Skip to content

Comments

chore(deps): bump the production-dependencies group with 13 updates#39

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-993127c429
Open

chore(deps): bump the production-dependencies group with 13 updates#39
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-993127c429

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 30, 2026
edited
Loading

Bumps the production-dependencies group with 13 updates:

Package From To
@supabase/supabase-js 2.89.0 2.93.3
@vitejs/plugin-react-swc 3.11.0 4.2.2
axios 1.13.2 1.13.4
cors 2.8.5 2.8.6
dotenv 16.6.1 17.2.3
express 4.22.1 5.2.1
framer-motion 12.23.26 12.29.2
lucide-react 0.344.0 0.563.0
openai 4.104.0 6.17.0
react-markdown 9.1.0 10.1.0
react-router-dom 7.11.0 7.13.0
react-syntax-highlighter 15.6.6 16.1.0
resend 4.8.0 6.9.1

Updates @supabase/supabase-js from 2.89.0 to 2.93.3

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.93.3

2.93.3 (2026-01-29)

🩹 Fixes

  • auth: add webauthn tests and fix fallback naming (#1763)
  • ci: add persist-credentials: false to release job checkouts (#2074)
  • storage: handle empty 200 responses in vector operations (#2073)

❤️ Thank You

v2.93.2

2.93.2 (2026-01-27)

🩹 Fixes

  • supabase: revert client platform and runtime detection headers (#2067)

❤️ Thank You

  • Guilherme Souza

v2.93.2-canary.0

2.93.2-canary.0 (2026-01-27)

🩹 Fixes

  • supabase: revert client platform and runtime detection headers (#2067)

❤️ Thank You

  • Guilherme Souza

v2.93.1

2.93.1 (2026-01-26)

🩹 Fixes

  • realtime: revert validate table filter in postgres_changes event dispatch (#2060)

❤️ Thank You

v2.93.0

2.93.0 (2026-01-26)

🚀 Features

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.93.3 (2026-01-29)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.93.2 (2026-01-27)

🩹 Fixes

  • supabase: revert client platform and runtime detection headers (#2067)

❤️ Thank You

  • Guilherme Souza

2.93.1 (2026-01-26)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.93.0 (2026-01-26)

🚀 Features

  • supabase: add missing HTTP headers for client platform and runtime detection (#2046)

🩹 Fixes

  • supabase: safe environment detection node v browser (#2053)

❤️ Thank You

2.91.1 (2026-01-23)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.91.0 (2026-01-20)

🩹 Fixes

  • supabase: resolve Firefox extension cross-context Promise error (#2033)

❤️ Thank You

2.90.1 (2026-01-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

... (truncated)

Commits
  • de20d50 chore(release): version 2.93.2 changelogs (#2068)
  • 91b36d7 fix(supabase): revert client platform and runtime detection headers (#2067)
  • 6004430 chore(release): version 2.93.1 changelogs (#2061)
  • efa909b chore(release): version 2.93.0 changelogs (#2059)
  • bd3808c fix(supabase): safe environment detection node v browser (#2053)
  • bd02417 chore(release): version 2.91.1 changelogs (#2050)
  • c8574f5 feat(supabase): add missing HTTP headers for client platform and runtime dete...
  • b2bf6e4 chore(release): version 2.91.0 changelogs (#2036)
  • ea2f722 fix(supabase): resolve Firefox extension cross-context Promise error (#2033)
  • 0a8cdd4 chore(release): version 2.90.1 changelogs (#2012)
  • Additional commits viewable in compare view

Updates @vitejs/plugin-react-swc from 3.11.0 to 4.2.2

Release notes

Sourced from @​vitejs/plugin-react-swc's releases.

plugin-react-swc@4.2.2

Update code to support newer rolldown-vite (#978)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

plugin-react@4.2.1

Remove generic parameter on Plugin to avoid type error with Rollup 4/Vite 5 and skipLibCheck: false.

I expect very few people to currently use this feature, but if you are extending the React plugin via api object, you can get back the typing of the hook by importing ViteReactPluginApi:

import type { Plugin } from 'vite'
import type { ViteReactPluginApi } from '@vitejs/plugin-react'
export const somePlugin: Plugin = {
name: 'some-plugin',
api: {
reactBabel: (babelConfig) => {
babelConfig.plugins.push('some-babel-plugin')
},
} satisfies ViteReactPluginApi,
}

plugin-react-swc@4.2.1

Fix @vitejs/plugin-react-swc/preamble on build (#962)

plugin-react@4.2.0

Update peer dependency range to target Vite 5

There were no breaking change that impacted this plugin, so any combination of React plugins and Vite core version will work.

Align jsx runtime for optimized dependencies

This will only affect people using internal libraries that contains untranspiled JSX. This change aligns the optimizer with the source code and avoid issues when the published source don't have React in the scope.

Reminder: While being partially supported in Vite, publishing TS & JSX outside of internal libraries is highly discouraged.

plugin-react-swc@4.2.0

Add @vitejs/plugin-react-swc/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react-swc/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Use SWC when useAtYourOwnRisk_mutateSwcOptions is provided (#951)

Previously, this plugin did not use SWC if plugins were not provided even if useAtYourOwnRisk_mutateSwcOptions was provided. This is now fixed.

plugin-react@4.1.1

  • Enable retainLines to get correct line numbers for jsxDev (fix #235)

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react-swc's changelog.

4.2.2 (2025-11-12)

Update code to support newer rolldown-vite (#978)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

4.2.1 (2025-11-05)

Fix @vitejs/plugin-react-swc/preamble on build (#962)

4.2.0 (2025-10-24)

Add @vitejs/plugin-react-swc/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react-swc/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Use SWC when useAtYourOwnRisk_mutateSwcOptions is provided (#951)

Previously, this plugin did not use SWC if plugins were not provided even if useAtYourOwnRisk_mutateSwcOptions was provided. This is now fixed.

4.1.0 (2025-09-17)

Set SWC cacheRoot options

This is set to {viteCacheDir}/swc and override the default of .swc.

Perf: simplify refresh wrapper generation (#835)

4.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

4.0.0 (2025-08-07)

4.0.0-beta.0 (2025-07-28)

Require Node 20.19+, 22.12+

This plugin now requires Node 20.19+ or 22.12+.

Commits
  • 5e600a3 release: plugin-react-swc@4.2.2
  • bcc7db0 chore: add changelog for #976 and #978
  • 17fdcc8 fix(react-swc,react-oxc): use rolldownOptions instead of deprecated rollupOpt...
  • fc76c72 chore(deps): update dependency @​types/node to v24 (#970)
  • 41cb823 fix(deps): update all non-major dependencies (#968)
  • 51160f3 release: plugin-react-swc@4.2.1
  • 0f5c8b4 chore(react-swc): add changelog (#963)
  • 897a3be fix(react-swc): fix @vitejs/plugin-react-swc/preamble on build (#962)
  • 9cabe27 fix(deps): update all non-major dependencies (#960)
  • b5f471f chore(deps): update swc monorepo (#954)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitejs/plugin-react-swc since your current version.


Updates axios from 1.13.2 to 1.13.4

Release notes

Sourced from axios's releases.

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

  • fix: issues with version 1.13.3 (#7352) (ee90dfc)
    • Fixed issues discovered in v1.13.3 release
    • Cleaned up interceptor test files
    • Improved workflow configurations

Infrastructure & CI/CD

  • refactor: ci and build (#7340) (8ff6c19)

    • Major refactoring of CI/CD workflows
    • Consolidated workflow files for better maintainability
    • Added mise configuration for the development environment
    • Improved sponsor block update automation
    • Enhanced issue and PR templates
    • Added automatic release notes generation
    • Implemented workflow cancellation for concurrent runs

  • chore: codegen and some updates to workflows (76cf77b)

    • Code generation improvements
    • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

Release v1.13.3

Release notes:

Bug Fixes

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 9336cf9 chore(release): prepare release 1.13.4 (#7353)
  • ee90dfc fix: issues with version 1.13.3 (#7352)
  • af4f6d9 fix: release branch yml
  • 253e3ad fix: all merge configs
  • 8ff6c19 refactor: ci and build (#7340)
  • ab06109 chore(release): v1.13.3 (#7335)
  • 2d6ad5e revert(deps): bump peter-evans/create-pull-request from 7 to 8 in the github-...
  • cb49a6f chore(sponsor): update sponsor block (#7330)
  • d8233d9 fix(types): restore AxiosError.cause type from unknown to Error (#7327)
  • 5945e40 fix(interceptor): handle the error in the same interceptor (#6269)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.


Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

  • Improve documentation (API, context, examples...)
  • Remove additional markdown files from tarball
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.


Updates dotenv from 16.6.1 to 17.2.3

Changelog

Sourced from dotenv's changelog.

17.2.3 (2025-09-29)

Changed

  • Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

  • 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

  • Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

  • Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
  • Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})
# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"
// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)
$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

  • Add additional security and configuration tips to the runtime log (#884)
  • Dim the tips text from the main injection information text

... (truncated)

Commits

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0

... (truncated)

Commits

Updates framer-motion from 12.23.26 to 12.29.2

Changelog

Sourced from framer-motion's changelog.

[12.29.2] 2026-01-26

Fixed

  • Updates to layout animations.

[12.29.1] 2026-01-22

Fixed

  • useAnimate: Now respects reduced motion settings set via MotionConfig.

[12.29.0] 2026-01-22

Added

  • transformViewBoxPoint: Scale drag gestures within <svg> elements where viewBox and rendered width/height are mismatched.
  • trackContentSize: New scroll and useScroll option for tracking changes to content size.

Fixed

  • Add React 19 test suite to CI.
  • Fix types with motion.create().
  • Shared element animations now respect layoutDependency.

[12.28.2] 2026-01-22

Added

  • Add default value type px for fontSize.

Fixed

  • Removed default value type from radius.
  • Ensure LazyMotion animates initial state even when state has changed before Motion is loaded.

[12.28.1] 2026-01-21

Fixed

  • Ensure scale: "0%" isn't treated as default value.

[12.28.0] 2026-01-20

Added

  • useFollowValue and followValue: useSpring-style motion values that can accept any transition.

Fixed...

Description has been truncated

@dependabot
chore(deps): bump the production-dependencies group with 13 updates
da61a1a 
Bumps the production-dependencies group with 13 updates:

| Package | From | To |
| --- | --- | --- |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.89.0` | `2.93.3` |
| [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react-swc) | `3.11.0` | `4.2.2` |
| [axios](https://github.com/axios/axios) | `1.13.2` | `1.13.4` |
| [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.6.1` | `17.2.3` |
| [express](https://github.com/expressjs/express) | `4.22.1` | `5.2.1` |
| [framer-motion](https://github.com/motiondivision/motion) | `12.23.26` | `12.29.2` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.344.0` | `0.563.0` |
| [openai](https://github.com/openai/openai-node) | `4.104.0` | `6.17.0` |
| [react-markdown](https://github.com/remarkjs/react-markdown) | `9.1.0` | `10.1.0` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.11.0` | `7.13.0` |
| [react-syntax-highlighter](https://github.com/react-syntax-highlighter/react-syntax-highlighter) | `15.6.6` | `16.1.0` |
| [resend](https://github.com/resend/resend-node) | `4.8.0` | `6.9.1` |


Updates `@supabase/supabase-js` from 2.89.0 to 2.93.3
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.93.3/packages/core/supabase-js)

Updates `@vitejs/plugin-react-swc` from 3.11.0 to 4.2.2
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react-swc@4.2.2/packages/plugin-react-swc)

Updates `axios` from 1.13.2 to 1.13.4
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.2...v1.13.4)

Updates `cors` from 2.8.5 to 2.8.6
- [Release notes](https://github.com/expressjs/cors/releases)
- [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md)
- [Commits](expressjs/cors@v2.8.5...v2.8.6)

Updates `dotenv` from 16.6.1 to 17.2.3
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.2.3)

Updates `express` from 4.22.1 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v4.22.1...v5.2.1)

Updates `framer-motion` from 12.23.26 to 12.29.2
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](motiondivision/motion@v12.23.26...v12.29.2)

Updates `lucide-react` from 0.344.0 to 0.563.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.563.0/packages/lucide-react)

Updates `openai` from 4.104.0 to 6.17.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](openai/openai-node@v4.104.0...v6.17.0)

Updates `react-markdown` from 9.1.0 to 10.1.0
- [Release notes](https://github.com/remarkjs/react-markdown/releases)
- [Changelog](https://github.com/remarkjs/react-markdown/blob/main/changelog.md)
- [Commits](remarkjs/react-markdown@9.1.0...10.1.0)

Updates `react-router-dom` from 7.11.0 to 7.13.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.13.0/packages/react-router-dom)

Updates `react-syntax-highlighter` from 15.6.6 to 16.1.0
- [Release notes](https://github.com/react-syntax-highlighter/react-syntax-highlighter/releases)
- [Changelog](https://github.com/react-syntax-highlighter/react-syntax-highlighter/blob/master/CHANGELOG.MD)
- [Commits](react-syntax-highlighter/react-syntax-highlighter@v15.6.6...v16.1.0)

Updates `resend` from 4.8.0 to 6.9.1
- [Release notes](https://github.com/resend/resend-node/releases)
- [Commits](resend/resend-node@v4.8.0...v6.9.1)

---
updated-dependencies:
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.93.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@vitejs/plugin-react-swc"
  dependency-version: 4.2.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: axios
  dependency-version: 1.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: cors
  dependency-version: 2.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: dotenv
  dependency-version: 17.2.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: framer-motion
  dependency-version: 12.29.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: lucide-react
  dependency-version: 0.563.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: openai
  dependency-version: 6.17.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: react-markdown
  dependency-version: 10.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: react-router-dom
  dependency-version: 7.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: react-syntax-highlighter
  dependency-version: 16.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: resend
  dependency-version: 6.9.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the major Breaking change - bumps major version label Jan 30, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 30, 2026

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@socket-security
Copy link

socket-security bot commented Jan 30, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedreact-router-dom@​7.11.0 ⏵ 7.13.01001006598100
Updatedreact-markdown@​9.1.0 ⏵ 10.1.099100100 +186100
Updatedreact-syntax-highlighter@​15.6.6 ⏵ 16.1.092 +3100100 +187100
Updatedcors@​2.8.5 ⏵ 2.8.691 -910010088100
Updateddotenv@​16.6.1 ⏵ 17.2.399 -110010088100
Updatedexpress@​4.22.1 ⏵ 5.2.198 +110010091100
Updated@​vitejs/​plugin-react-swc@​3.11.0 ⏵ 4.2.2100 +110010091 +2100
Updatedlucide-react@​0.344.0 ⏵ 0.563.010010097 -394 -1100
Updatedaxios@​1.13.2 ⏵ 1.13.497 -110010096100
Updatedframer-motion@​12.23.26 ⏵ 12.29.297 +2100100100100
Updatedopenai@​4.104.0 ⏵ 6.17.097 -1100100 +1100100
Updatedresend@​4.8.0 ⏵ 6.9.199100100100 +1100
Updated@​supabase/​supabase-js@​2.89.0 ⏵ 2.93.3100 +1100100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

major Breaking change - bumps major version

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants