Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 22 updates#63

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-51789d0166
Open

chore(deps): bump the production-dependencies group across 1 directory with 22 updates#63
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-51789d0166

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 22 updates in the / directory:

Package From To
@aws-sdk/client-pricing 3.1053.0 3.1068.0
better-auth 1.6.11 1.6.18
hono 4.12.23 4.12.25
ioredis 5.11.0 5.11.1
@radix-ui/react-avatar 1.1.11 1.1.12
@radix-ui/react-dialog 1.1.15 1.1.16
@radix-ui/react-dropdown-menu 2.1.16 2.1.17
@radix-ui/react-label 2.1.8 2.1.9
@radix-ui/react-scroll-area 1.2.10 1.2.11
@radix-ui/react-select 2.2.6 2.3.0
@radix-ui/react-separator 1.1.8 1.1.9
@radix-ui/react-slot 1.2.4 1.2.5
@radix-ui/react-tabs 1.1.13 1.1.14
@radix-ui/react-toast 1.2.15 1.2.16
@radix-ui/react-tooltip 1.2.8 1.2.9
@tanstack/react-query 5.100.14 5.101.0
@tanstack/react-router 1.170.8 1.170.15
lucide-react 1.16.0 1.18.0
react 19.2.6 19.2.7
react-dom 19.2.6 19.2.7
vscode-languageserver-protocol 3.17.5 3.18.0
zustand 5.0.13 5.0.14

Updates @aws-sdk/client-pricing from 3.1053.0 to 3.1068.0

Release notes

Sourced from @​aws-sdk/client-pricing's releases.

v3.1068.0

3.1068.0(2026-06-12)

Documentation Changes
  • client-iam: Updating documentation for select service-specific credential APIs (f572228a)
New Features
  • clients: update client endpoints as of 2026-06-12 (3f89d039)
  • client-acm: Certificate transparency logging opt-out is no longer available. Per compliance requirements, all public ACM certificates are automatically recorded in certificate transparency logs. The CertificateTransparencyLoggingPreference option is deprecated. (ca60b0f9)
  • client-eks: Patches missing enum values for EKS updates (c2df34dc)
  • client-sagemaker-runtime: Added support for inline request payloads to the InvokeEndpointAsync operation to allow users to provide the inference payload directly in the request Body (up to 128,000 bytes) as an alternative to uploading the payload to Amazon S3 and passing InputLocation. (c4e229dd)
  • client-glue: Adds support for retrieving Apache Iceberg table metadata via GetTable. Use the new AttributesToGet parameter with LATEST ICEBERG METADATA to receive schema, partition specs, sort orders, and table properties in the response. (f45445f9)
  • client-firehose: Update KeyARN in DeliveryStreamEncryptionConfigurationInput to accept KMS key ARNs only (not alias ARNs), matching service behavior. (80837cd3)
  • client-bedrock-agentcore: Added tagging and CMK support across optimization, an explanation field in recommendation output, and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (1c06496f)
  • client-devops-agent: Adds support for Trigger CRUD APIs (CreateTrigger, GetTrigger, UpdateTrigger, DeleteTrigger, ListTriggers) for managing schedule-based automation triggers in DevOps Agent agent spaces. (7139cf1e)
  • client-bedrock-agentcore-control: Added tagging and CMK support for optimizations and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (571ac1e7)

For list of updated packages, view updated-packages.md in assets-3.1068.0.zip

v3.1067.0

3.1067.0(2026-06-11)

Documentation Changes
  • suggest UndiciHttpHandler as an alternative request handler (#8092) (bd18a9f0)
New Features
  • client-eks: Introduce new CreateCluster parameters for Amazon EKS local clusters on AWS Outposts. Added etcdInstanceType for configuring the EC2 instance type for dedicated etcd instances, and spreadLevel for configuring the placement group spread level for Kubernetes control plane and etcd instances. (383363d5)
  • client-omics: Adds support for workflowName in the ListRuns API response. (fa2f4604)
  • client-neptune: Amazon Neptune now supports IPv6 dual-stack networking. You can create and manage Neptune DB clusters accessible over both IPv4 and IPv6 by specifying NetworkType as DUAL in CreateDBCluster, ModifyDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime API operations (ae089f94)
  • client-bedrock-agentcore: Adds support to perform cross account data plane actions on an AgentCore Memory resource (8d92e480)
  • client-healthlake: Adds the UpdateFHIRDatastore API and adds analytics, NLP, and profile configuration support to CreateFHIRDatastore and DescribeFHIRDatastore. (c74ab005)
  • client-bedrock-agentcore-control: Supports deterministic metadata for AgentCore Memory (af7a995a)
  • client-support: Adding new BDD representation of endpoint ruleset (cd9dac21)

For list of updated packages, view updated-packages.md in assets-3.1067.0.zip

v3.1066.0

3.1066.0(2026-06-10)

New Features

... (truncated)

Changelog

Sourced from @​aws-sdk/client-pricing's changelog.

3.1068.0 (2026-06-12)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1067.0 (2026-06-11)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1066.0 (2026-06-10)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1062.0 (2026-06-04)

... (truncated)

Commits

Updates better-auth from 1.6.11 to 1.6.18

Release notes

Sourced from better-auth's releases.

v1.6.18

better-auth

Bug Fixes

  • Fixed getCookieCache to return null for expired sessions instead of treating stale signed cookies as live sessions.
  • Fixed the delete-account confirmation link to prevent duplicate account deletions from concurrent callback requests.
  • Fixed one-time tokens from being redeemable multiple times under concurrent requests.
  • Fixed password reset tokens from changing a password more than once under concurrent requests.
  • Fixed Reddit sign-in to assign a non-routable placeholder address (<id>@reddit.invalid) to users with no email, preventing accidental matches with real mailboxes.
  • Fixed Sign-In with Ethereum nonces from being accepted multiple times under concurrent sign-in requests.
  • Added internalAdapter.reserveVerificationValue to atomically record single-use markers, ensuring only one concurrent caller succeeds for replay-protected operations.
  • Added the incrementOne adapter method and SecondaryStorage.increment for atomic counter updates, enabling strict rate-limit and usage-counter enforcement under concurrent load.
  • Fixed expired two-factor challenges from completing login and prevented duplicate session creation from concurrent verifications.
  • Fixed captcha verification to time out after 10 seconds, preventing slow or unreachable captcha providers from hanging requests indefinitely.
  • Fixed /delete-user/callback to reject account deletion when the session has been revoked server-side (cookie-only session deployments are unaffected).
  • Fixed rate limiting to prevent concurrent requests from slipping past configured limits, with a new optional consume method for custom storage backends to opt into strict enforcement.
  • Fixed team deletion to preserve pending invitations by removing only the deleted team's reference rather than invalidating the invitations entirely.
  • Fixed expected authentication validation failures to log as warnings instead of errors.
  • Fixed MCP bearer token validation to reject expired access tokens and require the offline_access scope for refresh token usage.
  • Fixed plugin API inference in composite monorepo setups where the core package resolved through multiple paths (#9583)
  • Fixed OpenAPI generation to accurately serialize Zod request schemas, including optional, nullable, intersected, and record-shaped types (#9315)
  • Fixed a memory leak where the JWKS cache could grow on every access token verification.
  • Fixed Google One Tap to require a configured client ID (set via the oneTap plugin or socialProviders.google) and reject tokens issued for other applications.
  • Fixed device-authorization token polling to prevent the same approved device code from being redeemed multiple times under concurrent polls.
  • Fixed account cookie preservation when switching users in the same browser session.
  • Fixed email OTP sign-in to prevent concurrent requests from signing in multiple times or exceeding the attempt limit.
  • Fixed phone-number OTP sign-in to prevent concurrent requests from signing in multiple times or exceeding the attempt limit.
  • Fixed two-factor OTP sign-in to prevent concurrent requests from signing in multiple times or exceeding the attempt limit.
  • Fixed the Have I Been Pwned plugin to check breached passwords on additional endpoints, including email-OTP and phone-number reset-password routes and admin password-setting routes.
  • Fixed the multi-session set-active and revoke endpoints to only act on sessions the caller holds a signed cookie for, preventing unauthorized session manipulation.
  • Fixed the OIDC /oauth2/endsession endpoint to reject cross-site logout requests that carry only a session cookie without a valid id_token_hint.
  • Fixed WeChat sign-in to work without an email address by assigning a stable placeholder email, with mapProfileToUser available to supply a real one.

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

  • Fixed SAML assertion replay protection to hold under concurrent requests, preventing a duplicate submission from being accepted more than once.
  • Fixed organization admins and owners to verify domain ownership for SSO providers their organization owns, not just the member who originally registered the provider.
  • Fixed trustEmailVerified to treat only a boolean true or the string "true" as a verified email, rejecting the string "false" as unverified.

For detailed changes, see CHANGELOG

@better-auth/memory-adapter

Bug Fixes

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.18

Patch Changes

  • #9315 9ef7240 Thanks @​GautamBytes! - fix OpenAPI requestBody generation for intersected and default-wrapped body schemas

  • #9583 b21a5f7 Thanks @​GautamBytes! - Fix plugin-provided client methods and additional session fields not being inferred in composite monorepos.

  • Updated dependencies [b21a5f7]:

    • @​better-auth/core@​1.6.18
    • @​better-auth/drizzle-adapter@​1.6.18
    • @​better-auth/kysely-adapter@​1.6.18
    • @​better-auth/memory-adapter@​1.6.18
    • @​better-auth/mongo-adapter@​1.6.18
    • @​better-auth/prisma-adapter@​1.6.18
    • @​better-auth/telemetry@​1.6.18

1.6.17

Patch Changes

  • #9993 baeaa00 Thanks @​gustavovalverde! - When a team had a single open slot, accepting an invitation into it was wrongly rejected as over the member limit and left a dangling membership record. Two invitations accepted into a nearly-full team at the same time could also push it past its limit. Both are fixed.

  • #9482 3e99e6c Thanks @​bytaesu! - admin.setUserPassword now creates a credential account when the target user does not have one, matching the behavior of resetPassword. Previously the call returned status: true without doing anything for users without an existing credential account (e.g., social-only or magic-link signups), so admins migrating users from another auth system or assigning an initial password to a social-only user can now do so directly without poking the account table.

  • 96c78c3 Thanks @​GautamBytes! - Downgrade expected auth validation failures from error logs to warnings.

  • #9993 baeaa00 Thanks @​gustavovalverde! - Captcha provider verification requests now time out after 10 seconds and fail closed, so a slow or unreachable captcha provider can no longer tie up a request indefinitely.

  • #9993 baeaa00 Thanks @​gustavovalverde! - A delete-account confirmation link can no longer delete the account more than once when its callback is opened concurrently.

  • #9991 0c3856f Thanks @​gustavovalverde! - Completing account deletion through /delete-user/callback now fails when the session has been revoked server-side, instead of proceeding within the cookie-cache window. Deployments that keep sessions only in the cookie are unaffected.

  • #9993 baeaa00 Thanks @​gustavovalverde! - Polling for a device-authorization token can no longer redeem the same approved device code more than once when several polls arrive together.

  • #9993 baeaa00 Thanks @​gustavovalverde! - Submitting the same email OTP from several requests at once can no longer sign in more than once or gain extra tries beyond the attempt limit.

  • #10002 ed7b6c9 Thanks @​gustavovalverde! - Adding a member to a team that is already at its maximumMembersPerTeam limit is now rejected on every path. addMember with a teamId and add-team-member previously skipped the limit that invitation acceptance enforced, so they could push a team over its cap. A rejected addMember no longer creates the organization member.

  • #9677 e0a768c Thanks @​GautamBytes! - Refactor role.authorize control flow while preserving existing authorization behavior.

  • #9987 7343284 Thanks @​bytaesu! - Generic OAuth sign-in works again for providers whose userinfo response has no sub or id field when mapProfileToUser derives the account id. An empty id field now falls back to sub.

  • #9991 0c3856f Thanks @​gustavovalverde! - getCookieCache now returns null for an expired session instead of the stale session data. Middleware that calls it to gate access no longer treats an expired signed cookie as a live session.

  • #9993 baeaa00 Thanks @​gustavovalverde! - The Have I Been Pwned plugin now checks submitted passwords against the breach database on more password-setting endpoints by default, including the email-OTP and phone-number reset-password routes and the admin create-user and set-user-password routes. A breached password can no longer be set through those routes when the plugin is enabled with its default paths.

  • #9987 7343284 Thanks @​bytaesu! - Preserve the fresh account cookie issued while switching users in the same browser instead of expiring it from stale request cookie state.

  • #9991 0c3856f Thanks @​gustavovalverde! - Expired MCP access tokens are no longer accepted. A protected MCP resource now rejects a bearer token once it has expired, both on the server and through the remote client. A refresh token is accepted only when the original authorization included the offline_access scope.

... (truncated)

Commits
  • 04debbf chore: release v1.6.18 (#10026)
  • 9ef7240 fix(open-api): serialize zod request schemas accurately (#9315)
  • b21a5f7 fix(client): preserve plugin inference in composite monorepos (#9583)
  • 0d8b238 chore: release v1.6.17 (#9984)
  • eff3c99 test(next-js): verify nextCookies forwards all set-cookie headers (#10013)
  • e0a768c refactor(access): flatten access plugin role authorization logic (#9677)
  • 3310ebc fix(open-api): mark model ids as required (#9704)
  • 59e0ccb fix(client): updateSession should infer session additional fields (#9777)
  • 96c78c3 fix(logger): downgrade validation logs level to warn
  • 5c289b5 fix(account): resolve stateless account cookies across instances (#9979)
  • Additional commits viewable in compare view

Updates hono from 4.12.23 to 4.12.25

Release notes

Sourced from hono's releases.

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

Affects: hono/aws-lambda. Fixes multiple Set-Cookie response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf

Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Affects: hono/lambda-edge. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as X-Forwarded-For reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p

v4.12.24

What's Changed

Full Changelog: honojs/hono@v4.12.23...v4.12.24

Commits

Updates ioredis from 5.11.0 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)
Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)
Commits
  • fb224a7 chore(release): 5.11.1 [skip ci]
  • 131ee24 fix: parse protocol-relative Redis URLs as TCP connections (#2125)
  • c84b2ee fix(cluster): reconnect to nodes that restart without slot changes (#2096)
  • See full diff in compare view

Updates @radix-ui/react-avatar from 1.1.11 to 1.1.12

Changelog

Sourced from @​radix-ui/react-avatar's changelog.

1.1.12

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-is-hydrated@0.1.1, @radix-ui/react-use-layout-effect@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-avatar since your current version.


Updates @radix-ui/react-dialog from 1.1.15 to 1.1.16

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.16

  • Fixed disabled pointer events in closed dialogs
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dialog since your current version.


Updates @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.17

Changelog

Sourced from @​radix-ui/react-dropdown-menu's changelog.

2.1.17

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-menu@2.1.17, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dropdown-menu since your current version.


Updates @radix-ui/react-label from 2.1.8 to 2.1.9

Changelog

Sourced from @​radix-ui/react-label's changelog.

2.1.9

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-primitive@2.1.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-label since your current version.


Updates @radix-ui/react-scroll-area from 1.2.10 to 1.2.11

Changelog

Sourced from @​radix-ui/react-scroll-area's changelog.

1.2.11

  • Fixed missing data-state attribute for Scroll Area scrollbars
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-layout-effect@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-scroll-area since your current version.


Updates @radix-ui/react-select from 2.2.6 to 2.3.0

Changelog

Sourced from @​radix-ui/react-select's changelog.

2.3.0

  • Added unstable Provider and BubbleInput parts to Select. Select.unstable_Provider sets up Select's context and state without implicitly rendering the hidden native select, and Select.unstable_BubbleInput exposes that previously internal native select so consumers can recompose it explicitly. Select continues to render both by default.
  • Added support for presence-based exit animations in Select
  • Fixed Select hidden input so it submits empty string when no value is selected
  • Fixed placeholder rendering when a controlled Select is reset to an empty value
  • Added missing __selectScope prop to PopperContent component
  • Fixed Select closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Fixed SelectValue logging invalid prop errors when used with both asChild and a placeholder
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-visually-hidden@1.2.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-select since your current version.


Updates @radix-ui/react-separator from 1.1.8 to 1.1.9

Changelog

Sourced from @​radix-ui/react-separator's changelog.

1.1.9

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-primitive@2.1.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-separator since your current version.


Updates @radix-ui/react-slot from 1.2.4 to 1.2.5

Changelog

Sourced from @​radix-ui/react-slot's changelog.

1.2.5

  • Fixed infinite re-render loop in React 19 caused by Slot creating a new ref callback on every render
  • Added support for nested Slottable via a render prop, so a slotted element can be wrapped while still merging Slot props and refs onto it
  • Added repository.directory to all package.json files
  • Improved error messages for invalid slot children
  • Updated dependencies: @radix-ui/react-compose-refs@1.1.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slot since your current version.


Updates @radix-ui/react-tabs from 1.1.13 to 1.1.14

Changelog

Sourced from @​radix-ui/react-tabs's changelog.

1.1.14

  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-roving-focus@1.1.12, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tabs since your current version.


Updates @radix-ui/react-toast from 1.2.15 to 1.2.16

Changelog

Sourced from @​radix-ui/react-toast's changelog.

1.2.16

  • Allow to specify container for ToastAnnounce
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-visually-hidden@1.2.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-toast since your current version.


Updates @radix-ui/react-tooltip from 1.2.8 to 1.2.9

Changelog

Sourced from @​radix-ui/react-tooltip's changelog.

1.2.9

  • Fixed runtime error when event target is non-Node
  • Fixed a Tooltip bug so that skipDelayDuration={0} works as expected. Previously, the open delay could still be skipped when moving between triggers.
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-visually-hidden@1.2.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tooltip since your current version.


Updates @tanstack/react-query from 5.100.14 to 5.101.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.0

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.0

Patch Changes

  • #10857 7cf5923 - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'

  • Updated dependencies []:

    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-persist-client@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.0
    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0
Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0
Commits

Updates @tanstack/react-router from 1.170.8 to 1.170.15

Release notes

Sourced from @​tanstack/react-router's releases.

@​tanstack/react-router@​1.170.15

Patch Changes

  • Updated dependencies [776d8ef]:
    • @​tanstack/router-core@​1.171.13

@​tanstack/react-router@​1.170.14

Patch Changes

  • Updated dependencies [df1076c]:
    • @​tanstack/router-core@​1.171.12
Changelog

Sourced from @​tanstack/react-router's changelog.

1.170.15

Patch Changes

  • Updated dependencies [776d8ef]:
    • @​tanstack/router-core@​1.171.13

1.170.14

Patch Changes

  • Updated dependencies [df1076c]:
    • @​tanstack/router-core@​1.171.12

1.170.13

Patch Changes

  • #7555 ac10815 - Fix search middleware composition so retainSearchParams does not restore search params that a downstream stripSearchParams removed.

  • Updated dependencies [ac10815]:

    • @​tanstack/router-core@​1.171.11

1.170.12

Patch Changes

1.170.11

Patch Changes

  • Updated dependencies [b4cd5af]:
    • @​tanstack/router-core@​1.171.9

1.170.10

Patch Changes

  • #7505 2f53749 - Preserve primitive values thrown from beforeLoad error handling.

  • Updated dependencies [2f53749]:

    • @​tanstack/router-core@​1.171.8

1.170.9

Patch Changes

... (truncated)

Commits

@dependabot
chore(deps): bump the production-dependencies group across 1 director…
2618412 
…y with 22 updates

Bumps the production-dependencies group with 22 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-pricing](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-pricing) | `3.1053.0` | `3.1068.0` |
| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.6.11` | `1.6.18` |
| [hono](https://github.com/honojs/hono) | `4.12.23` | `4.12.25` |
| [ioredis](https://github.com/luin/ioredis) | `5.11.0` | `5.11.1` |
| [@radix-ui/react-avatar](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/avatar) | `1.1.11` | `1.1.12` |
| [@radix-ui/react-dialog](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dialog) | `1.1.15` | `1.1.16` |
| [@radix-ui/react-dropdown-menu](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dropdown-menu) | `2.1.16` | `2.1.17` |
| [@radix-ui/react-label](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/label) | `2.1.8` | `2.1.9` |
| [@radix-ui/react-scroll-area](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/scroll-area) | `1.2.10` | `1.2.11` |
| [@radix-ui/react-select](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/select) | `2.2.6` | `2.3.0` |
| [@radix-ui/react-separator](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/separator) | `1.1.8` | `1.1.9` |
| [@radix-ui/react-slot](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slot) | `1.2.4` | `1.2.5` |
| [@radix-ui/react-tabs](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tabs) | `1.1.13` | `1.1.14` |
| [@radix-ui/react-toast](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/toast) | `1.2.15` | `1.2.16` |
| [@radix-ui/react-tooltip](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tooltip) | `1.2.8` | `1.2.9` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.14` | `5.101.0` |
| [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router) | `1.170.8` | `1.170.15` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.16.0` | `1.18.0` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |
| [vscode-languageserver-protocol](https://github.com/Microsoft/vscode-languageserver-node/tree/HEAD/protocol) | `3.17.5` | `3.18.0` |
| [zustand](https://github.com/pmndrs/zustand) | `5.0.13` | `5.0.14` |



Updates `@aws-sdk/client-pricing` from 3.1053.0 to 3.1068.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-pricing/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1068.0/clients/client-pricing)

Updates `better-auth` from 1.6.11 to 1.6.18
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.6.18/packages/better-auth)

Updates `hono` from 4.12.23 to 4.12.25
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.23...v4.12.25)

Updates `ioredis` from 5.11.0 to 5.11.1
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](redis/ioredis@v5.11.0...v5.11.1)

Updates `@radix-ui/react-avatar` from 1.1.11 to 1.1.12
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/avatar/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/avatar)

Updates `@radix-ui/react-dialog` from 1.1.15 to 1.1.16
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dialog/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dialog)

Updates `@radix-ui/react-dropdown-menu` from 2.1.16 to 2.1.17
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dropdown-menu/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dropdown-menu)

Updates `@radix-ui/react-label` from 2.1.8 to 2.1.9
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/label/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/label)

Updates `@radix-ui/react-scroll-area` from 1.2.10 to 1.2.11
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/scroll-area/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/scroll-area)

Updates `@radix-ui/react-select` from 2.2.6 to 2.3.0
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/select/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/select)

Updates `@radix-ui/react-separator` from 1.1.8 to 1.1.9
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/separator/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/separator)

Updates `@radix-ui/react-slot` from 1.2.4 to 1.2.5
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slot/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slot)

Updates `@radix-ui/react-tabs` from 1.1.13 to 1.1.14
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tabs/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tabs)

Updates `@radix-ui/react-toast` from 1.2.15 to 1.2.16
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/toast/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/toast)

Updates `@radix-ui/react-tooltip` from 1.2.8 to 1.2.9
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tooltip/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tooltip)

Updates `@tanstack/react-query` from 5.100.14 to 5.101.0
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.0/packages/react-query)

Updates `@tanstack/react-router` from 1.170.8 to 1.170.15
- [Release notes](https://github.com/TanStack/router/releases)
- [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router@1.170.15/packages/react-router)

Updates `lucide-react` from 1.16.0 to 1.18.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.18.0/packages/lucide-react)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `vscode-languageserver-protocol` from 3.17.5 to 3.18.0
- [Release notes](https://github.com/Microsoft/vscode-languageserver-node/releases)
- [Commits](https://github.com/Microsoft/vscode-languageserver-node/commits/release/types/3.18.0/protocol)

Updates `zustand` from 5.0.13 to 5.0.14
- [Release notes](https://github.com/pmndrs/zustand/releases)
- [Commits](pmndrs/zustand@v5.0.13...v5.0.14)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-pricing"
  dependency-version: 3.1068.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: better-auth
  dependency-version: 1.6.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: hono
  dependency-version: 4.12.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: ioredis
  dependency-version: 5.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-avatar"
  dependency-version: 1.1.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-dialog"
  dependency-version: 1.1.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-dropdown-menu"
  dependency-version: 2.1.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-label"
  dependency-version: 2.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-scroll-area"
  dependency-version: 1.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-select"
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-separator"
  dependency-version: 1.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-slot"
  dependency-version: 1.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-tabs"
  dependency-version: 1.1.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-toast"
  dependency-version: 1.2.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-tooltip"
  dependency-version: 1.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.101.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@tanstack/react-router"
  dependency-version: 1.170.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: lucide-react
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: vscode-languageserver-protocol
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: zustand
  dependency-version: 5.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@pacphi

pacphi commented Jun 15, 2026

Copy link
Copy Markdown
Owner

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pacphi