chore(deps): update dependency @nextcloud/vue to v9.3.3

[renovate-bot-cbcoutinho]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@nextcloud/vue	9.3.1 → 9.3.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

nextcloud-libraries/nextcloud-vue (@​nextcloud/vue)

v9.3.3

Compare Source

Full Changelog

🐛 Fixed bugs

• fix(NcActions): migrate to custom icons in Checkbox and Radio actions #​8020 (ShGKme)

Other Changes

• deps: pin focus-trap library to v7.6.6 #​8061 (Antreesy)

v9.3.2

Compare Source

Full Changelog

🐛 Fixed bugs

• build: fix translations in Vue modules #​8037 (susnux)
• fix(NcModal): adjust max height of the modal #​8042 (kra-mo)
• fix: animate toggle switch icon #​8045 (ShGKme)

Other Changes

• chore(README): recommend using npm pack and styleguidist instead of npm link #​8018 (ShGKme)
• chore(README): remove Firefox note #​8019 (ShGKme)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

PR Review: Dependency Update - @nextcloud/vue v9.3.1 → v9.3.2

Summary

This is an automated dependency update by Renovate Bot that upgrades @nextcloud/vue from version 9.3.1 to 9.3.2 in the Astrolabe third-party component. This is a patch version update that includes bug fixes and no breaking changes.

---

✅ Code Quality & Best Practices

Positive aspects:

• Clean, minimal change scope - only updates package-lock.json as expected for a dependency update
• Follows semantic versioning (patch version bump)
• Automatically managed by Renovate Bot for consistent dependency maintenance

Observations:

• The package.json correctly specifies "@nextcloud/vue": "^9.0.0" which allows patch/minor updates
• Lock file properly updated with transitive dependency updates:
  • @nextcloud/logger: ^3.0.2 → ^3.0.3
  • focus-trap: 7.6.6 → 7.8.0 (includes tabbable 6.3.0 → 6.4.0)
  • p-queue: 9.0.1 → 9.1.0
  • vue-router: 4.6.3 → 4.6.4

---

🐛 Bug Fixes Included (from upstream)

The v9.3.2 release includes:

1. Build fix: Translations in Vue modules (#8037)
2. Modal height fix: Adjusted max height of NcModal component (#8042)
3. Animation fix: Toggle switch icon now animates properly (#8045)

These are legitimate bug fixes that should improve stability and UX in the Astrolabe component.

---

🔒 Security Considerations

Low Risk:

• Patch version updates from a trusted Nextcloud library
• No known security vulnerabilities addressed in changelog
• Transitive dependency updates (focus-trap, p-queue, vue-router) are also minor/patch bumps
• All dependencies are from reputable sources (Nextcloud libraries, npm ecosystem)

Recommendation: Safe to merge from a security perspective.

---

⚡ Performance Considerations

Negligible Impact:

• Patch updates typically don't introduce performance regressions
• Focus on bug fixes rather than feature additions
• Modal height adjustment may have minor rendering improvements
• No significant bundle size changes expected

---

🧪 Test Coverage

Concerns:

• ⚠️ This PR only updates the third_party/astrolabe/package-lock.json file
• No test files changed - Expected for dependency updates
• CI checks status: Unable to verify (requires approval)

Recommendations:

1. Ensure CI passes before merging (linting, build, unit tests)
2. If Astrolabe has integration tests that exercise NcModal or other @nextcloud/vue components, verify they pass
3. Manual smoke testing recommended for:
   • Modal dialogs (height adjustment fix)
   • Toggle switches (animation fix)
   • Any i18n/translation features (translation build fix)

---

📋 Additional Notes

About Astrolabe:

• Astrolabe is a Nextcloud app providing semantic search and vector visualization
• Located in third_party/astrolabe/ with independent npm dependencies
• Version bumped from 0.6.0 → 0.7.2 in package-lock.json (likely from previous commits)

Merge Strategy:

• ✅ Safe to merge once CI passes
• Low-risk patch update with documented bug fixes
• Renovate Bot manages these updates systematically
• Consider enabling auto-merge for patch updates if you trust the CI pipeline

---

🎯 Verdict

Recommendation: APPROVE ✅

This is a straightforward, low-risk dependency update that:

• Fixes legitimate bugs in the upstream library
• Follows semantic versioning best practices
• Has minimal blast radius (patch version)
• Is properly managed through automation

Action Items:

1. ✅ Verify CI checks pass
2. ✅ Optional: Manual smoke test of modal dialogs and toggle switches
3. ✅ Merge when satisfied

---

Reviewed by Claude Code - Let me know if you'd like me to investigate any specific aspect further!

[claude]

PR Review: Dependency Update @nextcloud/vue 9.3.1 → 9.3.3

Summary

This Renovate PR updates the @nextcloud/vue package from 9.3.1 to 9.3.3 in the Astrolabe third-party component. This is a patch-level update with bug fixes and dependency pinning.

---

✅ Code Quality & Best Practices

LGTM - This is a well-managed dependency update:

• Automated by Renovate Bot with proper documentation
• Includes release notes and changelog references
• Only updates package-lock.json (lockfile-only change)
• Follows semantic versioning (patch update)

---

🔍 Changes Analysis

Updated Dependencies

The PR updates several transitive dependencies within @nextcloud/vue:

1. @nextcloud/logger: ^3.0.2 → ^3.0.3
2. focus-trap: ^7.6.6 → 7.6.6 (now pinned - important!)
3. p-queue: ^9.0.1 → ^9.1.0
4. tabbable: ^6.3.0 → ^6.4.0
5. vue-router: ^4.6.3 → ^4.6.4

Bug Fixes Included (from changelog)

• v9.3.2:
  • Fixed translations in Vue modules
  • Adjusted modal max height
  • Animated toggle switch icon
• v9.3.3:
  • Fixed NcActions: migrated to custom icons in Checkbox/Radio
  • Critical: Pinned focus-trap to v7.6.6 (suggests version-specific issues)

---

🐛 Potential Issues

⚠️ Minor Concern - focus-trap pinning:
The fact that focus-trap was pinned to exactly 7.6.6 (removing the caret) in v9.3.3 suggests there may have been breaking changes or bugs in newer versions. This is a good defensive change but worth monitoring.

No other issues identified.

---

🚀 Performance Considerations

Neutral - Patch updates typically don't impact performance significantly. Changes are:

• Bug fixes (translations, UI tweaks)
• Minor version bumps in supporting libraries
• No architectural changes

---

🔒 Security Concerns

No security concerns identified:

• All updates are from trusted Nextcloud libraries
• No known vulnerabilities in the changelog
• Renovate's merge confidence badges show good adoption/passing rates
• Dependencies align with Nextcloud ecosystem standards

---

🧪 Test Coverage

CI Status: ✅ Linting passed | ⏳ Integration tests pending

Recommendation:

• Ensure integration tests complete successfully before merge
• The UI components affected (NcActions, NcModal, toggle switches) should be covered by existing tests
• Consider manual smoke testing of modal dialogs and checkbox/radio actions in Astrolabe UI if integration tests don't cover these components

---

📋 Recommendations

1. ✅ Approve and merge once CI passes - this is a low-risk patch update with bug fixes
2. Monitor for any focus trap-related issues after deployment (due to version pinning)
3. No code changes required - this is purely a dependency update
4. Consider enabling Renovate automerge for patch-level updates to @nextcloud/vue if not already configured

---

🎯 Verdict

APPROVED ✅

This is a clean, low-risk dependency update that brings bug fixes and stability improvements. The changes are well-documented, follow best practices, and the pinning of focus-trap suggests the Nextcloud team is being proactive about stability.

Merge when CI passes.

[claude]

Code Review: Dependency Update - @nextcloud/vue 9.3.1 → 9.3.3

Summary

This PR updates @nextcloud/vue from version 9.3.1 to 9.3.3 in the Astrolabe third-party component. This is a minor patch update generated by Renovate Bot.

Changes Analysis

Direct Dependency:

• @nextcloud/vue: 9.3.1 → 9.3.3

Transitive Dependency Updates:

• @nextcloud/logger: 3.0.2 → 3.0.3
• focus-trap: 7.6.6 (now pinned, previously ^7.6.6)
• p-queue: 9.0.1 → 9.1.0
• tabbable: 6.3.0 → 6.4.0
• vue-router: 4.6.3 → 4.6.4

Bug Fixes Included (from upstream changelog)

v9.3.3:

• Fixed migration to custom icons in Checkbox and Radio actions (NcActions)
• Pinned focus-trap library to v7.6.6 (addresses stability issue)

v9.3.2:

• Fixed translations in Vue modules build process
• Adjusted max height of modal (NcModal)
• Fixed toggle switch icon animation

Assessment

✅ Code Quality: No code changes required - lockfile update only
✅ Security: No known security vulnerabilities in this update
✅ Performance: Patch updates typically maintain or improve performance
✅ Breaking Changes: None - these are patch versions (9.3.x)

Recommendations

APPROVE - This is a safe dependency update with the following considerations:

1. CI Status: Currently in progress

   • ✅ Linting: PASSED
   • ⏳ Integration tests: IN_PROGRESS
   • ⏳ Claude review: IN_PROGRESS (this review)

2. Testing Priority: Medium

   • The focus-trap pin suggests a stability fix that warranted explicit versioning
   • The NcModal height adjustment could affect UI components in Astrolabe's dashboard
   • Recommend verifying the 3D PCA Vector Plot dashboard still renders correctly

3. Merge Strategy:

   • Wait for integration tests to complete
   • If tests pass, safe to merge
   • No special deployment considerations needed

Additional Notes

• The Astrolabe component is a Nextcloud PHP app bundled in this repository that provides the settings UI and vector visualization dashboard
• This update affects only the frontend Vue.js components, not the Python MCP server
• The focus-trap pin (removing caret) indicates upstream identified a regression - good practice to follow their guidance

Testing Checklist (if merging)

Since Astrolabe is primarily a UI component, consider manual verification:

• Navigate to Astrolabe settings page in Nextcloud
• Verify modals (NcModal) open/close correctly
• Check checkbox/radio button rendering in action menus
• Test the 3D vector plot visualization dashboard

Conclusion: This is a routine maintenance update with important bug fixes. The changes are low-risk and should be merged once CI passes.

---

Review generated by Claude Code (Sonnet 4.5)

[claude]

Pull Request Review

Summary

This PR updates @nextcloud/vue from v9.3.1 to v9.3.3 in the third_party/astrolabe component via automated dependency management (Renovate). The update includes two minor patch releases with bug fixes and dependency pinning.

Code Quality & Best Practices ✅

• Automated dependency management: Good practice using Renovate for consistent updates
• Lock file integrity: Changes are properly reflected in package-lock.json
• Semantic versioning: Patch-level update (9.3.1 → 9.3.3) should be backward compatible

Changes Analysis

Upstream Changes (v9.3.1 → v9.3.3)

v9.3.3 (2026-01-09):

• Fixed NcActions checkbox/radio icon migration bug
• Pinned focus-trap to v7.6.6 (dependency stability)

v9.3.2 (2026-01-08):

• Fixed Vue module translations
• Adjusted NcModal max height
• Fixed toggle switch icon animation

Direct Dependencies Updated:

• @nextcloud/logger: ^3.0.2 → ^3.0.3 (patch update)
• focus-trap: ^7.6.6 → 7.6.6 (pinned to exact version)
• p-queue: ^9.0.1 → ^9.1.0 (minor update)
• tabbable: ^6.3.0 → ^6.4.0 (minor update)
• vue-router: ^4.6.3 → ^4.6.4 (patch update)

Potential Issues 🔍

1. Focus-trap pinning: The upstream change pins focus-trap to an exact version (7.6.6) instead of using a semver range. This suggests a compatibility issue was discovered. While this is intentional from upstream, it reduces flexibility for future security patches.

2. Third-party component: This update affects the astrolabe component in third_party/, which appears to be an embedded Nextcloud app. Consider:

   • Is this component version-locked to the main MCP server?
   • Does this require separate testing of the astrolabe UI?

Testing Considerations 🧪

Recommended testing:

1. UI regression testing: The changes affect UI components (NcActions, NcModal, toggle switches)

   • Test checkbox/radio button rendering in actions
   • Verify modal height behavior
   • Check toggle switch animations

2. Focus trap behavior: With the pinned focus-trap version, verify:

   • Modal focus management
   • Keyboard navigation in dialogs
   • Tab trapping in overlays

3. Translation loading: v9.3.2 fixes Vue module translations, ensure:

   • i18n strings load correctly
   • No console errors about missing translations

Security Concerns 🔒

• Low risk: Patch-level updates from trusted upstream (Nextcloud libraries)
• Dependency pinning: focus-trap pinning suggests stability prioritization over flexibility
• No known CVEs in the changelog

Performance Considerations ⚡

• Minimal impact: Bug fixes and dependency updates unlikely to affect performance
• p-queue update (9.0.1 → 9.1.0) may include performance improvements

Test Coverage 📊

• CI Status: Linting has passed ✓
• Integration tests: Appear to be running
• Recommendation: Ensure browser-based UI tests cover the affected components (NcActions, NcModal, toggle switches) if not already present

Recommendation ✅

APPROVE - This is a routine dependency update with:

• Bug fixes that improve UI stability
• No breaking changes (semver patch/minor updates)
• Changes from trusted upstream source
• Proper lock file updates

Before merging:

1. Wait for integration tests to complete
2. Consider manual smoke testing of astrolabe UI if feasible
3. Monitor for any focus-trap-related issues after deployment

---

Review generated by Claude Code following repository conventions in CLAUDE.md

[claude]

PR Review: Update @nextcloud/vue to v9.3.3

Summary

This is a Renovate Bot-generated dependency update for the Astrolabe Nextcloud app (third-party component). The update bumps @nextcloud/vue from 9.3.1 to 9.3.3, which includes bug fixes and dependency updates.

Code Quality ✅

• Clean dependency update: Only package-lock.json modified, no source code changes
• Follows semantic versioning: Patch version bump (9.3.1 → 9.3.3) indicates backward-compatible bug fixes
• Automated update: Generated by Renovate Bot with proper metadata

Changes Analysis

Direct dependency update:

• @nextcloud/vue: 9.3.1 → 9.3.3

Transitive dependency updates:

• @nextcloud/logger: ^3.0.2 → ^3.0.3
• focus-trap: ^7.6.6 → 7.6.6 (pinned to exact version)
• p-queue: ^9.0.1 → ^9.1.0
• tabbable: ^6.3.0 → ^6.4.0
• vue-router: ^4.6.3 → ^4.6.4

Bug fixes included (per release notes):

• v9.3.2:
  • Fixed translations in Vue modules
  • Adjusted modal max height
  • Fixed toggle switch icon animation
• v9.3.3:
  • Fixed custom icons in Checkbox and Radio actions
  • Pinned focus-trap to v7.6.6 (addressing a potential issue)

Potential Concerns

1. focus-trap pinning 📌

   • Changed from ^7.6.6 to exact 7.6.6
   • This suggests a regression was found in a newer version
   • Recommendation: Monitor for security updates to focus-trap that may require manual intervention

2. Testing scope 🧪

   • This update affects the Astrolabe frontend (Vue.js components)
   • No test changes included (expected for dependency updates)
   • Recommendation: Verify UI functionality, especially:
     • Modal dialogs (max height fix)
     • Checkbox/Radio actions (custom icon fix)
     • Toggle switches (animation fix)
     • Focus trap behavior (keyboard navigation)

3. Version consistency 🔄

   • Package version bumped from 0.6.0 → 0.8.2 in package-lock.json
   • This appears to be an Astrolabe version bump, not directly related to @nextcloud/vue
   • Note: Ensure this is intentional or a side effect of lock file regeneration

Security ✅

• No known security vulnerabilities in the changelog
• Patch version updates are low-risk
• Focus-trap pinning suggests proactive security/stability management

Performance ⚡

• No performance-related changes noted
• Bug fixes may improve rendering performance (toggle animation, modal height)

Recommendations

Merge with confidence ✓ This is a safe dependency update with bug fixes and no breaking changes.

Before merging:

1. ✅ Verify CI checks pass (especially frontend builds)
2. ✅ Quick smoke test of Astrolabe UI:
   • Search functionality works
   • 3D visualization renders
   • Settings modal opens correctly
   • Checkbox/radio inputs function properly

Post-merge:

• Monitor for any focus-trap security advisories (since it's now pinned)
• Consider updating Astrolabe version documentation if 0.6.0 → 0.8.2 is intentional

---

Verdict: LGTM 👍

This is a well-maintained dependency update with clear bug fixes and no breaking changes. The focus-trap pinning shows thoughtful dependency management. Safe to merge after CI passes.

[claude]

PR Review: Dependency Update - @nextcloud/vue v9.3.1 → v9.3.3

Overview

This is an automated Renovate Bot dependency update for the Astrolabe Nextcloud app frontend. The PR updates @nextcloud/vue from 9.3.1 to 9.3.3 in the lockfile.

Code Quality Assessment ✅

Positive aspects:

• Lockfile-only update: No source code changes, minimizing risk
• Minor version bump: Patch updates (9.3.1 → 9.3.3) should be backward compatible
• CI passing: Linting checks have completed successfully
• Automated process: Follows established Renovate Bot workflow

Changes Analysis

Based on the diff, this update includes:

Direct dependency:

• @nextcloud/vue: 9.3.1 → 9.3.3

Transitive dependency updates:

• @nextcloud/logger: 3.0.2 → 3.0.3
• focus-trap: 7.6.6 (now pinned, previously ^7.6.6)
• p-queue: 9.0.1 → 9.1.0
• tabbable: 6.3.0 → 6.4.0
• vue-router: 4.6.3 → 4.6.4

Upstream fixes (from release notes):

v9.3.3:

• Bug fix: Migrated to custom icons in Checkbox/Radio actions
• Pinned focus-trap to v7.6.6 (dependency stability)

v9.3.2:

• Bug fix: Fixed translations in Vue modules
• Bug fix: Adjusted max height of modal
• Bug fix: Animated toggle switch icon

Potential Concerns 🔍

1. focus-trap pinning: The update pins focus-trap to exactly 7.6.6 instead of ^7.6.6. This suggests a breaking change or bug in newer versions. This is a positive change for stability but worth noting.

2. Integration testing: Since Astrolabe includes a 3D visualization dashboard and OAuth UI components, it would be beneficial to verify:

   • Modal dialogs still function correctly (v9.3.2 changed modal max-height)
   • Checkbox/Radio actions in settings work properly (v9.3.3 icon changes)
   • No visual regressions in the semantic search UI

3. Test coverage: The PR diff shows only lockfile changes. Assuming integration tests are running in CI, this should catch any breaking changes.

Security Considerations ✅

• No security vulnerabilities introduced
• All updates are from trusted Nextcloud official packages
• Patch/minor version updates reduce attack surface

Performance Considerations ✅

• Bug fixes in upstream may improve performance
• p-queue 9.1.0 may include performance improvements
• No expected performance regressions

Recommendations

1. ✅ Merge after CI completion: Wait for integration-test check to pass
2. ✅ Manual verification (optional): Test the Astrolabe settings UI and search dashboard after merge
3. ✅ Monitor for issues: Watch for user reports related to modals, checkboxes, or accessibility (focus-trap changes)

Test Coverage

Current status:

• ✅ Linting: PASSED
• ⏳ Integration tests: IN_PROGRESS
• ✅ Stability days: PASSED (Renovate confidence check)

Conclusion

Verdict: APPROVE ✅

This is a low-risk dependency update that includes important bug fixes from upstream. The changes are:

• Backward compatible (patch versions)
• Well-tested by the Nextcloud Vue library maintainers
• Include stability improvements (focus-trap pinning)
• Fix real bugs (translation, modal height, icon animations)

Suggested action: Merge once integration tests pass. No code changes required.