- Update all non-major dependencies with digest and pinDigest

[blumilk-renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@tailwindcss/typography	^0.5.16 -> ^0.5.19			dependencies	patch
@types/leaflet (source)	^1.9.20 -> ^1.9.21			devDependencies	patch
@vitejs/plugin-vue (source)	^5.2.3 -> ^5.2.4			devDependencies	patch
actions/cache	v4.2.3 -> v4.2.4			action	patch
actions/checkout	v4.2.2 -> v4.3.0			action	minor
axllent/mailpit (source)	v1.20.5 -> v1.20.7				patch
composer/composer	2.8.9-bin -> 2.8.12-bin			stage	patch
eslint-config-prettier	^9.1.0 -> ^9.1.2			devDependencies	patch
eslint-plugin-tailwindcss	^3.18.0 -> ^3.18.2			devDependencies	patch
guzzlehttp/guzzle (source)	^7.9.2 -> ^7.9.3			require	patch
inertiajs/inertia-laravel	^2.0 -> ^2.0.10			require	patch
laravel-vite-plugin	^1.2.0 -> ^1.3.0			dependencies	minor
laravel/framework (source)	^12.10 -> ^12.10.2			require	patch
laravel/sanctum	^4.0 -> ^4.0.8			require	patch
laravel/socialite (source)	^5.21 -> ^5.23.1			require	minor
node	22.14.0-bullseye-slim -> 22.21.0-bullseye-slim			stage	minor	22.21.1
nunomaduro/collision	^8.5.0 -> ^8.8.2			require-dev	patch
nunomaduro/larastan	^3.1.0 -> ^3.8.0			require-dev	minor
phpunit/phpunit (source)	^11.5.9 -> ^11.5.43			require-dev	patch
postcss (source)	^8.5.3 -> ^8.5.6			devDependencies	patch
prettier-plugin-tailwindcss	^0.6.14 -> ^0.7.1			devDependencies	minor
shivammathur/setup-php	2.33.0 -> 2.35.5			action	minor
spatie/laravel-activitylog (source)	^4.10 -> ^4.10.2			require	patch
spatie/laravel-ignition (source)	^2.9.0 -> ^2.9.1			require-dev	patch
spatie/laravel-permission	^6.19 -> ^6.23.0			require	minor
tailwindcss (source)	^3.4.17 -> ^3.4.18			dependencies	patch
vue (source)	^3.5.13 -> ^3.5.22			dependencies	patch	3.5.24 (+1)
vue-i18n (source)	^11.1.10 -> ^11.1.12			dependencies	patch
vue-tsc (source)	^2.2.8 -> ^2.2.12			devDependencies	patch

---

Release Notes

tailwindlabs/tailwindcss-typography (@​tailwindcss/typography)

v0.5.19

Compare Source

Fixed

• Fixed broken color styles (#​405)

v0.5.18

Compare Source

Fixed

• Fixed undefined variable error (#​403)

v0.5.17

Compare Source

Added

• Add modifiers for description list elements (#​357)
• Add prose-picture modifier (#​367)

Fixed

• Include unit in hr border-width value (#​379)
• Ensure <kbd> styles work with Tailwind CSS v4 (#​387)

Changed

• Remove lodash dependencies (#​402)

actions/cache (actions/cache)

v4.2.4

Compare Source

What's Changed

• Update README.md by @​nebuk89 in #​1620
• Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @​Link- in #​1634
• Prepare release 4.2.4 by @​Link- in #​1636

New Contributors

• @​nebuk89 made their first contribution in #​1620

Full Changelog: actions/cache@v4...v4.2.4

actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

axllent/mailpit (axllent/mailpit)

v1.20.7

Compare Source

Chore

• Update caniemail database

Fix

• SQL error deleting a tag while using tenant-id (#​374)

Test

• Add tenantIDs to tests

v1.20.6

Compare Source

Chore

• Update node dependencies
• Update minimum Go version (1.22.0)
• Update Go dependencies
• Code cleanup
• Update swagger file tests
• Update node dependencies
• Bump Go compile version to 1.23

prettier/eslint-config-prettier (eslint-config-prettier)

v9.1.2

Compare Source

francoismassart/eslint-plugin-tailwindcss (eslint-plugin-tailwindcss)

v3.18.2: Tailwind CSS v4 README

Compare Source

This patch release is the same as v3.8.0, I had to publish patch versions in the regular npm release channel in order to update the README.

Here is a copy of the important message as added in the README:

About Tailwind CSS 4 support

While the development of eslint-plugin-tailwindcss for Tailwind CSS v4 is ongoing, you can use the latest version published on the beta channel to get partial support of Tailwind CSS v4.

npm i eslint-plugin-tailwindcss@beta -D

NB: As we will focus the effort on the full rewrite of the plugin, this version is available "as is" and you may get errors or false positives like for the rule no-contradicting-classname . You can learn more about these issues on GitHub.

You can always disable specific rules if necessary.

This version has been made possible thanks to the work of hyoban and his project tailwind-api-utils.

v3.18.1

Compare Source

inertiajs/inertia-laravel (inertiajs/inertia-laravel)

v2.0.10

Compare Source

What's Changed

• Include scrollProps metadata when prop is requested to reset by @​pascalbaljet in #​781

Full Changelog: inertiajs/inertia-laravel@v2.0.9...v2.0.10

v2.0.9

Compare Source

What's Changed

• Include scrollProps metadata when prop is requested to reset by @​pascalbaljet in #​781

Full Changelog: inertiajs/inertia-laravel@v2.0.9...v2.0.10

v2.0.8

Compare Source

What's Changed

• Add docblock to Inertia Facade for scroll by @​joetannenbaum in #​780

Full Changelog: inertiajs/inertia-laravel@v2.0.8...v2.0.9

v2.0.7

Compare Source

What's Changed

• More fine-grained control for Inertia::merge() and a new Inertia::scroll() by @​pascalbaljet in #​774

Full Changelog: inertiajs/inertia-laravel@v2.0.7...v2.0.8

v2.0.6

Compare Source

What's Changed

• Added loadDeferredProps() method to AssertableInertia class by @​pascalbaljet in #​779

Full Changelog: inertiajs/inertia-laravel@v2.0.6...v2.0.7

v2.0.5

Compare Source

What's Changed

• Add encrypt history middleware that follows laravel naming conventions by @​taylorotwell in #​773

New Contributors

• @​taylorotwell made their first contribution in #​773

Full Changelog: inertiajs/inertia-laravel@v2.0.5...v2.0.6

v2.0.4

Compare Source

What's Changed

• [2.x] Improve inertia helper docblock by @​mtlukaszczyk in #​766
• [2.x] Introduce ProvidesInertiaProp interface by @​pascalbaljet in #​746
• [2.x] Introduce ProvidesInertiaProps interface by @​pascalbaljet in #​769
• Introduce PHPStan + improve DocBlocks by @​pascalbaljet in #​768

New Contributors

• @​mtlukaszczyk made their first contribution in #​766

Full Changelog: inertiajs/inertia-laravel@v2.0.4...v2.0.5

laravel/vite-plugin (laravel-vite-plugin)

v1.3.0

Compare Source

• Use rollup types from Vite by @​sapphi-red in #​325

laravel/socialite (laravel/socialite)

v5.23.1

Compare Source

Full Changelog: laravel/socialite@v5.23.0...v5.23.1

v5.23.0

Compare Source

Full Changelog: laravel/socialite@v5.23.0...v5.23.1

v5.22.0

Compare Source

• Fix return type for functions which make use of json_decode by @​michaelklopf in #​745
• feat(google): stateless ID token support by @​beefsack in #​748

nodejs/node (node)

v22.21.0: 2025-10-20, Version 22.21.0 'Jod' (LTS), @​aduh95

Compare Source

Notable Changes

• [1486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #​59151
• [bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #​57165
• [af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [42102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #​58980
• [686ac49b82] - (SEMVER-MINOR) src: add percentage support to --max-old-space-size (Asaf Federman) #​59082

Commits

• [a71dd592e3] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #​59696
• [16c4b466f4] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #​59836
• [53cb9f3b6c] - build: add the missing macro definitions for OpenHarmony (hqzing) #​59804
• [ec5290fe01] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #​59809
• [1486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #​59151
• [1f93913446] - crypto: use return await when returning Promises from async functions (Renegade334) #​59841
• [f488b2ff73] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #​59841
• [aed9fd5ac4] - crypto: avoid calls to promise.catch() (Renegade334) #​59841
• [37c2d186f0] - deps: update amaro to 1.1.4 (pmarchini) #​60044
• [28aea13419] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [ddbc1aa0bb] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [badbba2da9] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [48aaf98a08] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [e02a562ea6] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [7e0e86cb92] - deps: upgrade npm to 10.9.4 (npm team) #​60074
• [91dda5facf] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [3a3220a2f0] - dgram: restore buffer optimization in fixBufferList (Yoo) #​59934
• [09bdcce6b8] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #​59910
• [b3eeb3bd13] - doc: provide alternative to url.parse() using WHATWG URL (Steven) #​59736
• [1ddaab1904] - doc: mention reverse proxy and include simple example (Steven) #​59736
• [3b3b71e99c] - doc: mark .env files support as stable (Santeri Hiltunen) #​59925
• [d37f67d1bd] - doc: remove optional title prefixes (Aviv Keller) #​60087
• [ca2dff63f9] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [3fca564a05] - doc: add automated migration info to deprecations (Augustin Mauroy) #​60022
• [4bc366fc16] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #​59954
• [4808dbdd9a] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [d6e303d645] - doc: update V8 fast API guidance (René) #​58999
• [0a3a3f729e] - doc: add security escalation policy (Ulises Gascón) #​59806
• [8fd669c70d] - doc: type improvement of file http.md (yusheng chen) #​58189
• [9833dc6060] - doc: rephrase dynamic import() description (Nam Yooseong) #​59224
• [2870a73681] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #​59851
• [85818db93c] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #​59847
• [bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #​57165
• [af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [758271ae66] - http: optimize checkIsHttpToken for short strings (방진혁) #​59832
• [42102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #​58980
• [a33ed9bf96] - inspector: ensure adequate memory allocation for Binary::toBase64 (René) #​59870
• [34c686be2b] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #​59687
• [12e553529c] - lib: add source map support for assert messages (Chengzhong Wu) #​59751
• [d2a70571f8] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #​59751
• [20a9e86b5d] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [c591cca15c] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #​60089
• [090ba141b1] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #​60091
• [a0ba6884a5] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #​60092
• [0feca0c541] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [7cd2b42d18] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [1f3b9d66ac] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #​60095
• [0fedbb3de7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [04590b8267] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [2bf0a9318f] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #​59914
• [e10dc7b81c] - module: allow overriding linked requests for a ModuleWrap (Chengzhong Wu) #​59527
• [2237142369] - module: link module with a module request record (Chengzhong Wu) #​58886
• [6d24b88fbc] - node-api: added SharedArrayBuffer api (Mert Can Altin) #​59071
• [4cc84c96f4] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #​59684
• [e790eb6b50] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [99ea08dc43] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #​59607
• [e4a4f63019] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #​59848
• [42c5544b97] - src: assert memory calc for max-old-space-size-percentage (Asaf Federman) #​59460
• [686ac49b82] - (SEMVER-MINOR) src: add percentage support to --max-old-space-size (Asaf Federman) #​59082
• [84701ff668] - src: clear all linked module caches once instantiated (Chengzhong Wu) #​59117
• [8e182e561f] - src: remove unnecessary Environment::GetCurrent() calls (Moonki Choi) #​59814
• [c9cde35c4d] - src: simplify is_callable by making it a concept (Tobias Nießen) #​58169
• [892b425ee1] - src: rename private fields to follow naming convention (Moonki Choi) #​59923
• [36b68db7f5] - src: reduce the nearest parent package JSON cache size (Michael Smith) #​59888
• [26b40bad02] - src: replace FIXED_ONE_BYTE_STRING with Environment-cached strings (Moonki Choi) #​59891
• [34dcb7dc32] - src: create strings in FIXED_ONE_BYTE_STRING as internalized (Anna Henningsen) #​59826
• [4d748add05] - src: remove std::array overload of FIXED_ONE_BYTE_STRING (Anna Henningsen) #​59826
• [bb6fd7c2d1] - src: ensure v8::Eternal is empty before setting it (Anna Henningsen) #​59825
• [7a91282bf9] - src: use simdjson::pad (0hm☘️) #​59391
• [ba00875f01] - stream: use new AsyncResource instead of bind (Matteo Collina) #​59867
• [ebec3ef68b] - (SEMVER-MINOR) test: move http proxy tests to test/client-proxy (Joyee Cheung) #​58980
• [7067d79fb3] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [ca1942c9d5] - test: testcase demonstrating issue 59541 (Eric Rannaud) #​59801
• [660d57355e] - test,doc: skip --max-old-space-size-percentage on 32-bit platforms (Asaf Federman) #​60144
• [19a7b1ef26] - tls: load bundled and extra certificates off-thread (Joyee Cheung) #​59856
• [095e7a81fc] - tls: only do off-thread certificate loading on loading tls (Joyee Cheung) #​59856
• [c42c1204c7] - tools: fix tools/make-v8.sh for clang (Richard Lau) #​59893
• [b632a1d98d] - tools: skip test-internet workflow for draft PRs (Michaël Zasso) #​59817
• [6021c3ac76] - tools: copyedit build-tarball.yml (Antoine du Hamel) #​59808
• [ef005d0c9b] - typings: update 'types' binding (René) #​59692
• [28ef564ecd] - typings: remove unused imports (Nam Yooseong) #​59880
• [f88752ddb6] - url: replaced slice with at (Mikhail) #​59181
• [24c224960c] - url: add type checking to urlToHttpOptions() (simon-id) #​59753
• [f2fbcc576d] - util: fix debuglog.enabled not being present with callback logger (Ruben Bridgewater) #​59858
• [6277058e43] - vm: sync-ify SourceTextModule linkage (Chengzhong Wu) #​59000
• [5bf21a4309] - vm: explain how to share promises between contexts w/ afterEvaluate (Eric Rannaud) #​59801
• [312b33a083] - vm: "afterEvaluate", evaluate() return a promise from the outer context (Eric Rannaud) #​59801
• [1eadab863c] - win,tools: add description to signature (Martin Costello) #​59877
• [816e1befb1] - zlib: reduce code duplication (jhofstee) #​57810

v22.20.0: 2025-09-24, Version 22.20.0 'Jod' (LTS), @​richardlau

Compare Source

Notable Changes

OpenSSL updated to 3.5.2

For official Node.js builds, or builds using the default build configuration, Node.js now bundles OpenSSL 3.5.2. This update allows Node.js 22.x to be supported through to the planned End-of-Life date of 2027-04-30 as the previously bundled OpenSSL 3.0.x goes out of support in September 2026.

This change does not affect third-party builds of Node.js that link to an external OpenSSL (or OpenSSL-compatible) library.

Other notable changes

• [5b83e1e0a2] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [34b25fd97b] - doc: stabilize --disable-sigusr1 (Rafael Gonzaga) #​59707
• [bf41218ed9] - doc: mark path.matchesGlob as stable (Aviv Keller) #​59572
• [1dbad2058f] - (SEMVER-MINOR) http: add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #​59315
• [062e837d5f] - (SEMVER-MINOR) http2: add support for raw header arrays in h2Stream.respond() (Tim Perry) #​59455
• [b8066611c3] - inspector: add http2 tracking support (Darshan Sen) #​59611
• [9b7dd40da8] - (SEMVER-MINOR) sea: implement execArgvExtension (Joyee Cheung) #​59560
• [48bfbd3dca] - (SEMVER-MINOR) sea: support execArgv in sea config (Joyee Cheung) #​59314
• [cf06e74076] - (SEMVER-MINOR) stream: add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #​59464
• [62bb80c17e] - (SEMVER-MINOR) test_runner: support object property mocking (Idan Goshen) #​58438
• [9e2aa23be9] - (SEMVER-MINOR) worker: add cpu profile APIs for worker (theanarkh) #​59428

Commits

• [b7b78fd565] - assert: cap input size in myersDiff to avoid Int32Array overflow (Haram Jeong) #​59578
• [9da50a6c53] - benchmark: sqlite prevent create both tables on prepare selects (Bruno Rodrigues) #​59709
• [4c1538770e] - benchmark: calibrate config array-vs-concat (Rafael Gonzaga) #​59587
• [fc3f82d683] - benchmark: calibrate config v8/serialize.js (Rafael Gonzaga) #​59586
• [e95c9b2950] - benchmark: reduce readfile-permission-enabled config (Rafael Gonzaga) #​59589
• [e4fea38b31] - benchmark: calibrate length of util.diff (Rafael Gonzaga) #​59588
• [c5d68c4a0f] - benchmark, test: replace CRLF variable with string literal (Lee Jiho) #​59466
• [129a1d673b] - build: fix getting OpenSSL version on Windows (Michaël Zasso) #​59609
• [9f53db7162] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #​59547
• [3839593e07] - build: use windows-2025 runner (Michaël Zasso) #​59673
• [e430464669] - build: compile bundled uvwasi conditionally (Carlo Cabrera) #​59622
• [e2c9cab0cd] - build: do not set -mminimal-toc with clang (Richard Lau) #​59484
• [208bc810a1] - child_process: remove unsafe array iteration (hotpineapple) #​59347
• [d74799d90c] - crypto: load system CA certificates off thread (Joyee Cheung) #​59550
• [[5b83e1e0a2](https:/

---

Configuration

📅 Schedule: Branch creation - On day 1 of the month, every 3 months ( * * 1 */3 * ) in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.