Skip to content

chore(deps): bump the npm group with 16 updates#56

Merged
ialejandro merged 1 commit into
mainfrom
dependabot-npm_and_yarn-npm-23cee33c04
Jul 1, 2026
Merged

chore(deps): bump the npm group with 16 updates#56
ialejandro merged 1 commit into
mainfrom
dependabot-npm_and_yarn-npm-23cee33c04

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm group with 16 updates:

Package From To
@simplewebauthn/server 13.3.1 13.3.2
@xyflow/react 12.11.0 12.11.1
better-sqlite3 12.10.0 12.11.1
js-yaml 4.2.0 5.2.0
lucide-react 1.17.0 1.22.0
next 16.2.7 16.2.9
nodemailer 8.0.10 9.0.3
@playwright/test 1.60.0 1.61.1
@tailwindcss/postcss 4.3.0 4.3.2
@types/node 25.9.1 26.0.1
@types/nodemailer 8.0.0 8.0.1
@types/react 19.2.16 19.2.17
eslint-config-next 16.2.7 16.2.9
semantic-release 25.0.3 25.0.5
tailwindcss 4.3.0 4.3.2
vitest 4.1.8 4.1.9

Updates @simplewebauthn/server from 13.3.1 to 13.3.2

Release notes

Sourced from @​simplewebauthn/server's releases.

v13.3.2

This update fixes a CVSS v4 Low (2.0) security vulnerability identified in @​simplewebauthn/server. See the security advisory linked below for more information.

Changes:

  • [server] Fixed an issue with verifyRegistrationResponse() allowing a maliciously-crafted attestation statement's x5c to contain a self-signed "root certificate" instead of chaining back to an RP-specified trust anchor (GHSA-6hxq-p678-4hr2)
Changelog

Sourced from @​simplewebauthn/server's changelog.

v13.3.2

This update fixes a CVSS v4 Low (2.0) security vulnerability identified in @​simplewebauthn/server. See the security advisory linked below for more information.

Changes:

  • [server] Fixed an issue with verifyRegistrationResponse() allowing a maliciously-crafted attestation statement's x5c to contain a self-signed "root certificate" instead of chaining back to an RP-specified trust anchor (GHSA-6hxq-p678-4hr2)
Commits
  • 84656ff Update version to 13.3.2
  • dd0d73c Fail cert path validation closed instead
  • 213e9ba Add test for failure to chain to trust anchor
  • 989507a Add tests for notAfter enforcement
  • b55f4b9 Move explanation into test
  • 7bed04c Update comments around cert chain validity
  • 6ee9644 Add new tests
  • c23890a Update existing test to use helpers
  • 8d02ed4 Add X.509 cert helpers for tests
  • 8a53d70 Use X509ChainBuilder for chain validation
  • Additional commits viewable in compare view

Updates @xyflow/react from 12.11.0 to 12.11.1

Release notes

Sourced from @​xyflow/react's releases.

@​xyflow/react@​12.11.1

Patch Changes

  • #5815 87da45c - Fix FinalConnectionState type so it preserves the discriminated union.

  • #5823 a6afc91 - Update attribution link

  • #5824 6b1dac5 - Do not fire on pane click when connection ends on pane

  • #5818 4ddc2d8 - Provide the shared handle config (connectOnClick, noPanClassName, rfId) through context instead of subscribing to the store in every Handle, so a store update no longer runs a selector once per handle

  • #5817 8df250b - Reduce per-handle work on store updates by returning a shared connection state while no connection is in progress.

  • #5822 a6249de - Return stable reference for edge position when connected node gets deleted

  • Updated dependencies [ceb8604, 87da45c]:

    • @​xyflow/system@​0.0.78
Changelog

Sourced from @​xyflow/react's changelog.

12.11.1

Patch Changes

  • #5815 87da45c - Fix FinalConnectionState type so it preserves the discriminated union.

  • #5823 a6afc91 - Update attribution link

  • #5824 6b1dac5 - Do not fire on pane click when connection ends on pane

  • #5818 4ddc2d8 - Provide the shared handle config (connectOnClick, noPanClassName, rfId) through context instead of subscribing to the store in every Handle, so a store update no longer runs a selector once per handle

  • #5817 8df250b - Reduce per-handle work on store updates by returning a shared connection state while no connection is in progress.

  • #5822 a6249de - Return stable reference for edge position when connected node gets deleted

  • Updated dependencies [ceb8604, 87da45c]:

    • @​xyflow/system@​0.0.78
Commits
  • eedbc81 chore(packages): bump
  • c7bdce4 chore(pane): cleanup
  • cd5ec45 chore(react/pane): cleanup
  • f919daa fix(pane): do not fire pane click when connection ends on pane
  • 36c8a1a chore(attribution): update link
  • 50fd4b4 Merge pull request #5823 from xyflow/refactor/attribution
  • 5f1a206 chore(attr): update link
  • 4710765 Merge pull request #5822 from xyflow/refactor/edge-deleted-nodes
  • 503fc15 Merge branch 'main' into perf/handle-config-context
  • ae1b237 refactor(edges): don't create new object when edge returns early because conn...
  • Additional commits viewable in compare view

Updates better-sqlite3 from 12.10.0 to 12.11.1

Release notes

Sourced from better-sqlite3's releases.

v12.11.1

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.11.0...v12.11.1

v12.11.0

⚠️CAUTION: NOT A VIABLE RELEASE

Use v12.11.1 instead.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.10.1...v12.11.0

v12.10.1

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.10.0...v12.10.1

Commits

Updates js-yaml from 4.2.0 to 5.2.0

Changelog

Sourced from js-yaml's changelog.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.
  • Reduced the set of exported schemas:
    • YAML 1.2 schemas: CORE_SCHEMA (loader default), JSON_SCHEMA, FAILSAFE_SCHEMA.
    • YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does not specify a schema, only "types").

... (truncated)

Commits
  • c28ed5e 5.2.0 released
  • 125cd5a Add maxAliases option
  • 3105455 Replace maxMergeSeqLengthoption with maxTotalMergeKeys (more robust)
  • 39d00d6 numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...
  • eb5cb5b fix: round-trip integers that stringify in exponential notation (#771)
  • 89024c4 Update migration info, close #770
  • f1e45cd 5.1.0 released
  • 53b22be Fix constructor coverage
  • a1eaa2b Fix quote style options and restore forceQuotes
  • 0532e7d Add finalizers for immutable collection tags
  • Additional commits viewable in compare view

Updates lucide-react from 1.17.0 to 1.22.0

Release notes

Sourced from lucide-react's releases.

Version 1.22.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.21.0...1.22.0

Version 1.21.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

Version 1.20.0

What's Changed

... (truncated)

Commits
  • 5ff536e ci(release.yml): Fix workflow and remove version scripts in package scripts...
  • See full diff in compare view

Updates next from 16.2.7 to 16.2.9

Release notes

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

Commits

Updates nodemailer from 8.0.10 to 9.0.3

Release notes

Sourced from nodemailer's releases.

v9.0.3

9.0.3 (2026-06-30)

Bug Fixes

  • smtp-connection: harden STARTTLS upgrade and secure socket handling (#1835) (07d8253)

v9.0.2

9.0.2 (2026-06-29)

Bug Fixes

  • addressparser: keep operator chars inside an address-literal as text (#1829) (9ba1064)
  • harden smtp-connection low-severity issues (22ddcea)
  • harden smtp-connection response parsing and socket lifecycle (68860b9)
  • prevent SES transport callback double-invocation and hang on sync errors (#1831) (9517bc5)
  • reject CRLF in HTTP proxy CONNECT destination to prevent request injection (6347b47)

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

9.0.3 (2026-06-30)

Bug Fixes

  • smtp-connection: harden STARTTLS upgrade and secure socket handling (#1835) (07d8253)

9.0.2 (2026-06-29)

Bug Fixes

  • addressparser: keep operator chars inside an address-literal as text (#1829) (9ba1064)
  • harden smtp-connection low-severity issues (22ddcea)
  • harden smtp-connection response parsing and socket lifecycle (68860b9)
  • prevent SES transport callback double-invocation and hang on sync errors (#1831) (9517bc5)
  • reject CRLF in HTTP proxy CONNECT destination to prevent request injection (6347b47)

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)
Commits
  • 1f61eb4 chore(master): release 9.0.3 (#1836)
  • 07d8253 fix(smtp-connection): harden STARTTLS upgrade and secure socket handling (#1835)
  • 4801f3a chore(master): release 9.0.2 (#1832)
  • 9ba1064 fix(addressparser): keep operator chars inside an address-literal as text (#1...
  • 22ddcea fix: harden smtp-connection low-severity issues
  • af002eb chore: add Node.js 26 to the CI test matrix
  • 6347b47 fix: reject CRLF in HTTP proxy CONNECT destination to prevent request injection
  • 68860b9 fix: harden smtp-connection response parsing and socket lifecycle
  • 9517bc5 fix: prevent SES transport callback double-invocation and hang on sync errors...
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • Additional commits viewable in compare view

Updates @playwright/test from 1.60.0 to 1.61.1

Release notes

Sourced from @​playwright/test's releases.

v1.61.1

Bug Fixes

  • #41365 [Bug]: Expect.Extend matcher with same name as default matcher in same expect instance overrides default matchers implementation to custom matcher
  • #41351 [Bug]: Playwright UI mode: apiRequestContext._wrapApiCall reports unexpected number of bytes (same test passes in headed mode)
  • #41360 [Bug]: Trace viewer: message times in websockets are downscaled by 1000
  • #41311 [Bug]: [Regression]: Sync loader throws "context.conditions?.includes is not a function" on Node 22.15
  • #41371 [Regression]: Sync ESM loader (registerHooks) fails to resolve extensionless .ts subpath imports across pnpm workspace symlinks

v1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();
// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
id: credentialId,
userHandle,
privateKey,
publicKey,
});
await context.credentials.install();
const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

Browser and Screencast

... (truncated)

Commits
  • 39e3553 cherry-pick(#41399): fix(test): load require-reached files as commonjs in syn...
  • 4328122 chore: mark v1.61.1 (#41404)
  • 2c29a94 fix(tracing): stop recording websocket frames outside of chunks (#41398)
  • 4324b19 cherry-pick(#41367): fix(test): keep builtin expect matchers on base extend
  • 041e7e3 cherry-pick(#41364): fix(har): WebSocket message timestamps should be in mi...
  • b8a0fc3 cherry-pick(#41309, #43149): Revert "fix(firefox): treat `navigationCommitted...
  • b5a3175 cherry-pick(#41319): fix(loader): support other node versions
  • d4724a9 cherry-pick(#41290): feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image
  • 1cc5a90 cherry-pick(#41295): chore: PLAYWRIGHT_TRACING_NO_WEBSOCKET_FRAMES and PLAYWR...
  • a6772bd cherry-pick(#41280): Revert "fix(trace-viewer): add keyboard navigation to `N...
  • Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.3.0 to 4.3.2

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.3.2

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)

v4.3.1

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
  • Allow @variant to be used inside addBase (#19480)
  • Ensure @source globs with symlinks are preserved (#20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
  • Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
  • Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
  • Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)]w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
  • Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

  • Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)

... (truncated)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.3.2] - 2026-06-26

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)

[4.3.1] - 2026-06-12

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 b...

    Description has been truncated

Bumps the npm group with 16 updates:

| Package | From | To |
| --- | --- | --- |
| [@simplewebauthn/server](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/server) | `13.3.1` | `13.3.2` |
| [@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react) | `12.11.0` | `12.11.1` |
| [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) | `12.10.0` | `12.11.1` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.2.0` | `5.2.0` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.17.0` | `1.22.0` |
| [next](https://github.com/vercel/next.js) | `16.2.7` | `16.2.9` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.10` | `9.0.3` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.1` |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.3.0` | `4.3.2` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.1` | `26.0.1` |
| [@types/nodemailer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer) | `8.0.0` | `8.0.1` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.16` | `19.2.17` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.2.7` | `16.2.9` |
| [semantic-release](https://github.com/semantic-release/semantic-release) | `25.0.3` | `25.0.5` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.0` | `4.3.2` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.9` |


Updates `@simplewebauthn/server` from 13.3.1 to 13.3.2
- [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases)
- [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.2/packages/server)

Updates `@xyflow/react` from 12.11.0 to 12.11.1
- [Release notes](https://github.com/xyflow/xyflow/releases)
- [Changelog](https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/xyflow/xyflow/commits/@xyflow/react@12.11.1/packages/react)

Updates `better-sqlite3` from 12.10.0 to 12.11.1
- [Release notes](https://github.com/WiseLibs/better-sqlite3/releases)
- [Commits](WiseLibs/better-sqlite3@v12.10.0...v12.11.1)

Updates `js-yaml` from 4.2.0 to 5.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.2.0...5.2.0)

Updates `lucide-react` from 1.17.0 to 1.22.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.22.0/packages/lucide-react)

Updates `next` from 16.2.7 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.7...v16.2.9)

Updates `nodemailer` from 8.0.10 to 9.0.3
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.10...v9.0.3)

Updates `@playwright/test` from 1.60.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.1)

Updates `@tailwindcss/postcss` from 4.3.0 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-postcss)

Updates `@types/node` from 25.9.1 to 26.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/nodemailer` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nodemailer)

Updates `@types/react` from 19.2.16 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `eslint-config-next` from 16.2.7 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.9/packages/eslint-config-next)

Updates `semantic-release` from 25.0.3 to 25.0.5
- [Release notes](https://github.com/semantic-release/semantic-release/releases)
- [Commits](semantic-release/semantic-release@v25.0.3...v25.0.5)

Updates `tailwindcss` from 4.3.0 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

Updates `vitest` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

---
updated-dependencies:
- dependency-name: "@simplewebauthn/server"
  dependency-version: 13.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@xyflow/react"
  dependency-version: 12.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: better-sqlite3
  dependency-version: 12.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: js-yaml
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: lucide-react
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: next
  dependency-version: 16.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: nodemailer
  dependency-version: 9.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@types/node"
  dependency-version: 26.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: "@types/nodemailer"
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: eslint-config-next
  dependency-version: 16.2.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: semantic-release
  dependency-version: 25.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Assignees

The following users could not be added as assignees: devops-ia/devops-ia. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added dependency-management Dependabot updates enhancement New feature or request labels Jul 1, 2026
@ialejandro ialejandro merged commit 790cc57 into main Jul 1, 2026
7 checks passed
@ialejandro ialejandro deleted the dependabot-npm_and_yarn-npm-23cee33c04 branch July 1, 2026 19:37
github-actions Bot pushed a commit that referenced this pull request Jul 1, 2026
## [1.3.7](v1.3.6...v1.3.7) (2026-07-01)

### Bug Fixes

* **deps:** bump the npm group with 16 updates ([#56](#56)) ([790cc57](790cc57))
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🎉 This PR is included in version 1.3.7 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependency-management Dependabot updates enhancement New feature or request released

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants