Skip to content

chore(deps): bump the version-update-semver-minor group across 1 directory with 16 updates#165

Merged
EmiyaKiritsugu3 merged 2 commits into
mainfrom
dependabot/npm_and_yarn/version-update-semver-minor-63671a4371
Jul 4, 2026
Merged

chore(deps): bump the version-update-semver-minor group across 1 directory with 16 updates#165
EmiyaKiritsugu3 merged 2 commits into
mainfrom
dependabot/npm_and_yarn/version-update-semver-minor-63671a4371

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Bumps the version-update-semver-minor group with 15 updates in the / directory:

Package From To
@genkit-ai/google-genai 1.36.0 1.39.0
@opentelemetry/sdk-trace-base 2.7.1 2.9.0
@radix-ui/react-avatar 1.1.11 1.2.1
@radix-ui/react-slot 1.2.4 1.3.0
@sentry/nextjs 10.56.0 10.63.0
@supabase/ssr 0.10.3 0.12.0
lucide-react 1.17.0 1.23.0
mongodb 7.2.0 7.4.0
motion 12.40.0 12.42.2
pg 8.21.0 8.22.0
react-hook-form 7.77.0 7.80.0
recharts 3.8.1 3.9.1
@playwright/test 1.60.0 1.61.1
prettier 3.8.3 3.9.4
typescript-eslint 8.60.1 8.62.1

Updates @genkit-ai/google-genai from 1.36.0 to 1.39.0

Release notes

Sourced from @​genkit-ai/google-genai's releases.

Genkit JS and CLI 1.39.0

⚠️ Breaking changes (beta)

  • The beta Chat API has been removed and replaced by the new Agents API (#5248, #5251). The Chat class, ai.chat(...), and session.chat(...) are gone. Migrate to ai.defineAgent(...) and agent.chat() (see Agents below). All removed surface was beta.

This release introduces Agents, a first-class, multi-turn agent API for Genkit JS. Agents bundle a model/prompt, conversational state, tool loops, interrupts, persistence, streaming, and abort/resume into a single ergonomic, transport-agnostic surface that runs identically in-process on the server and over HTTP from the browser.

Highlights

defineAgent — the new Agents API (#5251)

Define a multi-turn agent in a single call, with three levels of control:

// Zero-config
const agent = ai.defineAgent({
  name: 'assistant',
  model: 'googleai/gemini-flash-latest',
  system: 'You are a helpful assistant.',
  tools: [searchTool],
});
// Reuse a registered .prompt (typed promptInput)
const agent = ai.definePromptAgent({ promptName: 'assistant', promptInput: { role: 'pirate' } });
// Full control via a custom turn handler
const agent = ai.defineCustomAgent({ name: 'custom' }, async (runner, input) => { /* ... */ });

Key capabilities:

  • Stateful, multi-turn chatschat() threads state, messages, snapshotId, and sessionId for you (send & stream).
  • Typed custom state with Zod validation (stateSchema).
  • Pluggable persistence via SessionStore (in-memory + file stores included); server-managed sessions resumable by sessionId.
  • Streaming with live custom-state patches over the wire (JSON Patch).
  • Interrupts & resume (restart / respond) for human-in-the-loop tools.
  • Abort, detach (background turns) + heartbeats, and graceful failure that preserves the last-good state.
  • clientTransform to redact/reshape state and stream chunks before they leave the server.
  • Same API server or browserremoteAgent(...) returns the same AgentAPI shape over HTTP.

Agents middleware: delegation & artifacts (#5252)

New @genkit-ai/middleware middlewares for building multi-agent, artifact-producing workflows:

  • agents() — turns an agent into an orchestrator that delegates to other registered agents. Injects a dedicated delegate_to_<agent> tool per sub-agent, auto-discovers descriptions, returns sub-agent interrupts/failures as tool results, and adds guard rails (maxDelegations, historyLength).
  • artifacts() — gives the model read_artifact / write_artifact tools backed by session state, with an <artifacts> listing injected each turn. Pair with agents({ artifactStrategy: 'session' }) so an orchestrator can read artifacts produced by its sub-agents.

useChat adapter for Agents — @genkit-ai/vercel-ai (#5426)

... (truncated)

Commits
  • f37effb chore: JS version bump
  • df98c2e chore: JS version bump
  • 2a7d796 chore: JS version bump
  • 6e26b5b fix(js/plugins/google-genai): Restore default voice to original (#5531)
  • edf1d8d fix(js/plugins/google-genai): default a voice for Gemini TTS requests (#5491)
  • e1eca51 chore: JS version bump
  • c6b7727 feat(js/plugins/google-genai): Support for gemini-3.1-flash-lite (#5436)
  • 56d2aa2 chore(js/plugins/google-genai): Clean up gemini-2.0 models (#5434)
  • 79b277b fix(js): release/cancel stream readers when consumers stop reading early (#5435)
  • 7d87219 feat(dev-ui): add ui component metadata (#5430)
  • Additional commits viewable in compare view

Updates @opentelemetry/sdk-trace-base from 2.7.1 to 2.9.0

Release notes

Sourced from @​opentelemetry/sdk-trace-base's releases.

v2.9.0

2.9.0

💥 Breaking Changes

  • docs(shim-opentracing): Notice: The @opentelemetry/shim-opentracing package will be removed in SDK 3.x, planned for approximately September 2026.
    • The OpenCensus and OpenTracing compatibility requirements in the OpenTelemetry specification have been deprecated.

🚀 Features

  • feat(sdk-metrics): add maxExportBatchSize option to PeriodicExportingMetricReader #6655 @​psx95
    • Optimized PeriodicExportingMetricReader.forceFlush to prevent redundant concurrent export cycles. Concurrent calls to forceFlush will now await any ongoing export and reuse a fresh export cycle if one is started concurrently by another caller. This ensures the latest metrics are always exported efficiently without triggering duplicate collection and export cycles.
  • feat(sdk-trace): implement span processor metrics #6504 @​anuraaga
  • feat(sdk-trace): add a new "sdk-trace" package to hold the Trace SDK, without environment variable configuration handling that belongs elsewhere #6775 @​trentm
    • "sdk-trace" will eventually replace all of "sdk-trace-base", "sdk-trace-node", and "sdk-trace-web".
    • The BatchSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new BatchSpanProcessor(exporter, { maxQueueSize: 1000 }), after new BatchSpanProcessor({ exporter, maxQueueSize: 1000 }). #6817
    • The SimpleSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new SimpleSpanProcessor(exporter), after new SimpleSpanProcessor({ exporter, selfObsMeterProvider: ... }). #6504
  • feat(sdk-trace): add AlwaysRecordSampler #6188 @​majanjua-amzn

🐛 Bug Fixes

  • fix(propagator-jaeger): do not throw on malformed percent-encoded uber-trace-id / uberctx-* headers during extract @​pichlermarc

🏠 Internal

  • perf(sdk-metrics): defer allocation of HrTime to accumulation creation #6839 @​legendecas
  • chore(*): migrate use of sdk-trace-base and sdk-trace-node to sdk-trace #6851 @​trentm
  • perf(sdk-metrics): optionally capture active context for sync instruments #6848 @​legendecas

v2.8.0

2.8.0

🚀 Features

  • feat(sdk-trace-base): pretty-print SpanImpl, Tracer, and BasicTracerProvider via util.inspect so they render through diag and console.log #6690 @​mcollina
  • feat(sdk-metrics): implement metric reader self-observability metrics #6449 @​anuraaga
  • feat(core): add hrTimeToSeconds #6449 @​anuraaga

🐛 Bug Fixes

  • fix(core): limit processing of incoming "baggage" header to 8192 bytes @​pichlermarc
Changelog

Sourced from @​opentelemetry/sdk-trace-base's changelog.

2.9.0

💥 Breaking Changes

  • docs(shim-opentracing): Notice: The @opentelemetry/shim-opentracing package will be removed in SDK 3.x, planned for approximately September 2026.
    • The OpenCensus and OpenTracing compatibility requirements in the OpenTelemetry specification have been deprecated.

🚀 Features

  • feat(sdk-metrics): add maxExportBatchSize option to PeriodicExportingMetricReader #6655 @​psx95
    • Optimized PeriodicExportingMetricReader.forceFlush to prevent redundant concurrent export cycles. Concurrent calls to forceFlush will now await any ongoing export and reuse a fresh export cycle if one is started concurrently by another caller. This ensures the latest metrics are always exported efficiently without triggering duplicate collection and export cycles.
  • feat(sdk-trace): implement span processor metrics #6504 @​anuraaga
  • feat(sdk-trace): add a new "sdk-trace" package to hold the Trace SDK, without environment variable configuration handling that belongs elsewhere #6775 @​trentm
    • "sdk-trace" will eventually replace all of "sdk-trace-base", "sdk-trace-node", and "sdk-trace-web".
    • The BatchSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new BatchSpanProcessor(exporter, { maxQueueSize: 1000 }), after new BatchSpanProcessor({ exporter, maxQueueSize: 1000 }). #6817
    • The SimpleSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new SimpleSpanProcessor(exporter), after new SimpleSpanProcessor({ exporter, selfObsMeterProvider: ... }). #6504
  • feat(sdk-trace): add AlwaysRecordSampler #6188 @​majanjua-amzn

🐛 Bug Fixes

  • fix(propagator-jaeger): do not throw on malformed percent-encoded uber-trace-id / uberctx-* headers during extract @​pichlermarc

🏠 Internal

  • perf(sdk-metrics): defer allocation of HrTime to accumulation creation #6839 @​legendecas
  • chore(*): migrate use of sdk-trace-base and sdk-trace-node to sdk-trace #6851 @​trentm
  • perf(sdk-metrics): optionally capture active context for sync instruments #6848 @​legendecas

2.8.0

🚀 Features

  • feat(sdk-trace-base): pretty-print SpanImpl, Tracer, and BasicTracerProvider via util.inspect so they render through diag and console.log #6690 @​mcollina
  • feat(sdk-metrics): implement metric reader self-observability metrics #6449 @​anuraaga
  • feat(core): add hrTimeToSeconds #6449 @​anuraaga

🐛 Bug Fixes

  • fix(core): limit processing of incoming "baggage" header to 8192 bytes @​pichlermarc
Commits
  • 40d67b7 chore: prepare next release (#6869)
  • b1c196d Merge commit from fork
  • d375c08 fix(instrumentation,instrumentation-http): fix codecov under-reporting (#6867)
  • d61ab5f perf(sdk-metrics): optionally capture active context for sync instruments (#6...
  • 9e6475e fix(core): guard timeInputToHrTime against clock-skew misclassification (#677...
  • c989308 feat(sdk-node): wire up tracer_provider.sampler from declarative config (#6847)
  • dddbc0e feat(sdk-trace): add AlwaysRecordSampler (#6168)
  • 991434c chore(deps): update dependency @​bufbuild/buf to v1.71.0 (#6863)
  • 69303d0 chore(deps): update all patch versions (#6862)
  • 6690b03 chore(sdk-node)!: Drop support for deprecated OpenCensusMetricProducer from d...
  • Additional commits viewable in compare view

Updates @radix-ui/react-avatar from 1.1.11 to 1.2.1

Changelog

Sourced from @​radix-ui/react-avatar's changelog.

1.2.1

  • Updated dependencies: @radix-ui/react-primitive@2.1.7

1.2.0

  • Fixed several edge cases with Avatar's loading state
    • An avatar's fallback would not be displayed again if its image component unmounted. This is now fixed.
    • Rendering multiple Avatar.Image components per Avatar.Root was never supported and results in buggy, unpredictable behavior. We now warn about this in development.
    • Zero-sized images were treated as loading, meaning that onLoadingStatusChange is never called once loaded. A zero-sized image now triggers an error status on load.

Other updates

  • Fixed console warnings to show in test environments.
  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.1.12

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-is-hydrated@0.1.1, @radix-ui/react-use-layout-effect@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-avatar since your current version.


Updates @radix-ui/react-slot from 1.2.4 to 1.3.0

Changelog

Sourced from @​radix-ui/react-slot's changelog.

1.3.0

Added generic type arguments for SlotProps and createSlot

SlotProps and createSlot now accept generic type arguments to specify the type of element a slot should render, as well as its props.

const Slot = createSlot<HTMLButtonElement, MyCustomButtonProps>('Slot');

1.2.5

  • Fixed infinite re-render loop in React 19 caused by Slot creating a new ref callback on every render
  • Added support for nested Slottable via a render prop, so a slotted element can be wrapped while still merging Slot props and refs onto it
  • Added repository.directory to all package.json files
  • Improved error messages for invalid slot children
  • Updated dependencies: @radix-ui/react-compose-refs@1.1.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slot since your current version.


Updates @sentry/nextjs from 10.56.0 to 10.63.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 26.97 KB
@​sentry/browser - with treeshaking flags 25.44 KB

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

... (truncated)

Commits
  • 2362e9f release: 10.63.0
  • 5b51d5e Merge pull request #21874 from getsentry/prepare-release/10.63.0
  • 4e16503 meta(changelog): Update changelog for 10.63.0
  • 690f778 test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21...
  • 429cdaf test(node-integration-tests): Fix flaky postgresjs basic transaction/error or...
  • 35998e6 test(e2e/hono): Isolate request-data extraction tests onto a dedicated route ...
  • 88e7ad5 feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#...
  • e316151 ref(server-utils): Move mysql orchestrion integration onto bindTracingChannel...
  • e7c24a5 feat(server-utils): Restore caller context for callback tracing channels (#21...
  • bf21b16 fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#...
  • Additional commits viewable in compare view

Updates @supabase/ssr from 0.10.3 to 0.12.0

Release notes

Sourced from @​supabase/ssr's releases.

v0.12.0

0.12.0 (2026-06-09)

Features

  • adds cookies.encode option allowing minimal cookie sizes (#126) (cf38b22)
  • bump cookie to 1.0.2 (#113) (b4a77b4)
  • cookies: add clearAuthCookiesAtScopes migration helper (#240) (4e47249)
  • full rewrite using getAll and setAll cookie methods (#1) (b6ae192)
  • improve cookie chunk handling via base64url+length encoding (#90) (6deb687)
  • pass cache headers to setAll to prevent CDN caching of auth responses (#176) (14962d2)
  • publish SSR under deprecated auth-helpers package names (#127) (e8b6102)
  • release workflow RC versioning and publish reliability (#164) (81e68f4)
  • update CI so it runs on release as well (#33) (4517996)
  • update supabase-js to latest (#133) (d65044d)
  • update supabase-js to latest (#145) (08bf7d6)
  • upgrade cookie dependency and cleanup imports (#77) (9524528)

Bug Fixes

  • add @​types/cookies to dependencies (#63) (47e5f16)
  • add create*Client string in x-client-info (#85) (f271acc)
  • allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
  • allow use of createBrowserClient without window present (#20) (27d868d)
  • auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)
  • check chunkedCookie is string in server client (#57) (549fe62)
  • ci: remove packageManager field (#197) (6bf0226)
  • cookies console warnings (#136) (64ff6b3)
  • deprecate parse, serialize exports for more useful functions (#14) (0b5f881)
  • enable tree-shaking for browser bundles (#216) (f009d71)
  • fix createBrowserClient deprecation tsdoc (#17) (1df70ad)
  • force release (#98) (66710e8)
  • re-apply update CI so it runs on release as well (#49) (51d5a43)
  • release: pin npm to 11.5.2 so OIDC trusted publisher works (#249) (4af89f7)
  • remove optional dependencies (#41) (a48fe6f)
  • remove usage of internal type params (#123) (8f3e89e)
  • revert "update CI so it runs on release as well" (#44) (9d0e859)
  • revert: "feat: improve cookie chunk handling via base64url+length encoding (#90)" (#100) (2ea8e23)
  • set max-age default cookie option to 400 days (#54) (f4ed2e0)
  • set cookies for password recovery event (#32) (7dc1837)
  • set cookies when mfa challenge is verified (#27) (c217f53)
  • tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
  • update conventional commits ci to use main instead of master (#31) (bebce89)
  • update README session docs (#159) (b859905)
  • update type, remove unused imports, define AuthEvent type (#47) (4f4a375)
  • use skipAutoInitialize to prevent SSR token refresh race condition (#131) (0b7be28)
  • validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

... (truncated)

Changelog

Sourced from @​supabase/ssr's changelog.

0.12.0 (2026-06-09)

Features

  • adds cookies.encode option allowing minimal cookie sizes (#126) (cf38b22)
  • bump cookie to 1.0.2 (#113) (b4a77b4)
  • cookies: add clearAuthCookiesAtScopes migration helper (#240) (4e47249)
  • full rewrite using getAll and setAll cookie methods (#1) (b6ae192)
  • improve cookie chunk handling via base64url+length encoding (#90) (6deb687)
  • pass cache headers to setAll to prevent CDN caching of auth responses (#176) (14962d2)
  • publish SSR under deprecated auth-helpers package names (#127) (e8b6102)
  • release workflow RC versioning and publish reliability (#164) (81e68f4)
  • update CI so it runs on release as well (#33) (4517996)
  • update supabase-js to latest (#133) (d65044d)
  • update supabase-js to latest (#145) (08bf7d6)
  • upgrade cookie dependency and cleanup imports (#77) (9524528)

Bug Fixes

  • add @​types/cookies to dependencies (#63) (47e5f16)
  • add create*Client string in x-client-info (#85) (f271acc)
  • allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
  • allow use of createBrowserClient without window present (#20) (27d868d)
  • auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)
  • check chunkedCookie is string in server client (#57) (549fe62)
  • ci: remove packageManager field (#197) (6bf0226)
  • cookies console warnings (#136) (64ff6b3)
  • deprecate parse, serialize exports for more useful functions (#14) (0b5f881)
  • enable tree-shaking for browser bundles (#216) (f009d71)
  • fix createBrowserClient deprecation tsdoc (#17) (1df70ad)
  • force release (#98) (66710e8)
  • re-apply update CI so it runs on release as well (#49) (51d5a43)
  • release: pin npm to 11.5.2 so OIDC trusted publisher works (#249) (4af89f7)
  • remove optional dependencies (#41) (a48fe6f)
  • remove usage of internal type params (#123) (8f3e89e)
  • revert "update CI so it runs on release as well" (#44) (9d0e859)
  • revert: "feat: improve cookie chunk handling via base64url+length encoding (#90)" (#100) (2ea8e23)
  • set max-age default cookie option to 400 days (#54) (f4ed2e0)
  • set cookies for password recovery event (#32) (7dc1837)
  • set cookies when mfa challenge is verified (#27) (c217f53)
  • tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
  • update conventional commits ci to use main instead of master (#31) (bebce89)
  • update README session docs (#159) (b859905)
  • update type, remove unused imports, define AuthEvent type (#47) (4f4a375)
  • use skipAutoInitialize to prevent SSR token refresh race condition (#131) (0b7be28)
  • validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

0.11.0 (2026-06-05)

... (truncated)

Commits
  • d8c9b60 chore(main): release 0.12.0 (#247)
  • 4af89f7 fix(release): pin npm to 11.5.2 so OIDC trusted publisher works (#249)
  • 164c7ab build(deps-dev): bump vitest from 1.6.1 to 4.1.0 in the npm_and_yarn group ac...
  • 2fd3333 chore: update @​supabase/supabase-js to v2.108.0 (#248)
  • dd766c4 chore(main): release 0.11.0 (#244)
  • 932931e build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#245)
  • 4e47249 feat(cookies): add clearAuthCookiesAtScopes migration helper (#240)
  • 34f2b6a chore: update @​supabase/supabase-js to v2.107.0 (#243)
  • 4292d04 chore: update @​supabase/supabase-js to v2.106.1 (#236)
  • a6896b1 chore: update @​supabase/supabase-js to v2.106.0 (#232)
  • Additional commits viewable in compare view

Updates @supabase/supabase-js from 2.107.0 to 2.110.0

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.110.0

2.110.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

v2.110.0-canary.0

2.110.0-canary.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

v2.109.0

2.109.0 (2026-06-30)

🚀 Features

  • auth: add custom_claims_allowlist to custom providers admin API (#2473)
  • realtime: add postgres_changes filter builder, new operators and select (#2463)
  • Description has been truncated


    Summary by cubic

    Bumps minor versions for 16 packages to improve tracing, Sentry/Next.js integration, and Supabase SSR cookies. Also removes an obsolete Recharts v3 ADR doc.

    • Dependencies

      • @genkit-ai/google-genai to 1.39.0 (introduces Agents; removes beta Chat API; peer requires genkit ^1.39).
      • @sentry/nextjs to 10.63.0 (Next.js tracing fixes; resource span metadata).
      • @supabase/ssr to 0.12.0 (cookie encoding/size improvements).
      • @supabase/supabase-js to 2.110.0 (drops Node.js 20).
      • @opentelemetry/sdk-trace-base to 2.9.0 (span processor metrics).
      • UI/DB/test/tooling minors: @radix-ui/react-avatar, @radix-ui/react-slot, lucide-react, motion, react-hook-form, recharts, mongodb, pg, @playwright/test, prettier, typescript-eslint.
    • Migration

      • Update genkit to ^1.39.0 to satisfy @genkit-ai/google-genai peer requirements.
      • If you used the Genkit beta Chat API, migrate to Agents (defineAgent / agent.chat()).
      • Ensure your runtime is not Node.js 20 when using @supabase/supabase-js 2.110.0.

    Written for commit 2bdda26. Summary will update on new commits.

    Review in cubic

…ctory with 16 updates

Bumps the version-update-semver-minor group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@genkit-ai/google-genai](https://github.com/genkit-ai/genkit/tree/HEAD/js/plugins/google-genai) | `1.36.0` | `1.39.0` |
| [@opentelemetry/sdk-trace-base](https://github.com/open-telemetry/opentelemetry-js) | `2.7.1` | `2.9.0` |
| [@radix-ui/react-avatar](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/avatar) | `1.1.11` | `1.2.1` |
| [@radix-ui/react-slot](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slot) | `1.2.4` | `1.3.0` |
| [@sentry/nextjs](https://github.com/getsentry/sentry-javascript) | `10.56.0` | `10.63.0` |
| [@supabase/ssr](https://github.com/supabase/ssr) | `0.10.3` | `0.12.0` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.17.0` | `1.23.0` |
| [mongodb](https://github.com/mongodb/node-mongodb-native) | `7.2.0` | `7.4.0` |
| [motion](https://github.com/motiondivision/motion) | `12.40.0` | `12.42.2` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.21.0` | `8.22.0` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.77.0` | `7.80.0` |
| [recharts](https://github.com/recharts/recharts) | `3.8.1` | `3.9.1` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.1` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.9.4` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.60.1` | `8.62.1` |



Updates `@genkit-ai/google-genai` from 1.36.0 to 1.39.0
- [Release notes](https://github.com/genkit-ai/genkit/releases)
- [Commits](https://github.com/genkit-ai/genkit/commits/@genkit-ai/google-genai@1.39.0/js/plugins/google-genai)

Updates `@opentelemetry/sdk-trace-base` from 2.7.1 to 2.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.7.1...v2.9.0)

Updates `@radix-ui/react-avatar` from 1.1.11 to 1.2.1
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/avatar/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/avatar)

Updates `@radix-ui/react-slot` from 1.2.4 to 1.3.0
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slot/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slot)

Updates `@sentry/nextjs` from 10.56.0 to 10.63.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.56.0...10.63.0)

Updates `@supabase/ssr` from 0.10.3 to 0.12.0
- [Release notes](https://github.com/supabase/ssr/releases)
- [Changelog](https://github.com/supabase/ssr/blob/main/CHANGELOG.md)
- [Commits](supabase/ssr@v0.10.3...v0.12.0)

Updates `@supabase/supabase-js` from 2.107.0 to 2.110.0
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.110.0/packages/core/supabase-js)

Updates `lucide-react` from 1.17.0 to 1.23.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react)

Updates `mongodb` from 7.2.0 to 7.4.0
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v7.2.0...v7.4.0)

Updates `motion` from 12.40.0 to 12.42.2
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](motiondivision/motion@v12.40.0...v12.42.2)

Updates `pg` from 8.21.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `react-hook-form` from 7.77.0 to 7.80.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.77.0...v7.80.0)

Updates `recharts` from 3.8.1 to 3.9.1
- [Release notes](https://github.com/recharts/recharts/releases)
- [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md)
- [Commits](recharts/recharts@v3.8.1...v3.9.1)

Updates `@playwright/test` from 1.60.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.1)

Updates `prettier` from 3.8.3 to 3.9.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.3...3.9.4)

Updates `typescript-eslint` from 8.60.1 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@genkit-ai/google-genai"
  dependency-version: 1.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: "@opentelemetry/sdk-trace-base"
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: "@radix-ui/react-avatar"
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: "@radix-ui/react-slot"
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: "@sentry/nextjs"
  dependency-version: 10.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: "@supabase/ssr"
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.110.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: lucide-react
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: mongodb
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: motion
  dependency-version: 12.42.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: react-hook-form
  dependency-version: 7.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: recharts
  dependency-version: 3.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: prettier
  dependency-version: 3.9.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
- dependency-name: typescript-eslint
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: version-update-semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Dependency upgrades, bump tracking, supply-chain label Jul 3, 2026
@vercel

vercel Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
smartmanagementsystem Ready Ready Preview, Comment Jul 4, 2026 12:26pm

@EmiyaKiritsugu3 EmiyaKiritsugu3 merged commit 731f2ea into main Jul 4, 2026
7 of 9 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/version-update-semver-minor-63671a4371 branch July 4, 2026 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency upgrades, bump tracking, supply-chain

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant