chore(deps): bump the npm-dependencies group with 8 updates

[dependabot]

Bumps the npm-dependencies group with 8 updates:

Package	From	To
@clerk/nextjs	7.0.7	7.0.8
@clerk/ui	1.2.4	1.3.0
next	16.2.1	16.2.2
@clerk/testing	2.0.7	2.0.8
@playwright/test	1.58.2	1.59.1
@types/node	25.5.0	25.5.2
baseline-browser-mapping	2.10.13	2.10.15
dotenv	17.3.1	17.4.1

Updates @clerk/nextjs from 7.0.7 to 7.0.8

Release notes

Sourced from @​clerk/nextjs's releases.

@​clerk/nextjs@​7.0.8

Patch Changes

• Updated dependencies [9a00a1c, 00715a6, 39ee042, b8c73d3, 1827b50, 7707a31, 849f198, 7c7d025]:
  • @​clerk/shared@​4.4.0
  • @​clerk/backend@​3.2.4
  • @​clerk/react@​6.1.4

Changelog

Sourced from @​clerk/nextjs's changelog.

7.0.8

Patch Changes

• Updated dependencies [9a00a1c, 00715a6, 39ee042, b8c73d3, 1827b50, 7707a31, 849f198, 7c7d025]:
  • @​clerk/shared@​4.4.0
  • @​clerk/backend@​3.2.4
  • @​clerk/react@​6.1.4

Commits

• 0954e49 ci(repo): Version packages (#8166)
• See full diff in compare view

Updates @clerk/ui from 1.2.4 to 1.3.0

Release notes

Sourced from @​clerk/ui's releases.

@​clerk/ui@​1.3.0

Minor Changes

• Add support for seat-based billing plans in Clerk Billing. (#8006) by @​dstaley

• Add EnterpriseConnection resource (#8175) by @​LauraBeatris

  User.getEnterpriseConnections() was wrongly typed as returning EnterpriseAccountConnectionResource[], it now returns EnterpriseConnectionResource[]

• Allow to link external accounts to enterprise accounts via UserProfile (#8091) by @​NicolasLopes7

Patch Changes

• Improved error handling when creating API keys. (#8056) by @​wobsoriano

• Use distinct password placeholder for sign-up forms (#8082) by @​wobsoriano

• Updated dependencies [f26d623, 9a00a1c, 00715a6, 118999c, 9ec56ab, b8c73d3, 1827b50, 7707a31, 23f773b]:

  • @​clerk/localizations@​4.3.0
  • @​clerk/shared@​4.4.0

Changelog

Sourced from @​clerk/ui's changelog.

1.3.0

Minor Changes

• Add support for seat-based billing plans in Clerk Billing. (#8006) by @​dstaley

• Add EnterpriseConnection resource (#8175) by @​LauraBeatris

  User.getEnterpriseConnections() was wrongly typed as returning EnterpriseAccountConnectionResource[], it now returns EnterpriseConnectionResource[]

• Allow to link external accounts to enterprise accounts via UserProfile (#8091) by @​NicolasLopes7

Patch Changes

• Improved error handling when creating API keys. (#8056) by @​wobsoriano

• Use distinct password placeholder for sign-up forms (#8082) by @​wobsoriano

• Updated dependencies [f26d623, 9a00a1c, 00715a6, 118999c, 9ec56ab, b8c73d3, 1827b50, 7707a31, 23f773b]:

  • @​clerk/localizations@​4.3.0
  • @​clerk/shared@​4.4.0

Commits

• 0954e49 ci(repo): Version packages (#8166)
• 7707a31 chore(ui,localizations,shared): Use distinct password placeholder for sign-up...
• 9a00a1c feat(*): Seat-based billing support (#8006)
• 00715a6 chore(ui,shared,localizations): Improve error handling when creating API keys...
• b8c73d3 chore(clerk-js,shared,ui): Add EnterpriseConnection resource (#8175)
• 1827b50 feat(ui,clerk-js,shared): Allow to link external accounts to enterprise accou...
• See full diff in compare view

Updates next from 16.2.1 to 16.2.2

Release notes

Sourced from next's releases.

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

Commits

• 52faae3 v16.2.2
• 8d0f77b Backport: #92177
• e151e5f Fix CI for glibc linux builds
• 1a319ea [backport] Fix CSS HMR on Safari (#92174)
• c0edad2 Turbopack: exclude metadata routes from server HMR (#92034)
• d644699 Turbopack: enable server HMR for app route handlers (#91466)
• 34de2ca next.config.js: Accept an option for serverFastRefresh (#91968)
• c4779d1 [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• edcf19a Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• eee3f52 backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Additional commits viewable in compare view

Updates @clerk/testing from 2.0.7 to 2.0.8

Release notes

Sourced from @​clerk/testing's releases.

@​clerk/testing@​2.0.8

Patch Changes

• Add retry logic with exponential backoff for testing token fetch on 429 and 5xx responses. (#8138) by @​jacekradko

• Updated dependencies [9a00a1c, 00715a6, 39ee042, b8c73d3, 1827b50, 7707a31, 849f198, 7c7d025]:

  • @​clerk/shared@​4.4.0
  • @​clerk/backend@​3.2.4

Changelog

Sourced from @​clerk/testing's changelog.

2.0.8

Patch Changes

• Add retry logic with exponential backoff for testing token fetch on 429 and 5xx responses. (#8138) by @​jacekradko

• Updated dependencies [9a00a1c, 00715a6, 39ee042, b8c73d3, 1827b50, 7707a31, 849f198, 7c7d025]:

  • @​clerk/shared@​4.4.0
  • @​clerk/backend@​3.2.4

Commits

• 0954e49 ci(repo): Version packages (#8166)
• 829583a fix(testing): add retry logic for testing token fetch on 429/5xx (#8138)
• See full diff in compare view

Updates @playwright/test from 1.58.2 to 1.59.1

Release notes

Sourced from @​playwright/test's releases.

v1.59.1

Bug Fixes

• [Windows] Reverted hiding console window when spawning browser processes, which caused regressions including broken codegen, --ui and show commands (#39990)

v1.59.0

🎬 Screencast

New page.screencast API provides a unified interface for capturing page content with:

• Screencast recordings
• Action annotations
• Visual overlays
• Real-time frame capture
• Agentic video receipts

Screencast recording — record video with precise start/stop control, as an alternative to the recordVideo option:

await page.screencast.start({ path: 'video.webm' });
// ... perform actions ...
await page.screencast.stop();

Action annotations — enable built-in visual annotations that highlight interacted elements and display action titles during recording:

await page.screencast.showActions({ position: 'top-right' });

screencast.showActions() accepts position ('top-left', 'top', 'top-right', 'bottom-left', 'bottom', 'bottom-right'), duration (ms per annotation), and fontSize (px). Returns a disposable to stop showing actions.

Action annotations can also be enabled in test fixtures via the video option:

// playwright.config.ts
export default defineConfig({
  use: {
    video: {
      mode: 'on',
      show: {
        actions: { position: 'top-left' },
        test: { position: 'top-right' },
      },
</tr></table> 

... (truncated)

Commits

• d466ac5 chore: mark v1.59.1 (#40005)
• 530e7e5 cherry-pick(#4004): fix(cli): kill-all should kill dashboard
• 9aa216c cherry-pick(#39994): Revert "fix(windows): hide console window when spawning ...
• 01b2b15 cherry-pick(#39980): chore: more release notes fixes
• a5cb6c9 cherry-pick(#39972): chore: expose browser.bind and browser.unbind APIs
• 99a17b5 cherry-pick(#39975): chore: support opening .trace files via .link indirection
• 43607c3 cherry-pick(#39974): chore(webkit): update Safari user-agent version to 26.4
• 62cabe1 cherry-pick(#39969): chore(npm): include all *.md from lib (#39970)
• 0c65a75 cherry-pick(#39968): chore: screencast.showActions api
• f04155b cherry-pick(#39958): chore: release notes for langs v1.59
• Additional commits viewable in compare view

Updates @types/node from 25.5.0 to 25.5.2

Commits

• See full diff in compare view

Updates baseline-browser-mapping from 2.10.13 to 2.10.15

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

• Remove process.loadEnfFile() from main script by @​tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

• 9168fd0 Patch to 2.10.15 because browser or feature data changed
• 8560cd2 Browser or feature data changed
• 7c07035 Updating static site
• 7058e24 Patch to 2.10.14 because browser or feature data changed
• 406bd81 Browser or feature data changed
• 34613b9 Bump serialize-javascript from 7.0.4 to 7.0.5 (#130)
• fdb0665 Bump picomatch (#129)
• 7bbeaa0 Bump flatted from 3.3.3 to 3.4.2 (#128)
• 10a3d63 Updating static site
• See full diff in compare view

Updates dotenv from 17.3.1 to 17.4.1

Changelog

Sourced from dotenv's changelog.

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

• 48aa216 17.4.1
• e4282b0 changelog 🪵
• c540e75 Merge pull request #1006 from motdotla/skills-update
• 5626f9b dotenvx skill
• 2411f2a update dotenvx skill
• 1e08a70 simplify dotenv skill
• 747f417 Merge pull request #1005 from motdotla/injected
• 271df30 changelog 🪵
• 3f01a8b injecting to injected
• ccc50d5 update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
devflow	Ready	Preview, Comment	Apr 5, 2026 6:55pm

[michellepace]

Covered by honky-tonky branch — npm dependencies already bumped.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml