Skip to content

chore(deps)(deps): bump the production-minor-and-patch group across 1 directory with 7 updates#28

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-minor-and-patch-908c0a293b
Open

chore(deps)(deps): bump the production-minor-and-patch group across 1 directory with 7 updates#28
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-minor-and-patch-908c0a293b

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 21, 2026
edited
Loading

Bumps the production-minor-and-patch group with 7 updates in the / directory:

Package From To
@supabase/supabase-js 2.105.4 2.106.2
@supabase/ssr 0.5.2 0.10.3
geist 1.7.0 1.7.1
react 19.0.0 19.2.6
react-dom 19.0.0 19.2.6
drizzle-orm 0.36.4 0.45.2
@anthropic-ai/sdk 0.32.1 0.98.0

Updates @supabase/supabase-js from 2.105.4 to 2.106.2

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.2

2.106.2 (2026-05-25)

🩹 Fixes

  • auth: restore signup user response (#2391)
  • misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

v2.106.2-canary.1

2.106.2-canary.1 (2026-05-22)

This was a version bump only, there were no code changes.

v2.106.2-canary.0

2.106.2-canary.0 (2026-05-22)

🩹 Fixes

  • auth: restore signup user response (#2391)
  • misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

v2.106.2-beta.2

2.106.2-beta.2 (2026-05-22)

This was a version bump only, there were no code changes.

v2.106.2-beta.0

2.106.2-beta.0 (2026-05-21)

This was a version bump only, there were no code changes.

v2.106.1

2.106.1 (2026-05-20)

🩹 Fixes

  • auth: encode client-id in oauth requests (#2383)
  • misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.106.2 (2026-05-25)

🩹 Fixes

  • misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

2.106.1 (2026-05-20)

🩹 Fixes

  • misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

2.106.0 (2026-05-18)

🚀 Features

  • supabase: W3C/OpenTelemetry trace context propagation (#2163)

🩹 Fixes

  • release: mark @​supabase/tracing private and snapshot it for JSR (#2370)

❤️ Thank You

  • Claude Sonnet 4.5
  • Guilherme Souza
  • Katerina Skroumpelou @​mandarini
Commits
  • a5f09cf chore(repo): adopt pnpm catalog and clean up devDeps (#2389)
  • c72cc56 fix(misc): add react-native export condition for Hermes-safe resolution (#2393)
  • a7bdb23 docs(supabase): expand tracePropagation tsdoc with examples (#2388)
  • f4c149c chore(release): version 2.106.1 changelogs (#2384)
  • 3f9628a fix(misc): hide dynamic import from hermesc (#2381)
  • 1761a62 chore(release): version 2.106.0 changelogs (#2379)
  • 1c48755 chore(deps): cleanups and updates (#2371)
  • 9dfba1c chore(repo): migrate to pnpm (#2368)
  • 6731c4a fix(release): mark @​supabase/tracing private and snapshot it for JSR (#2370)
  • 2fe1801 feat(supabase): W3C/OpenTelemetry trace context propagation (#2163)
  • Additional commits viewable in compare view

Updates @supabase/ssr from 0.5.2 to 0.10.3

Release notes

Sourced from @​supabase/ssr's releases.

v0.10.3

0.10.3 (2026-05-07)

Bug Fixes

  • allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
  • enable tree-shaking for browser bundles (#216) (f009d71)
  • tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
  • validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

v0.10.3-rc.101

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.100...v0.10.3-rc.101

v0.10.3-rc.100

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.98...v0.10.3-rc.100

v0.10.3-rc.98

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.96...v0.10.3-rc.98

v0.10.3-rc.96

What's Changed

Full Changelog: supabase/ssr@v0.10.2...v0.10.3-rc.96

v0.10.2

0.10.2 (2026-04-09)

... (truncated)

Changelog

Sourced from @​supabase/ssr's changelog.

0.10.3 (2026-05-07)

Bug Fixes

  • allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
  • enable tree-shaking for browser bundles (#216) (f009d71)
  • tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
  • validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

0.10.2 (2026-04-09)

Bug Fixes

0.10.1 (2026-04-08)

Bug Fixes

  • auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)

0.10.0 (2026-03-30)

Features

  • pass cache headers to setAll to prevent CDN caching of auth responses (#176) (14962d2)

0.9.0 (2026-03-02)

Features

  • release workflow RC versioning and publish reliability (#164) (81e68f4)

0.8.1 (2026-03-02)

Bug Fixes

  • update README session docs (#159) (b859905)
  • use skipAutoInitialize to prevent SSR token refresh race condition (#131) (0b7be28)

0.8.0 (2025-11-26)

Features

... (truncated)

Commits
  • 9630b33 chore(main): release 0.10.3 (#212)
  • 89f3f28 fix: allow cookies encode without getAll/setAll on browser client (#213)
  • f009d71 fix: enable tree-shaking for browser bundles (#216)
  • 4fef7d9 chore: update @​supabase/supabase-js to v2.105.3 (#215)
  • 302cc0e fix: validate base64-prefixed chunked cookies decode to valid JSON (#210)
  • 8449015 chore: update @​supabase/supabase-js to v2.105.2 (#214)
  • a77ee8a fix(tsconfig): set explicit rootDir to silence TS6059 in consumer IDEs (#211)
  • 65453df chore: update @​supabase/supabase-js to v2.105.1 (#208)
  • 2ec3349 chore: update @​supabase/supabase-js to v2.105.0 (#206)
  • 0ca0031 chore: update @​supabase/supabase-js to v2.104.1 (#204)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​supabase/ssr since your current version.


Updates geist from 1.7.0 to 1.7.1

Changelog

Sourced from geist's changelog.

1.7.1

Patch Changes

  • c8ed578: Fix Geist Mono rendering source-code text with unintended programming ligatures.

    v1.7.0 unintentionally activated programming-ligature substitutions (-->, ==, !=, ..., --, etc.) under the liga (Standard Ligatures) OpenType feature, which is on by default in every renderer. As a result, text like --debug-prerender, [id...], [...id], or NODE_OPTIONS='--debug-prerender' node rendered with ligated glyphs and broke monospace alignment in code.

    The source-level fix is in #217; this release ships the rebuilt binaries.

Commits
  • 8b8b75f fix(release): sync package.json version and unignore packages/**/package.json...
  • 88309a4 Version Packages (#223)
  • 6af2e7f ci: harden release workflow (#222)
  • c8ed578 chore: add changeset for geist@1.7.1 (Mono liga regression fix) (#221)
  • a0a06a3 make build
  • 855f609 Fix broken link in README.md
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for geist since your current version.


Updates react from 19.0.0 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:

... (truncated)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Updates react-dom from 19.0.0 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Updates drizzle-orm from 0.36.4 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

0.45.1

  • Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

  • Fixed pg-native Pool detection in node-postgres transactions
  • Allowed subqueries in select fields
  • Updated typo algorythm => algorithm
  • Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)
  • Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

0.44.7

0.44.6

  • feat: add $replicas reference #4874

0.44.5

  • Fixed invalid usage of .one() in durable-sqlite session
  • Fixed spread operator related crash in sqlite blob columns
  • Better browser support for sqlite blob columns
  • Improved sqlite blob mapping

0.44.4

0.44.3

  • Fixed types of $client for clients created by drizzle function
await db.$client.[...]
  • Added the updated_at column to the neon_auth.users_sync table definition.

0.44.2

  • [BUG]: Fixed type issues with joins with certain variations of tsconfig: #4535, #4457

0.44.1

0.44.0

Error handling

Starting from this version, we’ve introduced a new DrizzleQueryError that wraps all errors from database drivers and provides a set of useful information:

... (truncated)

Commits
  • 273c780 + 0.45.2 (#5534)
  • 4aa6ecf Kit updates (#5490)
  • e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
  • a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
  • c445637 Merge pull request #5095 from drizzle-team/main-workflows
  • e7b3aaa Merge branch 'main' into main-workflows
  • 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
  • 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
  • 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
  • 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for drizzle-orm since your current version.


Updates @anthropic-ai/sdk from 0.32.1 to 0.98.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.98.0

0.98.0 (2026-05-21)

Full Changelog: sdk-v0.97.1...sdk-v0.98.0

Features

  • api: Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (0528d47)

sdk: v0.97.1

0.97.1 (2026-05-19)

Full Changelog: sdk-v0.97.0...sdk-v0.97.1

Bug Fixes

  • runner: skip tool calls SessionToolRunner does not own (9987379)

sdk: v0.97.0

0.97.0 (2026-05-19)

Full Changelog: sdk-v0.96.0...sdk-v0.97.0

Features

  • client: Add support for self-hosted sandboxes in CMA with sandbox helpers (659a343)

Bug Fixes

  • typescript: upgrade tsc-multi so that it works with Node 26 (623f71c)

Chores

  • tests: remove redundant File import (cf821fc)

sdk: v0.96.0

0.96.0 (2026-05-13)

Full Changelog: sdk-v0.95.2...sdk-v0.96.0

Features

  • api: Add BetaManagedAgentsSearchResultBlock types (08f02f3)
  • api: Add support for cache diagnostics beta (eafbd6d)

Bug Fixes

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.98.0 (2026-05-21)

Full Changelog: sdk-v0.97.1...sdk-v0.98.0

Features

  • api: Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (0528d47)

0.97.1 (2026-05-19)

Full Changelog: sdk-v0.97.0...sdk-v0.97.1

Bug Fixes

  • runner: skip tool calls SessionToolRunner does not own (9987379)

0.97.0 (2026-05-19)

Full Changelog: sdk-v0.96.0...sdk-v0.97.0

Features

  • client: Add support for self-hosted sandboxes in CMA with sandbox helpers (659a343)

Bug Fixes

  • typescript: upgrade tsc-multi so that it works with Node 26 (623f71c)

Chores

  • tests: remove redundant File import (cf821fc)

0.96.0 (2026-05-13)

Full Changelog: sdk-v0.95.2...sdk-v0.96.0

Features

  • api: Add BetaManagedAgentsSearchResultBlock types (08f02f3)
  • api: Add support for cache diagnostics beta (eafbd6d)

Bug Fixes

  • zod: ensure only zod/v4 types are used (#992) (9e08bcc)

Chores

... (truncated)

Commits
  • 32ce8c0 chore: release main
  • 1873a96 feat(api): Add support for thinking-token-count beta for estimated tokens in ...
  • ac9ece3 chore: release main
  • 1987147 fix(runner): skip tool calls SessionToolRunner does not own
  • 409ff0e chore: release main (#1052)
  • a53f60d chore: release main
  • d1b8d04 feat(api): Add support for cache diagnostics beta
  • 8e43bf8 chore(api): spec updates
  • 697e4d5 codegen metadata
  • cd5801c feat(api): Add BetaManagedAgentsSearchResultBlock types
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by packy-anthropic, a new releaser for @​anthropic-ai/sdk since your current version.

@dependabot dependabot Bot requested a review from NewCoder3294 as a code owner May 21, 2026 06:01
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 21, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 21, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
watchdog Ready Ready Preview, Comment May 25, 2026 10:22pm

Request Review

@dependabot
chore(deps)(deps): bump the production-minor-and-patch group across 1…
700bee3 
… directory with 7 updates

Bumps the production-minor-and-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.105.4` | `2.106.2` |
| [@supabase/ssr](https://github.com/supabase/ssr) | `0.5.2` | `0.10.3` |
| [geist](https://github.com/vercel/geist-font/tree/HEAD/packages/next) | `1.7.0` | `1.7.1` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.0.0` | `19.2.6` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.0.0` | `19.2.6` |
| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.36.4` | `0.45.2` |
| [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.32.1` | `0.98.0` |



Updates `@supabase/supabase-js` from 2.105.4 to 2.106.2
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.106.2/packages/core/supabase-js)

Updates `@supabase/ssr` from 0.5.2 to 0.10.3
- [Release notes](https://github.com/supabase/ssr/releases)
- [Changelog](https://github.com/supabase/ssr/blob/main/CHANGELOG.md)
- [Commits](supabase/ssr@v0.5.2...v0.10.3)

Updates `geist` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/vercel/geist-font/releases)
- [Changelog](https://github.com/vercel/geist-font/blob/main/packages/next/CHANGELOG.md)
- [Commits](https://github.com/vercel/geist-font/commits/v1.7.1/packages/next)

Updates `react` from 19.0.0 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react)

Updates `react-dom` from 19.0.0 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom)

Updates `drizzle-orm` from 0.36.4 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.36.4...0.45.2)

Updates `@anthropic-ai/sdk` from 0.32.1 to 0.98.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.32.1...sdk-v0.98.0)

---
updated-dependencies:
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.97.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: "@supabase/ssr"
  dependency-version: 0.10.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.106.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: geist
  dependency-version: 1.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-and-patch
- dependency-name: react
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: react-dom
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-minor-and-patch-908c0a293b branch from 2b087ca to 700bee3 Compare May 25, 2026 22:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NewCoder3294 NewCoder3294 Awaiting requested review from NewCoder3294 NewCoder3294 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants