Skip to content

chore(deps)(deps): bump the production-minor-and-patch group with 6 updates#26

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-minor-and-patch-3a7dec46f4
Closed

chore(deps)(deps): bump the production-minor-and-patch group with 6 updates#26
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-minor-and-patch-3a7dec46f4

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 20, 2026
edited
Loading

Bumps the production-minor-and-patch group with 6 updates:

Package From To
@supabase/supabase-js 2.105.4 2.106.0
@supabase/ssr 0.5.2 0.10.3
react 19.0.0 19.2.6
react-dom 19.0.0 19.2.6
drizzle-orm 0.36.4 0.45.2
@anthropic-ai/sdk 0.32.1 0.97.1

Updates @supabase/supabase-js from 2.105.4 to 2.106.0

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.0

2.106.0 (2026-05-18)

🚀 Features

  • supabase: W3C/OpenTelemetry trace context propagation (#2163)

🩹 Fixes

  • auth: return null user and session for email_change single-confirmation verifyOtp (#2378)
  • release: mark @​supabase/tracing private and snapshot it for JSR (#2370)
  • storage: make StreamDownloadBuilder implement Promise and memoize executor (#2367)

❤️ Thank You

  • Claude Sonnet 4.5
  • Guilherme Souza
  • Katerina Skroumpelou @​mandarini
  • oniani1

v2.106.0-canary.4

2.106.0-canary.4 (2026-05-15)

This was a version bump only, there were no code changes.

v2.106.0-canary.3

2.106.0-canary.3 (2026-05-15)

This was a version bump only, there were no code changes.

v2.106.0-canary.2

2.106.0-canary.2 (2026-05-14)

This was a version bump only, there were no code changes.

v2.106.0-canary.1

2.106.0-canary.1 (2026-05-13)

🩹 Fixes

  • release: mark @​supabase/tracing private and snapshot it for JSR (#2370)

❤️ Thank You

v2.106.0-canary.0

2.106.0-canary.0 (2026-05-13)

🚀 Features

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.106.0 (2026-05-18)

🚀 Features

  • supabase: W3C/OpenTelemetry trace context propagation (#2163)

🩹 Fixes

  • release: mark @​supabase/tracing private and snapshot it for JSR (#2370)

❤️ Thank You

  • Claude Sonnet 4.5
  • Guilherme Souza
  • Katerina Skroumpelou @​mandarini
Commits

Updates @supabase/ssr from 0.5.2 to 0.10.3

Release notes

Sourced from @​supabase/ssr's releases.

v0.10.3

0.10.3 (2026-05-07)

Bug Fixes

  • allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
  • enable tree-shaking for browser bundles (#216) (f009d71)
  • tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
  • validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

v0.10.3-rc.101

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.100...v0.10.3-rc.101

v0.10.3-rc.100

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.98...v0.10.3-rc.100

v0.10.3-rc.98

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.96...v0.10.3-rc.98

v0.10.3-rc.96

What's Changed

Full Changelog: supabase/ssr@v0.10.2...v0.10.3-rc.96

v0.10.2

0.10.2 (2026-04-09)

... (truncated)

Changelog

Sourced from @​supabase/ssr's changelog.

0.10.3 (2026-05-07)

Bug Fixes

  • allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
  • enable tree-shaking for browser bundles (#216) (f009d71)
  • tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
  • validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

0.10.2 (2026-04-09)

Bug Fixes

0.10.1 (2026-04-08)

Bug Fixes

  • auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)

0.10.0 (2026-03-30)

Features

  • pass cache headers to setAll to prevent CDN caching of auth responses (#176) (14962d2)

0.9.0 (2026-03-02)

Features

  • release workflow RC versioning and publish reliability (#164) (81e68f4)

0.8.1 (2026-03-02)

Bug Fixes

  • update README session docs (#159) (b859905)
  • use skipAutoInitialize to prevent SSR token refresh race condition (#131) (0b7be28)

0.8.0 (2025-11-26)

Features

... (truncated)

Commits
  • 9630b33 chore(main): release 0.10.3 (#212)
  • 89f3f28 fix: allow cookies encode without getAll/setAll on browser client (#213)
  • f009d71 fix: enable tree-shaking for browser bundles (#216)
  • 4fef7d9 chore: update @​supabase/supabase-js to v2.105.3 (#215)
  • 302cc0e fix: validate base64-prefixed chunked cookies decode to valid JSON (#210)
  • 8449015 chore: update @​supabase/supabase-js to v2.105.2 (#214)
  • a77ee8a fix(tsconfig): set explicit rootDir to silence TS6059 in consumer IDEs (#211)
  • 65453df chore: update @​supabase/supabase-js to v2.105.1 (#208)
  • 2ec3349 chore: update @​supabase/supabase-js to v2.105.0 (#206)
  • 0ca0031 chore: update @​supabase/supabase-js to v2.104.1 (#204)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​supabase/ssr since your current version.


Updates react from 19.0.0 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:

... (truncated)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Updates react-dom from 19.0.0 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Updates drizzle-orm from 0.36.4 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

0.45.1

  • Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

  • Fixed pg-native Pool detection in node-postgres transactions
  • Allowed subqueries in select fields
  • Updated typo algorythm => algorithm
  • Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)
  • Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

0.44.7

0.44.6

  • feat: add $replicas reference #4874

0.44.5

  • Fixed invalid usage of .one() in durable-sqlite session
  • Fixed spread operator related crash in sqlite blob columns
  • Better browser support for sqlite blob columns
  • Improved sqlite blob mapping

0.44.4

0.44.3

  • Fixed types of $client for clients created by drizzle function
await db.$client.[...]
  • Added the updated_at column to the neon_auth.users_sync table definition.

0.44.2

  • [BUG]: Fixed type issues with joins with certain variations of tsconfig: #4535, #4457

0.44.1

0.44.0

Error handling

Starting from this version, we’ve introduced a new DrizzleQueryError that wraps all errors from database drivers and provides a set of useful information:

... (truncated)

Commits
  • 273c780 + 0.45.2 (#5534)
  • 4aa6ecf Kit updates (#5490)
  • e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
  • a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
  • c445637 Merge pull request #5095 from drizzle-team/main-workflows
  • e7b3aaa Merge branch 'main' into main-workflows
  • 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
  • 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
  • 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
  • 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for drizzle-orm since your current version.


Updates @anthropic-ai/sdk from 0.32.1 to 0.97.1

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.97.1

0.97.1 (2026-05-19)

Full Changelog: sdk-v0.97.0...sdk-v0.97.1

Bug Fixes

  • runner: skip tool calls SessionToolRunner does not own (9987379)

sdk: v0.97.0

0.97.0 (2026-05-19)

Full Changelog: sdk-v0.96.0...sdk-v0.97.0

Features

  • client: Add support for self-hosted sandboxes in CMA with sandbox helpers (659a343)

Bug Fixes

  • typescript: upgrade tsc-multi so that it works with Node 26 (623f71c)

Chores

  • tests: remove redundant File import (cf821fc)

sdk: v0.96.0

0.96.0 (2026-05-13)

Full Changelog: sdk-v0.95.2...sdk-v0.96.0

Features

  • api: Add BetaManagedAgentsSearchResultBlock types (08f02f3)
  • api: Add support for cache diagnostics beta (eafbd6d)

Bug Fixes

  • zod: ensure only zod/v4 types are used (#992) (9e08bcc)

Chores

sdk: v0.95.2

0.95.2 (2026-05-11)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.97.1 (2026-05-19)

Full Changelog: sdk-v0.97.0...sdk-v0.97.1

Bug Fixes

  • runner: skip tool calls SessionToolRunner does not own (9987379)

0.97.0 (2026-05-19)

Full Changelog: sdk-v0.96.0...sdk-v0.97.0

Features

  • client: Add support for self-hosted sandboxes in CMA with sandbox helpers (659a343)

Bug Fixes

  • typescript: upgrade tsc-multi so that it works with Node 26 (623f71c)

Chores

  • tests: remove redundant File import (cf821fc)

0.96.0 (2026-05-13)

Full Changelog: sdk-v0.95.2...sdk-v0.96.0

Features

  • api: Add BetaManagedAgentsSearchResultBlock types (08f02f3)
  • api: Add support for cache diagnostics beta (eafbd6d)

Bug Fixes

  • zod: ensure only zod/v4 types are used (#992) (9e08bcc)

Chores

0.95.2 (2026-05-11)

Full Changelog: sdk-v0.95.1...sdk-v0.95.2

0.95.1 (2026-05-07)

... (truncated)

Commits
  • ac9ece3 chore: release main
  • 1987147 fix(runner): skip tool calls SessionToolRunner does not own
  • 409ff0e chore: release main (#1052)
  • a53f60d chore: release main
  • d1b8d04 feat(api): Add support for cache diagnostics beta
  • 8e43bf8 chore(api): spec updates
  • 697e4d5 codegen metadata
  • cd5801c feat(api): Add BetaManagedAgentsSearchResultBlock types
  • dce6bc7 ci: pin GitHub Actions to commit SHAs
  • 4eee523 fix(zod): ensure only zod/v4 types are used (#992)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by packy-anthropic, a new releaser for @​anthropic-ai/sdk since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the production-minor-and-patch group with 6 u…
abb5d93 
…pdates

Bumps the production-minor-and-patch group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.105.4` | `2.106.0` |
| [@supabase/ssr](https://github.com/supabase/ssr) | `0.5.2` | `0.10.3` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.0.0` | `19.2.6` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.0.0` | `19.2.6` |
| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.36.4` | `0.45.2` |
| [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.32.1` | `0.97.1` |


Updates `@supabase/supabase-js` from 2.105.4 to 2.106.0
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.106.0/packages/core/supabase-js)

Updates `@supabase/ssr` from 0.5.2 to 0.10.3
- [Release notes](https://github.com/supabase/ssr/releases)
- [Changelog](https://github.com/supabase/ssr/blob/main/CHANGELOG.md)
- [Commits](supabase/ssr@v0.5.2...v0.10.3)

Updates `react` from 19.0.0 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react)

Updates `react-dom` from 19.0.0 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom)

Updates `drizzle-orm` from 0.36.4 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.36.4...0.45.2)

Updates `@anthropic-ai/sdk` from 0.32.1 to 0.97.1
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.32.1...sdk-v0.97.1)

---
updated-dependencies:
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.106.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: "@supabase/ssr"
  dependency-version: 0.10.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: react
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: react-dom
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.97.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 20, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from NewCoder3294 as a code owner May 20, 2026 04:17
@vercel
Copy link
Copy Markdown

vercel Bot commented May 20, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
watchdog Ready Ready Preview, Comment May 20, 2026 4:18am

Request Review

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 21, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 21, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/production-minor-and-patch-3a7dec46f4 branch May 21, 2026 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NewCoder3294 NewCoder3294 Awaiting requested review from NewCoder3294 NewCoder3294 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants