Skip to content

chore(deps): Bump the minor-and-patch group across 1 directory with 9 updates#9

Closed
dependabot[bot] wants to merge 16 commits into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-af824ffe65
Closed

chore(deps): Bump the minor-and-patch group across 1 directory with 9 updates#9
dependabot[bot] wants to merge 16 commits into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-af824ffe65

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown

Bumps the minor-and-patch group with 8 updates in the / directory:

Package From To
lucide-react 1.7.0 1.24.0
next 16.2.9 16.2.10
react 19.2.4 19.2.7
@types/react 19.2.14 19.2.17
react-dom 19.2.4 19.2.7
tailwind-merge 3.5.0 3.6.0
@tailwindcss/postcss 4.2.2 4.3.2
eslint-config-next 16.2.2 16.2.10

Updates lucide-react from 1.7.0 to 1.24.0

Release notes

Sourced from lucide-react's releases.

Version 1.24.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.23.0...1.24.0

Version 1.23.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.22.0...1.23.0

Version 1.22.0

What's Changed

... (truncated)

Commits
  • 5ff536e ci(release.yml): Fix workflow and remove version scripts in package scripts...
  • 07c885e fix(docs): fix zephyr-cloud URL in readmes
  • 50d8af5 docs(readme): Update readme files (#4320)
  • 653e44b feat(packages): use .mjs for ESM bundles (#4285)
  • 7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
  • See full diff in compare view

Updates next from 16.2.9 to 16.2.10

Release notes

Sourced from next's releases.

v16.2.10

Contains no changes except publishing @next/swc-wasm-web which was accidentally not published since 16.2.4.

Commits

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Changelog

Sourced from react's changelog.

19.2.7 (June 1, 2026)

React Server Components

19.2.6 (May 6, 2026)

React Server Components

19.2.5 (March 18, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates @types/react from 19.2.14 to 19.2.17

Commits

Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Changelog

Sourced from react-dom's changelog.

19.2.7 (June 1, 2026)

React Server Components

19.2.6 (May 6, 2026)

React Server Components

19.2.5 (March 18, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

Documentation

Other

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits
  • d54f7e5 v3.6.0
  • 638871a Update README to add info about Tailwind CSS v4.3 support
  • 39fc7b5 Revert "v3.6.0"
  • bd8390f v3.6.0
  • 802877c add v3.6.0 changelog
  • a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
  • 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
  • 005af6d pin to specific version
  • 5816ced implement breaking changes
  • 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
  • Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.2.2 to 4.3.2

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.3.2

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)

v4.3.1

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
  • Allow @variant to be used inside addBase (#19480)
  • Ensure @source globs with symlinks are preserved (#20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
  • Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
  • Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
  • Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)]w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
  • Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

  • Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)

... (truncated)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.3.2] - 2026-06-26

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)

[4.3.1] - 2026-06-12

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
  • Allow @variant to be used inside addBase (#19480)
  • Ensure @source globs with symlinks are preserved (#20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
  • Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
  • Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
  • Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)]w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
  • Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/postcss since your current version.


Updates @types/react from 19.2.14 to 19.2.17

Commits

Updates eslint-config-next from 16.2.2 to 16.2.10

Release notes

Sourced from eslint-config-next's releases.

v16.2.10

Contains no changes except publishing @next/swc-wasm-web which was accidentally not published since 16.2.4.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-config-next since your current version.


Updates tailwindcss from 4.2.2 to 4.3.2

Release notes

Sourced from tailwindcss's releases.

v4.3.2

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)

v4.3.1

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
  • Allow @variant to be used inside addBase (#19480)
  • Ensure @source globs with symlinks are preserved (#20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
  • Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
  • Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
  • Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)]w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
  • Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

  • Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.3.2] - 2026-06-26

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)

[4.3.1] - 2026-06-12

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139...

    Description has been truncated

rsvptr and others added 16 commits May 30, 2026 01:11
Added live app link and additional badges to README.
The repo previously tracked nothing-by-luck: node_modules, .next, and the
generated public/vendor assets were only absent because of manual uploads.
Standard Next.js ignores plus the generated ffmpeg assets, local test
fixtures, and local tooling state.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…Dependabot

- Security headers: CSP (production drops 'unsafe-eval', keeps
  'wasm-unsafe-eval' for ffmpeg.wasm), nosniff, frame-ancestors 'none',
  Referrer-Policy, COOP, minimal Permissions-Policy.
- WAV/AIFF parser hardening: chunk scanners track only the chunk IDs they
  read and stop once found (kills a chunk-flood memory DoS), explicit
  fmt/COMM bounds checks, and AIFF now rejects NaN/Infinity sample rates
  from the 80-bit float (`<= 0` let them through).
- Deterministic fuzz suite (npm run test:fuzz, seeded, ~1,360 cases) over
  every untrusted-input parser, wired into npm test; parseFlacStreamInfo
  exported for direct fuzzing of the main-thread parser.
- ffmpeg.wasm assets verified against pinned SHA-256 hashes at build time;
  a substituted @ffmpeg/core fails the build with forensic output.
- Dependabot for npm + actions.
- Dependency fixes: Next.js 16.2.2 -> 16.2.9 (high-severity advisories),
  plus brace-expansion/postcss; remaining postcss-in-next moderates are
  build-time only and documented in SECURITY.md.
- SECURITY.md documents the threat model, protections, and accepted risks.
- Test-audio generators for large-batch and a-law (ffmpeg-path) fixtures.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…n store

- Session imports are rebuilt field-by-field from a whitelist (type checks,
  length/count caps, scheme-checked URLs) instead of trusting parsed JSON;
  malformed entries can no longer crash React (objects in notes), break
  exports (strings where numbers belong), or balloon memory.
- normalizeSessionJob extracted so untrusted session files and persisted
  live-session records share one hardened validation path.
- New IndexedDB live-session store: completed results auto-persist and are
  restored (view-only) after a refresh; records are re-validated on load.
- AnalysisJob gains session-local startedAtMs/finishedAtMs timing and a
  restored flag.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Replaces the single sequential decoder/analyzer pair with a pool of
independent lanes (decoder+analyzer worker pair each, one job per lane):

- Lane count adapts to the device: up to 6 on 8GB+/many-core desktops,
  1-2 on phones and low-memory devices, user-overridable (auto/1/2/4).
- Very large files run alone (256 MB desktop / 96 MB constrained) so peak
  memory stays bounded by one decoded file; idle lanes (and any lazily
  loaded ffmpeg heaps) tear down after 45s of quiet.
- Canceling or removing a job resets only its own lane, never a neighbour.
- Decoder workers read the File handle themselves, so the main thread
  never holds a copy of a large file.
- The analyzer reports real measurement progress; job progress is mapped,
  throttled, and clamped monotonic per run (decode fallback paths used to
  yank the bar from 78% to 42% or 46% to 3%).
- Completed results autosave to the live-session store and restore on
  load; a screen wake lock and a beforeunload guard protect running
  batches; sessions restore after refresh with a notice.
- Intake capped at 2000 files per add; enqueue returns the accepted count.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Native <select> popups get explicit themed option colors: Windows
  Chromium painted the option list on a light background while options
  inherited the dark theme's near-white text, making the Sort/reference/
  decode dropdowns unreadable.
- Mobile: safe-area insets, 44px touch targets and 16px form-control text
  on coarse pointers (stops iOS focus-zoom), touch-action manipulation,
  and pan-y on uPlot overlays so charts stop trapping page scroll.
- Explicit viewport (viewport-fit=cover) with cookie-matched theme-color,
  and a pre-paint inline script so OS-light first-time visitors no longer
  see a dark flash before their preference applies.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Drag & drop is owned by the always-mounted workbench: dropping a file on
  the session screen used to navigate the browser away and destroy the
  in-memory session. Drops now work on every screen with an overlay, and
  dropped folders are scanned for audio (capped traversal).
- Sticky toolbar shows live batch progress with a rough time-remaining
  estimate; per-file processing time appears in the inspector; restored
  jobs are badged.
- Parallel-files control (auto/1/2/4) in Advanced Options, persisted;
  secure flag on the theme cookie over https.
- Keyboard shortcuts: "/" focuses queue search, Ctrl/Cmd+O opens the file
  picker. Compact toolbar and 2-up summary tiles on phones; charts fit
  narrow screens.
- Timestamped export filenames so repeated exports stop overwriting;
  adding only unsupported files no longer routes to an empty session.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…posture

Updates the architecture, large-library, history/session, privacy, and
limitations sections for parallel lanes, automatic session restore, folder
drops, and the wake-lock behavior; adds a Security section linking to
SECURITY.md and documents the six-harness test suite including the fuzzer.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…the core

0.12.10 ships byte-identical UMD assets to the reviewed 0.12.9 (verified by
hashing a fresh npm pack of the release), so it is pinned with the same
hashes. @ffmpeg/core is excluded from Dependabot's grouped updates: any bump
fails the integrity gate until a human reviews and re-pins, so automated
proposals for it can only ever produce red builds. Core updates are now
deliberate, manual events.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Every push and PR: install (runs the ffmpeg integrity check), lint, all
six validation suites including the fuzzer, production build, and
npm audit failing on high-severity advisories.

Kept as a separate commit: pushing workflow files requires a credential
with the GitHub `workflow` scope.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Analysis exports (CSV/JSON/Markdown) were already timestamped, but the
session export still downloaded as a fixed truepeak-session.truepeak.json,
silently overwriting earlier saves. Session files now follow the same
truepeak-session-YYYYMMDD-HHMMSS.truepeak.json pattern via a shared
fileNameTimestamp helper, the suites assert the unique-name patterns for
both export kinds, and the README's stale static filenames are corrected.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…lback

Findings from a final three-way adversarial review pass:

- The Parallel files hint described Auto behavior while a fixed count was
  selected; it now states the fixed count and how to return to Auto.
- README still claimed "up to 4" parallel lanes (the high-memory auto cap
  has been 6 since the lanes landed) and called the restore storage
  "local storage"; corrected to 6 and IndexedDB.
- Live-session autosave marked results as persisted before the IndexedDB
  transaction committed, so a quota-aborted write was never retried and
  those results silently missed the next restore. Writes now report
  commit status and failed batches roll their bookkeeping back to retry
  on the next change.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Same conventions as the README — centered badge header, honest Note up
front, contents list, sentence-case sections, tables for enumerable facts,
a mermaid diagram of the untrusted-input layers, and a check-it-yourself
command block. Adds the enforced input caps, the full header table with
what each one prevents, a what-is-stored-where table, the supply-chain
ritual, and the CI/fuzz verification story. Every number and claim
verified against the source.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The README was written without dash punctuation and with open compounds
(true peak, measure only, view only), and later edits drifted from that.
This pass removes every em dash, rewrites hyphenated compounds in prose
(view only, third party, a desktop with plenty of memory), and trades the
remaining showy phrasing for plain statements, in both README.md and
SECURITY.md. Hyphens now appear only inside technical names like header
fields, file patterns, and command flags. No facts changed.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
… updates

Bumps the minor-and-patch group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.7.0` | `1.24.0` |
| [next](https://github.com/vercel/next.js) | `16.2.9` | `16.2.10` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.7` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.17` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.7` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.2` | `4.3.2` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.2.2` | `16.2.10` |



Updates `lucide-react` from 1.7.0 to 1.24.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.24.0/packages/lucide-react)

Updates `next` from 16.2.9 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v16.2.9...v16.2.10)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `@types/react` from 19.2.14 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `tailwind-merge` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0)

Updates `@tailwindcss/postcss` from 4.2.2 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-postcss)

Updates `@types/react` from 19.2.14 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `eslint-config-next` from 16.2.2 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.10/packages/eslint-config-next)

Updates `tailwindcss` from 4.2.2 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 1.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: next
  dependency-version: 16.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwind-merge
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: eslint-config-next
  dependency-version: 16.2.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 10, 2026
@vercel

vercel Bot commented Jul 10, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
truepeak Ready Ready Preview, Comment Jul 10, 2026 2:36pm

@dependabot @github

dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/minor-and-patch-af824ffe65 branch July 11, 2026 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant