chore(deps): bump vocs from 1.4.1 to 2.0.12

[dependabot]

Bumps vocs from 1.4.1 to 2.0.12.

Release notes

Sourced from vocs's releases.

vocs@2.0.12

Patch Changes

• 23ca0df: Added copy-to-clipboard behavior for heading anchor links.

vocs@2.0.11

Patch Changes

• c7dcfd0: Fixed inline Twoslash cache comments leaking into rendered code snippets.

vocs@2.0.10

Patch Changes

• 60ea522: Improved build performance for Twoslash-heavy sites by highlighting hover popups lazily on the client instead of at build time, significantly reducing build memory and time.

vocs@2.0.8

Patch Changes

• c94eef9: Fixed the experimental Twoslash inline cache producing permanent misses and duplicate comments for code blocks that import or [!include] virtual files.

vocs@2.0.7

Patch Changes

• 3597288: Added an experimental inline Twoslash cache (twoslash.inlineCache) that persists results in the markdown source as // @twoslash-cache: ... comments so the cache travels with the repo.

vocs@2.0.6

Patch Changes

• 071b04b: Added a badge field to SidebarItem. Pass a string for a default badge, or an object with a variant (note, info, tip, warning, danger, success) for a colored variant. Renders to the right of the item text on leaf items and group headers.

vocs@2.0.5

Patch Changes

• e25757c: Reduced peak build-time memory and improved twoslash cache reuse on large docs sites.

vocs@2.0.4

Patch Changes

• c88d1d2: Fixed unhandled text directives inside link labels rendering as empty elements.

vocs@2.0.3

Patch Changes

• f98e301: Preserved the configured base path root when normalizing Waku's trailing slash base path.

vocs@2.0.2

Patch Changes

• f850193: Improved MDX development hot updates to avoid delayed or stale page updates after edits.

... (truncated)

Changelog

Sourced from vocs's changelog.

2.0.12

Patch Changes

• 23ca0df: Added copy-to-clipboard behavior for heading anchor links.

2.0.11

Patch Changes

• c7dcfd0: Fixed inline Twoslash cache comments leaking into rendered code snippets.

2.0.10

Patch Changes

• 60ea522: Improved build performance for Twoslash-heavy sites by highlighting hover popups lazily on the client instead of at build time, significantly reducing build memory and time.

2.0.9

Patch Changes

• 13af527: Fixed the experimental Twoslash inline cache to stay portable across environments with differing local Twoslash options.

2.0.8

Patch Changes

• c94eef9: Fixed the experimental Twoslash inline cache producing permanent misses and duplicate comments for code blocks that import or [!include] virtual files.

2.0.7

Patch Changes

• 3597288: Added an experimental inline Twoslash cache (twoslash.inlineCache) that persists results in the markdown source as // @twoslash-cache: ... comments so the cache travels with the repo.

2.0.6

Patch Changes

• 071b04b: Added a badge field to SidebarItem. Pass a string for a default badge, or an object with a variant (note, info, tip, warning, danger, success) for a colored variant. Renders to the right of the item text on leaf items and group headers.

2.0.5

Patch Changes

• e25757c: Reduced peak build-time memory and improved twoslash cache reuse on large docs sites.

2.0.4

... (truncated)

Commits

• ce7dd97 chore: version packages (#471)
• 23ca0df fix(mdx): copy heading anchor links (#470)
• 88db3d6 chore: version packages (#469)
• c7dcfd0 fix: hide @twoslash-cache comments in snippets (#468)
• 99d778d chore: version packages (#467)
• 028691a chore: version packages (#465)
• 60ea522 perf(twoslash): highlight hover popups lazily on the client (#466)
• 13af527 fix(twoslash): make inline cache portable across environments (#464)
• ce9d549 chore: version packages (#463)
• c94eef9 fix(twoslash): correct inline cache for included/imported snippets (#462)
• Additional commits viewable in compare view

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
txkit-docs	Error		Jun 13, 2026 9:35am
txkit-land	Ready	Preview, Comment	Jun 13, 2026 9:35am
txkit-story	Ready	Preview, Comment	Jun 13, 2026 9:35am

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vocs@​2.0.12

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Protestware or unwanted behavior: npm es5-ext Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. From: pnpm-lock.yaml → npm/vocs@2.0.12 → npm/es5-ext@0.10.64 ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es5-ext@0.10.64. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm robust-predicates is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/vocs@2.0.12 → npm/robust-predicates@3.0.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/robust-predicates@3.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report