⬆️(deps): Bump the security-updates group across 1 directory with 8 updates

[dependabot]

Bumps the security-updates group with 8 updates in the / directory:

Package	From	To
@contentful/rich-text-html-renderer	17.1.5	17.1.6
@contentful/rich-text-types	17.2.4	17.2.5
@radix-ui/react-slot	1.2.3	1.2.4
@sentry/nextjs	9.46.0	10.32.1
contentful	11.8.9	11.10.1
lucide-react	0.522.0	0.562.0
shadcn	2.10.0	3.6.2
tailwind-merge	3.3.1	3.4.0

Updates @contentful/rich-text-html-renderer from 17.1.5 to 17.1.6

Release notes

Sourced from @​contentful/rich-text-html-renderer's releases.

@​contentful/rich-text-html-renderer@​17.1.6

17.1.6 (2025-11-04)

Note: Version bump only for package @​contentful/rich-text-html-renderer

Commits

• 72d8f4e chore(release): updated release notes and package versions [ci skip]
• 747a853 chore: bump jest and @​types/jest (#888)
• b2f2ffe chore: bump @​swc/core from 1.13.5 to 1.14.0 (#970)
• 8d6a651 chore: bump @​rollup/plugin-commonjs from 28.0.9 to 29.0.0 (#967)
• a765fe5 chore: bump rimraf from 6.0.1 to 6.1.0 (#969)
• 0de75db chore: bump @​types/node from 24.8.1 to 24.9.2 (#971)
• 961606c chore: bump @​lingui/core from 5.5.1 to 5.5.2 (#968)
• 5f2384e chore: bump contentful-management from 11.60.4 to 11.61.0 (#964)
• de6bc6c chore: bump @​rollup/plugin-commonjs from 28.0.8 to 28.0.9 (#966)
• c540fd3 chore: bump @​faker-js/faker from 10.0.0 to 10.1.0 (#965)
• Additional commits viewable in compare view

Updates @contentful/rich-text-types from 17.2.4 to 17.2.5

Release notes

Sourced from @​contentful/rich-text-types's releases.

@​contentful/rich-text-types@​17.2.5

17.2.5 (2025-11-04)

Note: Version bump only for package @​contentful/rich-text-types

Commits

• 72d8f4e chore(release): updated release notes and package versions [ci skip]
• 747a853 chore: bump jest and @​types/jest (#888)
• b2f2ffe chore: bump @​swc/core from 1.13.5 to 1.14.0 (#970)
• 8d6a651 chore: bump @​rollup/plugin-commonjs from 28.0.9 to 29.0.0 (#967)
• a765fe5 chore: bump rimraf from 6.0.1 to 6.1.0 (#969)
• 0de75db chore: bump @​types/node from 24.8.1 to 24.9.2 (#971)
• 961606c chore: bump @​lingui/core from 5.5.1 to 5.5.2 (#968)
• 5f2384e chore: bump contentful-management from 11.60.4 to 11.61.0 (#964)
• de6bc6c chore: bump @​rollup/plugin-commonjs from 28.0.8 to 28.0.9 (#966)
• c540fd3 chore: bump @​faker-js/faker from 10.0.0 to 10.1.0 (#965)
• Additional commits viewable in compare view

Updates @radix-ui/react-slot from 1.2.3 to 1.2.4

Commits

• See full diff in compare view

Updates @sentry/nextjs from 9.46.0 to 10.32.1

Release notes

Sourced from @​sentry/nextjs's releases.

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

Bundle size 📦

Path	Size
@​sentry/browser	24.24 KB
@​sentry/browser - with treeshaking flags	22.77 KB
@​sentry/browser (incl. Tracing)	40.62 KB
@​sentry/browser (incl. Tracing, Profiling)	45.12 KB
@​sentry/browser (incl. Tracing, Replay)	78.3 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	68.28 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	82.88 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	94.83 KB
@​sentry/browser (incl. Feedback)	40.57 KB
@​sentry/browser (incl. sendFeedback)	28.82 KB
@​sentry/browser (incl. FeedbackAsync)	33.7 KB
@​sentry/react	25.92 KB
@​sentry/react (incl. Tracing)	42.77 KB
@​sentry/vue	28.6 KB
@​sentry/vue (incl. Tracing)	42.39 KB
@​sentry/svelte	24.25 KB
CDN Bundle	26.62 KB
CDN Bundle (incl. Tracing)	41.25 KB
CDN Bundle (incl. Tracing, Replay)	77.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	82.44 KB
CDN Bundle - uncompressed	78.18 KB
CDN Bundle (incl. Tracing) - uncompressed	122.47 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	236.27 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	248.74 KB
@​sentry/nextjs (client)	44.94 KB
@​sentry/sveltekit (client)	40.98 KB
@​sentry/node-core	50.4 KB
@​sentry/node	157.73 KB
@​sentry/node - without tracing	90.87 KB
@​sentry/aws-serverless	106.02 KB

10.32.0

Important Changes

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

10.32.0

Important Changes

• feat(core): Apply scope attributes to logs (#18184)

  You can now set attributes on the SDK's scopes which will be applied to all logs as long as the respective scopes are active. For the time being, only string, number and boolean attribute values are supported.

  Sentry.geGlobalScope().setAttributes({ is_admin: true, auth_provider: 'google' });
  Sentry.withScope(scope => {
  scope.setAttribute('step', 'authentication');
  // scope attributes is_admin, auth_provider and step are added
  Sentry.logger.info(user ${user.id} logged in, { activeSince: 100 });
  Sentry.logger.info(updated ${user.id} last activity);
  });
  // scope attributes is_admin and auth_provider are added
  Sentry.logger.warn('stale website version, reloading page');

• feat(replay): Add Request body with attachRawBodyFromRequest option (#18501)

  To attach the raw request body (from Request objects passed as the first fetch argument) to replay events, you can now use the attachRawBodyFromRequest option in the Replay integration:

  Sentry.init({
    integrations: [
      Sentry.replayIntegration({
        attachRawBodyFromRequest: true,
      }),
    ],
  });

... (truncated)

Commits

• 528ade2 release: 10.32.1
• 25f695d Merge pull request #18578 from getsentry/prepare-release/10.32.1
• a981a3d meta(changelog): Update changelog for 10.32.1
• 0d8547c fix(vercelai): Fix input token count (#18574)
• 71384a2 chore(lint): prefer 'unknown' to 'any', fix lint warnings
• d1dd308 chore(test): Remove cloudflare-astro e2e test (#18567)
• 12f3007 fix(ember): Make implementation field optional (hash routes) (#18564)
• 3fda84d fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• a538901 Merge pull request #18563 from getsentry/master
• 063c4dc Merge pull request #18562 from getsentry/ab/skip-ci-when-no-code-changes
• Additional commits viewable in compare view

Updates contentful from 11.8.9 to 11.10.1

Release notes

Sourced from contentful's releases.

v11.10.1

11.10.1 (2025-12-12)

Bug Fixes

• update tslibs version (#2622) [DX-599] (07ace88)

v11.10.0

11.10.0 (2025-12-10)

Features

• cursor based pagination for assets and entries [CAPI-2342] (#2588) (dc5a751)

v11.9.0

11.9.0 (2025-11-17)

Features

• timeline: move Timeline Preview out of alpha (#2605) (eec3979)

v11.9.0-testing-oidc-trusted-publishing.1

11.9.0-testing-oidc-trusted-publishing.1 (2025-11-05)

Features

• trusted publishing: initial commit to add release github action to support OIDC trusted publish (f9b4976)

v11.8.13

11.8.13 (2025-11-14)

Bug Fixes

• ci: release browser integration tests (#2604) (9afb8c7)
• ci: release github action needs correct github token permissions (#2600) (f8d1bbd)
• ci: semantic-release (#2591) (1e1a5c7)

Reverts

• Revert "build(deps-dev): bump the dev-dependencies group across 1 directory with 9 updates (#2587)" (#2596) (9e98404)

v11.8.12

11.8.12 (2025-11-11)

... (truncated)

Commits

• 07ace88 fix: update tslibs version (#2622) [DX-599]
• 247b2d2 chore: add tslib dependency (#2620)
• 64070d6 chore: fix ci trigger for pushes to master (#2618)
• dc5a751 feat: cursor based pagination for assets and entries [CAPI-2342] (#2588)
• cab4280 chore(ci): trigger gha workflows on pull request [] (#2616)
• 1a378a4 chore: update CI workflow branch pattern and PR template [] (#2614)
• 475958e chore: update scripts to not use npm lifecycle commands [DX-589] (#2615)
• 618a3d2 chore: add cooldown to npm dependabot configuration (#2610)
• b42eff3 chore: [] ignore npm scripts (#2609)
• 2704cec chore(readme): remove circleCI status from readme (#2606)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for contentful since your current version.

Updates lucide-react from 0.522.0 to 0.562.0

Release notes

Sourced from lucide-react's releases.

Version 0.562.0

What's Changed

• fix(icons): changed paint-bucket icon by @​jguddas in lucide-icons/lucide#3880
• fix(site): Fix and unify color-picker font-size by @​taimar in lucide-icons/lucide#3889
• fix(react-native-web): only add className prop to parent Icon component by @​jguddas in lucide-icons/lucide#3892
• fix(lucide-react-native): remove icons namespace export to enable tree-shaking by @​jtomaszewski in lucide-icons/lucide#3868
• feat(icons): added toolbox icon by @​karsa-mistmere in lucide-icons/lucide#3871

New Contributors

• @​taimar made their first contribution in lucide-icons/lucide#3889
• @​jtomaszewski made their first contribution in lucide-icons/lucide#3868

Full Changelog: lucide-icons/lucide@0.561.0...0.562.0

Version 0.561.0

What's Changed

• fix(site): Small adjustments color picker and add clear button search bar by @​ericfennis in lucide-icons/lucide#3851
• feat(icons): added stone icon by @​Alportan in lucide-icons/lucide#3850

Full Changelog: lucide-icons/lucide@0.560.0...0.561.0

Version 0.560.0

What's Changed

• feat(icons): added cannabis-off icon by @​NickVeles in lucide-icons/lucide#3748

New Contributors

• @​NickVeles made their first contribution in lucide-icons/lucide#3748

Full Changelog: lucide-icons/lucide@0.559.0...0.560.0

Version 0.559.0

What's Changed

• feat(icons): added fishing-hook icon by @​7ender in lucide-icons/lucide#3837

New Contributors

• @​7ender made their first contribution in lucide-icons/lucide#3837

Full Changelog: lucide-icons/lucide@0.558.0...0.559.0

Version 0.558.0

What's Changed

• feat(icons): added hd icon by @​jamiemlaw in lucide-icons/lucide#2958

Full Changelog: lucide-icons/lucide@0.557.0...0.558.0

Version 0.557.0

What's Changed

• fix(github/workflows/ci): fixes linting issues by @​karsa-mistmere in lucide-icons/lucide#3858

... (truncated)

Commits

• 076e0bb chore(dependencies): Update dependencies (#3809)
• 80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
• 1cfb3ff chore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)
• e71198d chore: icon alias improvements (#2861)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lucide-react since your current version.

Updates shadcn from 2.10.0 to 3.6.2

Release notes

Sourced from shadcn's releases.

shadcn@3.6.2

Patch Changes

• #9126 df67e49aac8c87da59a4257164f55ef0f53b55de Thanks @​shadcn! - add create command to readme

• #9044 137b1c12b7bde1318c8781680b41ae449e40df8f Thanks @​mezotv! - add phosphor icons

shadcn@3.6.1

3.6.1

Patch Changes

• #9054 d3156c09ae1df2321c0505db6b2e637374e320f7 Thanks @​shadcn! - fix resolver for url

shadcn@3.6.0

3.6.0

Minor Changes

• #9022 86d9b00084affa7010e6c7c7bd410ec62525caac Thanks @​shadcn! - add registry:base item type

• #9022 86d9b00084affa7010e6c7c7bd410ec62525caac Thanks @​shadcn! - add npx shadcn create

shadcn@3.5.2

Patch Changes

• #8997 6699158a22e376a6abc91693843a64cdb0b496da Thanks @​shadcn! - fix handling of base styles for add command

• #8993 142cd8ef13a0ff691a94bbd73dba9d7a62428ffa Thanks @​pasqualevitiello! - Prevent duplicate keyframes when adding components

shadcn@3.5.1

Patch Changes

• #8900 d0fb73ac0e4e7f6d02768586c5232bbc6b33a3c3 Thanks @​shadcn! - do not install base style when adding themes

• #7557 ad6a3c63678bb31dbfb94536ee1d4aa4f06a8b8d Thanks @​remorses! - Fix utils import transform when workspace alias does not start with @

• #8901 62218c1c0c79195bda49a36817a13392cae7b4f2 Thanks @​shadcn! - update color value detection for cssVars

shadcn@3.5.0

Minor Changes

• #8555 d7e0dc3ec81676d47351e8f7134639e0dd0c3e3c Thanks @​shadcn! - rename middleware to proxy for Next.js 16

• #8550 6bddba986d75da35e18343dbb6254fed4537b7d7 Thanks @​shadcn! - add Next.js 16 support for init command

shadcn@3.4.2

Patch Changes

• #8478 b52ec12f1e22cf89270bf3d931f5b7544e4b80b4 Thanks @​shadcn! - fix regression with universal item detection

... (truncated)

Changelog

Sourced from shadcn's changelog.

3.6.2

Patch Changes

• #9126 df67e49aac8c87da59a4257164f55ef0f53b55de Thanks @​shadcn! - add create command to readme

• #9044 137b1c12b7bde1318c8781680b41ae449e40df8f Thanks @​mezotv! - add phosphor icons

3.6.1

Patch Changes

• #9054 d3156c09ae1df2321c0505db6b2e637374e320f7 Thanks @​shadcn! - fix resolver for url

3.6.0

Minor Changes

• #9022 86d9b00084affa7010e6c7c7bd410ec62525caac Thanks @​shadcn! - add registry:base item type

• #9022 86d9b00084affa7010e6c7c7bd410ec62525caac Thanks @​shadcn! - add npx shadcn create

3.5.2

Patch Changes

• #8997 6699158a22e376a6abc91693843a64cdb0b496da Thanks @​shadcn! - fix handling of base styles for add command

• #8993 142cd8ef13a0ff691a94bbd73dba9d7a62428ffa Thanks @​pasqualevitiello! - Prevent duplicate keyframes when adding components

3.5.1

Patch Changes

• #8900 d0fb73ac0e4e7f6d02768586c5232bbc6b33a3c3 Thanks @​shadcn! - do not install base style when adding themes

• #7557 ad6a3c63678bb31dbfb94536ee1d4aa4f06a8b8d Thanks @​remorses! - Fix utils import transform when workspace alias does not start with @

• #8901 62218c1c0c79195bda49a36817a13392cae7b4f2 Thanks @​shadcn! - update color value detection for cssVars

3.5.0

Minor Changes

• #8555 d7e0dc3ec81676d47351e8f7134639e0dd0c3e3c Thanks @​shadcn! - rename middleware to proxy for Next.js 16

• #8550 6bddba986d75da35e18343dbb6254fed4537b7d7 Thanks @​shadcn! - add Next.js 16 support for init command

3.4.2

... (truncated)

Commits

• f0d147d chore(release): version packages (#9125)
• df67e49 chore: add create command to readme (#9126)
• 137b1c1 feat(ui): add support for phosphor icons (#9044)
• 075b6ae chore(release): version packages (#9057)
• d3156c0 fix(shadcn): resolver for url (#9054)
• ef90a97 chore(release): version packages (#9023)
• 86d9b00 chore: update deps (#9022)
• 32a972f Fix React Server Components CVE vulnerabilities (#9016)
• d28e02b chore(release): version packages (#8998)
• 6699158 fix: handling of base style for add command (#8997)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for shadcn since your current version.

Updates tailwind-merge from 3.3.1 to 3.4.0

Release notes

Sourced from tailwind-merge's releases.

v3.4.0

New Features

• Performance optimizations which make tailwind-merge >10% faster
  • Vibe optimization by @​quantizor in dcastil/tailwind-merge#547
  • Additional optimizations by @​quantizor in dcastil/tailwind-merge#619

Documentation

• Improve docs by clarifying things, adding more examples by @​dcastil in dcastil/tailwind-merge#618
• Make examples more realistic by @​dcastil in dcastil/tailwind-merge#617
• Add custom variant as an alternative to docs by @​kidonng in dcastil/tailwind-merge#592

Other

• Improve benchmarking suite by @​quantizor in dcastil/tailwind-merge#620

Full Changelog: dcastil/tailwind-merge@v3.3.1...v3.4.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov and a private sponsor for sponsoring tailwind-merge! ❤️

Commits

• 3e1256a v3.4.0
• e15f392 add changelog for v3.4.0
• 75e9aef Merge pull request #619 from quantizor/further-improvements
• 1bafc9c Make benchmark test names consistent
• 0799c12 revert: remove array-based string building optimization
• 1927858 test: add ultra long class list benchmark
• 87baba3 Remove unnecessary pre-computed conflict maps
• 7831c8e perf: pre-compute conflict arrays at initialization
• 1a3d133 perf: replace localeCompare with direct string comparison
• 0270028 perf: use index-based recursion to avoid array allocations
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tailwind-merge since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions