deps(deps): bump the minor-and-patch group across 1 directory with 17 updates by dependabot[bot] · Pull Request #62 · profullstack/media-streamer

dependabot · 2026-04-13T17:30:44Z

Bumps the minor-and-patch group with 17 updates in the / directory:

Package	From	To
@supabase/supabase-js	`2.99.2`	`2.103.0`
framer-motion	`12.37.0`	`12.38.0`
hls.js	`1.6.15`	`1.6.16`
ioredis	`5.10.0`	`5.10.1`
isomorphic-dompurify	`3.3.0`	`3.8.0`
next	`16.1.6`	`16.2.3`
node-datachannel	`0.32.1`	`0.32.2`
openai	`6.29.0`	`6.34.0`
puppeteer	`24.39.1`	`24.40.0`
react	`19.2.4`	`19.2.5`
react-dom	`19.2.4`	`19.2.5`
resend	`6.9.3`	`6.11.0`
sax	`1.5.0`	`1.6.0`
@types/node	`25.5.0`	`25.6.0`
dotenv	`17.3.1`	`17.4.2`
eslint-config-next	`16.1.6`	`16.2.3`
postcss	`8.5.8`	`8.5.9`

Updates @supabase/supabase-js from 2.99.2 to 2.103.0

Release notes

Sourced from @supabase/supabase-js's releases.

v2.103.0

2.103.0 (2026-04-09)

🚀 Features

postgrest: add stripNulls method for null value stripping (#2189)

storage: add cacheNonce parameter for download (#2234)

🩹 Fixes

postgrest: fix scalar computed column type inference for isNotNullable and SETOF scalar (#2224)

❤️ Thank You

Katerina Skroumpelou @mandarini

Seydi Charyyev @TheSeydiCharyyev

Vaibhav @7ttp

v2.103.0-canary.2

2.103.0-canary.2 (2026-04-09)

🚀 Features

postgrest: add stripNulls method for null value stripping (#2189)

storage: add cacheNonce parameter for download (#2234)

supabase: export PostgrestFilterBuilder and StorageApiError from supabase-js (#2222)

🩹 Fixes

auth: downgrade console.error to console.warn for missing session (#2214)

functions: add toJSON to FunctionsError for correct JSON serialization (#2226)

postgrest: fix scalar computed column type inference for isNotNullable and SETOF scalar (#2224)

storage: set correct content-type for uploads (#2211)

storage: avoid duplicate content-type headers in vector requests (#2220)

❤️ Thank You

Katerina Skroumpelou @mandarini

oniani1

Seydi Charyyev @TheSeydiCharyyev

Vaibhav @7ttp

v2.103.0-canary.1

2.103.0-canary.1 (2026-04-09)

🚀 Features

storage: add cacheNonce parameter for download (#2234)

supabase: export PostgrestFilterBuilder and StorageApiError from supabase-js (#2222)

... (truncated)

Changelog

Sourced from @supabase/supabase-js's changelog.

2.103.0 (2026-04-09)

This was a version bump only for @supabase/supabase-js to align it with other projects, there were no code changes.

2.102.1 (2026-04-07)

This was a version bump only for @supabase/supabase-js to align it with other projects, there were no code changes.

2.102.0 (2026-04-07)

🚀 Features

supabase: export PostgrestFilterBuilder and StorageApiError from supabase-js (#2222)

postgrest: add automatic retries for transient errors (#2072)

❤️ Thank You

Guilherme Souza

Katerina Skroumpelou @mandarini

2.101.1 (2026-03-31)

This was a version bump only for @supabase/supabase-js to align it with other projects, there were no code changes.

2.101.0 (2026-03-30)

This was a version bump only for @supabase/supabase-js to align it with other projects, there were no code changes.

2.100.1 (2026-03-26)

🩹 Fixes

postgrest: narrow tstyche testFileMatch to only type test files (#2193)

❤️ Thank You

Katerina Skroumpelou @mandarini

2.100.0 (2026-03-23)

This was a version bump only for @supabase/supabase-js to align it with other projects, there were no code changes.

Commits

16dd265 chore(release): version 2.102.1 changelogs (#2233)
0c1e6db chore(release): version 2.102.0 changelogs (#2232)
5a6a5be feat(supabase): export PostgrestFilterBuilder and StorageApiError from supaba...
ea3e086 feat(postgrest): add automatic retries for transient errors (#2072)
ddae672 ci(repo): fix flaky tests (#2210)
647cee8 fix(ci): add --ignore-scripts to platform test installs to block post install...
ea30c93 chore(release): version 2.101.1 changelogs (#2208)
79d1a08 chore(release): version 2.101.0 changelogs (#2203)
5053334 chore(release): version 2.100.1 changelogs (#2196)
cd6335e docs(repo): enrich docs comment for remaining packages (#2165)
Additional commits viewable in compare view

Updates framer-motion from 12.37.0 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

Reorder: Fix axis switching after window resize.

Reorder: Fix with virtualised lists.

AnimatePresence: Ensure children are removed when exit animation matches current values.

Commits

0bfc9fe v12.38.0
343cb0c Updating layoutAnchor
ee99ad2 Updating changelog
062660b Updating changgelog
303da7d Updating readme
b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
a95c487 Fix auto-scroll in reorder-virtualized test page
Additional commits viewable in compare view

Updates hls.js from 1.6.15 to 1.6.16

Commits

7e19f21 Cherry-pick changes from #7799
1596a02 Limit buffering while paused outside live sliding window (#7788)
7c9e8f7 Fix Interstitials live start with short sliding window (N3 or less / no seek ...
b001910 Increase minimum Windows test version for saucelabs
See full diff in compare view

Updates ioredis from 5.10.0 to 5.10.1

Release notes

Sourced from ioredis's releases.

v5.10.1

5.10.1 (2026-03-19)

Bug Fixes

cluster: lazily start sharded subscribers (#2090) (4f167bb)

Changelog

Sourced from ioredis's changelog.

5.10.1 (2026-03-19)

Bug Fixes

cluster: lazily start sharded subscribers (#2090) (4f167bb)

Commits

9e26f8b chore(release): 5.10.1 [skip ci]
4f167bb fix(cluster): lazily start sharded subscribers (#2090)
See full diff in compare view

Updates isomorphic-dompurify from 3.3.0 to 3.8.0

Release notes

Sourced from isomorphic-dompurify's releases.

3.8.0: Updated dependencies

Dependency updates:

bump jsdom from 29.0.1 to 29.0.2

bump @biomejs/biome from 2.4.8 to 2.4.10

bump vitest from 4.1.1 to 4.1.3

bump lefthook from 2.1.4 to 2.1.5

3.7.1

Bug Fix

Fixed missing browser type declarations — browser.d.ts and browser.d.mts were not included in the 3.7.0 published package due to a race condition in the build process. This caused TS7016: Could not find a declaration file for module 'isomorphic-dompurify' errors in tsgo and TypeScript 6 when resolving through the default (browser) exports condition. (#411)

Thanks to @asterikx and @ElPrudi for their help with the issue.

3.7.0: TypeScript 6 compatibility

TypeScript 6 compatibility fixes:

Add explicit type annotation for sanitize to satisfy TS6

Silence baseUrl deprecation warning from tsup dts build in TS6

Dependency updates:

bump typescript from 5.9.3 to 6.0.2

bump vitest from 4.1.0 to 4.1.1

3.6.0: Updated dependencies

Dependency updates:

bump jsdom from 29.0.0 to 29.0.1

bump @types/jsdom from 28.0.0 to 28.0.1

bump @biomejs/biome from 2.4.7 to 2.4.8

3.5.1

Fix outdated build artifacts published in 3.5.0.

3.5.0: Add factory function support

What's new

Features

The default export is now callable as a factory function, matching the dompurify API — DOMPurify(window) now returns a new DOMPurify instance bound to the given window (#405)

Bug fixes

Fixed isEqualNode returning false when comparing RETURN_DOM + FORCE_BODY output against nodes from a separate JSDOM context (#405)

Thanks to @probablykasper for helping with this release.

3.4.0: jsdom update, performance improvement and node 22 requirement update

What's Changed

Upgraded jsdom from 28 to 29, which fixes performance degradation in long-running processes; note that heap memory still grows over time without calling clearWindow()

Bumped minimum Node.js 22 requirement from 22.12.0 to 22.13.0 (LTS)

Added format script (biome format --write) and pre-commit hook

Updated dev dependencies (biome, vitest)

Commits

40c0ced chore(release): bump version to 3.8.0 and update dep ranges
1493745 chore(deps): bump jsdom from 29.0.1 to 29.0.2
772dbc8 chore(deps-dev): bump vitest from 4.1.2 to 4.1.3
5c426c9 chore(deps-dev): bump lefthook from 2.1.4 to 2.1.5
9532ef7 chore(deps-dev): bump @biomejs/biome from 2.4.9 to 2.4.10
eff4ba9 chore(deps-dev): bump vitest from 4.1.1 to 4.1.2
62e619d chore(deps-dev): bump @biomejs/biome from 2.4.8 to 2.4.9
11315f4 chore: Bumped project version.
97770c7 fix: prevent race condition dropping browser type declarations
8a06c60 chore: Incremented project version.
Additional commits viewable in compare view

Updates next from 16.1.6 to 16.2.3

Release notes

Sourced from next's releases.

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)

Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)

Deduplicate output assets and detect content conflicts on emit (#92292)

Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)

turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @icyJoseph, @sokra, @wbinnssmith, @eps1lon and @ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

backport: Move expanded adapters docs to API reference (#92115) (#92129)

Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)

[create-next-app] Skip interactive prompts when CLI flags are provided (#91840)

next.config.js: Accept an option for serverFastRefresh (#91968)

Turbopack: enable server HMR for app route handlers (#91466)

Turbopack: exclude metadata routes from server HMR (#92034)

Fix CI for glibc linux builds

Backport: disable bmi2 in qfilter #92177

[backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @nextjs-bot, @icyJoseph, @ijjk, @gaojude, @wbinnssmith, @lukesandberg, and @bgw for helping!

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

docs: post release amends (#91715)

docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)

Fix adapter outputs for dynamic metadata routes (#91680)

Turbopack: fix webpack loader runner layer (#91727)

Fix server actions in standalone mode with cacheComponents (#91711)

turbo-persistence: remove Unmergeable mmap advice (#91713)

Fix layout segment optimization: move app-page imports to server-utility transition (#91701)

Turbopack: lazy require metadata and handle TLA (#91705)

[turbopack] Respect {eval:true} in worker_threads constructors (#91666)

... (truncated)

Commits

d5f649b v16.2.3
2873928 [16.x] Avoid consuming cyclic models multiple times (#75)
d7c7765 [backport]: Ensure app-page reports stale ISR revalidation errors via onReque...
c573e8c fix(server-hmr): metadata routes overwrite page runtime HMR handler (#92273)
57b8f65 next-core: deduplicate output assets and detect content conflicts on emit (#9...
f158df1 Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
356d605 turbo-tasks-backend: stability fixes for task cancellation and error handling...
3b77a6e Fix DashMap read-write self-deadlock in task_cache causing hangs (#92210)
b2f208a Backport: new view-transitions guide, update and fixes (#92264)
52faae3 v16.2.2
Additional commits viewable in compare view

Updates node-datachannel from 0.32.1 to 0.32.2

Release notes

Sourced from node-datachannel's releases.

v0.32.2

What's Changed

feat: add callback to initLogger by @valainisgt in murat-dogan/node-datachannel#407

chore: bump libdatachannel to v0.24.2 by @mertushka in murat-dogan/node-datachannel#414

New Contributors

@valainisgt made their first contribution in murat-dogan/node-datachannel#407

Full Changelog: murat-dogan/node-datachannel@v0.32.1...v0.32.2

Commits

0fd224d v0.32.2
6d8d9dc Merge pull request #414 from mertushka/patch-1
14e6cc5 chore: bump libdatachannel to v0.24.2
be063f9 Merge pull request #407 from valainisgt/logger-callback
579e489 feat: add callback to initLogger
31721af #398 Add rebuild command
7a85259 try intel
bce6ac1 macos-14 is default arm64
d63fd1d Since macos-14 is amr64, we need to revert that
See full diff in compare view

Updates openai from 6.29.0 to 6.34.0

Release notes

Sourced from openai's releases.

v6.34.0

6.34.0 (2026-04-08)

Full Changelog: v6.33.0...v6.34.0

Features

api: add phase field to Message in conversations (eb7cbc1)

client: add support for short-lived tokens (#839) (a72ebcf)

Bug Fixes

api: remove web_search_call.results from ResponseIncludable in responses (1f6968e)

Chores

internal: codegen related update (1081460)

internal: update multipart form array serialization (3faee8d)

tests: bump steady to v0.20.1 (b73cc6b)

Documentation

api: add multi-file ingestion recommendations to vector-stores files/file-batches (1bc32a3)

v6.33.0

6.33.0 (2026-03-25)

Full Changelog: v6.32.0...v6.33.0

Features

api: add keys field to computer action types (27a850e)

client: add async iterator and stream() to WebSocket classes (e1c16ee)

Bug Fixes

api: align SDK response types with expanded item schemas (491cd52)

types: make type required in ResponseInputMessageItem (2012293)

Chores

ci: skip lint on metadata-only changes (74a917f)

internal: refactor imports (cfe9c60)

internal: update gitignore (71bd114)

tests: bump steady to v0.19.4 (f2e9dea)

... (truncated)

Changelog

Sourced from openai's changelog.

6.34.0 (2026-04-08)

Full Changelog: v6.33.0...v6.34.0

Features

api: add phase field to Message in conversations (eb7cbc1)

client: add support for short-lived tokens (#839) (a72ebcf)

Bug Fixes

api: remove web_search_call.results from ResponseIncludable in responses (1f6968e)

Chores

internal: codegen related update (1081460)

internal: update multipart form array serialization (3faee8d)

tests: bump steady to v0.20.1 (b73cc6b)

Documentation

api: add multi-file ingestion recommendations to vector-stores files/file-batches (1bc32a3)

6.33.0 (2026-03-25)

Full Changelog: v6.32.0...v6.33.0

Features

api: add keys field to computer action types (27a850e)

client: add async iterator and stream() to WebSocket classes (e1c16ee)

Bug Fixes

api: align SDK response types with expanded item schemas (491cd52)

types: make type required in ResponseInputMessageItem (2012293)

Chores

ci: skip lint on metadata-only changes (74a917f)

internal: refactor imports (cfe9c60)

internal: update gitignore (71bd114)

tests: bump steady to v0.19.4 (f2e9dea)

tests: bump steady to v0.19.5 (37c6cf4)

tests: bump steady to v0.19.6 (496b3af)

... (truncated)

Commits

35feb53 Merge pull request #1797 from openai/release-please--branches--master--change...
398e589 release: 6.34.0
a72ebcf feat(client): add support for short-lived tokens (#839)
b73cc6b chore(tests): bump steady to v0.20.1
eb7cbc1 feat(api): add phase field to Message in conversations
1f6968e fix(api): remove web_search_call.results from ResponseIncludable in responses
1081460 chore(internal): codegen related update
1bc32a3 docs(api): add multi-file ingestion recommendations to vector-stores files/fi...
3faee8d chore(internal): update multipart form array serialization
be64904 Merge pull request #1798 from openai/codex/pin-github-workflow-refs-20260326-...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openai since your current version.

Updates puppeteer from 24.39.1 to 24.40.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.40.0

24.40.0 (2026-03-19)

🎉 Features

support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756) (2a8276e)

🛠️ Fixes

roll to Chrome 146.0.7680.153 (#14787) (443e87f)

roll to Chrome 146.0.7680.80 (#14778) (14685a0)

puppeteer: v24.40.0

24.40.0 (2026-03-19)

♻️ Chores

puppeteer: Synchronize puppeteer versions

Dependencies

The following workspace dependencies were updated

dependencies

puppeteer-core bumped from 24.39.1 to 24.40.0

Changelog

Sourced from puppeteer's changelog.

24.40.0 (2026-03-19)

♻️ Chores

puppeteer: Synchronize puppeteer versions

Dependencies

The following workspace dependencies were updated

dependencies

puppeteer-core bumped from 24.39.1 to 24.40.0

🎉 Features

support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756) (2a8276e)

🛠️ Fixes

roll to Chrome 146.0.7680.153 (#14787) (443e87f)

roll to Chrome 146.0.7680.80 (#14778) (14685a0)

Commits

2f17622 chore: release main (#14783)
443e87f fix: roll to Chrome 146.0.7680.153 (#14787)
2a8276e feat: support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756)
14685a0 fix: roll to Chrome 146.0.7680.80 (#14778)
7a8b8e6 chore(deps): bump the all group with 2 updates (#14780)
See full diff in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

Commits

23f4f9f 19.2.5
See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

Commits

23f4f9f 19.2.5
See full diff in compare view

Updates resend from 6.9.3 to 6.11.0

Release notes

Sourced from resend's releases.

v6.11.0

What's Changed

chore(ci): migrate from BuildJet to Blacksmith runners by @lucasfcosta in resend/resend-node#907

chore(deps): update dependency vitest to v4.1.3 by @renovate[bot] in resend/resend-node#894

chore(deps): update dependency @types/node to v24.12.2 by @renovate[bot] in resend/resend-node#906

fix(deps): update dependency svix to v1.90.0 by @renovate[bot] in resend/resend-node#892

chore(deps): update dependency @biomejs/biome to v2.4.10 by @renovate[bot] in resend/resend-node#885

fix(deps): update dependency next to v16.2.2 by @renovate[bot] in resend/resend-node#893

chore(deps): update dependency typescript to v6 by @renovate[bot] in resend/resend-node#895

chore(deps): update pnpm to v10.33.0 by @renovate[bot] in resend/resend-node#896

fix(deps): update dependency esbuild to v0.28.0 by @renovate[bot] in resend/resend-node#909

chore(deps): update dependency dotenv to v17.4.1 by @renovate[bot] in resend/resend-node#908

chore(deps): update dependency vitest to v4.1.4 by @renovate[bot] in resend/resend-node#913

fix(deps): update react monorepo to v19.2.5 by @renovate[bot] in resend/resend-node#912

fix(deps): update dependency next to v16.2.3 [security] by @renovate[bot] in resend/resend-node#922

feat: add automations and events by @felipefreitag in resend/resend-node#866

chore: bump version by @isabellaaquino in resend/resend-node#925

fix: case conventions by @isabellaaquino in resend/resend-node#926

chore: bump to 6.11.0 for release by @lucasfcosta in resend/resend-node#928

Full Changelog: resend/resend-node@v6.10.0...v6.11.0

v6.10.0

What's Changed

fix(deps): update dependency next to v16.1.7 [security] by @renovate[bot] in resend/resend-node#884

chore(deps): update dependency pkg-pr-new to v0.0.66 by @renovate[bot] in resend/resend-node#880

chore(deps): update dependency vitest to v4.1.0 by @renovate[bot] in resend/resend-node#876

fix(deps): update dependency postal-mime to v2.7.4 by @renovate[bot] in resend/resend-node#886

fix(deps): update dependency esbuild to v0.27.4 by @renovate[bot] in resend/resend-node#875

fix(deps): update dependency next to v16.2.0 by @renovate[bot] in resend/resend-node#882

chore(deps): update pnpm to v10.32.1 by @renovate[bot] in resend/resend-node#871

chore(deps): update dependency tsdown to v0.21.4 by @renovate[bot] in resend/resend-node#872

chore(deps): update tj-actions/changed-files digest to 445b0eb by @renovate[bot] in resend/resend-node#870

fix(deps): update dependency svix to v1.88.0 by @renovate[bot] in resend/resend-node#873

feat(ci): split script and workflow for e2e test by @gabrielmfern in resend/resend-node#887

chore(deps): update dependency @types/node to v24.12.0 by @renovate[bot] in resend/resend-node#869

chore(ci): pin GitHub Actions workflows to commit SHAs by @gabrielmfern in resend/resend-node#889

feat: support logs endpoints by @felipefreitag in resend/resend-node#899

chore: bump 6.10.0 by @felipefreitag in resend/resend-node#900

New Contributors

@felipefreitag made their first contribution in resend/resend-node#899

Full Changelog: resend/resend-node@v6.9.4...v6.10.0

v6.9.4

What's Changed

chore(deps): update dependency tsdown to v0.21.0 by @renovate[bot] in resend/resend-node#868

chore(deps): update pnpm to v10.30.3 by @renovate[bot] in resend/resend-node#846

... (truncated)

Commits

48b793f chore: bump to 6.11.0 for release (#928)
eb2fafe fix: case conventions (#926)
37eb802 chore: bump version (#925)
86d807d feat: add automations and events (#866)
fad2c05 fix(deps): update dependency next to v16.2.3 [security] (#922)
03f80b6 fix(deps): update react monorepo to v19.2.5 (#912)
0330009 chore(deps): update dependency vitest to v4.1.4 (#913)
8a7f093 chore(deps): update dependency dotenv to v17.4.1 (#908)
e38d069 fix(deps): update dependency esbuild to v0.28.0 (#909)
2defc3c chore(deps): update pnpm to v10.33.0 (#896)
Additional commits viewable in compare view

Updates sax from 1.5.0 to 1.6.0

Commits

be26f54 1.6.0
888182e feat: Add UTF-16 stream decoding and strict XML encoding validation
10108ee fix pkg
See full diff in compare view

Updates @types/node from 25.5.0 to 25.6.0

Commits

See full diff in compare view

Updates dotenv from 17.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

f116f70 17.4.2
3a81612 fix visual order of faq
13f55a8 Merge branch 'skill'
4bbbf73 reorganize faq
c3da64b Merge pull request #1009 from motdotla/skill
6f743b1 update source
fc2c624 update skill
972315b Tighten up skill
2795fce reorganize faq
d5495d4 adjust skill
Additional commits viewable in compare view

Updates eslint-config-next from 16.1.6 to 16.2.3

Release notes

Sourced from eslint-config-next's releases.

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)

Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)

Deduplicate output assets and detect content conflicts on emit (

… updates Bumps the minor-and-patch group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.99.2` | `2.103.0` | | [framer-motion](https://github.com/motiondivision/motion) | `12.37.0` | `12.38.0` | | [hls.js](https://github.com/video-dev/hls.js) | `1.6.15` | `1.6.16` | | [ioredis](https://github.com/luin/ioredis) | `5.10.0` | `5.10.1` | | [isomorphic-dompurify](https://github.com/kkomelin/isomorphic-dompurify) | `3.3.0` | `3.8.0` | | [next](https://github.com/vercel/next.js) | `16.1.6` | `16.2.3` | | [node-datachannel](https://github.com/murat-dogan/node-datachannel) | `0.32.1` | `0.32.2` | | [openai](https://github.com/openai/openai-node) | `6.29.0` | `6.34.0` | | [puppeteer](https://github.com/puppeteer/puppeteer) | `24.39.1` | `24.40.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.5` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.5` | | [resend](https://github.com/resend/resend-node) | `6.9.3` | `6.11.0` | | [sax](https://github.com/isaacs/sax-js) | `1.5.0` | `1.6.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.0` | `25.6.0` | | [dotenv](https://github.com/motdotla/dotenv) | `17.3.1` | `17.4.2` | | [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.1.6` | `16.2.3` | | [postcss](https://github.com/postcss/postcss) | `8.5.8` | `8.5.9` | Updates `@supabase/supabase-js` from 2.99.2 to 2.103.0 - [Release notes](https://github.com/supabase/supabase-js/releases) - [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md) - [Commits](https://github.com/supabase/supabase-js/commits/v2.103.0/packages/core/supabase-js) Updates `framer-motion` from 12.37.0 to 12.38.0 - [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md) - [Commits](motiondivision/motion@v12.37.0...v12.38.0) Updates `hls.js` from 1.6.15 to 1.6.16 - [Release notes](https://github.com/video-dev/hls.js/releases) - [Changelog](https://github.com/video-dev/hls.js/blob/master/docs/release-process.md) - [Commits](video-dev/hls.js@v1.6.15...v1.6.16) Updates `ioredis` from 5.10.0 to 5.10.1 - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md) - [Commits](redis/ioredis@v5.10.0...v5.10.1) Updates `isomorphic-dompurify` from 3.3.0 to 3.8.0 - [Release notes](https://github.com/kkomelin/isomorphic-dompurify/releases) - [Commits](kkomelin/isomorphic-dompurify@3.3.0...3.8.0) Updates `next` from 16.1.6 to 16.2.3 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.1.6...v16.2.3) Updates `node-datachannel` from 0.32.1 to 0.32.2 - [Release notes](https://github.com/murat-dogan/node-datachannel/releases) - [Commits](murat-dogan/node-datachannel@v0.32.1...v0.32.2) Updates `openai` from 6.29.0 to 6.34.0 - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md) - [Commits](openai/openai-node@v6.29.0...v6.34.0) Updates `puppeteer` from 24.39.1 to 24.40.0 - [Release notes](https://github.com/puppeteer/puppeteer/releases) - [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md) - [Commits](puppeteer/puppeteer@puppeteer-v24.39.1...puppeteer-v24.40.0) Updates `react` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react) Updates `react-dom` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom) Updates `resend` from 6.9.3 to 6.11.0 - [Release notes](https://github.com/resend/resend-node/releases) - [Commits](resend/resend-node@v6.9.3...v6.11.0) Updates `sax` from 1.5.0 to 1.6.0 - [Commits](isaacs/sax-js@v1.5.0...v1.6.0) Updates `@types/node` from 25.5.0 to 25.6.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `dotenv` from 17.3.1 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.3.1...v17.4.2) Updates `eslint-config-next` from 16.1.6 to 16.2.3 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/commits/v16.2.3/packages/eslint-config-next) Updates `postcss` from 8.5.8 to 8.5.9 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.8...8.5.9) --- updated-dependencies: - dependency-name: "@supabase/supabase-js" dependency-version: 2.103.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: framer-motion dependency-version: 12.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: hls.js dependency-version: 1.6.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: ioredis dependency-version: 5.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: isomorphic-dompurify dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: next dependency-version: 16.2.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: node-datachannel dependency-version: 0.32.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: openai dependency-version: 6.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: puppeteer dependency-version: 24.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: react dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: react-dom dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: resend dependency-version: 6.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: sax dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: eslint-config-next dependency-version: 16.2.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: postcss dependency-version: 8.5.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-13T17:30:45Z

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

socket-security · 2026-04-13T17:32:15Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality	Maintenance
next@16.1.6 ⏵ 16.2.3		⁺²²	⁺¹
eslint-config-next@16.1.6 ⏵ 16.2.3
openai@6.29.0 ⏵ 6.34.0	⁺¹		⁺¹
@supabase/supabase-js@2.99.2 ⏵ 2.103.0	⁺¹
@types/node@25.5.0 ⏵ 25.6.0
postcss@8.5.8 ⏵ 8.5.9	⁺¹
node-datachannel@0.32.1 ⏵ 0.32.2
react@19.2.4 ⏵ 19.2.5
sax@1.5.0 ⏵ 1.6.0	⁺¹		⁺¹
hls.js@1.6.15 ⏵ 1.6.16	⁺¹
puppeteer@24.39.1 ⏵ 24.40.0
ioredis@5.10.0 ⏵ 5.10.1	⁺¹		⁺¹
react-dom@19.2.4 ⏵ 19.2.5
isomorphic-dompurify@3.3.0 ⏵ 3.8.0
dotenv@17.3.1 ⏵ 17.4.2
hono@4.12.12
framer-motion@12.37.0 ⏵ 12.38.0	⁺¹		⁺¹	^-1
resend@6.9.3 ⏵ 6.11.0	⁺²			⁺¹

View full report

socket-security · 2026-04-13T17:32:17Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Low adoption: npm `node-exports-info` Location: Package overview From: pnpm-lock.yaml → `npm/eslint-config-next@16.2.3` → `npm/node-exports-info@1.6.0` ℹ Read more on: This package \| This alert \| What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/node-exports-info@1.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump the minor-and-patch group across 1 directory with 17 updates#62

deps(deps): bump the minor-and-patch group across 1 directory with 17 updates#62
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/minor-and-patch-5434ff58d0

dependabot bot commented on behalf of github Apr 13, 2026

Uh oh!

dependabot bot commented on behalf of github Apr 13, 2026

Uh oh!

socket-security bot commented Apr 13, 2026

Uh oh!

socket-security bot commented Apr 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 13, 2026

v2.103.0

2.103.0 (2026-04-09)

🚀 Features

🩹 Fixes

❤️ Thank You

v2.103.0-canary.2

2.103.0-canary.2 (2026-04-09)

🚀 Features

🩹 Fixes

❤️ Thank You

v2.103.0-canary.1

2.103.0-canary.1 (2026-04-09)

🚀 Features

2.103.0 (2026-04-09)

2.102.1 (2026-04-07)

2.102.0 (2026-04-07)

🚀 Features

❤️ Thank You

2.101.1 (2026-03-31)

2.101.0 (2026-03-30)

2.100.1 (2026-03-26)

🩹 Fixes

❤️ Thank You

2.100.0 (2026-03-23)

[12.38.0] 2026-03-16

Added

Fixed

v5.10.1

5.10.1 (2026-03-19)

Bug Fixes

5.10.1 (2026-03-19)

Bug Fixes

3.8.0: Updated dependencies

3.7.1

Bug Fix

3.7.0: TypeScript 6 compatibility

3.6.0: Updated dependencies

3.5.1

3.5.0: Add factory function support

What's new

Features

Bug fixes

3.4.0: jsdom update, performance improvement and node 22 requirement update

What's Changed

v16.2.3

Core Changes

Credits

v16.2.2

Core Changes

Credits

v16.2.1

Core Changes

v0.32.2

What's Changed

New Contributors

v6.34.0

6.34.0 (2026-04-08)

Features

Bug Fixes

Chores

Documentation

v6.33.0

6.33.0 (2026-03-25)

Features

Bug Fixes

Chores

6.34.0 (2026-04-08)

Features

Bug Fixes

Chores

Documentation

6.33.0 (2026-03-25)

Features

Bug Fixes

Chores

puppeteer-core: v24.40.0

24.40.0 (2026-03-19)

🎉 Features