Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Deprecations / Replacements

Warning

The following dependencies are either deprecated or have replacements available.

Datasource	Package	Replacement PR?
npm	@ckeditor/ckeditor5-vue2

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): bump @nextcloud/stylelint-config from ^3.2.1 to ^3.2.2 (main)
• chore(deps): bump nextcloud/rector from ^0.5.1 to ^0.5.2 (main)
• chore(deps): bump php-cs-fixer/shim from ^3.95.5 to ^3.95.8 (main)
• chore(deps): bump postcss from ^8.5.13 to ^8.5.15 (main)
• chore(deps): bump rector/rector from ^2.4.2 to ^2.4.6 (main)
• chore(deps): bump sass-loader from ^16.0.7 to ^16.0.8 (main)
• chore(deps): bump ts-loader from ^9.6.0 to ^9.6.1 (main)
• chore(deps): bump vitest from ^4.0.0 to ^4.1.9 (main)
• fix(deps): bump dompurify from ^3.4.8 to ^3.4.11 (main)
• chore(deps): bump @playwright/test from ^1.59.1 to ^1.61.0 (main)
• chore(deps): bump actions/stale action from v10.2.0 to v10.3.0 (main)
• chore(deps): bump nextcloud/coding-standard from ^1.4.0 to ^1.5.0 (main)
• chore(deps): bump sass from ^1.99.0 to ^1.101.0 (main)
• chore(deps): bump webpack from ^5.106.2 to ^5.107.2 (main)
• fix(deps): bump @nextcloud/cdav-library from ^2.2.0 to ^2.6.2 (main)
• fix(deps): bump ckeditor5 from ^47.6.2-alpha.0 to ^47.7.2 (main)
• fix(deps): bump sabberworm/php-css-parser from ^9.3.0 to ^9.4.0 (main)
• fix(deps): bump stylelint from ^17.9.1 to ^17.13.0 (main)
• chore(deps): bump actions/checkout action from v6.0.3 to v7 (main)
• chore(deps): bump psalm/phar from ^5.26.1 to v7 (main)
• chore(deps): bump sass-loader from ^16.0.7 to v17 (main)
• chore(deps): bump skjnldsv/read-package-engines-version-actions action from v2.2 to v3 (main)
• chore(deps): bump tripss/conventional-changelog-action action from v3 to v6 (main)
• chore(deps): bump webpack-cli from ^6.0.1 to v7 (main)
• fix(deps): bump @nextcloud/vue from ^8.39.0 to v9 (main)
• fix(deps): bump @pinia/testing from ^0.1.7 to v1 (main)
• fix(deps): bump ckeditor5 from ^47.6.2-alpha.0 to v48 (main)
• fix(deps): bump color-convert from ^2.0.1 to v3 (main)
• fix(deps): bump html-to-text from ^9.0.5 to v10 (main)
• fix(deps): bump p-limit from ^6.2.0 to v7 (main)
• fix(deps): bump pinia from ^2.3.1 to v3 (main)
• 🔐 Create all rate-limited PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• chore(deps): bump autoprefixer from ^10.5.0 to ^10.5.2 (main)
• fix(deps): bump uuid from ^14.0.0 to ^14.0.1 (main)
• fix(deps): bump js-base64 from ^3.7.8 to ^3.8.0 (main)
• chore(deps): bump ubuntu from 24.04 to v26 (main)

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): bump @nextcloud/eslint-config from ^9.0.0-rc.8 to ^9.0.0-rc.10 (main)
• fix(deps): bump address-rfc2822 from ^2.2.3 to ^2.2.4 (main)
• chore(deps): bump node-polyfill-webpack-plugin from ^3.0.0 to v4 (main)
• chore(deps): bump typescript from ^5.9.3 to v6 (main)
• fix(deps): bump @nextcloud/dialogs from ^6.4.2 to v7 (main)
• fix(deps): bump @nextcloud/files from ^3.12.2 to v4 (main)
• fix(deps): bump coenjacobs/mozart from ^0.7.1 to v1 (main)
• fix(deps): bump webdav from 4.11.5 to v5 (main)
• fix(deps): bump dompurify from ^3.4.2 to v3.4.11 (stable5.9)
• fix(deps): bump vitest from ^3.2.4 to v3.2.6 (stable5.9)
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• fix(deps): bump vue from ^2.7.16 to v3 (main)
• fix(deps): bump vue from ^2.7.16 to v3 (stable5.10)
• fix(deps): bump vue from ^2.7.16 to v3 (stable5.9)

Detected Dependencies

Branch main

composer (7)

composer.json (30)

• arthurhoaro/favicon ^2.0.1
• bamarni/composer-bin-plugin ^1.9.1
• bytestream/horde-exception ^2.2.0
• bytestream/horde-imap-client ^2.34.1
• bytestream/horde-mail ^2.7.2
• bytestream/horde-mime ^2.14.1
• bytestream/horde-stream ^1.7.2
• bytestream/horde-stringprep ^1.2.1
• bytestream/horde-support ^2.4.0
• bytestream/horde-text-filter ^2.5.0
• bytestream/horde-text-flowed ^2.1
• bytestream/horde-util ^2.8.1
• cerdic/css-tidy v2.2.1
• cweagans/composer-patches ~2.0
• ezyang/htmlpurifier 4.19.0
• glenscott/url-normalizer ^1.4
• hamza221/html2text ^1.0
• jeremykendall/php-domain-parser ^6.4.0
• nextcloud/horde-managesieve ^1.0.1
• nextcloud/horde-smtp ^1.0.3
• nextcloud/kitinerary ^1.0
• nextcloud/kitinerary-bin ^1.0.4
• nextcloud/kitinerary-flatpak ^1.0
• nextcloud/kitinerary-sys ^2.0.0
• phpmailer/dkimvalidator ^0.3.1
• psr/log ^3.0.2
• rubix/ml 2.5.3
• sabberworm/php-css-parser ^9.3.0 → [Updates: ^9.4.0]
• youthweb/urllinker ^2.1.0
• psalm/phar ^5.26.1 → [Updates: ^7.0.0-beta19]

vendor-bin/cs-fixer/composer.json (2)

• nextcloud/coding-standard ^1.4.0 → [Updates: ^1.5.0]
• php-cs-fixer/shim ^3.95.5 → [Updates: ^3.95.8]

vendor-bin/mozart/composer.json (1)

• coenjacobs/mozart ^0.7.1 → [Updates: ^1.2.3]

vendor-bin/openapi/composer.json (1)

• nextcloud/openapi-extractor ^1.8.7

vendor-bin/phpunit/composer.json (2)

• christophwurst/nextcloud_testing ^2.0.0
• fig/log-test ^1.2.1

vendor-bin/psalm-stubs/composer.json (1)

• psr/log ^3.0.2

vendor-bin/rector/composer.json (2)

• rector/rector ^2.4.2 → [Updates: ^2.4.6]
• nextcloud/rector ^0.5.1 → [Updates: ^0.5.2]

github-actions (5)

.github/workflows/appstore-conventional-build-publish.yml (4)

• skjnldsv/check-actor-permission v3.0@69e92a3c4711150929bca9fcf34448c5bf5526e7
• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• TriPSs/conventional-changelog-action v3@b7f32a8347e86c26ea2f4823cc7c160b9014c6a0 → [Updates: v6]
• actions/create-release v1@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e

.github/workflows/package.yml (3)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• skjnldsv/read-package-engines-version-actions v2.2@8205673bab74a63eb9b8093402fd9e0e018663a1 → [Updates: v3]
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

.github/workflows/stale.yml (1)

• actions/stale v10.2.0@b5d41d4e1d5dceea10e7104786b73624c18a190f → [Updates: v10.3.0]

.github/workflows/test.yml (13)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f
• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f
• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• skjnldsv/read-package-engines-version-actions v2.2@8205673bab74a63eb9b8093402fd9e0e018663a1 → [Updates: v3]
• actions/setup-node v6.4.0@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• icewind1991/nextcloud-version-matrix v1.3.2@8a7bac6300b2f0f3100088b297995a229558ddba
• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/setup-node v6.4.0@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
• actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
• ubuntu 24.04 → [Updates: 26.04]

.github/workflows/update-public-suffix-list.yml (2)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• peter-evans/create-pull-request v8.1.1@5f6978faf089d4d20b00c7766989d076bb2fc7f1

npm (1)

package.json (85)

• @ckeditor/ckeditor5-vue2 ^3.0.1
• @iframe-resizer/child ^5.5.9
• @iframe-resizer/parent ^5.5.9
• @mdi/svg ^7.4.47
• @nextcloud/auth ^2.6.0
• @nextcloud/axios ^2.6.0
• @nextcloud/calendar-js ^8.1.6
• @nextcloud/cdav-library ^2.2.0 → [Updates: ^2.6.2]
• @nextcloud/dialogs ^6.4.2 → [Updates: ^7.4.0]
• @nextcloud/files ^3.12.2 → [Updates: ^4.0.0]
• @nextcloud/initial-state ^3.0.0
• @nextcloud/l10n ^3.4.1
• @nextcloud/logger ^3.0.3
• @nextcloud/moment ^1.3.5
• @nextcloud/router ^3.1.0
• @nextcloud/sharing ^0.4.0
• @nextcloud/timezones ^1.0.2
• @nextcloud/vue ^8.39.0 → [Updates: ^9.8.2]
• @pinia/testing ^0.1.7 → [Updates: ^1.0.3]
• @riophae/vue-treeselect ^0.4.0
• address-rfc2822 ^2.2.3 → [Updates: ^2.2.4]
• ckeditor5 ^47.6.2-alpha.0 → [Updates: ^47.7.2, ^48.2.0]
• color-convert ^2.0.1 → [Updates: ^3.1.3]
• core-js ^3.49.0
• debounce-promise ^3.1.2
• dompurify ^3.4.8 → [Updates: ^3.4.11]
• escape-html ^1.0.3
• html-to-text ^9.0.5 → [Updates: ^10.0.0]
• ical.js ^2.2.1
• js-base64 ^3.7.8 → [Updates: ^3.8.0]
• jstz ^2.1.1
• lodash ^4.18.1
• md5 ^2.3.0
• mitt ^3.0.1
• nextcloud_issuetemplate_builder ^0.1.0
• node-forge ^1.4.0
• p-limit ^6.2.0 → [Updates: ^7.3.0]
• pinia ^2.3.1 → [Updates: ^3.0.4]
• printscout 2.0.3
• process ^0.11.10
• ramda ^0.32.0
• raw-loader ^4.0.2
• stylelint ^17.9.1 → [Updates: ^17.13.0]
• uuid ^14.0.0 → [Updates: ^14.0.1]
• v-tooltip ^2.1.3
• vue ^2.7.16 → [Updates: ^3.0.0-alpha]
• vue-autosize ^1.0.2
• vue-dndrop ^1.3.4
• vue-frag ^1.4.3
• vue-material-design-icons ^5.3.1
• vue-router ^3.6.5
• vue-shortkey ^3.1.7
• vue-tabs-component ^1.5.0
• webdav 4.11.5 → [Updates: 5.10.0]
• @nextcloud/babel-config ^1.3.0
• @nextcloud/browserslist-config ^3.1.2
• @nextcloud/eslint-config ^9.0.0-rc.8 → [Updates: ^9.0.0-rc.10]
• @nextcloud/stylelint-config ^3.2.1 → [Updates: ^3.2.2]
• @playwright/test ^1.59.1 → [Updates: ^1.61.0]
• @vitejs/plugin-vue2 ^2.3.4
• @vue/test-utils ^1.3.6
• autoprefixer ^10.5.0 → [Updates: ^10.5.2]
• babel-loader ^10.1.1
• babel-loader-exclude-node-modules-except ^1.2.4
• css-loader ^7.1.4
• eslint-plugin-import ^2.32.0
• eslint-plugin-vitest-globals ^1.6.1
• file-loader ^6.2.0
• jsdom ^29.1.1
• node-polyfill-webpack-plugin ^3.0.0 → [Updates: ^4.1.0]
• patch-package ^8.0.1
• postcss ^8.5.13 → [Updates: ^8.5.15]
• sass ^1.99.0 → [Updates: ^1.101.0]
• sass-loader ^16.0.7 → [Updates: ^16.0.8, ^17.0.0]
• style-loader ^4.0.0
• svg-inline-loader ^0.8.2
• ts-loader ^9.6.0 → [Updates: ^9.6.1]
• typescript ^5.9.3 → [Updates: ^6.0.3]
• url-loader ^4.1.1
• vitest ^4.0.0 → [Updates: ^4.1.9]
• vue-loader ^15.11.1
• vue-template-compiler ^2.7.16
• webpack ^5.106.2 → [Updates: ^5.107.2]
• webpack-cli ^6.0.1 → [Updates: ^7.0.3]
• webpack-merge ^6.0.1

Branch stable5.9

composer (7)

composer.json

vendor-bin/cs-fixer/composer.json

vendor-bin/mozart/composer.json

vendor-bin/openapi/composer.json

vendor-bin/phpunit/composer.json

vendor-bin/psalm-stubs/composer.json

vendor-bin/rector/composer.json

github-actions (5)

.github/workflows/appstore-conventional-build-publish.yml

.github/workflows/package.yml

.github/workflows/stale.yml

.github/workflows/test.yml

.github/workflows/update-public-suffix-list.yml

npm (1)

package.json (3)

• dompurify ^3.4.2 → [Updates: ^3.4.2]
• vue ^2.7.16 → [Updates: ^3.0.0-alpha]
• vitest ^3.2.4 → [Updates: ^3.2.4]

Branch stable5.10

composer (7)

composer.json

vendor-bin/cs-fixer/composer.json

vendor-bin/mozart/composer.json

vendor-bin/openapi/composer.json

vendor-bin/phpunit/composer.json

vendor-bin/psalm-stubs/composer.json

vendor-bin/rector/composer.json

github-actions (5)

.github/workflows/appstore-conventional-build-publish.yml

.github/workflows/package.yml

.github/workflows/stale.yml

.github/workflows/test.yml

.github/workflows/update-public-suffix-list.yml

npm (1)

package.json (1)

• vue ^2.7.16 → [Updates: ^3.0.0-alpha]

---

• Check this box to trigger a request for Renovate to run again on this repository