Bump the all-dependencies group across 1 directory with 38 updates

[dependabot]

Bumps the all-dependencies group with 36 updates in the / directory:

Package	From	To
@paralleldrive/cuid2	3.0.4	3.3.0
@prisma/adapter-pg	7.1.0	7.4.1
@prisma/client	6.19.0	7.4.1
@tabler/icons-react	3.35.0	3.37.1
@tanstack/react-virtual	3.13.13	3.13.18
@types/bcryptjs	2.4.6	3.0.0
@types/react-pdf	5.0.7	7.0.0
isomorphic-dompurify	2.33.0	3.0.0
lucide-react	0.553.0	0.575.0
nodemailer	7.0.11	8.0.1
pg	8.16.3	8.18.0
@types/pg	8.15.6	8.16.0
react	19.2.3	19.2.4
@types/react	19.2.7	19.2.14
react-day-picker	9.11.3	9.13.2
react-dom	19.2.3	19.2.4
react-hook-form	7.68.0	7.71.2
react-resizable-panels	4.6.2	4.6.5
recharts	2.15.4	3.7.0
resend	6.5.2	6.9.2
stripe	20.0.0	20.3.1
tailwind-merge	3.4.0	3.5.0
zod	4.1.13	4.3.6
zustand	5.0.9	5.0.11
@playwright/test	1.57.0	1.58.2
@tailwindcss/postcss	4.1.17	4.2.0
@testing-library/react	16.3.1	16.3.2
@types/node	20.19.25	25.3.0
@types/papaparse	5.5.1	5.5.2
@vitejs/plugin-react	5.1.2	5.1.4
@vitest/coverage-v8	4.0.16	4.0.18
baseline-browser-mapping	2.9.2	2.10.0
eslint	9.39.1	10.0.1
eslint-config-next	16.0.5	16.1.6
prisma	6.19.0	7.4.1
vite-tsconfig-paths	6.0.3	6.1.1

Updates @paralleldrive/cuid2 from 3.0.4 to 3.3.0

Changelog

Sourced from @​paralleldrive/cuid2's changelog.

[3.3.0] - 2026-01-25

Fixed

• Fix typo in package.json exports field: ./package.json path was incorrectly specified
• Fix TypeScript compilation error (TS1203) by replacing export = with named exports in index.d.ts

Updated

• Update AI development framework (aidd) to v2.5.0 for enhanced security reviews
• Update all devDependencies to latest versions (@​types/node, @​types/react, eslint, eslint-config-next, eslint-config-prettier, eslint-plugin-prettier, next, prettier, react, react-dom, release-it, riteway, updtr, watch)

[3.0.2] - 2025-10-27

Changed

• Remove collision-test from pre-commit hook to unblock release process

Fixed

• Replace BigInt with bignumber.js for broader browser support (legacy browsers)
• Add export module field to package.json for better ESM compatibility

Added

• Implement CSPRNG using crypto.getRandomValues for enhanced security
• Add validation to throw error when length > 32

Documentation

• Fix typo: Change "Pseudo" to "Pseudo" in README.md
• Update link for PleaseRobMe.com

[3.0.0] - 2025-10-18

⚠️ BREAKING CHANGES

• Convert entire project from CommonJS to ES modules
  • Changed from require()/module.exports to import/export
  • Added "type": "module" to package.json
  • Users must use ESM imports or upgrade to this version carefully
  • For CommonJS compatibility, use v2.3.1 instead

[2.3.1] - 2025-10-24

Fixed

• Maintenance release: Restore CommonJS compatibility for v2.x line
• This version is based on v2.2.2 to provide a non-breaking upgrade path
• Published with v2-compat tag for users who need CommonJS

... (truncated)

Commits

• 2275e80 chore(release): v3.3.0
• 3af6f1b chore: update CHANGELOG for v3.2.1
• ee1ff97 Merge pull request #119 from paralleldrive/update
• 59541b5 chore: downgrade packages for security
• aebdc31 chore: remove legacy Travis CI config
• 71b5d09 ci: add GitHub Actions workflow
• d044cfe chore: update dependencies and AI framework
• 3bec9b1 Merge pull request #116 from paralleldrive/copilot/fix-typescript-error-ts1203
• a910d6e Delete REVIEW.md
• 76b5c83 docs: add comprehensive code review for TS1203 fix
• Additional commits viewable in compare view

Updates @prisma/adapter-pg from 7.1.0 to 7.4.1

Release notes

Sourced from @​prisma/adapter-pg's releases.

7.4.1

Today, we are issuing a 7.4.1 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

• Fix cursor-based pagination regression with parameterised values (prisma/prisma#29184)
• Preserve Prisma.skip through query extension argument cloning (prisma/prisma#29198)
• Enable batching of multiple queries inside interactive transactions (prisma/prisma#25571)
• Add missing JSON value deserialization for JSONB parameter fields (prisma/prisma#29182)
• Apply result extensions correctly for nested and fluent relations (prisma/prisma#29218)
• Allow missing config datasource URL and validate only when needed (prisma/prisma-engines#5777)

Driver Adapters

• @​prisma/adapter-ppg: Handle null values in type parsers for nullable columns (prisma/prisma#29192)

Prisma Schema Language

• Support where argument on field-level @unique for partial indexes (prisma/prisma-engines#5774)
• Add object expression and object member support to schema reformatter (prisma/prisma-engines#5776)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

7.4.0

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:

// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })

Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:

... (truncated)

Commits

• 531886f fix: fix byte upserts by removing legacy byte array representation (#28913)
• 0c6db15 fix(adapter-{pg,neon,ppg}): handle 22P02 error in Postgres (#28849)
• See full diff in compare view

Updates @prisma/client from 6.19.0 to 7.4.1

Release notes

Sourced from @​prisma/client's releases.

7.4.1

Today, we are issuing a 7.4.1 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

• Fix cursor-based pagination regression with parameterised values (prisma/prisma#29184)
• Preserve Prisma.skip through query extension argument cloning (prisma/prisma#29198)
• Enable batching of multiple queries inside interactive transactions (prisma/prisma#25571)
• Add missing JSON value deserialization for JSONB parameter fields (prisma/prisma#29182)
• Apply result extensions correctly for nested and fluent relations (prisma/prisma#29218)
• Allow missing config datasource URL and validate only when needed (prisma/prisma-engines#5777)

Driver Adapters

• @​prisma/adapter-ppg: Handle null values in type parsers for nullable columns (prisma/prisma#29192)

Prisma Schema Language

• Support where argument on field-level @unique for partial indexes (prisma/prisma-engines#5774)
• Add object expression and object member support to schema reformatter (prisma/prisma-engines#5776)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

7.4.0

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:

// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })

Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:

... (truncated)

Commits

• 533e22a chore: port fixes to 7.4 patch branch (#29222)
• 7060f68 chore(deps): update engines to 7.4.0-20.ab56fe763f921d033a6c195e7ddeb3e255bdb...
• 91a24a9 feat: query plan caching (#29038)
• b49d446 chore(deps): update engines to 7.4.0-18.2997580c8cb38878f73e100453e7b27119e8f...
• 3c99935 chore(deps): update engines to 7.4.0-17.57b675f79cd26fbf702d70f9a13d2b7b2fad9...
• e7504d7 chore(deps): update engines to 7.4.0-16.d0314091cdd30494eefc61d346f8c09aca20d...
• 1e6c91c chore(deps): update engines to 7.4.0-15.6129681d45ea4510d3372dd5b28f6b8927584...
• e1bfd22 chore(deps): update engines to 7.4.0-13.e876f7aec6b9be3e5147d061ed521ec45a845...
• 12ca969 chore(deps): update engines to 7.4.0-12.aa5ee090ba89988f1dce71be263f4bcd9519b...
• 36b57cb chore(deps): update engines to 7.4.0-11.8583547702bad6d8e7de7d9812f7ec5c22e1c...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​prisma/client since your current version.

Updates @tabler/icons-react from 3.35.0 to 3.37.1

Release notes

Sourced from @​tabler/icons-react's releases.

Release 3.37.1

Fixed

• Fixed icon: credit-card-off
• Added missing icon versions metadata

Release 3.37.0

20 new icons:

• filled/ball-bowling
• filled/crown
• filled/folder
• filled/leaf
• filled/pacman
• filled/phone-call
• filled/phone-calling
• filled/phone-check
• filled/phone-x
• filled/plane-arrival
• filled/plane-departure
• filled/plane-tilt
• filled/plane
• filled/play-card
• filled/playlist
• filled/report-analytics
• filled/report-money
• filled/satellite
• filled/sparkles-2
• filled/sparkles

Fixed icon: outline/pacman

Releace 3.36.1

Changed

• 2,433 icons have been optimized and fixed
• outline/brand-adobe-premier → outline/brand-adobe-premiere (typo fix)

Fixed

• React (@tabler/icons-react): Fixed TypeScript type definition for TablerIcon to properly handle ref forwarding
• Webfont (@tabler/icons-webfont): Fixed font generation - icons now render correctly in webfont format

Release 3.36.0

18 new icons:

... (truncated)

Commits

• f4b74b4 Release 3.37.1
• 5f64612 Release 3.37.0
• 0094572 Release 3.36.1
• 7358779 Remove eleventy-sass dependency and update @​tabler/icons references to use wo...
• 2702274 Update package dependencies and configurations (#1447)
• 78e46e4 Added type checks in icons-react tests and ensured consistent dependency ma...
• f76e44c Release 3.36.0
• a6f86a0 Fix ref types in icons-react (#1394)
• See full diff in compare view

Updates @tanstack/react-virtual from 3.13.13 to 3.13.18

Release notes

Sourced from @​tanstack/react-virtual's releases.

@​tanstack/react-virtual@​3.13.18

Patch Changes

• Updated dependencies [9067574]:
  • @​tanstack/virtual-core@​3.13.18

@​tanstack/react-virtual@​3.13.17

Patch Changes

• Updated dependencies [21d9a46]:
  • @​tanstack/virtual-core@​3.13.17

@​tanstack/react-virtual@​3.13.16

Patch Changes

• Updated dependencies [db6df21]:
  • @​tanstack/virtual-core@​3.13.16

@​tanstack/react-virtual@​3.13.15

Patch Changes

• feat(react-virtual): add useFlushSync option (#1100)

  Adds a React-specific useFlushSync option to control whether flushSync is used for synchronous scroll correction during measurement.

  The default behavior remains unchanged (useFlushSync: true) to preserve the best scrolling experience. Disabling it avoids the React 19 warning about calling flushSync during render, at the cost of potentially increased visible whitespace during fast scrolling with dynamically sized items.

• Updated dependencies [5a273bf]:

  • @​tanstack/virtual-core@​3.13.15

@​tanstack/react-virtual@​3.13.14

Patch Changes

• Updated dependencies [6d9274c]:
  • @​tanstack/virtual-core@​3.13.14

Changelog

Sourced from @​tanstack/react-virtual's changelog.

3.13.18

Patch Changes

• Updated dependencies [9067574]:
  • @​tanstack/virtual-core@​3.13.18

3.13.17

Patch Changes

• Updated dependencies [21d9a46]:
  • @​tanstack/virtual-core@​3.13.17

3.13.16

Patch Changes

• Updated dependencies [db6df21]:
  • @​tanstack/virtual-core@​3.13.16

3.13.15

Patch Changes

• feat(react-virtual): add useFlushSync option (#1100)

  Adds a React-specific useFlushSync option to control whether flushSync is used for synchronous scroll correction during measurement.

  The default behavior remains unchanged (useFlushSync: true) to preserve the best scrolling experience. Disabling it avoids the React 19 warning about calling flushSync during render, at the cost of potentially increased visible whitespace during fast scrolling with dynamically sized items.

• Updated dependencies [5a273bf]:

  • @​tanstack/virtual-core@​3.13.15

3.13.14

Patch Changes

• Updated dependencies [6d9274c]:
  • @​tanstack/virtual-core@​3.13.14

Commits

• 5d6acc9 ci: Version Packages (#1113)
• c48b2ac ci: Version Packages (#1111)
• 7fd2654 ci: Version Packages (#1107)
• 0bcf14d ci: Version Packages (#1102)
• 1686256 feat(react-virtual): add useFlushSync option (#1100)
• a1d0043 ci: Version Packages (#1101)
• See full diff in compare view

Updates @types/bcryptjs from 2.4.6 to 3.0.0

Commits

• See full diff in compare view

Updates @types/react-pdf from 5.0.7 to 7.0.0

Commits

• See full diff in compare view

Updates isomorphic-dompurify from 2.33.0 to 3.0.0

Release notes

Sourced from isomorphic-dompurify's releases.

3.0.0: ESM Support + Memory Leak Fix for Long-Running Server Processes

isomorphic-dompurify v3.0.0

ESM Support

The library now ships proper ESM alongside CommonJS. Both import and require work out of the box with correct module resolution.

// ESM — now works natively
import DOMPurify, { sanitize } from "isomorphic-dompurify";
// CJS — still works
const DOMPurify = require("isomorphic-dompurify");

Memory Leak Fix for Long-Running Server Processes

New clearWindow() export that closes the internal jsdom window and creates a fresh one, preventing unbounded memory growth and progressive slowdown in long-running Node.js processes (#368).

import { sanitize, clearWindow } from "isomorphic-dompurify";
// Call clearWindow() when you want to release accumulated DOM state,
// e.g. periodically, after a batch, or per-request in a server:
app.use((req, res, next) => {
res.on("finish", () => clearWindow());
next();
});

Note: clearWindow() is a no-op in the browser build (no jsdom to manage). Any hooks or config set via addHook/setConfig will need to be re-applied after calling it.

Breaking Changes

• Named exports are now available. sanitize, addHook, removeHook, removeHooks, removeAllHooks, setConfig, clearConfig, isValidAttribute, isSupported, version, and removed are all exported directly.
• global.DOMPurify singleton removed. The library no longer writes to global.DOMPurify. Module caching provides singleton behavior in both ESM and CJS. This also fixes a security concern where malicious code could preempt the global before the module loaded (#324).
• Build output moved to dist/. Entry points are now dist/index.js (CJS), dist/index.mjs (ESM), dist/browser.js (CJS), dist/browser.mjs (ESM). The exports map handles this automatically — no changes needed for consumers using standard imports.
• Type definitions are auto-generated. The hand-written index.d.ts using export = DOMPurify is replaced by generated .d.ts and .d.mts files with proper export default and named exports.
• Node.js version constraint tightened. Now requires ^20.19.0 || ^22.12.0 || >=24.0.0 to match jsdom 28's requirements. Node 21.x, 23.x, and 22.0–22.11 are no longer supported.

Issues Fixed

• #368 — Memory leak and progressive slowdown in long-running Node.js processes
• #163 — ESM support
• #324 — Security concern with global.DOMPurify
• #353 — lru-cache ESM resolution errors in Nuxt/Nitro builds
• #350 — Build error with Astro + Cloudflare adapter
• #203 — Build error in Angular Universal

Issues Mitigated

... (truncated)

Commits

• 5b92fc4 chore: bump version to 3.0.0
• 2e6e322 chore: Updated biome config.
• 295e3a7 chore(deps-dev): bump @​biomejs/biome from 2.4.2 to 2.4.4
• 9f0e6b5 chore: bump version to 3.0.0-rc.3
• fa6b673 chore(deps): bump jsdom from 28.0.0 to 28.1.0
• f527ba7 chore: add Biome linting, lefthook pre-commit hooks, and CI lint step
• bca3171 docs: Added Playgrounds section to the readme.
• 112fd3c Merge pull request #389 from kkomelin/memory-leak
• f34f7b3 chore: untrack RELEASE_NOTES_3.0.0.md
• 4be627b fix: make removed named export delegate to current instance
• Additional commits viewable in compare view

Updates lucide-react from 0.553.0 to 0.575.0

Release notes

Sourced from lucide-react's releases.

Version 0.575.0

What's Changed

• feat(icons): added message-square-check icon by @​karsa-mistmere in lucide-icons/lucide#4076
• fix(lucide): Fix ESM Module output path in build by @​ericfennis in lucide-icons/lucide#4084
• feat(icons): added metronome icon by @​edwloef in lucide-icons/lucide#4063
• fix(icons): remove execution permission of SVG files by @​duckafire in lucide-icons/lucide#4053
• fix(icons): changed file-pen-line icon by @​jguddas in lucide-icons/lucide#3970
• feat(icons): added square-arrow-right-exit and square-arrow-right-enter icons by @​EthanHazel in lucide-icons/lucide#3958
• fix(icons): renamed flip-* to square-centerline-dashed-* by @​jguddas in lucide-icons/lucide#3945

New Contributors

• @​edwloef made their first contribution in lucide-icons/lucide#4063
• @​duckafire made their first contribution in lucide-icons/lucide#4053

Full Changelog: lucide-icons/lucide@0.573.0...0.575.0

Version 0.574.0

What's Changed

• fix(icons): changed rocking-chair icon by @​jamiemlaw in lucide-icons/lucide#3445
• fix(icons): flipped coins icon by @​jguddas in lucide-icons/lucide#3158
• feat(icons): added x-line-top icon by @​jguddas in lucide-icons/lucide#2838
• feat(icons): added mouse-left icon by @​marvfash in lucide-icons/lucide#2788
• feat(icons): added mouse-right icon by @​marvfash in lucide-icons/lucide#2787

New Contributors

• @​marvfash made their first contribution in lucide-icons/lucide#2788

Full Changelog: lucide-icons/lucide@0.572.0...0.574.0

Version 0.573.0

What's Changed

• fix(icons): changed rocking-chair icon by @​jamiemlaw in lucide-icons/lucide#3445
• fix(icons): flipped coins icon by @​jguddas in lucide-icons/lucide#3158
• feat(icons): added x-line-top icon by @​jguddas in lucide-icons/lucide#2838
• feat(icons): added mouse-left icon by @​marvfash in lucide-icons/lucide#2788
• feat(icons): added mouse-right icon by @​marvfash in lucide-icons/lucide#2787

New Contributors

• @​marvfash made their first contribution in lucide-icons/lucide#2788

Full Changelog: lucide-icons/lucide@0.572.0...0.573.0

Version 0.572.0

What's Changed

• feat(icons): added message-circle-check icon by @​Shrinks99 in lucide-icons/lucide#3770

New Contributors

• @​Shrinks99 made their first contribution in lucide-icons/lucide#3770

Full Changelog: lucide-icons/lucide@0.571.0...0.572.0

... (truncated)

Commits

• 67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
• b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
• 076e0bb chore(dependencies): Update dependencies (#3809)
• 80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lucide-react since your current version.

Updates nodemailer from 7.0.11 to 8.0.1

Release notes

Sourced from nodemailer's releases.

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)
• improve socket cleanup to prevent potential memory leaks (6069fdc)

v7.0.13

7.0.13 (2026-01-27)

Bug Fixes

• downgrade transient connection error logs to warn level (4c041db)

v7.0.12

7.0.12 (2025-12-22)

Bug Fixes

• added support for REQUIRETLS (#1793) (053ce6a)
• use 8bit encoding for message/rfc822 attachments (adf8611)

Changelog

Sourced from nodemailer's changelog.

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)
• improve socket cleanup to prevent potential memory leaks (6069fdc)

7.0.13 (2026-01-27)

Bug Fixes

• downgrade transient connection error logs to warn level (4c041db)

7.0.12 (2025-12-22)

Bug Fixes

• added support for REQUIRETLS (#1793) (053ce6a)
• use 8bit encoding for message/rfc822 attachments (adf8611)

Commits

• 1dd8eeb chore(master): release 8.0.1 (#1802)
• b7872f9 Bumped dev deps
• dc97ede fix: Add Gmail Workspace service configuration (#1787)
• 7f8dde4 fix: absorb TLS errors during socket teardown
• 381f628 fix: absorb TLS errors during socket teardown
• edac562 chore(master): release 8.0.0 (#1799)
• 4fa3c63 fix: harden DNS fallback against race conditions and cleanup issues
• e726d6f fix: add connection fallback to alternative DNS addresses
• 6069fdc fix: improve socket cleanup to prevent potential memory leaks
• 45062ce fix: centralize and standardize error codes
• Additional commits viewable in compare view

Updates pg from 8.16.3 to 8.18.0

Changelog

Sourced from pg's changelog.

pg@8.18.0

• Return the client instance as the result of calling connect (previously it was void).

pg@8.17.0

• Throw correct error if database URL parsing fails.

pg@8.16.0

• Add support for min connection pool size.

pg@8.15.0

• Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

• Add support from SCRAM-SAH-256-PLUS i.e. channel binding.

pg@8.13.0

• Add ability to specify query timeout on per-query basis.

pg@8.12.0

• Add queryMode config option to force use of the extended query protocol on queries without any parameters.

pg-pool@8.10.0

• Emit release event when client is returned to the pool.

pg@8.9.0

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

pg@8.8.0

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

pg-pool@3.5.0

• Add connection lifetime limit config option.

... (truncated)

Commits

• fc4de3c Publish
• 0d1541d Always check if activeQuery is null before using it (#3586)
• 57e93b5 Return the client instance in the connect() method (#3564)
• 5b68a11 Publish
• ea06db5 Remove node: prefix from imports (#3584)
• a3a4567 remove unused variable (#3562)
• 4eb7529 Publish
• b94c8e1 Don't use prefix import as it breaks in old nodes. (#3578)
• 6bf475c Improve Deno compatibility: config-first and safe env access (#3547)
• d10e09c Publish
• Additional commits viewable in compare view

Updates @types/pg from 8.15.6 to 8.16.0

Commits

• See full diff in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.14

Commits

• See full diff in compare view

Updates react-day-picker from 9.11.3 to 9.13.2

Release notes

Sourced from react-day-picker's releases.

v9.13.2

What's Changed

• fix(build): add correct type declaration for style.css export by @​NotNestor in gpbl/react-day-picker#2897
• fix(locale): correct Northern Sami (se) and Japanese Hiragana (ja-Hira) labels by @​gpbl in gpbl/react-day-picker#2898

New Contributors

• @​NotNestor made their first contribution in gpbl/react-day-picker#2897

Full Changelog: gpbl/react-day-picker@v9.13.1...v9.13.2

v9.13.1

Persian calendar improvements.

What's Changed

• feat: add narrow weekday format for Persian calendar by @​rezaaa in gpbl/react-day-picker#2895

New Contributors

• @​rezaaa made their first contribution in gpbl/react-day-picker#2895

Full Changelog: gpbl/react-day-picker@v9.13.0...v9.13.1

v9.13.0

This release introduces an experimental noonSafe prop to help deal with historical time zones with second offsets. See https://daypicker.dev/localization/setting-time-zone#noonsafe for more details.

What's Changed

• feat: add experimental noonSafe prop for timezone offsets by @​gpbl in gpbl/react-day-picker#2879

Full Changelog: gpbl/react-day-picker@v9.12.0...v9.13.0

v9.12.0

This release adds translated labels to built-in locales and fixes issues with array modifiers and the Hebrew calendar.

Translated Locales

DayPicker locales now ship with localized labels (e.g., “Go to next month”, “Today”), so you no longer need to supply them via labels. To use a locale:

import { es } from "react-day-picker/locale";
<DayPicker locale={es} /> // Use Spanish locale, now with translated labels.

If you previously set the labels prop for translations, you can remove it. For details on switching locales, see https://daypicker.dev/localization/changing-locale.

What's Changed

• feat: add locale-aware labels and translated locale wrappers by @​gpbl in gpbl/react-day-picker#2861
• fix: match Date[] modifiers by day by @​gpbl in gpbl/react-day-picker#2865
• fix: correct Hebrew date conversion timezone handling by @​gpbl in gpbl/react-day-picker#2870

Full Changelog: gpbl/react-day-picker@v9.11.3...v9.12.0

Changelog

Sourced from react-day-picker's changelog.

Changelog

DayPicker follows Semantic Versioning. See the Releases page on Github for the complete list of changes, diffs and contributors, or the list of versions published on npm.

v9.13.0

Release date...

Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
stormcomui	Ready	Preview, Comment	Feb 23, 2026 11:39pm

[Copilot]

Pull request overview

Updates the repository’s dependencies (notably Prisma v7 and Recharts v3) and applies related code, tooling, and documentation adjustments to keep type-checking, seeding, and subscription/UI flows working with the new versions.

Changes:

• Bump runtime/dev dependencies and adjust affected TS/React/Recharts typings.
• Introduce Prisma v7 config centralization (prisma.config.ts) and update Prisma scripts/seed flow to rely on it.
• Update docs/examples to use stricter Postgres SSL examples (sslmode=verify-full) and remove hardcoded credential-like strings.

Reviewed changes

Copilot reviewed 36 out of 38 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
typescript-errors.json	Updates saved tsc snapshot to 0 errors after dependency/type fixes.
lint-errors.json	Updates saved ESLint snapshot (currently reports failures and appears stale vs code diffs).
package.json	Bumps dependencies and revises Prisma scripts to rely on Prisma v7 config discovery.
prisma.config.ts	Adds Prisma v7 config (schema/migrations path + datasource URL via env).
prisma/schema.prisma	Removes datasource url (now sourced via prisma.config.ts) and adds a Prisma v7 migration TODO note.
prisma/seed.mjs	Switches to named imports and adds Postgres adapter wiring + dotenv loading.
prisma/studio.md	Replaces hardcoded connection strings with placeholders.
prisma/migrations/20260217000000_add_dedicated_support_subscription_plans/migration.sql	Adds missing dedicatedSupport column with IF NOT EXISTS.
scripts/seed-production.js	Updates DATABASE_URL example output to a safer placeholder format.
src/lib/subscription/billing-service.ts	Adjusts upgrade plan update payload construction; adds any escape hatch and unused destructuring workaround.
src/lib/services/product.service.ts	Refactors product Zod schemas into base + refined create schema; updates update schema to use base partial.
src/lib/services/order-processing.service.ts	Adds @ts-expect-error for Stripe apiVersion typing mismatch.
src/components/ui/enhanced-data-table.tsx	Suppresses React Compiler “incompatible library” warning for TanStack Virtual use.
src/components/ui/chart.tsx	Adds broader any typing wrappers for Recharts v3 payload/formatter typing complexity (with file-wide eslint disable).
src/components/analytics/revenue-chart.tsx	Wraps Recharts tooltip formatters to satisfy Recharts v3 typings.
src/components/product-form.tsx	Refactors watch() usage to reduce React Compiler warnings; suppresses incompatible-library lint once.
src/components/subscription/trial-expiration-guard.tsx	Converts async helpers to useCallback and adjusts effect dependencies; leaves an unused router hook.
src/components/subscription/grace-period-guard.tsx	Converts async helper to useCallback, adjusts effects/deps, and introduces deferred setTimeout calls.
src/app/payment/success/page.tsx	Removes unused session destructure from useSession().
src/app/api/subscription/extend-grace-period/route.ts	Fixes Prisma field names (performedBy, actorId) and uses ZodError.issues.
src/app/api/integrations/sslcommerz/route.ts	Replaces any casts with narrower session field casts and prefixes unused args with _.
docs/database/outdated/migrations-postgres/README.md	Updates SSL mode examples to verify-full.
docs/complete-implementations/VERCEL_DEPLOYMENT.md	Updates SSL mode examples to verify-full.
docs/complete-implementations/VALIDATION_REPORT.md	Updates SSL mode example to verify-full.
docs/complete-implementations/PRODUCTION_SEEDING.md	Updates SSL mode examples to verify-full.
docs/complete-implementations/PRODUCTION_FIX_SUMMARY.md	Updates SSL mode examples to verify-full.
docs/complete-implementations/POSTGRESQL_MIGRATION.md	Updates SSL mode examples to verify-full.
docs/complete-implementations/DEPLOYMENT_CHECKLIST.md	Updates SSL mode examples to verify-full.
docs/UNIFIED_SCHEMA_GUIDE.md	Updates SSL mode examples to verify-full.
docs/SSLCOMMERZ_QUICK_START.md	Replaces hardcoded DB URL with placeholders and verify-full.
QUICK_FIX_REFERENCE.md	Updates SSL mode example to verify-full.
POSTGRESQL_MIGRATION_COMPLETE.md	Updates SSL mode example to verify-full.
IDEMPOTENCY_KEY_IMPLEMENTATION.md	Replaces hardcoded DB URL with placeholders and verify-full.
.vscode/settings.json	Unpins Prisma extension from Prisma 6.
.github/prompts/plan-prismaV7Upgrade.prompt.md	Adds repo-specific Prisma v7 upgrade planning notes.
.env.example	Replaces real-looking URLs with placeholders and aligns examples to verify-full.

Comments suppressed due to low confidence (1)

src/lib/subscription/billing-service.ts:195

• updateData is declared as any to satisfy Prisma update typing. This drops type safety for a critical write path. Prefer typing it as Prisma.SubscriptionUpdateInput (or the specific Prisma type used by prisma.subscription.update) and build it incrementally without any/eslint suppression.

[Copilot]

Using setTimeout(..., 0) inside useEffect introduces a timer that isn't cleaned up on unmount (can lead to setState-after-unmount). setState inside useEffect is already safe; prefer calling checkGracePeriodStatus() directly, or store the timeout id and clear it in the cleanup function.

[Copilot]

This setTimeout that calls setShowModal(true) isn't cleaned up on unmount; consider removing the defer or clearing the timer in the effect cleanup to avoid updating state after unmount.

[Copilot]

updateProductSchema is now based on createProductSchemaBase.partial() and no longer includes the percentage-discount refine from createProductSchema. This allows updates that set discountType: PERCENTAGE with discountValue > 100 to pass validation. Consider re-applying the same validation via superRefine on the update schema (or another shared refinement) so create/update enforce the same constraint.

[Copilot]

useRouter() is called and assigned to _router but never used. Since the component uses window.location.reload() for the success path, consider removing the useRouter() call entirely to avoid unnecessary hook usage.

[Copilot]

This lint snapshot reports exitCode: 1 (and an eslint error in rawOutput), which suggests the PR is not lint-clean. The rawOutput also references issues (e.g. unused req, unused session/router) that no longer match the current diffs. Please re-run the lint collection step (or regenerate this file) after final code changes so it reflects the current state.

[Copilot]

PR description says nodemailer is bumped to 8.0.1, but package.json pins it to ^7.0.13. Please align the dependency change with the PR description (either update the dependency version or adjust the PR metadata/notes).

[Copilot]

File-wide /* eslint-disable @typescript-eslint/no-explicit-any */ disables type-safety checks across the entire chart module. Prefer narrowing the disable to the smallest scope (or using Recharts-provided types/generics for payload/label/formatter) so any doesn't spread through unrelated code.

[Copilot]

billingPeriodEnd is destructured (as _billingPeriodEnd) but never used. If it isn't needed for this branch, consider omitting it from the destructuring to keep the code clearer.