chore(monorepo): update auto-merge non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@cloudflare/workers-types	^4.20260511.1 → ^4.20260524.1			pnpm.catalog.default	minor
@dotenvx/dotenvx	1.35.0 → 1.67.0			pnpm.catalog.default	minor
@microsoft/api-extractor (source)	^7.49.2 → ^7.58.7			pnpm.catalog.default	minor
@nx/devkit (source)	22.7.1 → 22.7.3			pnpm.catalog.default	patch
@nx/eslint (source)	22.7.1 → 22.7.3			pnpm.catalog.default	patch
@nx/eslint-plugin (source)	22.7.1 → 22.7.3			pnpm.catalog.default	patch
@nx/jest (source)	22.7.1 → 22.7.3			pnpm.catalog.default	patch
@nx/js (source)	22.7.1 → 22.7.3			pnpm.catalog.default	patch
@nx/plugin (source)	22.7.1 → 22.7.3			pnpm.catalog.default	patch
@nx/react (source)	^22.5.4 → ^22.7.3			pnpm.catalog.default	minor
@nx/workspace (source)	22.7.1 → 22.7.3			pnpm.catalog.default	patch
@prisma/client (source)	^6.5.0 → ^6.19.3			pnpm.catalog.default	minor
@prisma/prisma-schema-wasm (source)	^6.6.0-41.9061db3b0058e3d3731c6fe68a1b77061bed4861 → ^6.6.0-53.f676762280b54cd07c770017ed3711ddde35f37a			pnpm.catalog.default	patch
@storm-software/build-tools (source)	^0.158.171 → ^0.158.189			pnpm.catalog.default	patch
@storm-software/config (source)	^1.137.44 → ^1.137.61			pnpm.catalog.default	patch
@storm-software/config-tools (source)	^1.190.11 → ^1.190.29			pnpm.catalog.default	patch
@storm-software/cspell (source)	^0.46.80 → ^0.46.97			pnpm.catalog.default	patch
@storm-software/esbuild (source)	^0.53.172 → ^0.53.190			pnpm.catalog.default	patch
@storm-software/eslint (source)	^0.170.32 → ^0.170.50			pnpm.catalog.default	patch
@storm-software/git-tools (source)	^2.131.12 → ^2.131.35			pnpm.catalog.default	patch
@storm-software/linting-tools (source)	^1.133.41 → ^1.133.59			pnpm.catalog.default	patch
@storm-software/markdownlint (source)	^0.30.168 → ^0.30.185			pnpm.catalog.default	patch
@storm-software/pnpm-tools (source)	^0.7.21 → ^0.7.39			pnpm.catalog.default	patch
@storm-software/prettier (source)	^0.59.64 → ^0.59.81			pnpm.catalog.default	patch
@storm-software/testing-tools (source)	^1.119.165 → ^1.119.182			pnpm.catalog.default	patch
@storm-software/tsconfig (source)	^0.48.79 → ^0.48.96			pnpm.catalog.default	patch
@storm-software/tsdoc (source)	^0.13.165 → ^0.13.182			pnpm.catalog.default	patch
@storm-software/unbuild (source)	^0.57.172 → ^0.57.190			pnpm.catalog.default	patch
@storm-software/untyped (source)	^0.24.153 → ^0.24.171			pnpm.catalog.default	patch
@storm-software/workspace-tools (source)	^1.295.71 → ^1.296.6			pnpm.catalog.default	minor
@swc/core (source)	^1.15.33 → ^1.15.40			pnpm.catalog.default	patch
@swc/wasm	^1.10.14 → ^1.15.40			pnpm.catalog.default	minor
@tanstack/react-query (source)	^5.100.10 → ^5.100.14			pnpm.catalog.default	patch
@tanstack/react-query-devtools (source)	^5.70.0 → ^5.100.14			pnpm.catalog.default	minor
@​types/react-native	0.72.8 → 0.73.0			pnpm.catalog.default	minor
GitGuardian/ggshield	v1.39.0 → v1.50.4			action	minor
capnp-es	^0.0.11 → ^0.0.14			pnpm.catalog.default	patch
conventional-changelog-storm-software (source)	^0.3.171 → ^0.3.190			pnpm.catalog.default	patch
cookie	>=0.7.0 → >=0.7.2			pnpm-workspace.overrides	patch
debug	>=4.4.0 → >=4.4.3			pnpm-workspace.overrides	patch
esbuild	^0.25.12 → ^0.28.0			pnpm.catalog.default	minor
follow-redirects	>=1.15.9 → >=1.16.0			pnpm-workspace.overrides	minor
got	>=14.4.5 → >=14.6.6			pnpm-workspace.overrides	minor
jest (source)	30.0.5 → 30.4.2			pnpm.catalog.default	minor
jest-environment-jsdom (source)	30.0.5 → 30.4.1			pnpm.catalog.default	minor
jest-util (source)	30.0.5 → 30.4.1			pnpm.catalog.default	minor
knip (source)	5.43.6 → 5.88.1			pnpm.catalog.default	minor
markdown-it	>=14.1.0 → >=14.2.0			pnpm-workspace.overrides	minor
markdownlint-cli2	^0.17.2 → ^0.22.1			pnpm.catalog.default	minor
mlly	1.7.4 → 1.8.2			pnpm.catalog.default	minor
nanotar	^0.2.1 → ^0.3.0			pnpm.catalog.default	minor
node (source)	24.11.1 → 24.16.0				minor
node (source)	>=22.21.1 → >=22.22.3			engines	minor
p-queue	^9.2.0 → ^9.3.0			pnpm.catalog.default	minor
parse-path	>=7.0.0 → >=7.1.0			pnpm-workspace.overrides	minor
path-to-regexp	>=0.1.12 → >=0.2.5			pnpm-workspace.overrides	minor
pnpm (source)	10.26.0 → 10.33.4			packageManager	minor
pnpm (source)	>=10.24.0 → >=10.33.4			engines	minor
postcss (source)	>=8.5.1 → >=8.5.15			pnpm-workspace.overrides	patch
semver	7.7.1 → 7.8.1			pnpm.catalog.default	minor
shell-quote	>=1.8.2 → >=1.8.4			pnpm-workspace.overrides	patch
sherif	1.3.0 → 1.11.1			pnpm.catalog.default	minor
simple-git (source)	>=3.27.0 → >=3.36.0			pnpm-workspace.overrides	minor
styfle/cancel-workflow-action	0.12.1 → 0.13.1			action	minor
ts-jest (source)	^29.4.9 → ^29.4.11			pnpm.catalog.default	patch
tsdown (source)	^0.21.10 → ^0.22.0			pnpm.catalog.default	minor
tsx (source)	^4.22.0 → ^4.22.3			pnpm.catalog.default	patch
unbuild	^3.3.1 → ^3.6.1			pnpm.catalog.default	minor
verdaccio (source)	6.5.2 → 6.7.1			pnpm.catalog.default	minor

---

Release Notes

cloudflare/workerd (@​cloudflare/workers-types)

v4.20260524.1

Compare Source

v4.20260523.1

Compare Source

v4.20260522.1

Compare Source

v4.20260521.1

Compare Source

v4.20260520.1

Compare Source

v4.20260519.1

Compare Source

v4.20260518.1

Compare Source

v4.20260517.1

Compare Source

v4.20260516.1

Compare Source

v4.20260515.1

Compare Source

v4.20260514.1

Compare Source

dotenvx/dotenvx (@​dotenvx/dotenvx)

v1.67.0

Compare Source

Added

• Add prompt for local storage vs armored storage (#​819)

v1.66.0

Compare Source

Added

• Add dotenvx doctor (#​815)

v1.65.3

Compare Source

Changed

• Improve spinner message blinking with simpler --no-spinner flag passed to ops (#​814)

v1.65.2

Compare Source

Changed

• Improve spinner message coordination between dotenvx and dotenvx-ops (#​813)

v1.65.1

Compare Source

Changed

• Prompts from ops should bubble up (#​812)

v1.65.0

Compare Source

Added

• Add support for replaceing duplicate keys with different values (#​806)

v1.64.0

Compare Source

Added

• Add optional dotenvx armor command.
  • armor up armor private key
  • armor down dearmor private key
  • armor push push armored key (from .env.keys)
  • armor pull pull armored key (into .env.keys)

Move private keys off device and under access control with Dotenvx Ops ⛨. Learn more

v1.63.0

Compare Source

Added

• Add support for encrypted values passed to --env flag (#​804)
• Add support for --format=colon in order to support cloudflare's wrangler --var flag format (#​804)

v1.62.0

Compare Source

Added

• Add support for config({ envs }). unlocks simpler cloudflare worker integration (#​803)

$ dotenvx encrypt -f .env.txt

// src/index.js
import envSrc from '../.env.txt'
import dotenvx from '@​dotenvx/dotenvx'

const config = dotenvx.config({ envs: [{ type: 'env', value: envSrc, privateKeyName: 'DOTENV_PRIVATE_KEY' }] })
const envx = config.parsed

export default {
  async fetch(request, env, ctx) {
    return new Response(`Hello ${envx.HELLO}`)
  }
}

"scripts": {
  "deploy": "wrangler deploy",
  "dev": "wrangler dev --var $(dotenvx keypair -f .env.txt --format=colon)",
  "start": "wrangler dev --var $(dotenvx keypair -f .env.txt --format=colon)",
  "test": "vitest"
},

v1.61.6

Compare Source

Changed

• Guard against command substitution following encrypted: (#​802)

v1.61.5

Compare Source

Changed

• Support --hostname flag to dotenvx-ops.login (#​801)

v1.61.4

Compare Source

Changed

• Respect SIGINT handler completion (#​798)

v1.61.3

Compare Source

Changed

• Tighten up ext precommit --install message (#​797)

v1.61.2

Compare Source

Changed

• For Ops ⛨ users surface stderr (#​796)

v1.61.1

Compare Source

• Faster coldstarts! (#​781)
• Patch dotenvx precommit|prebuild shorthand (#​793)

v1.61.0

Compare Source

Added

• Add login and logout method that proxy to dotenvx-ops login/logout (#​780)
• Note: dotenvx continues to make zero outgoing HTTP requests and includes no telemetry. Outgoing requests occur only if you explicitly install the dotenvx-ops SDK or CLI.

v1.60.2

Compare Source

Changed

• Communicate local key and armored key (for Ops stored keys) (#​778)

v1.60.1

Compare Source

Added

• Added missing + key ⛨ for Ops stored keys (#​777)

v1.60.0

Compare Source

Added

• Add spinner with loading messages
  • injecting (run)
  • encrypting (encrypt, set)
  • decrypting (decrypt, get)
  • rotating (rotate)
  • retrieving (keypair)

v1.59.1

Compare Source

Added

• add HELLO key to the kit sample to match most of our examples in the README

v1.59.0

Compare Source

Changed

• encrypt and set now create a .env file if one does not exist (#​771)
• pass --no-create to prevent file creation

v1.58.0

Compare Source

Changed

• Changed runtime injection message to format ⟐ injecting env (N) from FILE · dotenvx@VERSION (#​770)

v1.57.5

Compare Source

Changes

• Improve already installed message (#​768)

v1.57.4

Compare Source

Changes

• Use curl example for install dotenvx.com/ops (#​767)

v1.57.3

Compare Source

Changes

• Simplify installed success message (#​766)

v1.57.2

Compare Source

Changes

• Ran npm audit to update package-lock.json (#​763)

v1.57.1

Compare Source

Changes

• improved error logs and compacted most to a single line (#​755)

• introduced leading log glyphs as a visual status language:

  • ◈ success action (encrypted)
  • ◇ success action (set plain value, decrypted)
  • ⟳ success action (rotated)
  • ○ informational no-op (no changes)
  • ▣ success action for generated/updated support files
  • ⚠ warning
  • ☠ error

v1.57.0

Compare Source

Changed

• color and formatting changes to outputs (#​754)

v1.56.0

Compare Source

Changed

• ops off flag — now respected by get, keypair, rotate, and encrypt (#​750)
• --pp alias — added as shorthand for --pretty-print; toward sunsetting -pp (#​750)

Removed

• Remove support for .env.vault files (#​750)

v1.55.1

Compare Source

Added

• Respect dotenvx-ops status (on|off) (#​749)

v1.55.0

Compare Source

Added

• Add 'KEYS OFF COMPUTER' security feature when dotenvx-ops installed (#​746)

Removed

• Remove ProKeypair logic

v1.54.1

Compare Source

Changed

• Fix npm publish

v1.53.0

Compare Source

Removed

• Remove radar. It has been a year since replaced by ops. (#​743)

v1.52.0

Compare Source

Added

• Pass log level options to main.set (#​731)

v1.51.4

Compare Source

Changed

• Change description of dotenvx-ops to better reflect its tooling as operational primitives on top of dotenvx for production use cases. (#​721)

v1.51.3

Compare Source

Added

• Add hint on .env.keys for dotenvx ops backup. Dotenvx Ops Backup lets you back up your private keys securely with just a single command. It's a convenient alterantive to manually copy/pasting them in and out of 1Password. (#​718)

v1.51.2

Compare Source

Changed

• Switch npm publish to use Dotenvx Ops' new Rotation Tokens (ROTs) (#​715)

This will allow us to start dogfooding our own solution for third-party API key rotation. Third-party API key rotation would drastically improve security industry wide. Please get in touch if this is interesting to you.

v1.51.1

Compare Source

Added

• Add opsOff type information

v1.51.0

Compare Source

Added

• Add config({opsOff: true}) options and --ops-off flag for turning off Dotenvx Ops features. (#​680)

v1.50.1

Compare Source

Removed

• Remove listed command to radar (now ops) (#​678)

v1.50.0

Compare Source

Added

• Add optional dotenvx ops command (#​677)
• Ops is a coming rename of Radar. Radar will become a feature inside ops.
• With dotenvx ops use dotenvx across your team, infrastructure, agents, and more.

 _______________________________________________________________________
|                                                                       |
|  Dotenvx Ops: Commercial Tooling for Dotenvx                          |
|                                                                       |
|  ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓███████▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓██████▓▒░                               |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
|  ░▒▓██████▓▒░░▒▓█▓▒░      ░▒▓███████▓▒░                               |
|                                                                       |
|  Use dotenvx across your team, infrastructure, agents, and more.      |
|                                                                       |
|  Learn more at https://dotenvx.com/ops                                |
|_______________________________________________________________________|

v1.49.1

Compare Source

Changed

• 🐞 patch bug with variable expansion of single quoted values (#​675)

v1.49.0

Compare Source

Added

• For precommit and prebuild, ignore .env.x file like we do with .env.vault file. (#​666)

v1.48.4

Compare Source

Removed

• Remove unnecessary use of eval in proKeypair helper (#​654)

v1.48.3

Compare Source

Changed

• Include privateKeyName and privateKey on internal processedEnv object (#​649)

v1.48.2

Compare Source

Changed

• Check radar status before sending (#​646)

v1.48.1

Compare Source

Changed

• Send beforEnv and afterEnv to Radar if user has installed (#​645)

v1.48.0

Compare Source

Added

• Include beforeEnv and afterEnv for user debugging (#​644)

v1.47.7

Compare Source

Changed

• src should be in internal processEnv object (#​643)

v1.47.6

Compare Source

Changed

• Make Radar call non-blocking (#​642)

v1.47.5

Compare Source

Changed

• Add resilient handling of any Radar failures (#​639)

v1.47.4

Compare Source

Changed

• Smarter require of non-installed libs like dotenvx-radar (#​638)

v1.47.3

Compare Source

Added

• Send to radar#observe if Radar installed by user (#​631)

Removed

• Remove cli in package.json (#​632)

v1.47.2

Compare Source

Added

• Export cli in package.json (#​629)

v1.47.1

Compare Source

Added

• Add convenience log that radar active 📡 when dotenvx-radar is installed (#​625)

v1.47.0

Compare Source

Added

• Add optional dotenvx radar command (#​624)
• Radar is an early access commercial extension for dotenvx that will auto backup your .env files.

 _______________________________________________________________________
|                                    

> ✂ **Note**
> 
> PR body was truncated to here.


</details>

---

### Configuration

📅 **Schedule**: (in timezone America/New_York)

- Branch creation
  - "after 2am and before 3am"
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/storm-software/stryke).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNjQuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Installing config dependencies...
Installed config dependencies: pnpm-plugin-storm-software@0.1.5
Scope: all 30 workspace projects
Fetching Node.js 24.11.1 ...
Packages are hard linked from the content-addressable store to the virtual store.
  Content-addressable store is at: /runner/cache/others/pnpm/store/v10
  Virtual store is at:             node_modules/.pnpm
Progress: resolved 1, reused 0, downloaded 1, added 0
Progress: resolved 34, reused 0, downloaded 1, added 0
packages/hooks                           |  WARN  deprecated @types/react-native@0.73.0
Progress: resolved 59, reused 0, downloaded 1, added 0
packages/fs                              |  WARN  deprecated glob@11.1.0
Progress: resolved 102, reused 0, downloaded 1, added 0
Progress: resolved 112, reused 0, downloaded 1, added 0
Progress: resolved 117, reused 0, downloaded 1, added 0
Progress: resolved 186, reused 0, downloaded 1, added 0
Progress: resolved 236, reused 0, downloaded 1, added 0
Progress: resolved 257, reused 0, downloaded 1, added 0
Progress: resolved 280, reused 0, downloaded 1, added 0
Progress: resolved 322, reused 0, downloaded 1, added 0
Progress: resolved 334, reused 0, downloaded 1, added 0
Progress: resolved 350, reused 0, downloaded 1, added 0
Progress: resolved 410, reused 0, downloaded 1, added 0
Progress: resolved 509, reused 0, downloaded 1, added 0
Progress: resolved 619, reused 0, downloaded 1, added 0
Progress: resolved 636, reused 0, downloaded 1, added 0
Progress: resolved 669, reused 0, downloaded 1, added 0
Progress: resolved 843, reused 0, downloaded 1, added 0
Progress: resolved 918, reused 0, downloaded 1, added 0
Progress: resolved 968, reused 0, downloaded 1, added 0
Progress: resolved 1042, reused 0, downloaded 1, added 0
Progress: resolved 1043, reused 0, downloaded 1, added 0
Progress: resolved 1051, reused 0, downloaded 1, added 0
Progress: resolved 1158, reused 0, downloaded 1, added 0
 WARN  Request took 11812ms: https://registry.npmjs.org/@prisma%2Fdebug
Progress: resolved 1218, reused 0, downloaded 1, added 0
Progress: resolved 1237, reused 0, downloaded 1, added 0
 WARN  Request took 14061ms: https://registry.npmjs.org/@prisma%2Fget-platform
Progress: resolved 1298, reused 0, downloaded 1, added 0
Progress: resolved 1402, reused 0, downloaded 1, added 0
 WARN  Request took 16648ms: https://registry.npmjs.org/@prisma%2Ffetch-engine
Progress: resolved 1453, reused 0, downloaded 1, added 0
Progress: resolved 1544, reused 0, downloaded 1, added 0
Progress: resolved 1695, reused 0, downloaded 1, added 0
Progress: resolved 1703, reused 0, downloaded 1, added 0
Progress: resolved 1891, reused 0, downloaded 1, added 0
Progress: resolved 2055, reused 0, downloaded 1, added 0
Progress: resolved 2228, reused 0, downloaded 1, added 0
Progress: resolved 2296, reused 0, downloaded 1, added 0
Progress: resolved 2317, reused 0, downloaded 1, added 0
Progress: resolved 2318, reused 0, downloaded 1, added 0
Progress: resolved 2366, reused 0, downloaded 1, added 0
Progress: resolved 2379, reused 0, downloaded 1, added 0
Progress: resolved 2385, reused 0, downloaded 1, added 0
Progress: resolved 2393, reused 0, downloaded 1, added 0
Progress: resolved 2400, reused 0, downloaded 1, added 0
Progress: resolved 2401, reused 0, downloaded 1, added 0
Progress: resolved 2407, reused 0, downloaded 1, added 0
Progress: resolved 2411, reused 0, downloaded 1, added 0
 WARN  Request took 14309ms: https://registry.npmjs.org/next
packages/trpc-next                       |  WARN  deprecated next@15.2.4
Progress: resolved 2413, reused 0, downloaded 1, added 0
Progress: resolved 2427, reused 0, downloaded 1, added 0
Progress: resolved 2428, reused 0, downloaded 1, added 0
Progress: resolved 2431, reused 0, downloaded 1, added 0
Progress: resolved 2435, reused 0, downloaded 1, added 0
Progress: resolved 2437, reused 0, downloaded 1, added 0
Progress: resolved 2463, reused 0, downloaded 1, added 0
Progress: resolved 2474, reused 0, downloaded 1, added 0
Progress: resolved 2492, reused 0, downloaded 1, added 0
Progress: resolved 2493, reused 0, downloaded 1, added 0
 ERR_PNPM_UNUSED_PATCH  The following patches were not used: capnp-es@0.0.11

Either remove them from "patchedDependencies" or update them to match packages in your dependencies.