deps(deps): bump the minor-and-patch group across 1 directory with 18 updates

[dependabot]

Bumps the minor-and-patch group with 18 updates in the / directory:

Package	From	To
@supabase/supabase-js	2.99.2	2.104.0
framer-motion	12.37.0	12.38.0
hls.js	1.6.15	1.6.16
ioredis	5.10.0	5.10.1
isomorphic-dompurify	3.3.0	3.9.0
next	16.1.6	16.2.4
node-datachannel	0.32.1	0.32.2
openai	6.29.0	6.34.0
puppeteer	24.39.1	24.42.0
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
resend	6.9.3	6.12.2
sax	1.5.0	1.6.0
@types/node	25.5.0	25.6.0
autoprefixer	10.4.27	10.5.0
dotenv	17.3.1	17.4.2
eslint-config-next	16.1.6	16.2.4
postcss	8.5.8	8.5.10

Updates @supabase/supabase-js from 2.99.2 to 2.104.0

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.104.0

2.104.0 (2026-04-20)

🚀 Features

• storage: extract shared header normalization utility (#2251)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.104.0-canary.2

2.104.0-canary.2 (2026-04-17)

This was a version bump only, there were no code changes.

v2.104.0-canary.1

2.104.0-canary.1 (2026-04-17)

🚀 Features

• postgrest: add stripNulls method for null value stripping (#2189)
• storage: add cacheNonce parameter for download (#2234)
• storage: extract shared header normalization utility (#2251)
• supabase: export PostgrestFilterBuilder and StorageApiError from supabase-js (#2222)

🩹 Fixes

• auth: downgrade console.error to console.warn for missing session (#2214)
• auth: add toJSON to AuthError for correct JSON serialization (#2238)
• auth: include Cloudflare error codes in NETWORK_ERROR_CODES (#2239)
• auth: remove Prettify wrapper from exported types for TypeDoc expansion (#2250)
• functions: add toJSON to FunctionsError for correct JSON serialization (#2226)
• misc: add explicit return types to toJSON methods for JSR compat (#2252)
• postgrest: fix scalar computed column type inference for isNotNullable and SETOF scalar (#2224)
• postgrest: handle bigint rpc (#2245)
• realtime: throw Error objects instead of bare strings (#2256)
• storage: set correct content-type for uploads (#2211)
• storage: avoid duplicate content-type headers in vector requests (#2220)
• storage: add toJSON to StorageError for correct JSON serialization (#2246)
• storage: apply empty transform check to download and getPublicUrl (#2219)
• storage: remove client-side signed URL render endpoint normalization (#2249)
• storage: correct signedUrl type to allow null in createSignedUrls (#2254)

❤️ Thank You

• Katerina Skroumpelou @​mandarini
• oniani1
• Seydi Charyyev @​TheSeydiCharyyev
• Vaibhav @​7ttp

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.104.0 (2026-04-20)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.3 (2026-04-16)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.2 (2026-04-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.1 (2026-04-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.0 (2026-04-09)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.102.1 (2026-04-07)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.102.0 (2026-04-07)

🚀 Features

• supabase: export PostgrestFilterBuilder and StorageApiError from supabase-js (#2222)
• postgrest: add automatic retries for transient errors (#2072)

❤️ Thank You

• Guilherme Souza
• Katerina Skroumpelou @​mandarini

2.101.1 (2026-03-31)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.101.0 (2026-03-30)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.100.1 (2026-03-26)

🩹 Fixes

• postgrest: narrow tstyche testFileMatch to only type test files (#2193)

... (truncated)

Commits

• 897fb8e docs(repo): show createClient as primary example in all client constructors (...
• 7a9b2e1 chore(release): version 2.103.3 changelogs (#2258)
• a2f9414 chore(release): version 2.103.2 changelogs (#2253)
• f9da9ee chore(release): version 2.103.1 changelogs (#2248)
• d38c180 chore(release): version 2.103.0 changelogs (#2237)
• 16dd265 chore(release): version 2.102.1 changelogs (#2233)
• 0c1e6db chore(release): version 2.102.0 changelogs (#2232)
• 5a6a5be feat(supabase): export PostgrestFilterBuilder and StorageApiError from supaba...
• ea3e086 feat(postgrest): add automatic retries for transient errors (#2072)
• ddae672 ci(repo): fix flaky tests (#2210)
• Additional commits viewable in compare view

Updates framer-motion from 12.37.0 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates hls.js from 1.6.15 to 1.6.16

Release notes

Sourced from hls.js's releases.

v1.6.16

Summary

HLS.js v1.6.16 includes bug fixes and improvements over the last release.

Changes Since The Last Release

video-dev/hls.js@v1.6.15...v1.6.16

• Fix Interstitials live start with short sliding window (#7799)
• Limit buffering while paused outside live sliding window (#7788)

Demo Page

https://121bff6b.hls-js-dev.pages.dev/demo/

Feedback

Please provide feedback via Issues in GitHub. For more details on how to contribute to HLS.js, see our CONTRIBUTING guide.

Commits

• 7e19f21 Cherry-pick changes from #7799
• 1596a02 Limit buffering while paused outside live sliding window (#7788)
• 7c9e8f7 Fix Interstitials live start with short sliding window (N3 or less / no seek ...
• b001910 Increase minimum Windows test version for saucelabs
• See full diff in compare view

Updates ioredis from 5.10.0 to 5.10.1

Release notes

Sourced from ioredis's releases.

v5.10.1

5.10.1 (2026-03-19)

Bug Fixes

• cluster: lazily start sharded subscribers (#2090) (4f167bb)

Changelog

Sourced from ioredis's changelog.

5.10.1 (2026-03-19)

Bug Fixes

• cluster: lazily start sharded subscribers (#2090) (4f167bb)

Commits

• 9e26f8b chore(release): 5.10.1 [skip ci]
• 4f167bb fix(cluster): lazily start sharded subscribers (#2090)
• See full diff in compare view

Updates isomorphic-dompurify from 3.3.0 to 3.9.0

Release notes

Sourced from isomorphic-dompurify's releases.

3.9.0: Updated dompurify and others

What's Changed

• Updated DOMPurify to 3.4.0
• Updated dev dependencies (Biome, Vitest)

Full Changelog: kkomelin/isomorphic-dompurify@3.8.0...3.9.0

3.8.0: Updated dependencies

Dependency updates:

• bump jsdom from 29.0.1 to 29.0.2
• bump @​biomejs/biome from 2.4.8 to 2.4.10
• bump vitest from 4.1.1 to 4.1.3
• bump lefthook from 2.1.4 to 2.1.5

3.7.1

Bug Fix

• Fixed missing browser type declarations — browser.d.ts and browser.d.mts were not included in the 3.7.0 published package due to a race condition in the build process. This caused TS7016: Could not find a declaration file for module 'isomorphic-dompurify' errors in tsgo and TypeScript 6 when resolving through the default (browser) exports condition. (#411)

Thanks to @​asterikx and @​ElPrudi for their help with the issue.

3.7.0: TypeScript 6 compatibility

TypeScript 6 compatibility fixes:

• Add explicit type annotation for sanitize to satisfy TS6
• Silence baseUrl deprecation warning from tsup dts build in TS6

Dependency updates:

• bump typescript from 5.9.3 to 6.0.2
• bump vitest from 4.1.0 to 4.1.1

3.6.0: Updated dependencies

Dependency updates:

• bump jsdom from 29.0.0 to 29.0.1
• bump @​types/jsdom from 28.0.0 to 28.0.1
• bump @​biomejs/biome from 2.4.7 to 2.4.8

3.5.1

Fix outdated build artifacts published in 3.5.0.

3.5.0: Add factory function support

What's new

Features

• The default export is now callable as a factory function, matching the dompurify API — DOMPurify(window) now returns a new DOMPurify instance bound to the given window (#405)

Bug fixes

• Fixed isEqualNode returning false when comparing RETURN_DOM + FORCE_BODY output against nodes from a separate JSDOM context (#405)

Thanks to @​probablykasper for helping with this release.

... (truncated)

Commits

• 8ca0afa chore: Incremented project version.
• a544f3c chore: Upated deps.
• d2daec3 chore(deps): bump dompurify from 3.3.3 to 3.4.0
• 2d121b0 chore(deps-dev): bump @​biomejs/biome from 2.4.11 to 2.4.12
• 5e36187 chore(deps-dev): bump @​biomejs/biome from 2.4.10 to 2.4.11
• 06b4ce4 chore(deps-dev): bump vitest from 4.1.3 to 4.1.4
• 40c0ced chore(release): bump version to 3.8.0 and update dep ranges
• 1493745 chore(deps): bump jsdom from 29.0.1 to 29.0.2
• 772dbc8 chore(deps-dev): bump vitest from 4.1.2 to 4.1.3
• 5c426c9 chore(deps-dev): bump lefthook from 2.1.4 to 2.1.5
• Additional commits viewable in compare view

Updates next from 16.1.6 to 16.2.4

Release notes

Sourced from next's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
• Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
• Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• Compiler: Support boolean and number primtives in next.config defines (#92731)
• turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
• Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
• Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

... (truncated)

Commits

• 2275bd8 v16.2.4
• e073983 Adding more system info to the 'initialize project' trace (#92427)
• 8a540b5 Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92...
• 2f5343f Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• 2ad9d3f turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...
• 6f3808e Compiler: Support boolean and number primtives in next.config defines (#92731)
• fbc7684 Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• 805d758 Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...
• 1056fae chore: Bump reqwest to 0.13.2 (#92713)
• d5f649b v16.2.3
• Additional commits viewable in compare view

Updates node-datachannel from 0.32.1 to 0.32.2

Release notes

Sourced from node-datachannel's releases.

v0.32.2

What's Changed

• feat: add callback to initLogger by @​valainisgt in murat-dogan/node-datachannel#407
• chore: bump libdatachannel to v0.24.2 by @​mertushka in murat-dogan/node-datachannel#414

New Contributors

• @​valainisgt made their first contribution in murat-dogan/node-datachannel#407

Full Changelog: murat-dogan/node-datachannel@v0.32.1...v0.32.2

Commits

• 0fd224d v0.32.2
• 6d8d9dc Merge pull request #414 from mertushka/patch-1
• 14e6cc5 chore: bump libdatachannel to v0.24.2
• be063f9 Merge pull request #407 from valainisgt/logger-callback
• 579e489 feat: add callback to initLogger
• 31721af #398 Add rebuild command
• 7a85259 try intel
• bce6ac1 macos-14 is default arm64
• d63fd1d Since macos-14 is amr64, we need to revert that
• See full diff in compare view

Updates openai from 6.29.0 to 6.34.0

Release notes

Sourced from openai's releases.

v6.34.0

6.34.0 (2026-04-08)

Full Changelog: v6.33.0...v6.34.0

Features

• api: add phase field to Message in conversations (eb7cbc1)
• client: add support for short-lived tokens (#839) (a72ebcf)

Bug Fixes

• api: remove web_search_call.results from ResponseIncludable in responses (1f6968e)

Chores

• internal: codegen related update (1081460)
• internal: update multipart form array serialization (3faee8d)
• tests: bump steady to v0.20.1 (b73cc6b)

Documentation

• api: add multi-file ingestion recommendations to vector-stores files/file-batches (1bc32a3)

v6.33.0

6.33.0 (2026-03-25)

Full Changelog: v6.32.0...v6.33.0

Features

• api: add keys field to computer action types (27a850e)
• client: add async iterator and stream() to WebSocket classes (e1c16ee)

Bug Fixes

• api: align SDK response types with expanded item schemas (491cd52)
• types: make type required in ResponseInputMessageItem (2012293)

Chores

• ci: skip lint on metadata-only changes (74a917f)
• internal: refactor imports (cfe9c60)
• internal: update gitignore (71bd114)
• tests: bump steady to v0.19.4 (f2e9dea)

... (truncated)

Changelog

Sourced from openai's changelog.

6.34.0 (2026-04-08)

Full Changelog: v6.33.0...v6.34.0

Features

• api: add phase field to Message in conversations (eb7cbc1)
• client: add support for short-lived tokens (#839) (a72ebcf)

Bug Fixes

• api: remove web_search_call.results from ResponseIncludable in responses (1f6968e)

Chores

• internal: codegen related update (1081460)
• internal: update multipart form array serialization (3faee8d)
• tests: bump steady to v0.20.1 (b73cc6b)

Documentation

• api: add multi-file ingestion recommendations to vector-stores files/file-batches (1bc32a3)

6.33.0 (2026-03-25)

Full Changelog: v6.32.0...v6.33.0

Features

• api: add keys field to computer action types (27a850e)
• client: add async iterator and stream() to WebSocket classes (e1c16ee)

Bug Fixes

• api: align SDK response types with expanded item schemas (491cd52)
• types: make type required in ResponseInputMessageItem (2012293)

Chores

• ci: skip lint on metadata-only changes (74a917f)
• internal: refactor imports (cfe9c60)
• internal: update gitignore (71bd114)
• tests: bump steady to v0.19.4 (f2e9dea)
• tests: bump steady to v0.19.5 (37c6cf4)
• tests: bump steady to v0.19.6 (496b3af)

... (truncated)

Commits

• 35feb53 Merge pull request #1797 from openai/release-please--branches--master--change...
• 398e589 release: 6.34.0
• a72ebcf feat(client): add support for short-lived tokens (#839)
• b73cc6b chore(tests): bump steady to v0.20.1
• eb7cbc1 feat(api): add phase field to Message in conversations
• 1f6968e fix(api): remove web_search_call.results from ResponseIncludable in responses
• 1081460 chore(internal): codegen related update
• 1bc32a3 docs(api): add multi-file ingestion recommendations to vector-stores files/fi...
• 3faee8d chore(internal): update multipart form array serialization
• be64904 Merge pull request #1798 from openai/codex/pin-github-workflow-refs-20260326-...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openai since your current version.

Updates puppeteer from 24.39.1 to 24.42.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.42.0

24.42.0 (2026-04-20)

🎉 Features

• add metadata to extensions object (#14870) (d3e190e)
• cdp: support autofilling address (#14826) (c2acadc)
• implement URL blocklist to restrict access to unauthorized sites (#14873) (8ad881c)

🛠️ Fixes

• remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from disabled features (#14872) (c9909a5)
• roll to Chrome 147.0.7727.57 (#14869) (51c4305)

puppeteer: v24.42.0

24.42.0 (2026-04-20)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.41.0 to 24.42.0

puppeteer-core: v24.41.0

24.41.0 (2026-04-15)

🎉 Features

• add support for Issues (#14845) (6e8dbe7)
• adds extension realms api (#14824) (c14f4ae)
• API to list installed browser extensions and trigger extension actions (#14821) (d6395ef)
• implement console event on web workers (#14784) (fa6158a)
• roll to Chrome 147.0.7727.24 (#14797) (ee81786)
• roll to Firefox 149.0 (#14799) (9fd5ceb)
• webmcp: add hook for tool invocation (#14835) (cf8169d)
• webmcp: add hook for tool response (#14841) (6fb05bc)
• webmcp: add initial API to inspect tool registrations (#14814) (655c996)
• webmcp: add WebMCPTool execute support (#14851) (8f95117)
• webmcp: expose WebMCPToolCall in WebMCPToolCallResult (#14848) (242ac0b)
• webmcp: Switch from WebMCPInvocationStatus Success to Completed (#14859) (375e636)

... (truncated)

Changelog

Sourced from puppeteer's changelog.

24.42.0 (2026-04-20)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.41.0 to 24.42.0

🎉 Features

• add metadata to extensions object (#14870) (d3e190e)
• cdp: support autofilling address (#14826) (c2acadc)
• implement URL blocklist to restrict access to unauthorized sites (#14873) (8ad881c)

🛠️ Fixes

• remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from disabled features (#14872) (c9909a5)
• roll to Chrome 147.0.7727.57 (#14869) (51c4305)

24.41.0 (2026-04-15)

🎉 Features

• add support for Issues (#14845) (6e8dbe7)
• adds extension realms api (#14824) (c14f4ae)
• API to list installed browser extensions and trigger extension actions (#14821) (d6395ef)
• implement console event on web workers (#14784) (fa6158a)
• roll to Chrome 147.0.7727.24 (#14797) (ee81786)
• roll to Firefox 149.0 (#14799) (9fd5ceb)
• webmcp: add hook for tool invocation (#14835) (cf8169d)
• webmcp: add hook for tool response (#14841) (6fb05bc)
• webmcp: add initial API to inspect tool registrations (#14814) (655c996)
• webmcp: add WebMCPTool execute support (#14851) (8f95117)
• webmcp: expose WebMCPToolCall in WebMCPToolCallResult (#14848) (242ac0b)
• webmcp: Switch from WebMCPInvocationStatus Success to Completed (#14859) (375e636)

Dependencies

• The following workspace dependencies were updated

... (truncated)

Commits

• d265eb6 chore: release main (#14875)
• 8ad881c feat: implement URL blocklist to restrict access to unauthorized sites (#14873)
• d023bec chore(webmcp): Update toolsRemoved event tools parameter interface (#14888)
• c2acadc feat(cdp): support autofilling address (#14826)
• 67f3921 chore: update latest release sha (#14874)
• c9909a5 fix: remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from dis...
• 51c4305 fix: roll to Chrome 147.0.7727.57 (#14869)
• d3e190e feat: add metadata to extensions object (#14870)
• 2d05dfc fix: bump node to 24 to avoid publishing bugs with npm (#14868)
• 20402bc chore: release main (#14866)
• Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates resend from 6.9.3 to 6.12.2

Release notes

Sourced from resend's releases.

v6.12.2

What's Changed

• fix: add new domain statuses by @​rehanvdm in resend/resend-node#936

Full Changelog: resend/resend-node@v6.12.1...v6.12.2

v6.12.1

What's Changed

• chore(deps): update dependency typescript to v6.0.3 by @​renovate[bot] in resend/resend-node#935
• chore(deps): update dependency dotenv to v17.4.2 by @​renovate[bot] in resend/resend-node#927
• chore(deps): update dependency @​biomejs/biome to v2.4.12 by @​renovate[bot] in resend/resend-node#916
• fix(deps): update dependency next to v16.2.4 by @​renovate[bot] in resend/resend-node#911
• feat: add missing domain types: domains can be partially_verified/partially_failed by @​CarolinaMoraes in resend/resend-node#937

Full Changelog: resend/resend-node@v6.12.0...v6.12.1

v6.12.0

What's Changed

• chore(ci): use depot by @​gabrielmfern in resend/resend-node#931
• feat: preview tracking domains in resend/resend-node#932

Full Changelog: resend/resend-node@v6.11.0...v6.12.0

v6.11.0

What's Changed

• chore(ci): migrate from BuildJet to Blacksmith runners by @​lucasfcosta in resend/resend-node#907
• chore(deps): update dependency vitest to v4.1.3 by @​renovate[bot] in resend/resend-node#894
• chore(deps): update dependency @​types/node to v24.12.2 by @​renovate[bot] in resend/resend-node#906
• fix(deps): update dependency svix to v1.90.0 by @​renovate[bot] in resend/resend-node#892
• chore(deps): update dependency @​biomejs/biome to v2.4.10 by @​renovate[bot] in resend/resend-node#885
• fix(deps): update dependency next to v16.2.2 by @​renovate[bot] in resend/resend-node#893
• chore(deps): update dependency typescript to v6 by @​renovate[bot] in resend/resend-node#895
• chore(deps): update pnpm to v10.33.0 by @​renovate[bot] in resend/resend-node#896
• fix(deps): update dependency esbuild to v0.28.0 by @​renovate[bot] in resend/resend-node#909
• chore(deps): update dependency dotenv to v17.4.1 by @​renovate[bot] in resend/resend-node#908
• chore(deps): update dependency vitest to v4.1.4 by @​renovate[bot] in resend/resend-node#913
• fix(deps): update react monorepo to v19.2.5 by

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​16.1.6 ⏵ 16.2.4		+22	+1
	eslint-config-next@​16.1.6 ⏵ 16.2.4
	node-datachannel@​0.32.1 ⏵ 0.32.2				+3
	openai@​6.29.0 ⏵ 6.34.0	+1		+1	-1
	@​supabase/​supabase-js@​2.99.2 ⏵ 2.104.0	+1
	hls.js@​1.6.15 ⏵ 1.6.16	+1
	@​types/​node@​25.5.0 ⏵ 25.6.0
	postcss@​8.5.8 ⏵ 8.5.10	+1
	react@​19.2.4 ⏵ 19.2.5
	sax@​1.5.0 ⏵ 1.6.0	+1		+1	-1
	autoprefixer@​10.4.27 ⏵ 10.5.0	+1
	ioredis@​5.10.0 ⏵ 5.10.1	+1		+1	-2
	react-dom@​19.2.4 ⏵ 19.2.5
	dotenv@​17.3.1 ⏵ 17.4.2
	isomorphic-dompurify@​3.3.0 ⏵ 3.9.0	+1			+1
	framer-motion@​12.37.0 ⏵ 12.38.0	+1		+1	-3
	resend@​6.9.3 ⏵ 6.12.2	+2			+1
	puppeteer@​24.39.1 ⏵ 24.42.0	+9		+12	+4

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm ioredis is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: package.json → npm/ioredis@5.10.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ioredis@5.10.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm node-exports-info Location: Package overview From: pnpm-lock.yaml → npm/eslint-config-next@16.2.4 → npm/node-exports-info@1.6.0 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-exports-info@1.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report