTP server diagnostics channel utility (#​20779)
• feat(core): Migrate span streaming envelope to dataCollection (#​21080)
• feat(core): Migrate Supabase integration to dataCollection (#​21085)
• feat(core): Migrate trpc to dataCollection (#​21072)
• feat(deno): Instrument node:http on versions that support it (#​21009)
• feat(ember): Extract ember-specific logic into custom browserTracingIntegration (#​20702)
• feat(logs): Migrate log envelope user inference to dataCollection (#​21073)
• feat(nuxt): Allow custom configuration files paths in Nuxt module (#​20650)
• feat(replay): Update example worker script (#​20899)
• feat(serverless): Add server-only context span attributes via processSegmentSpan hooks (#​20842)
• fix(astro): Avoid injecting meta tags into <head> inside attribute values (#​21089)
• fix(astro): Use explicit ResponseInit when injecting meta tags in response (#​21021)
• fix(browser): Add a synthetic stack trace to DOMException with empty stack traces if attachStacktrace is true (#​19988)
• fix(browser): Fix internal frame detection in minified bundles (#​20802)
• fix(cloudflare): Avoid repeated flush lock wrapping (#​21156)
• fix(cloudflare): Skip SDK initialization for OPTIONS/HEAD requests (#​21090)
• fix(cloudflare, vercel-edge): Disable timer-based flush for serverless runtimes (#​20889)
• fix(core): Sanitize lone surrogates in log body and attributes (#​20245)
• fix(deno): Support Deno.serve instrumentation on Deno 2.8 (#​21155)
• fix(hono): Preserve middleware handler metadata (#​20954)
• fix(hono): Use generic Hono type in Bun/Node (#​21060)
• fix(nextjs): Widen project option type to string | string[] (#​21067)
• fix(node): Improve http.client double-wrap message (#​20705)
• fix(node): Preserve CallbackManager handlers in LangChain instrumentation (#​20849)
• fix(react-router): Do not re-write origin on router state changes (#​21056)
• fix(replay): Set sentry.replay_id attribute on streamed spans (#​20897)
• fix(replay): Set replay_id on DSC after buffer-to-session conversion (#​20686)
• fix(solidstart): Use nitro module for build hooks to preserve preset hooks (#​20861)
• ref(core): Rename types-hoist to types (#​20979)

Internal Changes

• chore: Add compatibility function for sendDefaultPii (#​20967)
• chore: Add size-limit for core/server, core/browser (#​20990)
• chore: Bump rrweb deps to v2.43.0 (#​20844)
• chore(build): Replace sucrase with esbuild (#​20865)
• chore(deps): Bump nitropack from 2.13.1 to 2.13.4 (#​20713)
• chore(deps): Bump ws from 8.20.0 to 8.20.1 (#​20998)
• chore(deps): Remove redundant yarn resolutions (#​20877)
• feat(deps): Bump @​tootallnate/once from 1.1.2 to 2.0.1 (#​21108)
• feat(deps): Bump devalue from 4.3.3 to 5.8.1 (#​20893)
• feat(deps): Bump protobufjs from 7.5.5 to 7.5.9 (#​20846)
• ref(aws-serverless): Vendor aws-sdk instrumentation (#​20988)
• ref(http): Use shared snippets for filtering headers and cookies (#​20970)
• ref(nestjs): Vendor nestjs-core instrumentation (#​20996)
• ref(node): Remove unused @opentelemetry/instrumentation-http dependency (#​21113)
• ref(node): Vendor @fastify/otel (#​21099)
• ref(node): Vendor @opentelemetry/instrumentation-pg (#​21102)
• ref(node): Vendor @opentelemetry/sql-common (#​21140)
• ref(node): Vendor @prisma/instrumentation (#​21098)
• ref(node): Vendor amqplib instrumentation (#​21003)
• ref(node): Vendor connect instrumentation (#​20955)
• ref(node): Vendor dataloader instrumentation (#​20950)
• ref(node): Vendor fs instrumentation (#​20964)
• ref(node): Vendor generic-pool instrumentation (#​20949)
• ref(node): Vendor graphql instrumentation (#​21096)
• ref(node): Vendor hapi instrumentation (#​21057)
• ref(node): Vendor kafkajs instrumentation (#​21005)
• ref(node): Vendor knex instrumentation (#​20963)
• ref(node): Vendor koa instrumentation (#​20956)
• ref(node): Vendor lru-memoizer instrumentation (#​20948)
• ref(node): Vendor minimal types for dataloader and generic-pool instrumentations (#​21013)
• ref(node): Vendor mongodb instrumentation (#​20966)
• ref(node): Vendor mongoose instrumentation (#​21058)
• ref(node): Vendor mysql instrumentation (#​21016)
• ref(node): Vendor mysql2 instrumentation (#​21031)
• ref(node): Vendor tedious instrumentation (#​21010)

Work in this release was contributed by @​abcang, @​ahmadio, @​delorge, @​mdnanocom, and @​victorgarciaesgi. Thank you for your contributions!

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.8

Compare Source

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in #​10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in #​10474 (675b4)

    View changes on GitHub

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

oxc-project/oxc (oxfmt)

v0.53.0

Compare Source

v0.52.0

Compare Source

🚀 Features

• 16b8058 oxfmt: Support vite-plus/resolveConfig for vite.config.ts (#​22454) (leaysgur)

oxc-project/oxc (oxlint)

v1.68.0

Compare Source

🚀 Features

• e4b1f46 linter/typescript: Implement method-signature-style rule (#​22679) (Mikhail Baev)
• bc462ca linter/vue: Implement no-reserved-component-names rule (#​22741) (bab)
• ef9e751 linter/vue: Implement component-definition-name-casing rule (#​22818) (bab)
• d67f51a linter/vue: Implement require-prop-type-constructor rule (#​22708) (bab)
• 8422e8b linter/jsdoc: Implement require-yields-description rule (#​22805) (Mikhail Baev)
• fe93f97 linter/eslint: Implement prefer-named-capture-group rule (#​22759) (Sebastian Poxhofer)

v1.67.0

Compare Source

🚀 Features

• b84941e linter/vue: Implement no-expose-after-await rule (#​22675) (bab)
• 98b98c1 linter/vue: Implement no-computed-properties-in-data rule (#​22674) (bab)
• 2d4c919 oxlint: Support vite-plus/resolveConfig for vite.config.ts (#​22456) (leaysgur)
• 2a60012 linter/vue: Implement require-render-return rule (#​22613) (bab)
• 9f227fd linter/vue: Implement no-deprecated-props-default-this rule (#​21892) (bab)
• 87f065e linter/vue: Implement return-in-emits-validator rule (#​21935) (bab)
• ea0380c linter/unicorn: Implement import-style rule (#​22173) (Hao Chen)
• dde40fe linter/vue: Implement no-watch-after-await rule (#​22006) (bab)
• a735eb0 linter/vue: Implement valid-next-tick rule (#​22531) (bab)
• 6dc615d linter/vue: Implement no-shared-component-data rule (#​21842) (bab)
• a656418 linter/vue: Implement valid-define-options rule (#​22107) (bab)
• bb6f1b2 linter/vue: Implement require-slots-as-functions rule (#​22244) (bab)
• 5fa4774 linter/n: Implement callback-return rule (#​22470) (Mikhail Baev)

pnpm/pnpm (pnpm)

v10.34.1: pnpm 10.34.1

Compare Source

Patch Changes

• Reject pnpm-lock.yaml entries whose remote tarball resolution: block is missing the integrity field. Previously the worker that extracts a downloaded tarball skipped hash verification when no integrity was supplied and minted a fresh one from the unverified bytes, so an attacker who could both alter the lockfile (e.g. via a pull request that strips integrity:) and serve modified content at the referenced tarball URL could install a tampered package without any error — including under --frozen-lockfile. pnpm now fails closed at lockfile-read time with ERR_PNPM_MISSING_TARBALL_INTEGRITY. Git-hosted tarballs (gitHosted: true or a URL on codeload.github.com / bitbucket.org / gitlab.com) and file: tarballs are exempt — the commit SHA in a git-host URL and the user-controlled local path already anchor the bytes.

Platinum Sponsors

Gold Sponsors

v10.34.0: pnpm 10.34

Compare Source

Minor Changes

• Treat tarball-integrity mismatches against the lockfile as a hard failure by default. Previously, pnpm install (non-frozen) would log ERR_PNPM_TARBALL_INTEGRITY, silently re-resolve from the registry, and overwrite the locked integrity — which meant a compromised registry, proxy, or republished version could substitute attacker-controlled content on a clean machine even though the project shipped a committed lockfile.

  pnpm install now exits with ERR_PNPM_TARBALL_INTEGRITY and a hint pointing at the new opt-in flag.

  The only opt-in is pnpm install --update-checksums — narrowly scoped to refreshing the locked integrity values from what the registry currently serves. Mirrors yarn's flag of the same name. A warning still prints when the bypass takes effect so the operation is auditable.

  --force and pnpm update deliberately do not bypass the integrity check. They are routine refresh operations; silently overwriting a locked integrity in those flows would erase the protection a committed lockfile is supposed to provide. --frozen-lockfile behavior is unchanged. --fix-lockfile keeps its documented purpose (filling in missing lockfile entries) and is also not a bypass.

Patch Changes

• Pin unscoped per-registry settings (_authToken, _auth, username/_password, tokenHelper, inline cert/key) to the registry declared in the same config source at load time, so a later layer overriding registry= (workspace .npmrc, pnpm-workspace.yaml, CLI --registry) cannot redirect a credential or client certificate authored for a different host. A deprecation warning is emitted whenever an unscoped per-registry setting is encountered, naming the source and the URL it was pinned to. Reported by JUNYI LIU.
• Fixed minimumReleaseAge handling when cached metadata is abbreviated. The npm registry returns abbreviated package metadata (without the per-version time field) by default, which made the maturity check throw ERR_PNPM_MISSING_TIME whenever cached abbreviated metadata was reused. pnpm now upgrades cached abbreviated metadata to the full document via a follow-up fetch when minimumReleaseAge is active, persists the upgrade to the on-disk cache so subsequent installs skip the extra fetch, and lets ERR_PNPM_MISSING_TIME from the cache fast-path fall through to the network fetch even under strict mode.
• Reject git resolutions whose commit field is not a 40-character hexadecimal SHA before invoking git. A malicious lockfile could otherwise smuggle a value such as --upload-pack=<command> through git fetch / git checkout, which on SSH or local-file transports executes the supplied command.
• Reject patch files whose diff --git headers reference paths outside the patched package directory. Previously a malicious .patch file added via a pull request could write, delete, or rename arbitrary files reachable by the user running pnpm install.
• Fixed --prefix=<dir> not being honored when locating the workspace root. The --prefix → dir rename was applied after workspace detection, so workspace settings declared in <dir>/pnpm-workspace.yaml were not loaded when pnpm was invoked from outside <dir> #​11535.
• Reject dependency aliases that contain path-traversal segments (such as @x/../../../../../.git/hooks) when reading them from a package manifest or symlinking them into node_modules. A malicious registry package could otherwise use a transitive dependency key to make pnpm install create symlinks at attacker-chosen paths outside the intended node_modules directory.

Platinum Sponsors

Gold Sponsors

arthurfiorette/prisma-json-types-generator (prisma-json-types-generator)

v5.1.0

Compare Source

What's Changed

• Adds support for groupBy/aggregate operations!

Full Changelog: arthurfiorette/prisma-json-types-generator@v5.0.0...v5.1.0

antfu-collective/taze (taze)

v19.14.1

Compare Source

   🐞 Bug Fixes

• Complete empathic find migration  -  by @​lyzno1 in #​275 (13838)

    View changes on GitHub

v19.14.0

Compare Source

   🚀 Features

• Respect package manager maturity exclusions  -  by @​firatciftci in #​271 [(2a6f9)](https://redirect.github.com/antfu-collective/taze/commit/2a6

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 12pm on Sunday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.