chore(deps): update all non-major dependencies#446
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
9c4e39b to
5bfebea
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
5bfebea to
7804f68
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
7804f68 to
2d975ff
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
2d975ff to
0104ff1
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
0104ff1 to
8120e32
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
8120e32 to
5ec9f5e
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
5ec9f5e to
efcb3b7
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
efcb3b7 to
1a61aec
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
1a61aec to
cf8e7f8
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
cf8e7f8 to
2b13cf8
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
64d7d5a to
6132302
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
6132302 to
360e116
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
360e116 to
aa97a8b
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
aa97a8b to
714cf9d
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
714cf9d to
bdbb60c
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
bdbb60c to
9343bf3
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
9343bf3 to
fb7fea7
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
fb7fea7 to
556aaae
Compare
commit: |
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
| "@nuxt/image": "^1.11.0", | ||
| "@nuxt/scripts": "workspace:*", | ||
| "@nuxt/ui": "4.0.0", | ||
| "@nuxt/ui": "4.2.1", |
There was a problem hiding this comment.
| "@nuxt/ui": "4.2.1", | |
| "@nuxt/ui": "^4.2.1", |
The @nuxt/ui dependency is pinned to 4.2.1 without a caret, which is inconsistent with all other dependencies in this file that use flexible versioning with the ^ prefix.
View Details
Analysis
Inconsistent version pinning for @nuxt/ui dependency
What fails: docs/package.json line 20 specifies @nuxt/ui as pinned version 4.2.1 (without caret prefix), while all 13 other dependencies use caret versioning (^) for flexible version constraints within the major version.
How to reproduce:
cat docs/package.json | grep -A 15 '"dependencies"'Result: Shows "@nuxt/ui": "4.2.1" (pinned) while all surrounding dependencies have caret prefix:
"@nuxt/content": "^3.8.2""@nuxt/fonts": "^0.12.1""@nuxthq/studio": "^2.2.1"- All other 10 dependencies also use
^prefix
Expected behavior: According to npm semantic versioning, caret versioning allows compatible updates (minor/patch versions) within a major version. The project consistently uses this pattern for all other dependencies, so @nuxt/ui should be ^4.2.1 to match the established convention and allow patch/minor updates like other dependencies.
Root cause: Automated dependency update (Renovate bot commit 0b37709) preserved the previous pinned format when bumping the version from 4.0.0 to 4.2.1, rather than applying the project's standard caret versioning pattern used throughout the file.
| "posthog-js": "^1.0.0" | ||
| "@types/youtube": "^0.1.2", | ||
| "@unhead/vue": "^2.1.2", | ||
| "posthog-js": "^1.321.2" |
There was a problem hiding this comment.
| "posthog-js": "^1.321.2" | |
| "posthog-js": "^1.0.0" |
The posthog-js peer dependency constraint changed from ^1.0.0 to ^1.321.2, which is unusually restrictive and appears unintentional given the patch version bump in devDependencies (1.321.1 → 1.321.2).
View Details
Analysis
Overly restrictive posthog-js peer dependency breaks backward compatibility
What fails: The posthog-js peer dependency constraint in package.json was changed from ^1.0.0 to ^1.321.2 (commit 1536ad2), restricting supported versions to 1.321.2+ and rejecting all prior versions (1.0.0-1.321.1) that would previously install.
How to reproduce:
# User has posthog-js 1.200.0 installed (legitimate version under old ^1.0.0 constraint)
npm install @nuxt/scripts
# After update, npm now rejects this version because 1.200.0 does not satisfy ^1.321.2Result: npm/pnpm install fails with: "posthog-js@1.200.0 not satisfied by ^1.321.2"
Expected: The peer dependency should remain at ^1.0.0 (or similar permissive constraint) since:
- Code only uses
posthog.init()and basic config options (api_host,capture_pageview,disable_session_recording) available since 1.0.0 - The devDependency update was only a patch bump (1.222.0 → 1.321.2), not a major version requiring API changes
- Peer dependencies should be permissive to maximize compatibility
- Semantic versioning guidance indicates patch/minor version updates within the same major version should be backward compatible
This change appears to be an error from automated dependency update tooling (Renovate) that applied the same pinpoint version to both devDependencies and peerDependencies.
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
This PR contains the following updates:
^3.58.1→^3.65.0^0.1.0→^0.2.0v0.0.9-mp→v0.0.9v6.0.1→v6.0.2v10.0.0→v10.3.0^1.0.0→^1.376.61.378.1(+2)^4.60.4→^4.61.0^3.0.0→^3.1.1^4.1.7→^4.1.8Release Notes
Hebilicious/reproduire (Hebilicious/reproduire)
v0.0.9Compare Source
compare changes
actions/checkout (actions/checkout)
v6.0.2Compare Source
actions/stale (actions/stale)
v10.3.0Compare Source
What's Changed
Bug Fix
Dependency Updates
New Contributors
Full Changelog: actions/stale@v10...v10.3.0
v10.2.0Compare Source
v10.1.1Compare Source
What's Changed
Bug Fix
only-issue-typesby @Bibo-Joshi in #1298Improvement
Dependency Upgrades
New Contributors
Full Changelog: actions/stale@v10...v10.1.1
v10.1.0Compare Source
What's Changed
only-issue-typesoption to filter issues by type by @Bibo-Joshi in #1255New Contributors
Full Changelog: actions/stale@v10...v10.1.0
PostHog/posthog-js (posthog-js)
v1.376.6Compare Source
1.376.6
Patch Changes
663e250Thanks @pauldambra! - fix(persistence): skip the storage write when the serialized props are unchanged. Callers spamsave()after every property change, and many of those changes leave the serialized payload identical (e.g. resetting a value to its current value). Writing identical bytes to localStorage still fires a cross-tabstorageevent in every same-origin tab, where Chrome allocates the payload buffer in mojo IPC even though no listener reacts. Nowsave()compares the serialized payload against the last successful write and bails out when nothing changed.(2026-05-31)
v1.376.5Compare Source
1.376.5
Patch Changes
66cbc59Thanks @pauldambra! - fix(persistence): throttle session-activity timestamp writes to a 5s granularity. The in-memory value still moves at full resolution; only writes to localStorage/cookie are coalesced. Activity-timestamp-only updates within the granularity window are skipped, dropping localStorage write pressure and cross-tabstorageevent broadcasts on pages that capture many events per second. The pending in-memory value is flushed ondestroyandbeforeunloadso a tab close inside the window does not leave the persisted value up to 5s stale for sibling tabs. The flush re-reads storage first and bails out if a sibling tab has rotated the session, so the flush cannot clobber the new session with the old id/start.(2026-05-31)
d9ad199]:v1.376.4Compare Source
1.376.4
Patch Changes
#3685
f59f35aThanks @ioannisj! - fix(cookieless): enable request queue when opting out inon_rejectmode. When usingcookieless_mode: "on_reject", callingopt_out_capturing()correctly switched the SDK into cookieless capturing but never enabled theRequestQueue— so batched events were enqueued but never flushed over the network. At init time the queue was not started because consent wasPENDINGandis_capturing()returnedfalse;opt_out_capturing()is the first moment capturing becomes active but was missing the_start_queue_if_opted_in()call thatopt_in_capturing()already had.(2026-05-28)
#3692
f01cd93Thanks @ksvat! - fix(replay): take a fresh full snapshot after session ID rotates viaforcedIdleReset. Previously, when the session manager's idle enforcement timer rotated the session id, the recorder tore down rrweb and set_isIdle = 'unknown'before the new session id was observed. Neither restart path then fired (the_onSessionIdCallbackguard only restarted when_isIdle === true, and_updateWindowAndSessionIdscould not run with rrweb stopped), so the new session received only incremental mutations until a later snapshot — leaving the player stuck on "Buffering". The restart guard now also fires when rrweb isn't running.(2026-05-28)
#3691
cc71f3fThanks @ksvat! - fix(replay): shipph-no-captureabsolute-position fix from #3678 toposthog-js. The original changeset only bumped@posthog/rrweband@posthog/rrweb-snapshot; becauseposthog-jsdepends on@posthog/rrwebviaworkspace:*, the cascade did not bumpposthog-js, so the rebuilt bundle containing the fix was not published. This changeset re-publishesposthog-jswith the fix.(2026-05-28)
#3695
e1ff722Thanks @ksvat! - chore(replay): expose$sdk_debug_rrweb_attachedand$sdk_debug_rrweb_start_attempteddebug properties on captured events. Today the SDK already stamps several$sdk_debug_*properties (start reason, linked-flag trigger status, recording status) that report the SDK's intent to record — they all flip to "active" as soon as the state machine evaluates the configured triggers. None of them observe whether rrweb actually attached and is producing events. The new booleans close that gap:$sdk_debug_rrweb_start_attemptedis set when_startRecorder()is first entered, and$sdk_debug_rrweb_attachedreflects whether_stopRrwebis currently a non-falsy stop handle (i.e.rrwebRecord({...})returned successfully and the recorder has not been torn down). No behavior change — this only adds two booleans to the existingsdkDebugPropertieschannel, used to diagnose cases where a session reportstrigger_activated/recording_status: activebut no$snapshotdata is ever uploaded.(2026-05-28)
Updated dependencies [
7b84b75]:v1.376.3Compare Source
1.376.3
Patch Changes
9cac1f6Thanks @marandaneto! - Improve console log serialization performance for large objects.(2026-05-27)
v1.376.2Compare Source
1.376.2
Patch Changes
cafa9ccThanks @pauldambra! - fix(replay): stop polling preload-as-style<link>elements forever. Session recorder treated<link rel="preload" as="style" href="*.css">as if it were a stylesheet and waited forlink.sheetto populate. Per spec preload links never instantiate aCSSStyleSheet, so the wait timed out, re-serialized the link, scheduled another wait, and leaked aloadlistener on every cycle — multiplying further on every realloadevent. Pages with Next.js-style CSS preloads accumulated thousands of active polling chains, saturating the main thread and freezing the tab on refocus(2026-05-26)
v1.376.1Compare Source
1.376.1
Patch Changes
5568f12]:v1.376.0Compare Source
1.376.0
Minor Changes
6e8d349Thanks @arnaudhillen! - Expose the in-repo@posthog/rrweb,@posthog/rrweb-types, and@posthog/rrweb-plugin-console-recordpackages as subpath entry points onposthog-js. Consumers can nowimport { Replayer } from 'posthog-js/rrweb',import type { eventWithTime } from 'posthog-js/rrweb-types', andimport { LogLevel } from 'posthog-js/rrweb-plugin-console-record'instead of installing the underlying rrweb packages directly. The rrweb worker sourcemap (image-bitmap-data-url-worker-*.js.map) is also shipped fromposthog-js/dist/so downstream bundlers no longer need to reach intonode_modules/@​posthog/rrweb.(2026-05-22)
Patch Changes
c806ccaThanks @marandaneto! - Use native async gzip compression for session recording events when CompressionStream is available.(2026-05-22)
c806cca]:v1.375.0Compare Source
1.375.0
Minor Changes
2e1d5f4Thanks @dustinbyrne! - Addflag_keysconfig to restrict browser feature flag remote evaluation to specific flag keys.(2026-05-21)
Patch Changes
2e1d5f4]:v1.374.4Compare Source
1.374.4
Patch Changes
#3638
87e2145Thanks @marandaneto! - Apply tracing headers to matching XMLHttpRequest requests(2026-05-21)
#3646
4f87827Thanks @marandaneto! - Avoid throwing or initializing PostHogProvider when no API key or client is provided(2026-05-21)
#3645
280832bThanks @TueHaulund! - Capture<link rel="stylesheet">URLs fromlink.sheet.hrefand trylink.sheetdirectly for inlining, so recordings survive SPAhistory.pushStatenavigations between routes of different path depths (wherelink.hrefre-resolves against a new baseURI butlink.sheet.hrefpreserves the URL the browser actually fetched).Ships the fix landed in #3635, which only bumped the internal
@posthog/rrweb-snapshotpackage — that package is bundled intoposthog-jsat build time but is not published to npm on its own, so aposthog-jsbump is needed to actually deliver the change. (2026-05-21)Updated dependencies []:
v1.374.3Compare Source
1.374.3
Patch Changes
557b893Thanks @eli-r-ph! - Enable $web_vitals reporting when cookieless mode is enabled(2026-05-20)
557b893,a880dbc]:v1.374.2Compare Source
1.374.2
Patch Changes
#3550
df91995Thanks @TueHaulund! - Preserve session-recording remote config acrossposthog.reset().posthog.reset()was clearing the entire persistence store, which wiped$session_recording_remote_configalong with user state. On the next sessionrotation triggered by the reset,
start('session_id_changed')would early-returnbecause the remote config was missing — leaving rrweb torn down and the new
session opening with no Meta + FullSnapshot until the next periodic 5-minute
checkout.
This affected any flow where an app calls
posthog.reset()mid-session(e.g. on sign-out / sign-in) and was particularly visible on Flutter Web
recordings that depend on a fresh FullSnapshot to anchor the CanvasKit DOM. (2026-05-18)
Updated dependencies []:
v1.374.1Compare Source
1.374.1
Patch Changes
07a0f5fThanks @marandaneto! - Respect transport overrides passed to posthog.capture.(2026-05-18)
v1.374.0Compare Source
1.374.0
Minor Changes
594ea11Thanks @pauldambra! - Dead clicks: add a.ph-no-deadclickCSS class (andcapture_dead_clicks.css_selector_ignorelistconfig option) to exclude specific elements from dead-click detection without affecting autocapture, session replay, or heatmaps. Mirrors the existing.ph-no-rageclickpattern.(2026-05-18)
Patch Changes
3c0a09fThanks @pauldambra! - Dead clicks: a click on an<a>(or any element inside an<a>, including across shadow DOM) is no longer flagged as a dead click — the browser navigates / downloads / opens a new window and we can't observe that. Reuses autocapture's existing DOM walker for the ancestor walk. Direct clicks on<button>,<input>,<select>,<textarea>,<label>, and<form>(previously all skipped) are now eligible for dead-click detection: if their JS handler ran, the existing mutation / scroll / selection observers see the effect; if it didn't, dead-click correctly surfaces the bug. A broken<button>with no handler, or an<svg>icon inside one, will now flag — which is exactly the dead-click case we want to catch.(2026-05-18)
594ea11]:v1.373.5Compare Source
1.373.5
Patch Changes
221973eThanks @lucasheriques! - Surveys: submit open text questions with Cmd/Ctrl+Enter. The textarea still inserts a newline on plain Enter (native behaviour), matching the convention used by Slack, GitHub, Discord, and ChatGPT for multi-line inputs. Single-line "Other:" inputs continue to submit on plain Enter as before.(2026-05-15)
v1.373.4Compare Source
1.373.4
Patch Changes
4b895bfThanks @marandaneto! - Validate gzip request bodies at the browser send boundary and fall back to JSON if the outgoing body is not gzip data.(2026-05-12)
4b895bf]:v1.373.3Compare Source
1.373.3
Patch Changes
ad60818]:v1.373.2Compare Source
1.373.2
Patch Changes
223d925Thanks @marandaneto! - Validate native gzip output before sending requests and fall back when CompressionStream returns malformed data.(2026-05-11)
223d925]:v1.373.1Compare Source
1.373.1
Patch Changes
7d027bcThanks @dustinbyrne! - Prevent browser log capture from throwing when console arguments contain unreadable properties.(2026-05-11)
v1.373.0Compare Source
1.373.0
Minor Changes
4c0c7d9Thanks @williamchong! -capture()now accepts an optionaluuidonCaptureOptions.(2026-05-11)
Patch Changes
#3561
3511848Thanks @marandaneto! - Handle invalid persisted session replay config JSON gracefully(2026-05-11)
#3559
0a835faThanks @marandaneto! - Skip remote config background refreshes when no document is available.(2026-05-11)
Updated dependencies [
4c0c7d9,0a835fa]:v1.372.10Compare Source
1.372.10
Patch Changes
#3544
d120042Thanks @ksvat! - fix: stop session recording before destroying sessionManager inopt_out_capturing()withcookieless_mode: "on_reject". Previously, queued/throttled rrweb events (e.g. mousemove) could fire after the sessionManager was set toundefinedand throw[SessionRecording] must be started with a valid sessionManager. Also adds a defensive early-return inonRRwebEmitso any remaining late events bail out instead of throwing.(2026-05-07)
#3542
94a5ba0Thanks @TueHaulund! - Preserve<style>textContent when the browser's CSSOM serialization wouldemit empty longhands from
var()inside a shorthand. When a stylesheet hase.g.
padding: var(--p); padding-bottom: var(--pb);, browsers store theshorthand's longhands with empty token lists per the CSS Custom Properties
spec, and
CSSStyleRule.cssTextre-emits them aspadding-top: ; padding-right: ; padding-left: ;. The previous behavior replaced the<style>text with that corrupted output, silently dropping layout ruleson replay. We now detect the empty-longhand pattern and keep the original
textContent in that case. Affects users of any CSS-in-JS framework that
combines
var()with shorthands (Chakra UI v3, Panda CSS, Emotion, etc.).Same class of bug as rrweb-io/rrweb#1667. (2026-05-07)
Updated dependencies []:
v1.372.9Compare Source
1.372.9
Patch Changes
026e09dThanks @TueHaulund! - Pull in the canvas-manager fix from@posthog/rrweb0.0.61: skip canvassnapshots while the WebGL context is lost so transparent bitmaps don't
poison the worker's fingerprint dedup map and silently kill canvas
recording for the rest of the session. Also wraps
getCanvas()intry/catch so DOM/shadow-root traversal errors can't cancel the rAF
loop. See PR #3527 for context. (2026-05-05)
v1.372.8Compare Source
1.372.8
Patch Changes
255b273Thanks @marandaneto! - Gate survey translation logs behind SDK debug logging to avoid production console spam.(2026-05-04)
220cd61,255b273]:v1.372.7Compare Source
1.372.7
Patch Changes
8aee3d5]:v1.372.6Compare Source
1.372.6
Patch Changes
cf56753Thanks @lucasheriques! - Add translated survey rendering support in React Native and share survey translation logic through@posthog/core.(2026-05-01)
cf56753,04db756]:v1.372.5Compare Source
1.372.5
Patch Changes
c726aaeThanks @posthog! - fix(exceptions): avoid cross-origin property access when calling the previouswindow.onunhandledrejectionhandler(2026-04-29)
v1.372.4Compare Source
1.372.4
Patch Changes
5a6b2a5Thanks @posthog! - Fix copy autocapture when copying or cutting text from Shadow DOM or document fragment contexts.(2026-04-29)
v1.372.3Compare Source
1.372.3
Patch Changes
5b8efc3Thanks @lucasheriques! - Add browser survey translation rendering and language tracking.(2026-04-27)
v1.372.2Compare Source
1.372.2
Patch Changes
cba2570Thanks @veryayskiy! - Fix autofocus(2026-04-27)
v1.372.1Compare Source
1.372.1
Patch Changes
70508dfThanks @dustinbyrne! - Avoid usingBlob.stream()for native async gzip compression to prevent SafariNotReadableErrorstream failures.(2026-04-24)
70508df]:v1.372.0Compare Source
1.372.0
Minor Changes
eaa1322Thanks @veryayskiy! - You cannot write to a resolve ticket. Start a new one.(2026-04-24)
Patch Changes
v1.371.4Compare Source
1.371.4
Patch Changes
3c4fc1eThanks @fasyy612! - bump rrweb to 0.0.60(2026-04-24)
v1.371.3Compare Source
1.371.3
Patch Changes
61cf83eThanks @dustinbyrne! - Fix session recording in the full no-external browser bundles(2026-04-24)
daf028d]:v1.371.2Compare Source
1.371.2
Patch Changes
96f19b7Thanks @turnipdabeets! - Lift OTLP log serialization helpers from posthog-js into @posthog/core so theupcoming React Native logs feature consumes the same builders. Browser gains
two fixes as a side effect: NaN and ±Infinity attribute values no longer get
silently dropped during JSON encoding, and the scope.version OTLP field is
now populated with the SDK version (changes the server's instrumentation_scope
column from "posthog-js@" to "posthog-js@"). (2026-04-23)
96f19b7]:v1.371.1Compare Source
1.371.1
Patch Changes
2da17e8Thanks @marandaneto! - Classify SDK-owned persistence keys with an explicit event exposure policy so new internal persistence state must be intentionally marked as event-visible, hidden, or derived.(2026-04-23)
v1.371.0Compare Source
1.371.0
Patch Changes
#3432
1a8b727Thanks @richardsolomou! - refactor: rename__add_tracing_headerstoaddTracingHeaders. The__prefix signalled an internal/experimental option, but the config is a public API (documented for linking LLM traces to session replays).__add_tracing_headerscontinues to work as a deprecated alias on the browser SDK.Also exposes
patchFetchForTracingHeadersfrom@posthog/coreso non-browser SDKs can reuse the implementation. (2026-04-23)Updated dependencies [
1a8b727]:v1.370.1Compare Source
1.370.1
Patch Changes
6f19ce8Thanks @marandaneto! - fix(surveys): guard survey seen localStorage access(2026-04-22)
v1.370.0Compare Source
1.370.0
Minor Changes
922a1c1Thanks @hpouillot! - Add exception steps to error tracking (aka breadcrumbs)(2026-04-22)
Patch Changes
922a1c1]:v1.369.5Compare Source
1.369.5
Patch Changes
1a0b58d]:v1.369.4Compare Source
1.369.4
Patch Changes
d61bce1Thanks @sampennington! - fix(cookieless): start in cookieless mode when opt_out_capturing_by_default is set(2026-04-21)
v1.369.3Compare Source
1.369.3
Patch Changes
#3419
ea08727Thanks @haacked! - Reinstate$feature_flag_payloadsand$surveys_activatedin captured event properties.(2026-04-18)
#3416
3d8b2e2Thanks @feliperalmeida! - Updated dependencies: - protobufjs@7.5.5(2026-04-18)
Updated dependencies []:
v1.369.2Compare Source
1.369.2
Patch Changes
4a65604Thanks @dustinbyrne! - Add a preview flag for versioned browser lazy bundle asset paths.(2026-04-16)
4a65604]:v1.369.1Compare Source
1.369.1
Patch Changes
#3393
85ae4d9Thanks @haacked! - Exclude active feature flag payloads from event properties(2026-04-16)
#3392
00cd1ceThanks @haacked! - Fix unnecessary persisted config and activation properties (including product tours, surveys, and session recording config) added to captured events(2026-04-16)
Updated dependencies []:
v1.369.0Compare Source
1.369.0
Minor Changes
#3342
eea5260Thanks @ksvat! - Account for property filters on events in recording triggers for v2 triggers(2026-04-14)
#3281 [
b1fd228](https://redirect.github.com/PostHog/posthog-js/commit/b1fd228eab45dc688b769378afa96a0f74Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.