chore(deps): bump the production-dependencies group across 1 directory with 15 updates

[dependabot]

Bumps the production-dependencies group with 15 updates in the / directory:

Package	From	To
@supabase/supabase-js	2.89.0	2.93.1
@vitejs/plugin-react-swc	3.11.0	4.2.2
axios	1.13.2	1.13.3
cors	2.8.5	2.8.6
dotenv	16.6.1	17.2.3
express	4.22.1	5.2.1
framer-motion	12.23.26	12.29.2
lucide-react	0.344.0	0.563.0
openai	4.104.0	6.16.0
react	18.3.1	19.2.4
react-dom	18.3.1	19.2.4
react-markdown	9.1.0	10.1.0
react-router-dom	7.11.0	7.13.0
react-syntax-highlighter	15.6.6	16.1.0
resend	4.8.0	6.8.0

Updates @supabase/supabase-js from 2.89.0 to 2.93.1

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.93.1

2.93.1 (2026-01-26)

🩹 Fixes

• realtime: revert validate table filter in postgres_changes event dispatch (#2060)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.93.0

2.93.0 (2026-01-26)

🚀 Features

• auth: add optional jwt parameter to getAuthenticatorAssuranceLevel (#1940)
• supabase: add missing HTTP headers for client platform and runtime detection (#2046)

🩹 Fixes

• auth: handle uncaught promise rejections during initialization (#2032)
• auth: clear local storage on signOut when session is already missing (#2026)
• realtime: send heartbeat for initial connection error (#1746)
• realtime: add generic overload for postgres_changes event type (#1984)
• storage: expose status and statusCode on StorageError base class (#2018)
• supabase: safe environment detection node v browser (#2053)

❤️ Thank You

• Katerina Skroumpelou @​mandarini
• Vaibhav @​7ttp

v2.92.1-rc.2

2.92.1-rc.2 (2026-01-23)

🩹 Fixes

• supabase: less hacky require (24b99037)

❤️ Thank You

• Katerina Skroumpelou

v2.92.1-rc.1

2.92.1-rc.1 (2026-01-23)

🩹 Fixes

• supabase: another env detection issue (9fd63bc8)

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.93.1 (2026-01-26)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.93.0 (2026-01-26)

🚀 Features

• supabase: add missing HTTP headers for client platform and runtime detection (#2046)

🩹 Fixes

• supabase: safe environment detection node v browser (#2053)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.91.1 (2026-01-23)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.91.0 (2026-01-20)

🩹 Fixes

• supabase: resolve Firefox extension cross-context Promise error (#2033)

❤️ Thank You

• Vaibhav @​7ttp

2.90.1 (2026-01-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.90.0 (2026-01-07)

🩹 Fixes

• supabase: avoid edge runtime warnings in next.js (#1998)
• supabase: inline string literal in databasewithoutinternals type (#1986)
• supabase: split type-only exports to avoid unused import warnings (#1979)

❤️ Thank You

• Nico Kempe @​nicokempe
• Vaibhav @​7ttp

Commits

• efa909b chore(release): version 2.93.0 changelogs (#2059)
• bd3808c fix(supabase): safe environment detection node v browser (#2053)
• bd02417 chore(release): version 2.91.1 changelogs (#2050)
• c8574f5 feat(supabase): add missing HTTP headers for client platform and runtime dete...
• b2bf6e4 chore(release): version 2.91.0 changelogs (#2036)
• ea2f722 fix(supabase): resolve Firefox extension cross-context Promise error (#2033)
• 0a8cdd4 chore(release): version 2.90.1 changelogs (#2012)
• 1b8410a chore(release): version 2.90.0 changelogs (#2003)
• d3d05f8 fix(supabase): avoid edge runtime warnings in next.js (#1998)
• 9bfac7f fix(supabase): inline string literal in databasewithoutinternals type (#1986)
• Additional commits viewable in compare view

Updates @vitejs/plugin-react-swc from 3.11.0 to 4.2.2

Release notes

Sourced from @​vitejs/plugin-react-swc's releases.

plugin-react-swc@4.2.2

Update code to support newer rolldown-vite (#978)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

plugin-react@4.2.1

Remove generic parameter on Plugin to avoid type error with Rollup 4/Vite 5 and skipLibCheck: false.

I expect very few people to currently use this feature, but if you are extending the React plugin via api object, you can get back the typing of the hook by importing ViteReactPluginApi:

import type { Plugin } from 'vite'
import type { ViteReactPluginApi } from '@vitejs/plugin-react'
export const somePlugin: Plugin = {
name: 'some-plugin',
api: {
reactBabel: (babelConfig) => {
babelConfig.plugins.push('some-babel-plugin')
},
} satisfies ViteReactPluginApi,
}

plugin-react-swc@4.2.1

Fix @vitejs/plugin-react-swc/preamble on build (#962)

plugin-react@4.2.0

Update peer dependency range to target Vite 5

There were no breaking change that impacted this plugin, so any combination of React plugins and Vite core version will work.

Align jsx runtime for optimized dependencies

This will only affect people using internal libraries that contains untranspiled JSX. This change aligns the optimizer with the source code and avoid issues when the published source don't have React in the scope.

Reminder: While being partially supported in Vite, publishing TS & JSX outside of internal libraries is highly discouraged.

plugin-react-swc@4.2.0

Add @vitejs/plugin-react-swc/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react-swc/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Use SWC when useAtYourOwnRisk_mutateSwcOptions is provided (#951)

Previously, this plugin did not use SWC if plugins were not provided even if useAtYourOwnRisk_mutateSwcOptions was provided. This is now fixed.

plugin-react@4.1.1

• Enable retainLines to get correct line numbers for jsxDev (fix #235)

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react-swc's changelog.

4.2.2 (2025-11-12)

Update code to support newer rolldown-vite (#978)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

4.2.1 (2025-11-05)

Fix @vitejs/plugin-react-swc/preamble on build (#962)

4.2.0 (2025-10-24)

Add @vitejs/plugin-react-swc/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react-swc/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Use SWC when useAtYourOwnRisk_mutateSwcOptions is provided (#951)

Previously, this plugin did not use SWC if plugins were not provided even if useAtYourOwnRisk_mutateSwcOptions was provided. This is now fixed.

4.1.0 (2025-09-17)

Set SWC cacheRoot options

This is set to {viteCacheDir}/swc and override the default of .swc.

Perf: simplify refresh wrapper generation (#835)

4.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

4.0.0 (2025-08-07)

4.0.0-beta.0 (2025-07-28)

Require Node 20.19+, 22.12+

This plugin now requires Node 20.19+ or 22.12+.

Commits

• 5e600a3 release: plugin-react-swc@4.2.2
• bcc7db0 chore: add changelog for #976 and #978
• 17fdcc8 fix(react-swc,react-oxc): use rolldownOptions instead of deprecated rollupOpt...
• fc76c72 chore(deps): update dependency @​types/node to v24 (#970)
• 41cb823 fix(deps): update all non-major dependencies (#968)
• 51160f3 release: plugin-react-swc@4.2.1
• 0f5c8b4 chore(react-swc): add changelog (#963)
• 897a3be fix(react-swc): fix @vitejs/plugin-react-swc/preamble on build (#962)
• 9cabe27 fix(deps): update all non-major dependencies (#960)
• b5f471f chore(deps): update swc monorepo (#954)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitejs/plugin-react-swc since your current version.

Updates axios from 1.13.2 to 1.13.3

Release notes

Sourced from axios's releases.

Release v1.13.3

Release notes:

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Changelog

Sourced from axios's changelog.

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad
• JohnTitor
• rohit miryala

... (truncated)

Commits

• ab06109 chore(release): v1.13.3 (#7335)
• 2d6ad5e revert(deps): bump peter-evans/create-pull-request from 7 to 8 in the github-...
• cb49a6f chore(sponsor): update sponsor block (#7330)
• d8233d9 fix(types): restore AxiosError.cause type from unknown to Error (#7327)
• 5945e40 fix(interceptor): handle the error in the same interceptor (#6269)
• 7373fbf fix: main field in package.json should correspond to cjs artifacts (#5756)
• 8d1271b fix(types): add handlers to AxiosInterceptorManager interface (#5551)
• f869434 docs: refresh CDN URLs and example JSON headers (#7236)
• 46db331 doc: update deprecated var usage in documentation examples (#7246)
• d6bbb3d docs: add async/await timeout handling example (#7250)
• Additional commits viewable in compare view

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

• Build: Node.js@12.16 and Node.js.13.12 by @​smondal in expressjs/cors#189
• Update README.md for origin function callback parameters by @​dstudzinski in expressjs/cors#180
• Suggest passing false for disallowed domains, not erroring by @​shackpank in expressjs/cors#175
• Changed the term whitelist to allowlist in Documentation by @​jkasun in expressjs/cors#200
• Fix typo in README by @​alex-grover in expressjs/cors#207
• Added new link & website in the README by @​manjunath00 in expressjs/cors#269
• Fix functions call with extra parameter by @​LuisEGR in expressjs/cors#245
• 🐛 Fix readme status badge by @​homersimpsons in expressjs/cors#306
• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/cors#321
• ci: fix errors in ci github action for node 8 by @​inigomarquinez in expressjs/cors#322
• test: improved test robustness by @​Alex-GF in expressjs/cors#320
• chore: upgrade scorecard workflow pinned action versions by @​carpasse in expressjs/cors#341
• ci: add CodeQL (SAST) by @​bjohansebas in expressjs/cors#340
• docs: remove broken link to demo site by @​dpopp07 in expressjs/cors#344
• OSSF Scorecard recommendations by @​UlisesGascon in expressjs/cors#350
• build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @​dependabot[bot] in expressjs/cors#351
• build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in expressjs/cors#353
• build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot[bot] in expressjs/cors#354
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @​dependabot[bot] in expressjs/cors#355
• build(deps-dev): bump express from 4.17.1 to 4.21.2 by @​dependabot[bot] in expressjs/cors#356
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in expressjs/cors#352
• build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @​dependabot[bot] in expressjs/cors#358
• update the docs for per request config by @​jonchurch in expressjs/cors#338
• (fix): readme updated for #271 origin option for * by @​dhananjaysa92 in expressjs/cors#289
• ci: upgrade Node versions by @​UlisesGascon in expressjs/cors#359
• chore: add funding to package.json by @​bjohansebas in expressjs/cors#363
• build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @​dependabot[bot] in expressjs/cors#371
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in expressjs/cors#370
• docs: Cleanup README by @​efekrskl in expressjs/cors#374
• chore: add node v25 by @​imangas in expressjs/cors#375
• Extend CI test matrix by @​imangas in expressjs/cors#376
• docs: simplify code examples with header comments by @​jonchurch in expressjs/cors#386
• docs: tweak intro, add note w/ browser enforcement, FAQ by @​jonchurch in expressjs/cors#385
• chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @​Phillip9587 in expressjs/cors#388
• Release: 2.8.6 by @​UlisesGascon in expressjs/cors#390

New Contributors

• @​smondal made their first contribution in expressjs/cors#189
• @​dstudzinski made their first contribution in expressjs/cors#180
• @​shackpank made their first contribution in expressjs/cors#175
• @​jkasun made their first contribution in expressjs/cors#200
• @​alex-grover made their first contribution in expressjs/cors#207
• @​manjunath00 made their first contribution in expressjs/cors#269
• @​LuisEGR made their first contribution in expressjs/cors#245
• @​homersimpsons made their first contribution in expressjs/cors#306
• @​inigomarquinez made their first contribution in expressjs/cors#321
• @​Alex-GF made their first contribution in expressjs/cors#320
• @​carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

• Improve documentation (API, context, examples...)
• Remove additional markdown files from tarball

Commits

• f00a8c1 2.8.6 (#390)
• 848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
• cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
• bbf62a5 docs: simplify code examples with header comments (#386)
• f442e77 Extend CI test matrix (#376)
• d5cf6cd ci: add support for node@25 (#375)
• 7e6f7ee docs: revamp content (#374)
• b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
• f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
• 9a9a760 chore: add funding to package.json (#363)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates dotenv from 16.6.1 to 17.2.3

Changelog

Sourced from dotenv's changelog.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"

// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)

$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

... (truncated)

Commits

• affe113 17.2.3
• db1ff1f changelog 🪵
• 7063f16 Merge pull request #913 from motdotla/new-tips
• 0bbe72c test against expected tips
• 017951b only run .js tests
• 39eda1f add space back
• fcc030e update tips
• b6c7a0d updated tips - as Dotenvx Radar has been renamed Dotenvx Ops
• b3c8b16 remove unnecessary call to npx
• d6e4c17 Merge pull request #912 from adjerbetian/fix/typescript-error-definition
• Additional commits viewable in compare view

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 5.2.1 by @​UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @​dependabot[bot] in expressjs/express#6429
• Refactor: simplify acceptsLanguages implementation using spread operator by @​Ayoub-Mabrouk in expressjs/express#6137
• increased code coverage of utils.js file by @​ashish3011 in expressjs/express#6386
• chore: remove duplicate word by @​dufucun in expressjs/express#6456
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @​dependabot[bot] in expressjs/express#6498
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in expressjs/express#6497
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in expressjs/express#6496
• ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6504
• ci: update codeql config by @​Phillip9587 in expressjs/express#6488
• chore: wider range for query test skip by @​jonchurch in expressjs/express#6512
• chore: fix typos in test by @​noritaka1166 in expressjs/express#6535
• ci: disable credential persistence for checkout actions by @​mertssmnoglu in expressjs/express#6522
• ci: allow manual triggering of workflow by @​shivarm in expressjs/express#6515
• test: add coverage for app.listen() variants by @​kgarg1 in expressjs/express#6476
• docs: move documentation and charters to the discussions and .github … by @​bjohansebas in expressjs/express#6427
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @​dependabot[bot] in expressjs/express#6549
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/express#6548
• chore: enforce explicit Buffer import and add lint rule by @​shivarm in expressjs/express#6525
• chore: use node protocol for querystring by @​shivarm in expressjs/express#6520
• chore: fix typo by @​mountdisk in expressjs/express#6609
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in expressjs/express#6618
• add deprecation warnings for redirect arguments undefined by @​bjohansebas in expressjs/express#6405
• ci: run CI when the markdown changes by @​bjohansebas in expressjs/express#6632
• doc: fix CONTRIBUTING link by @​jonchurch in expressjs/express#6653
• doc: update contributing guidelines and code of conduct links by @​ShubhamOulkar in expressjs/express#6601
• build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @​dependabot[bot] in expressjs/express#6679
• build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @​dependabot[bot] in expressjs/express#6678
• lint: add --fix flag to automatic fix linting issue by @​shivarm in expressjs/express#6644
• chore: ignore yarn.lock file and update example by @​shivarm in expressjs/express#6588
• lib: use req.socket over deprecated req.connection by @​bjohansebas in expressjs/express#6705
• doc: update express app ...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	react-router-dom@​7.11.0 ⏵ 7.13.0
	@​types/​react-dom@​18.3.7 ⏵ 19.2.3
	@​types/​react@​18.3.27 ⏵ 19.2.10	+1
	react@​18.3.1 ⏵ 19.2.4
	react-markdown@​9.1.0 ⏵ 10.1.0			+1
	react-syntax-highlighter@​15.6.6 ⏵ 16.1.0	+3		+1
	cors@​2.8.5 ⏵ 2.8.6	-9
	dotenv@​16.6.1 ⏵ 17.2.3	-1
	express@​4.22.1 ⏵ 5.2.1	+1
	@​vitejs/​plugin-react-swc@​3.11.0 ⏵ 4.2.2	+1			+2
	react-dom@​18.3.1 ⏵ 19.2.4	+1		+1
	lucide-react@​0.344.0 ⏵ 0.563.0			-3	-1
	axios@​1.13.2 ⏵ 1.13.4	-1
	framer-motion@​12.23.26 ⏵ 12.29.2	+2
	openai@​4.104.0 ⏵ 6.17.0	-1		+1
	resend@​4.8.0 ⏵ 6.9.1				+1
	@​supabase/​supabase-js@​2.89.0 ⏵ 2.93.3	+1

View full report

[MarkAC007]

Closing: react@19.2.4 breaks react-helmet-async which only supports React 16/17/18. Pinning to React 18 until react-helmet-async adds React 19 support or is replaced. Adding Dependabot ignore rule for react 19.x.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml