Bump the production-dependencies group across 1 directory with 21 updates by dependabot[bot] · Pull Request #8 · yunbow/next-app-note

dependabot · 2026-05-24T19:46:58Z

Bumps the production-dependencies group with 21 updates in the / directory:

Package	From	To
@auth/prisma-adapter	`2.11.1`	`2.11.2`
@aws-sdk/client-s3	`3.1043.0`	`3.1053.0`
@hocuspocus/provider	`4.0.0`	`4.1.0`
@hocuspocus/server	`4.0.0`	`4.1.0`
@hookform/resolvers	`5.2.2`	`5.4.0`
@prisma/client	`6.19.2`	`7.8.0`
@tanstack/react-query	`5.90.21`	`5.100.14`
date-fns	`4.1.0`	`4.3.0`
dompurify	`3.3.2`	`3.4.5`
@types/dompurify	`3.0.5`	`3.2.0`
lucide-react	`0.574.0`	`1.16.0`
marked	`17.0.4`	`18.0.4`
next	`16.1.6`	`16.2.6`
next-auth	`5.0.0-beta.30`	`5.0.0-beta.31`
nodemailer	`7.0.13`	`8.0.8`
react	`19.2.4`	`19.2.6`
react-dom	`19.2.4`	`19.2.6`
react-hook-form	`7.71.2`	`7.76.1`
stripe	`20.4.1`	`22.1.1`
tailwind-merge	`3.5.0`	`3.6.0`
zod	`4.3.6`	`4.4.3`

Updates @auth/prisma-adapter from 2.11.1 to 2.11.2

Release notes

Sourced from @auth/prisma-adapter's releases.

@auth/prisma-adapter@2.11.2

Other

@auth/core: dependency update (67f2b168)

Commits

af9daa8 chore(release): bump package version(s) [skip ci]
d4dab3d chore: sync package versions with npm registry (#13414)
8a23c5b chore: fix lockfile (#13411)
2018202 docs: fix TypeScript type mismatch in refresh token rotation example (#13396)
0eba7e4 adapter-kysely: Update kysely for CVE-2026-33468 (#13407)
67f2b16 fix(providers): add issuer to GitHub provider for RFC 9207 compliance (#13410)
f457068 docs: update middleware.ts references to proxy.ts for Next.js 16 (#13373)
c7c2cfa docs: update Better Auth migration guide (#13334)
b4ef14a chore(release): bump version [skip ci]
See full diff in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for @auth/prisma-adapter since your current version.

Updates @aws-sdk/client-s3 from 3.1043.0 to 3.1053.0

Release notes

Sourced from @aws-sdk/client-s3's releases.

v3.1053.0

3.1053.0(2026-05-22)

Documentation Changes

client-gameliftstreams: Added new Gen6 stream classes based on the EC2 G6e instance family. These classes are designed for streaming high-fidelity, graphically demanding games and applications that benefit from additional GPU memory and performance. (bf88fa50)

New Features

clients: update client endpoints as of 2026-05-22 (3518814a)

client-appconfig: Adding new BDD representation of endpoint ruleset (e757a915)

client-repostspace: Adding new BDD representation of endpoint ruleset (15fec74b)

client-ivs-realtime: Adding new BDD representation of endpoint ruleset (adeea78b)

client-cloudcontrol: Adding new BDD representation of endpoint ruleset (2e7ef3bf)

client-tnb: Adding new BDD representation of endpoint ruleset (f07457cb)

client-sso-oidc: Adding new BDD representation of endpoint ruleset (2e909d25)

client-s3vectors: Adding new BDD representation of endpoint ruleset (4071f1a4)

client-internetmonitor: Adding new BDD representation of endpoint ruleset (117e04a9)

client-freetier: Adding new BDD representation of endpoint ruleset (e3cf14a2)

client-oam: Adding new BDD representation of endpoint ruleset (5a30b722)

client-forecastquery: Adding new BDD representation of endpoint ruleset (ada5ae32)

client-customer-profiles: Adding new BDD representation of endpoint ruleset (9de89c10)

client-migration-hub-refactor-spaces: Adding new BDD representation of endpoint ruleset (a4e5e7ba)

client-controltower: Adding new BDD representation of endpoint ruleset (b99b7a18)

client-databrew: Adding new BDD representation of endpoint ruleset (4a1bcdb9)

client-b2bi: Adding new BDD representation of endpoint ruleset (66bb63d1)

client-simspaceweaver: Adding new BDD representation of endpoint ruleset (c6617b6d)

client-emr-containers: Adding new BDD representation of endpoint ruleset (e99cccbd)

client-bcm-recommended-actions: Adding new BDD representation of endpoint ruleset (45477f08)

client-forecast: Adding new BDD representation of endpoint ruleset (5964d82b)

client-neptunedata: Adding new BDD representation of endpoint ruleset (418745d5)

client-qconnect: Added guardrail assessment results to inference spans in the ListSpans API. You can now see which AI Guardrail policies were evaluated, whether content was blocked or masked, and per-policy details for each Bedrock Converse call (0213a862)

client-bcm-pricing-calculator: Adding new BDD representation of endpoint ruleset (69e44c0d)

client-panorama: Adding new BDD representation of endpoint ruleset (d227732b)

client-license-manager-user-subscriptions: Adding new BDD representation of endpoint ruleset (7fd5d202)

client-partnercentral-account: Adding new BDD representation of endpoint ruleset (ad88edbb)

client-schemas: Adding new BDD representation of endpoint ruleset (d8835cfc)

client-pi: Added ListPerformanceAnalysisReportRecommendations API to retrieve recommendations for a performance analysis report. Added analysis configuration support to CreatePerformanceAnalysisReport for enhanced analysis types such as vacuum analysis. (b09c19bf)

client-outposts: Adding new BDD representation of endpoint ruleset (6e7917a6)

client-frauddetector: Adding new BDD representation of endpoint ruleset (9c130d58)

client-network-firewall: Adding new BDD representation of endpoint ruleset (963a1286)

client-geo-places: Adding new BDD representation of endpoint ruleset (965ac97a)

client-sesv2: Adding new BDD representation of endpoint ruleset (6f1bd2e8)

client-bedrock-agent-runtime: Adding new BDD representation of endpoint ruleset (7ac37e3a)

client-rbin: Adding new BDD representation of endpoint ruleset (5e73fd45)

client-codestar-notifications: Adding new BDD representation of endpoint ruleset (d95ca14c)

client-application-signals: Adding new BDD representation of endpoint ruleset (38a20bfa)

client-ec2: The ModifyInstanceAttribute API now supports modification of EnclaveOptions for the instance as a typed parameter. (bc91aa62)

client-marketplace-discovery: Adding new BDD representation of endpoint ruleset (45132960)

client-notificationscontacts: Adding new BDD representation of endpoint ruleset (e9ca97ab)

... (truncated)

Changelog

Sourced from @aws-sdk/client-s3's changelog.

3.1053.0 (2026-05-22)

Note: Version bump only for package @aws-sdk/client-s3

3.1052.0 (2026-05-21)

Note: Version bump only for package @aws-sdk/client-s3

3.1051.0 (2026-05-20)

Note: Version bump only for package @aws-sdk/client-s3

3.1050.0 (2026-05-19)

Note: Version bump only for package @aws-sdk/client-s3

3.1049.0 (2026-05-18)

Bug Fixes

client-sts: update imports to new module locations (#8025) (be183b6)

3.1048.0 (2026-05-15)

Note: Version bump only for package @aws-sdk/client-s3

... (truncated)

Commits

ef69ea6 Publish v3.1053.0
443d6be Publish v3.1052.0
0d6242d chore(codegen): update @smithy dependencies (#8038)
b825c13 Publish v3.1051.0
bdc9fc6 Publish v3.1050.0
04d52f3 Publish v3.1049.0
be183b6 fix(client-sts): update imports to new module locations (#8025)
313813d Publish v3.1048.0
1af9047 chore(codegen): updated import sources for aws-sdk core (#8015)
eabae7d chore(codegen): sync for browser bundle fixes (#8022)
Additional commits viewable in compare view

Updates @hocuspocus/provider from 4.0.0 to 4.1.0

Release notes

Sourced from @hocuspocus/provider's releases.

v4.1.0

What's Changed

feat(server): add beforeHandleAwareness hook by @dschmidt in ueberdosis/hocuspocus#1096

fix(server): wrap awareness origin as TransactionOrigin by @dschmidt in ueberdosis/hocuspocus#1094

New Contributors

@dschmidt made their first contribution in ueberdosis/hocuspocus#1094

Full Changelog: ueberdosis/hocuspocus@v4.0.0...v4.1.0

Changelog

Sourced from @hocuspocus/provider's changelog.

4.1.0 (2026-05-20)

Bug Fixes

server: wrap awareness origin as TransactionOrigin (#1094) (bb24de0)

Features

server: add beforeHandleAwareness hook (#1096) (1597da8)

Commits

702ec72 v4.1.0
86b9fe6 chore: remove ws package from provider (#1098)
1597da8 feat(server): add beforeHandleAwareness hook (#1096)
bbabe6b build(deps): bump next from 16.2.3 to 16.2.6 (#1093)
bb24de0 fix(server): wrap awareness origin as TransactionOrigin (#1094)
3fb1c63 build(deps): bump hono from 4.12.14 to 4.12.18 (#1092)
c9cc578 chore: inline esm-only deps (crossws) so cjs-only module loaders work fine
See full diff in compare view

Updates @hocuspocus/server from 4.0.0 to 4.1.0

Release notes

Sourced from @hocuspocus/server's releases.

v4.1.0

What's Changed

feat(server): add beforeHandleAwareness hook by @dschmidt in ueberdosis/hocuspocus#1096

fix(server): wrap awareness origin as TransactionOrigin by @dschmidt in ueberdosis/hocuspocus#1094

New Contributors

@dschmidt made their first contribution in ueberdosis/hocuspocus#1094

Full Changelog: ueberdosis/hocuspocus@v4.0.0...v4.1.0

Changelog

Sourced from @hocuspocus/server's changelog.

4.1.0 (2026-05-20)

Bug Fixes

server: wrap awareness origin as TransactionOrigin (#1094) (bb24de0)

Features

server: add beforeHandleAwareness hook (#1096) (1597da8)

Commits

702ec72 v4.1.0
86b9fe6 chore: remove ws package from provider (#1098)
1597da8 feat(server): add beforeHandleAwareness hook (#1096)
bbabe6b build(deps): bump next from 16.2.3 to 16.2.6 (#1093)
bb24de0 fix(server): wrap awareness origin as TransactionOrigin (#1094)
3fb1c63 build(deps): bump hono from 4.12.14 to 4.12.18 (#1092)
c9cc578 chore: inline esm-only deps (crossws) so cjs-only module loaders work fine
See full diff in compare view

Updates @hookform/resolvers from 5.2.2 to 5.4.0

Release notes

Sourced from @hookform/resolvers's releases.

v5.4.0

5.4.0 (2026-05-21)

Features

feat: add ata-validator resolver (#845)

Fixes

fix issue with toNestErrors.ts (#848)

add guidance on passing context to yupResolver (useForm context) (#835) (3d29924)

Commits

3d29924 feat: add guidance on passing context to yupResolver (useForm context) (#835)
56b68f3 feat: 5.3.0
cf8562d update readme on ata-validator
5e5b610 fix issue with toNestErrors.ts (#848)
72aacf8 Revise supported versions in SECURITY.md
ad89a20 feat: add ata-validator resolver (#845)
02286db ci: updated publish workflow to use node 24 (#838)
2e9bc7c Fix(zodResolver): error paths in complex unions #787 (#819)
See full diff in compare view

Updates @prisma/client from 6.19.2 to 7.8.0

Release notes

Sourced from @prisma/client's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804

Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806

Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)

Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)

Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)

Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799

Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

@prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits

62b44ac chore(deps): update engines to 7.8.0-5.e96eae70cf4ade6a15d7e6064d5b0b4f7d835d...
4104864 feat: add a query plan cache size parameter (#29503)
723ba7b chore(deps): update engines to 7.8.0-4.8c287008617e9b12f313df99e2c821ae61ea9a...
cadbafe chore(deps): update engines to 7.8.0-2.3187e3937290320ba3c7dbd5aa94af67942b44...
f705533 chore(deps): update engines to 7.8.0-1.7b80cc56c645c6e03c7541474e6a7c8d91b70d...
fbab4e8 Fix 29271 (#29303)
6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
30f0af6 feat: dmmf streaming with an E2E test (#29377)
14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
Additional commits viewable in compare view

Updates @tanstack/react-query from 5.90.21 to 5.100.14

Release notes

Sourced from @tanstack/react-query's releases.

@tanstack/react-query-devtools@5.100.14

Patch Changes

Updated dependencies [ed20b6d]:

@tanstack/react-query@5.100.14

@tanstack/query-devtools@5.100.14

@tanstack/react-query-next-experimental@5.100.14

Patch Changes

Updated dependencies [ed20b6d]:

@tanstack/react-query@5.100.14

@tanstack/react-query-persist-client@5.100.14

Patch Changes

Updated dependencies [ed20b6d]:

@tanstack/react-query@5.100.14

@tanstack/query-persist-client-core@5.100.14

@tanstack/react-query@5.100.14

Patch Changes

fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

Updated dependencies []:

@tanstack/query-core@5.100.14

@tanstack/react-query-devtools@5.100.13

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.13

@tanstack/react-query@5.100.13

@tanstack/react-query-next-experimental@5.100.13

Patch Changes

Updated dependencies []:

@tanstack/react-query@5.100.13

@tanstack/react-query-persist-client@5.100.13

Patch Changes

Updated dependencies []:

@tanstack/query-persist-client-core@5.100.13

@tanstack/react-query@5.100.13

@tanstack/react-query@5.100.13

Patch Changes

... (truncated)

Changelog

Sourced from @tanstack/react-query's changelog.

5.100.14

Patch Changes

fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

Updated dependencies []:

@tanstack/query-core@5.100.14

5.100.13

Patch Changes

Updated dependencies [d423168]:

@tanstack/query-core@5.100.13

5.100.12

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.12

5.100.11

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.11

5.100.10

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.10

5.100.9

Patch Changes

Updated dependencies [fcee7bd]:

@tanstack/query-core@5.100.9

5.100.8

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.8

... (truncated)

Commits

ba6e7be ci: Version Packages (#10767)
ed20b6d fix(react): do not go into optimistic fetching state when not subscribed (#10...
05cf2bc ci: Version Packages (#10758)
d423168 fix(query-core): use built-in NoInfer for generic indexed-access types (#10593)
5ff4f69 ci: Version Packages (#10755)
3e85350 ci: Version Packages (#10706)
9d2692c ci: Version Packages (#10695)
74fa05e chore(tsconfig.json): narrow 'include' pattern to prevent TS6053 race conditi...
8c3d523 ci: Version Packages (#10630)
9800c8f ci: Version Packages (#10623)
Additional commits viewable in compare view

Updates date-fns from 4.1.0 to 4.3.0

Release notes

Sourced from date-fns's releases.

v4.3.0

Kudos to @ImRodry and @puneetdixit200 for their contributions.

Fixed

Fixed missing modularized optimization fallback (for Next.js and others). See #4193.

Fixed pt locale first day of week to be Sunday. See #4195 by @ImRodry.

Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #4194 by @puneetdixit200.

v4.2.1

Fixed

Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Commits

f95bcf1 (docs): Add missing tsx dependency
baaca11 Add //pkgs/core:release/docs task
8aa0373 Update docs website secrets location in scripts
c7ad6eb Promote to v4.3.0
da8c548 Add change log entry for Chinese locale fix (#4194)
f8d8fa8 Split Chinese locale tests (#4194)
b9c5865 Fix Chinese locale month parsing (#4194)
39d1e14 Add pt fix change log entry (#4195)
f3f1963 Fix pt locale first day of week to be Sunday (#4195)
cd6ebda Add basic AGENTS.md
Additional commits viewable in compare view

Updates dompurify from 3.3.2 to 3.4.5

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.5

Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

Added the selectedcontent element to default allow-list, thanks @lukewarlow

Added the command and commandfor attributes to default allowed-list, thanks @lukewarlow

Added better template scrubbing for IN_PLACE operations, thanks @DEMON1A

Added stronger checks for cross-realm windows, thanks @DEMON1A & @fg0x0

Updated demo website and made sure it uses the latest from main

Updated existing workflows, fuzzer, dependabot, etc., added more tests

Bumped several dependencies where possible

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

DOMPurify 3.4.3

Fixed an issue with handling of nested Shadow DOM trees, thanks @fishjojo1

Fixed the template regexes to be more robust against ReDoS attacks, thanks @aleung27

Updated the node iteration code to catch more Shadow DOM related issues

Updated Playwright and added Node 26 to test matrix

Updated existing workflows, fuzzer, release signing, etc., added more tests

Bumped several dependencies where possible

DOMPurify 3.4.2

Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @nelstrom

Fixed an issue with source maps referring to non-existing files, thanks @cmdcolin

Updated existing workflows, fuzzer, release signing, etc., added more tests

Bumped several dependencies where possible

DOMPurify 3.4.1

Fixed an issue with on-handler stripping for HTML-spec-reserved custom element names (font-face, color-profile, missing-glyph, font-face-src, font-face-uri, font-face-format, font-face-name) under permissive CUSTOM_ELEMENT_HANDLING

Fixed a case-sensitivity gap in the annotation-xml check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode

Fixed SANITIZE_NAMED_PROPS repeatedly prefixing already-prefixed id and name values on subsequent sanitization

Fixed the IN_PLACE root-node check to explicitly guard against non-string nodeName (DOM-clobbering robustness)

Removed a duplicate slot entry from the default HTML attribute allow-list

Strengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for SANITIZE_NAMED_PROPS, and a negative-control assertion ensuring the invariants actually fire

Added regression and pinning tests covering the above fixes and two accepted-behavior contracts (SAFE_FOR_TEMPLATES greedy scrub, hook-added attribute handling)

Extended CodeQL analysis to run on 3.x and 2.x maintenance branches

DOMPurify 3.4.0

Most relevant changes:

Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @kodareef5

Fixed several minor problems and typos regarding MathML attributes, thanks @DavidOliver

Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @1Jesper1

Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @bencalif

Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @trace37labs

Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @eddieran

Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @christos-eth

... (truncated)

Commits

011b0c7 release: 3.4.5 (#1382)
5817ad9 release: 3.4.4 (#1374)
520edb0 release: 3.4.3 (#1352)
6f67fd3 Sync/3.4.2 (#1322)
5b0cdbb chore: merge main into 3.x for 3.4.1 release (#1301)
09f5911 test: added three more browsers to test setup (OSX, mobile)
5b16e0b Getting 3.x branch ready for 3.4.0 release (#1250)
8bcbf73 chore: Preparing 3.3.3 release
5faddd6 fix: engine requirement (#1210)
0f91e3a Update README.md
Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @types/dompurify from 3.0.5 to 3.2.0

Commits

See full diff in compare view

Updates lucide-react from 0.574.0 to 1.16.0

Release notes

Sourced from lucide-react's releases.

Version 1.16.0

What's Changed

feat(icons): added blender icon by @rrod497 in lucide-icons/lucide#3884

Full Changelog: lucide-icons/lucide@1.15.0...1.16.0

Version 1.15.0

What's Changed

fix: remove 'less' from brand stopwords by @jguddas in lucide-icons/lucide#4331

fix(@lucide/vue): Clone slots before passing to icon by @axtho in lucide-icons/lucide#4339

fix(icons): changed text-cursor icon by @jamiemlaw in lucide-icons/lucide#4340

fix(icons): changed landmark icon by @jamiemlaw in lucide-icons/lucide#4334

chore(deps-dev): bump nitropack from 2.13.1 to 2.13.4 by @dependabot[bot] in lucide-icons/lucide#4352

chore(deps-dev): bump simple-git from 3.33.0 to 3.36.0 by @dependabot[bot] in lucide-icons/lucide#4349

fix(icons): changed candy-cane icon by @jguddas in lucide-icons/lucide#4148

fix(icons): changed volleyball icon by @jamiemlaw in lucide-icons/lucide#4338

fix(icons): changed chart-no-axes-combined icon by @jguddas in lucide-icons/lucide#3567

feat(icon): added broccoli icon by @swastik7805 in lucide-icons/lucide#4263

chore(site): Updates to site and updated carbon ads by @ericfennis in lucide-icons/lucide#4359

feat(icons): added sticky note variants by @Barakudum in lucide-icons/lucide#4348

chore(deps-dev): bump astro from 6.1.6 to 6.1.10 by @dependabot[bot] in lucide-icons/lucide#4361

New Contributors

@axtho made their first contribution in lucide-icons/lucide#4339

@Barakudum made their first contribution in lucide-icons/lucide#4348

Full Changelog: lucide-icons/lucide@1.14.0...1.15.0

Version 1.14.0

What's Changed

feat(icons): added repeat-off icon by @jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

fix(docs): sync URL params with UI state on categories page by @taimar in lucide-icons/lucide#4111

feat(icons): add waves-vertical icon by @jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

feat(icon): add folder-bookmark icon by @swastik7805 in lucide-icons/lucide#4262

docs(readme): Update readme files by @ericfennis in lucide-icons/lucide#4320

feat(icons): added astroid icon by @whoisBugsbunny in lucide-icons/lucide#4217

... (truncated)

Commits

07c885e fix(docs): fix zephyr-cloud URL in readmes
50d8af5 docs(readme): Update readme files (#4320)
653e44b feat(packages): use .mjs for ESM bundles (#4285)
7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
dada0a8 fix(lucide-react): Fix dynamic imports (#4210)

…ates Bumps the production-dependencies group with 21 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@auth/prisma-adapter](https://github.com/nextauthjs/next-auth) | `2.11.1` | `2.11.2` | | [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1043.0` | `3.1053.0` | | [@hocuspocus/provider](https://github.com/ueberdosis/hocuspocus) | `4.0.0` | `4.1.0` | | [@hocuspocus/server](https://github.com/ueberdosis/hocuspocus) | `4.0.0` | `4.1.0` | | [@hookform/resolvers](https://github.com/react-hook-form/resolvers) | `5.2.2` | `5.4.0` | | [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `6.19.2` | `7.8.0` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.90.21` | `5.100.14` | | [date-fns](https://github.com/date-fns/date-fns) | `4.1.0` | `4.3.0` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.2` | `3.4.5` | | [@types/dompurify](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/dompurify) | `3.0.5` | `3.2.0` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.574.0` | `1.16.0` | | [marked](https://github.com/markedjs/marked) | `17.0.4` | `18.0.4` | | [next](https://github.com/vercel/next.js) | `16.1.6` | `16.2.6` | | [next-auth](https://github.com/nextauthjs/next-auth) | `5.0.0-beta.30` | `5.0.0-beta.31` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.13` | `8.0.8` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.6` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.6` | | [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.71.2` | `7.76.1` | | [stripe](https://github.com/stripe/stripe-node) | `20.4.1` | `22.1.1` | | [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` | | [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` | Updates `@auth/prisma-adapter` from 2.11.1 to 2.11.2 - [Release notes](https://github.com/nextauthjs/next-auth/releases) - [Commits](https://github.com/nextauthjs/next-auth/compare/@auth/prisma-adapter@2.11.1...@auth/prisma-adapter@2.11.2) Updates `@aws-sdk/client-s3` from 3.1043.0 to 3.1053.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/clients/client-s3) Updates `@hocuspocus/provider` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/ueberdosis/hocuspocus/releases) - [Changelog](https://github.com/ueberdosis/hocuspocus/blob/main/CHANGELOG.md) - [Commits](ueberdosis/hocuspocus@v4.0.0...v4.1.0) Updates `@hocuspocus/server` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/ueberdosis/hocuspocus/releases) - [Changelog](https://github.com/ueberdosis/hocuspocus/blob/main/CHANGELOG.md) - [Commits](ueberdosis/hocuspocus@v4.0.0...v4.1.0) Updates `@hookform/resolvers` from 5.2.2 to 5.4.0 - [Release notes](https://github.com/react-hook-form/resolvers/releases) - [Commits](react-hook-form/resolvers@v5.2.2...v5.4.0) Updates `@prisma/client` from 6.19.2 to 7.8.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/client) Updates `@tanstack/react-query` from 5.90.21 to 5.100.14 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.100.14/packages/react-query) Updates `date-fns` from 4.1.0 to 4.3.0 - [Release notes](https://github.com/date-fns/date-fns/releases) - [Commits](date-fns/date-fns@v4.1.0...v4.3.0) Updates `dompurify` from 3.3.2 to 3.4.5 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.2...3.4.5) Updates `@types/dompurify` from 3.0.5 to 3.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/dompurify) Updates `lucide-react` from 0.574.0 to 1.16.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.16.0/packages/lucide-react) Updates `marked` from 17.0.4 to 18.0.4 - [Release notes](https://github.com/markedjs/marked/releases) - [Commits](markedjs/marked@v17.0.4...v18.0.4) Updates `next` from 16.1.6 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.1.6...v16.2.6) Updates `next-auth` from 5.0.0-beta.30 to 5.0.0-beta.31 - [Release notes](https://github.com/nextauthjs/next-auth/releases) - [Commits](https://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.30...next-auth@5.0.0-beta.31) Updates `nodemailer` from 7.0.13 to 8.0.8 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v7.0.13...v8.0.8) Updates `react` from 19.2.4 to 19.2.6 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react) Updates `react-dom` from 19.2.4 to 19.2.6 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom) Updates `react-hook-form` from 7.71.2 to 7.76.1 - [Release notes](https://github.com/react-hook-form/react-hook-form/releases) - [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md) - [Commits](react-hook-form/react-hook-form@v7.71.2...v7.76.1) Updates `stripe` from 20.4.1 to 22.1.1 - [Release notes](https://github.com/stripe/stripe-node/releases) - [Changelog](https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md) - [Commits](stripe/stripe-node@v20.4.1...v22.1.1) Updates `tailwind-merge` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0) Updates `zod` from 4.3.6 to 4.4.3 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v4.3.6...v4.4.3) --- updated-dependencies: - dependency-name: "@auth/prisma-adapter" dependency-version: 2.11.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@aws-sdk/client-s3" dependency-version: 3.1053.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@hocuspocus/provider" dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@hocuspocus/server" dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@hookform/resolvers" dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@prisma/client" dependency-version: 7.8.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@tanstack/react-query" dependency-version: 5.100.14 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: date-fns dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: dompurify dependency-version: 3.4.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@types/dompurify" dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: lucide-react dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: marked dependency-version: 18.0.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: next-auth dependency-version: 5.0.0-beta.31 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: nodemailer dependency-version: 8.0.8 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: react dependency-version: 19.2.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: react-dom dependency-version: 19.2.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: react-hook-form dependency-version: 7.76.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: stripe dependency-version: 22.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: tailwind-merge dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: zod dependency-version: 4.4.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-31T19:45:11Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 24, 2026

dependabot Bot closed this May 31, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/production-dependencies-a9b1f551fe branch May 31, 2026 19:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the production-dependencies group across 1 directory with 21 updates#8

Bump the production-dependencies group across 1 directory with 21 updates#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-a9b1f551fe

dependabot Bot commented on behalf of github May 24, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

@​auth/prisma-adapter@​2.11.2

Other

v3.1053.0

3.1053.0(2026-05-22)

Documentation Changes

New Features

3.1053.0 (2026-05-22)

3.1052.0 (2026-05-21)

3.1051.0 (2026-05-20)

3.1050.0 (2026-05-19)

3.1049.0 (2026-05-18)

Bug Fixes

3.1048.0 (2026-05-15)

v4.1.0

What's Changed

New Contributors

4.1.0 (2026-05-20)

Bug Fixes

Features

v4.1.0

What's Changed

New Contributors

4.1.0 (2026-05-20)

Bug Fixes

Features

v5.4.0

5.4.0 (2026-05-21)

Features

Fixes

7.8.0

Highlights

ORM

Features

Bug Fixes

Open roles at Prisma

Enterprise support

7.7.0

@​tanstack/react-query-devtools@​5.100.14

Patch Changes

@​tanstack/react-query-next-experimental@​5.100.14

Patch Changes

@​tanstack/react-query-persist-client@​5.100.14

Patch Changes

@​tanstack/react-query@​5.100.14

Patch Changes

@​tanstack/react-query-devtools@​5.100.13

Patch Changes

@​tanstack/react-query-next-experimental@​5.100.13

Patch Changes

@​tanstack/react-query-persist-client@​5.100.13

Patch Changes

@​tanstack/react-query@​5.100.13

Patch Changes

5.100.14

Patch Changes

5.100.13

Patch Changes

5.100.12

Patch Changes

5.100.11

Patch Changes

5.100.10

Patch Changes

5.100.9

Patch Changes

5.100.8

Patch Changes

v4.3.0

Fixed

v4.2.1

Fixed

v4.2.0

Changed

DOMPurify 3.4.5

DOMPurify 3.4.4

DOMPurify 3.4.3

DOMPurify 3.4.2

dependabot Bot commented on behalf of github May 24, 2026 •

edited

Loading

`@auth/prisma-adapter@2`.11.2

`@tanstack/react-query-devtools@5`.100.14

`@tanstack/react-query-next-experimental@5`.100.14

`@tanstack/react-query-persist-client@5`.100.14

`@tanstack/react-query@5`.100.14

`@tanstack/react-query-devtools@5`.100.13

`@tanstack/react-query-next-experimental@5`.100.13

`@tanstack/react-query-persist-client@5`.100.13

`@tanstack/react-query@5`.100.13