fix(deps): update dependency @sanity/cli to v6

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@sanity/cli (source)	^4.8.1 → ^6.7.2

---

Release Notes

sanity-io/cli (@​sanity/cli)

v6.7.2

Compare Source

2026-06-03

Bug Fixes

• ensure babel-plugin-react-compiler is a peer dependency (#​1175) (d2de934)
• deps: update oclif-tooling (#​1161) (b8bc554)
• deps: update sanity-tooling (#​1163) (5313459)
• deps: Update react monorepo to ^19.2.6 (#​1173) (c847618)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.3.4
    • @​sanity/cli-build bumped to 0.2.2

v6.7.1

Compare Source

2026-06-02

Bug Fixes

• add missing changeset for @sanity/cli-core (#​1153) (ef5b390)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.3.3
    • @​sanity/cli-build bumped to 0.2.1

v6.7.0

Compare Source

2026-06-02

Features

• Configure Sanity MCP and install the sanity-best-practices agent skill for detected AI editors in a single step during sanity init. Add --no-skills to opt out. (#​1079) (3ffeda3)
• templates: add page-builder template using @​sanity/presets (#​1084) (0c0fea4)
• dataset export: add no-strict-asset-verification flag (#​1135) (96f0646)

Bug Fixes

• mcp: use oauth for claude code config (#​1118) (7d2118d)
• cli: move @​sanity/ui to devDependencies (#​1105) (b9185e6)
• docs: reject lookalike docs url hosts (#​1098) (85980d2)
• Prevent listing lowercase env vars as included in JS bundle (#​1094) (a4419d2)
• update sanity cors add copy (#​1095) (0c23d7d)
• deps: update sanity-tooling (#​1114) (9352799)
• login: allow ctrl-c to cancel browser login (#​1126) (e5684b2)
• Prevent buildStudio from running shouldAutoUpdate a second time (#​1092) (3266303)
• update @​sanity/codegen to ^6.1.0 (#​1065) (5b4d3c0)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-build bumped to 0.2.0

v6.6.0

Compare Source

2026-05-18

Features

• login: add token login (#​1082) (5f93b50)

v6.5.3

2026-05-13

Bug Fixes

• release to re-publish new cli-build package (#​1077) (2fae51f)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-build bumped to 0.1.1

v6.5.2

2026-05-13

Bug Fixes

• split out build logic into a new package (#​1062) (543223d)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-build bumped to 0.1.0

v6.5.1

Compare Source

2026-05-07

Bug Fixes

• Move getLocalPackageVersion to cli-core (#​1053) (02eb330)
• deps: update dependency @​sanity/runtime-cli to v15 (#​1059) (7ae960a)
• rename manifest types and share cache dir (#​1008) (fa32892)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.3.2

v6.5.0

Compare Source

2026-05-04

Features

• Auto-updating Studios now load CSS bundles from the module server alongside JS. (#​893) (9fc5e0f)

Bug Fixes

• init: respect --project and --dataset flags for app templates (#​1015) (737ab0b)
• cli: pass schemaExtraction config through to build (#​1002) (2fd358f)
• default to TypeScript in unattended mode for sanity init (#​1004) (26f0fb5)
• deps: update sanity-tooling (#​1024) (c6d5501)
• deps: update sanity-tooling (#​1031) (68e544f)
• deps: update eslint-tooling (#​986) (252b784)
• cli: replace preferred-pm with local implementation (#​984) (154e361)

v6.4.0

Compare Source

Minor Changes

• #​960 6045f96 Thanks @​drewlyton! - Added MCP auto-configuration support for Antigravity, Cline CLI, Codex CLI, GitHub Copilot CLI, and MCPorter. Refactored editor detection to use dependency injection for improved testability and cross-platform reliability.

• #​954 696f8e0 Thanks @​tzhelyazkova! - Add --skip-content-releases flag to sanity datasets copy for excluding content release documents from the target dataset.

• #​955 5701546 Thanks @​mwritter! - use oauth config for mcp with cursor

• #​968 c88caf7 Thanks @​binoy14! - - Add project and dataset selection prompts to sanity init for app templates

  • Fix crash when selecting "no" for TypeScript on app templates, which only ship .tsx files

• #​980 80480af Thanks @​mttdnt! - Show a runner-specific update command (npx, pnpm dlx, yarn dlx, bunx) in the update notification instead of a generic npm update when the CLI is invoked via one of those runners.

Patch Changes

• #​948 a812f96 Thanks @​mttdnt! - Show the correct update command based on whether the project depends on sanity or @sanity/cli

• #​947 1fa3954 Thanks @​binoy14! - Fixed environment variable loading to include all variables from .env files, not just SANITY_STUDIO_/SANITY_APP_ prefixed ones. Client bundle exposure remains restricted to prefixed variables only.

• #​959 ad287b6 Thanks @​binoy14! - improve schema extract error messages

• #​977 10db76f Thanks @​rexxars! - use sanity v5 compatible dependencies in shopify templates

v6.3.2

Compare Source

Patch Changes

• #​898 e4f2dd4 Thanks @​binoy14! - Fixed init command to strip filename before counting nested folders when generating the relative import path for the embedded studio route file.

• #​923 6b1dfb4 Thanks @​binoy14! - Default to the "production" dataset in unattended mode

• #​915 6b48e93 Thanks @​mttdnt! - Fixed telemetry events being silently dropped before consent resolves

• #​902 5b86d79 Thanks @​mttdnt! - remove @​sanity/telemetry as a peer dependency

• #​903 ed09f43 Thanks @​binoy14! - Fixed init command unattended mode: respect --no-git flag to skip git initialization, pass --missing to dataset import to avoid errors when dataset already exists, and allow --bare mode without requiring --output-path.

• #​933 b181807 Thanks @​renovate! - update sanity-tooling

• Updated dependencies [5b86d79]:

  • @​sanity/cli-core@​1.3.1

v6.3.1

Patch Changes

• #​851 0cf739e Thanks @​binoy14! - deps: bump sanity-tooling

• #​855 d8f5b74 Thanks @​binoy14! - update deps to fix security warnings

• #​854 06f62f8 Thanks @​binoy14! - use a version range for cli-core

All notable changes to this project will be documented in this file.
See Conventional Commits for commit guidelines.

v6.3.0

Features

• cli: use app.title from config in SDK app HTML title (#​799) (cea0395)
• deploy: add --url flag and unattended mode support (#​760) (c440211)
• upgrade eslint to v10 with dual v9/v10 support (#​823) (f3c9d9d)

Bug Fixes

• dataset:alias: passing apiName over displayName to input validation (#​773) (747be46)
• deps: update @​sanity/telemetry to v0.9.0 (#​777) (fc44e3e)
• deps: update dependency @​sanity/runtime-cli to ^14.7.2 (#​843) (e902217)
• deps: update oclif-tooling (#​821) (3ee5f3f)
• deps: update sanity-tooling (#​766) (f337c42)
• deps: update sanity-tooling (#​787) (d553fb0)
• exclude test fixtures from npm published packages (#​834) (699f3f1)
• help: resolve singular topic aliases with --help flag (#​792) (2ee676f)
• import: prompt for dataset when not provided (#​783) (ceac4b7)
• init: update outdated dependency versions for Next.js projects (#​817) (890fcf1)
• login: non-interactive login shows actionable error (#​767) (aa8b7c2)
• remove --legacy-peer-deps from npm install during init (#​833) (c9fcab5)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.3.0
  • devDependencies
    • @​sanity/cli-test bumped to 0.3.0
    • @​sanity/eslint-config-cli bumped to 1.1.0

v6.2.1

Bug Fixes

• bump preferred-pm to v5 to resolve js-yaml prototype pollution (#​756) (34577da)
• deps: update oclif-tooling (#​764) (e81b18f)
• deps: update sanity dependencies (#​758) (e093ac3)
• import: use stored CLI token instead of requiring --token flag (#​775) (353bea8)
• telemetry: scope consent cache by auth token (#​751) (86f3285)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.2.1
  • devDependencies
    • @​sanity/cli-test bumped to 0.2.7

v6.2.0

Features

• debug: improve output format, allow running outside project (#​733) (f2f2e2f)
• init: improve flags for the init command (#​729) (171ad3f)

Bug Fixes

• align on plural topic names, provide aliases for singular (#​714) (32f0884)
• deprecate start command (preview alias) (#​721) (cffaf22)
• mcp: use explicit mode for setupMCP during init (#​744) (e11f495)
• support non-interactive mode for app templates and fix isInteractive CI detection (#​735) (ff9f15f)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.2.0
  • devDependencies
    • @​sanity/cli-test bumped to 0.2.6

v6.1.8

Bug Fixes

• deps: update dependency @​vercel/frameworks to v3.21.1 (#​709) (17fce97)
• deps: update dependency dotenv to ^17.3.1 (#​710) (a85db85)
• deps: update dependency nanoid to ^5.1.6 (#​705) (1f7a96d)
• deps: update dependency tar to ^7.5.11 (#​706) (9b55d34)
• deps: update dependency tar-fs to ^3.1.2 (#​707) (14d1ce3)
• deps: update dependency tar-stream to ^3.1.8 (#​708) (6019bc4)
• deps: update oclif-tooling (#​720) (e63ad1a)
• deps: update sanity-tooling (#​716) (9c30109)
• deps: update sanity-tooling (#​727) (f8797a4)
• load all env vars for schema extract (#​725) (67ee0a5)
• prevent duplicate deprecation warnings during sanity deploy (#​726) (7f70ba3)
• validate MCP tokens against Sanity API instead of MCP server (#​732) (5b573b8)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.1.3
  • devDependencies
    • @​sanity/cli-test bumped to 0.2.5
    • @​sanity/eslint-config-cli bumped to 1.0.1

v6.1.7

Bug Fixes

• resolve vendor dependencies using node module resolution (#​691) (44b0e98)

v6.1.6

Bug Fixes

• deps: update sanity-tooling (#​683) (aee2e6e)
• getCliClient() token not passed through (#​688) (15c6b7d)
• schema extract path always appends schema.json (#​686) (daa0013)

v6.1.5

Bug Fixes

• allow running sanity debug outside of project context (#​678) (0110989)
• cli: send extracted ManifestSchemaType[] to /schemas endpoint (#​680) (2afef5a)

v6.1.4

Bug Fixes

• deps: update oclif-tooling (#​651) (f807f1d)
• tsconfig paths not respected in the sanity config (#​669) (7ecf06b)
• validate auth token before MCP token creation (#​667) (fd0d4e7)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.1.2
  • devDependencies
    • @​sanity/cli-test bumped to 0.2.4

v6.1.3

Bug Fixes

• use non-deprecated --project-id flag for dataset import during init (#​661) (0b660b9)

v6.1.2

Bug Fixes

• bump react+react-dom to latest on new installs (#​658) (87b733f)
• resolve react-dom/server and @​sanity/ui from studio workDir (#​657) (ce07d42)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.1.1
  • devDependencies
    • @​sanity/cli-test bumped to 0.2.3

v6.1.1

Bug Fixes

• lazy-load icon resolver to avoid pulling in @​sanity/ui at import time (#​636) (e2a6c6d)

v6.1.0

Features

• mcp: improve mcp setup process (#​630) (27d8ba8)

Bug Fixes

• don't treat user aborts as telemetry errors (#​624) (6cc7682)
• hide sanity start alias from help text (#​620) (2447f63)
• init: duplicate default dataset help text (#​627) (9cba643)
• mock getUserConfig in telemetry test and update debug namespace (#​631) (2f03a4c)
• simplify git config retrieval, reduce dependencies (#​616) (b258394)
• vite version showing as null in dev/preview output (349e7c9)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.1.0
  • devDependencies
    • @​sanity/cli-test bumped to 0.2.2

v6.0.0

⚠ BREAKING CHANGES

• A small number of commands produce tabular output where v5 produces line-separated lists. Scripts that parse command output (e.g., tab-splitting to produce CSV-like data from users list) could be affected. In the future we will support --json for easier parsing
• We removed some internal cli types. If your project relied on them, you might see build issues.
• Some command output format changes

Features

• A small number of commands produce tabular output where v5 produces line-separated lists. Scripts that parse command output (e.g., tab-splitting to produce CSV-like data from users list) could be affected. In the future we will support --json for easier parsing (7515453)
• Dataset embeddings configuration commands — New dataset embeddings commands to configure embeddings for datasets. (7515453)
• Global --project-id and --dataset flags — Run commands outside a project directory without needing a sanity.cli.ts config. (#​548, #​500, #​558) (7515453)
• Non-interactive environment detection — Prompts detect CI/pipeline environments automatically, preventing hangs in automated workflows. (#​470) (7515453)
• SDK templates are ESM by default — New SDK projects created via sanity init use ESM. (#​576) (7515453)
• Some command output format changes (7515453)
• We removed some internal cli types. If your project relied on them, you might see build issues. (7515453)

Bug Fixes

• Boolean flags no longer get confused with commands that have positional arguments. (7515453)
• Extract manifest and deploy schemas on deploy. (#​563) (7515453)
• Fix inverted CORS guard in bootstrapRemoteTemplate. (#​547) (7515453)
• GraphQL and certain commands now support vite aliases. (7515453)
• Strict flag parsing. Unknown flags now produce an error and halt execution rather than being silently ignored. For example, passing --datset foo (a typo) previously had no effect; it now returns an error. (7515453)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/cli-core bumped to 1.0.1
  • devDependencies
    • @​sanity/cli-test bumped to 0.2.1

v5.14.1

Note: Version bump only for package @​sanity/cli

v5.14.0

Note: Version bump only for package @​sanity/cli

v5.13.0

Features

• cli: upgrade blueprints doctor and plan (#​12258) (64d162e) by Taylor Beseda (tbeseda@gmail.com)

v5.12.0

Features

• cli: add Gemini, Codex and Copilot CLIs to MCP configure (#​12194) (093e716) by James Woods (<jwwoods01@​gmail.com>)
• cli: upgrade blueprints commands (#​12226) (245a07f) by Taylor Beseda (tbeseda@gmail.com)

v5.11.0

Note: Version bump only for package @​sanity/cli

v5.10.0

Note: Version bump only for package @​sanity/cli

v5.9.0

Features

• cli: add schema extraction to dev and build commands (#​11761) (c3a4cb1) by Kristoffer Brabrand (kristoffer@brabrand.no)

Bug Fixes

• update readLocalBlueprint signature (#​12097) (7a16694) by Simon MacDonald (simon.macdonald@gmail.com)

Reverts

• rollback v5.9.0 version bump (#​12139) (4195d26) by Bjørge Næss (bjoerge@gmail.com)

v5.8.1

Bug Fixes

• deps: update dependency @​sanity/template-validator to ^2.4.5 (#​12076) (6da793e) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: update dependency @​sanity/template-validator to v3 (#​12092) (d889072) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v5.8.0

Features

• cli: add typegen to dev and build commands (#​11957) (dc6baae) by Kristoffer Brabrand (kristoffer@brabrand.no)
• cli: add watch mode for typegen generate command (#​11867) (c22e65e) by Kristoffer Brabrand (kristoffer@brabrand.no)

v5.7.0

Bug Fixes

• cli: pass CLI project ID to runtime-cli if set, upgrade runtime-cli (#​11971) (539bf4a) by Espen Hovlandsdal (espen@hovlandsdal.com)

v5.6.0

Bug Fixes

• deps: Update babel monorepo to ^7.28.6 (#​11876) (c86d4fb) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• test: symlink in monorepo deps after installing (#​11905) (2b9d06b) by Kristoffer Brabrand (kristoffer@brabrand.no)

v5.5.0

Features

• cli: allow configuring schemaExtraction in sanity.cli.ts (#​11824) (6fd624b) by Kristoffer Brabrand (kristoffer@brabrand.no)

v5.4.0

Note: Version bump only for package @​sanity/cli

v5.3.1

Note: Version bump only for package @​sanity/cli

v5.3.0

Features

• cli: add mcp configuration support for zed and opencode (#​11747) (30121a5) by James Woods (<jwwoods01@​gmail.com>)
• GRO-4157 dynamic mcp init prompt (#​11555) (e6f4485) by Matthew Ritter (matthew.ritter@sanity.io)
• typegen: add ArrayOf utility type for inline object array members (#​11698) (895b404) by Kristoffer Brabrand (kristoffer@brabrand.no)

Bug Fixes

• linter: enforce no unnecessary boolean literal comparisons (#​11734) (94462ad) by Cody Olsen (81981+stipsan@users.noreply.github.com)
• vitest: migrate Date, Worker, and Observer mocking to v4 API (#​11754) (20caed1) by Copilot (198982749+Copilot@users.noreply.github.com)

v5.2.0

Bug Fixes

• cli: update init output docs command text (#​10074) (ad1c6bd) by Mark Michon (mark.michon@sanity.io)

v5.1.0

Note: Version bump only for package @​sanity/cli

v5.0.1

Note: Version bump only for package @​sanity/cli

v5.0.0

⚠ BREAKING CHANGES

• typegen: return same case when generating types (#​11330)

Features

• typegen: memoizations, refactoring add improved progress reporting (#​10294) (5d6ac17), closes #​8950 by Kristoffer Brabrand (kristoffer@brabrand.no)
• typegen: return same case when generating types (#​11330) (0402647) by Sindre Gulseth (sgulseth@gmail.com)

v4.22.0

Features

• update mcp configured prompt text (#​11514) (b595fee) by Matthew Ritter (matthew.ritter@sanity.io)

Bug Fixes

• cli: telemetry in MCP commands (#​11487) (9e805d6) by James Woods (<jwwoods01@​gmail.com>)
• cli: update runtime commands (#​11513) (6f9ae4f) by Taylor Beseda (tbeseda@gmail.com)

v4.21.1

Bug Fixes

• cli: blueprints doctor does not require existing blueprint config (#​11444) (b8d9a94) by Taylor Beseda (tbeseda@gmail.com)
• mcp cli wording (#​11457) (2aa0766) by James Woods (<jwwoods01@​gmail.com>)

v4.21.0

Features

• setup mcp on sanity init and add mcp add command to cli (#​11409) (4752fb1) by James Woods (<jwwoods01@​gmail.com>)
• setup mcp on sanity init and add mcp add command to cli (#​11434) (e27bea7) by James Woods (<jwwoods01@​gmail.com>)
• Update runtime-cli to v12 (#​11410) (3fea96a) by Dave Sewell (snocorp@gmail.com)

Bug Fixes

• deps: update dependency get-it to ^8.7.0 (#​11395) (5f4487a) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: update dependency groq-js to ^1.23.0 (#​11429) (b100ba4) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.20.3

Bug Fixes

• deps: Update react monorepo to ^19.2.1 (#​11389) (ad157b1) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.20.2

Note: Version bump only for package @​sanity/cli

v4.20.1

Bug Fixes

• deps: update dependency groq-js to ^1.22.0 (#​11366) (6976b77) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• ERR_REQUIRE_CYCLE_MODULE on older node, and windows resolve regression (#​11385) (bfaa1c7) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v4.20.0

Note: Version bump only for package @​sanity/cli

v4.19.0

Features

• cli: add typegen configuration through cli config (#​11135) (cfd2d9c) by Kristoffer Brabrand (kristoffer@brabrand.no)

v4.18.0

Bug Fixes

• deps: update dependency groq-js to ^1.21.0 (#​11216) (fc8f483) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.17.0

Bug Fixes

• actions: onComplete considered harmful, use local state instead (#​11199) ([461f54d](https://redirect.github.com/sanity-io/sanity/commit/461f54d62f50ee96cc959ea97c023dbbda9d048

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cv	Ready	Preview, Comment	Jun 12, 2026 1:26pm
cv-studio	Ready	Preview, Comment	Jun 12, 2026 1:26pm
cv-web	Error		Jun 12, 2026 1:26pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	react@​18.2.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm kind-of is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/kind-of@6.0.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/kind-of@6.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report