Skip to content

deps(deps): bump the minor-and-patch group with 37 updates#128

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-ebfafb23e2
Closed

deps(deps): bump the minor-and-patch group with 37 updates#128
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-ebfafb23e2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 37 updates:

Package From To
@noriginmedia/norigin-spatial-navigation 3.1.0 3.2.1
@radix-ui/react-dialog 1.1.15 1.1.19
@radix-ui/react-dropdown-menu 2.1.16 2.1.20
@radix-ui/react-progress 1.1.8 1.1.12
@radix-ui/react-scroll-area 1.2.10 1.2.14
@radix-ui/react-separator 1.1.8 1.1.11
@radix-ui/react-slider 1.3.6 1.4.3
@radix-ui/react-slot 1.2.4 1.3.0
@radix-ui/react-tabs 1.1.13 1.1.17
@radix-ui/react-toast 1.2.15 1.2.19
@radix-ui/react-tooltip 1.2.8 1.2.12
@supabase/supabase-js 2.99.3 2.110.3
framer-motion 12.38.0 12.42.2
imapflow 1.3.6 1.4.7
ioredis 5.10.1 5.11.1
isomorphic-dompurify 3.12.0 3.18.0
linkedom 0.18.12 0.18.13
lucide-react 1.14.0 1.24.0
mailparser 3.9.9 3.9.14
next 16.2.4 16.2.10
openai 6.36.0 6.46.0
posthog-js 1.381.0 1.399.2
react 19.2.5 19.2.7
@types/react 19.2.14 19.2.17
react-dom 19.2.5 19.2.7
resend 6.12.2 6.17.2
tailwind-merge 3.5.0 3.6.0
video.js 8.23.7 8.23.9
@playwright/test 1.60.0 1.61.1
@tailwindcss/postcss 4.2.4 4.3.2
@types/jsdom 28.0.0 28.0.3
@vitest/coverage-v8 4.1.8 4.1.10
eslint-config-next 16.2.4 16.2.10
postcss 8.5.14 8.5.19
tailwindcss 4.2.4 4.3.2
tsx 4.21.0 4.23.1
vitest 4.1.8 4.1.10

Updates @noriginmedia/norigin-spatial-navigation from 3.1.0 to 3.2.1

Release notes

Sourced from @​noriginmedia/norigin-spatial-navigation's releases.

@​noriginmedia/norigin-spatial-navigation-react@​3.2.1

Patch Changes

  • 54353b0: - Add nextFocusResolver to override default behavior
  • Updated dependencies [54353b0]
  • Updated dependencies [54353b0]
  • Updated dependencies [54353b0]
    • @​noriginmedia/norigin-spatial-navigation-core@​4.0.0

@​noriginmedia/norigin-spatial-navigation@​3.2.1

Patch Changes

  • Updated dependencies [54353b0]
  • Updated dependencies [54353b0]
  • Updated dependencies [54353b0]
    • @​noriginmedia/norigin-spatial-navigation-core@​4.0.0
    • @​noriginmedia/norigin-spatial-navigation-react@​3.2.1

@​noriginmedia/norigin-spatial-navigation-core@​3.2.0

Minor Changes

  • a18ed66: Add focusOnPresetKey init option (default true) to control whether a component is automatically focused when it is added and its focus key was already set as the current focus key (e.g. setFocus was called before the component mounted). Set it to false to disable this implicit refocus on add.

@​noriginmedia/norigin-spatial-navigation-react@​3.2.0

Minor Changes

  • a18ed66: Add focusOnPresetKey init option (default true) to control whether a component is automatically focused when it is added and its focus key was already set as the current focus key (e.g. setFocus was called before the component mounted). Set it to false to disable this implicit refocus on add.

Patch Changes

  • Updated dependencies [a18ed66]
    • @​noriginmedia/norigin-spatial-navigation-core@​3.2.0

@​noriginmedia/norigin-spatial-navigation@​3.2.0

Minor Changes

  • a18ed66: Add focusOnPresetKey init option (default true) to control whether a component is automatically focused when it is added and its focus key was already set as the current focus key (e.g. setFocus was called before the component mounted). Set it to false to disable this implicit refocus on add.

Patch Changes

  • Updated dependencies [a18ed66]
    • @​noriginmedia/norigin-spatial-navigation-core@​3.2.0
    • @​noriginmedia/norigin-spatial-navigation-react@​3.2.0
Commits

Updates @radix-ui/react-dialog from 1.1.15 to 1.1.19

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.19

  • Updated dependencies: @radix-ui/react-dismissable-layer@1.1.15, @radix-ui/primitive@1.1.5, @radix-ui/react-context@1.2.0, @radix-ui/react-focus-scope@1.1.12, @radix-ui/react-presence@1.1.7

1.1.18

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-focus-scope@1.1.11, @radix-ui/react-portal@1.1.13

1.1.17

  • Removed dev-only warnings for dialogs when title and/or description is not rendered.
  • Fixed Dismissable Layer so outside interactions stopped by extension UI overlays do not dismiss dialogs or popovers.
  • Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12

1.1.16

  • Fixed disabled pointer events in closed dialogs
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dialog since your current version.


Updates @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.20

Changelog

Sourced from @​radix-ui/react-dropdown-menu's changelog.

2.1.20

  • Fixed menu items, tab triggers, toolbar links, and select items intercepting Space/Enter keys that originate from focusable descendants.
  • Updated dependencies: @radix-ui/primitive@1.1.5, @radix-ui/react-context@1.2.0, @radix-ui/react-menu@2.1.20

2.1.19

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.

Other updates

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-menu@2.1.19

2.1.18

  • Fixed a bug where menus and submenus remained open after a window loses focus.
  • Updated dependencies: @radix-ui/react-menu@2.1.18, @radix-ui/react-primitive@2.1.6

2.1.17

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-menu@2.1.17, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dropdown-menu since your current version.


Updates @radix-ui/react-progress from 1.1.8 to 1.1.12

Changelog

Sourced from @​radix-ui/react-progress's changelog.

1.1.12

  • Updated dependencies: @radix-ui/react-context@1.2.0

1.1.11

  • Updated dependencies: @radix-ui/react-primitive@2.1.7

1.1.10

  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.1.9

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-progress since your current version.


Updates @radix-ui/react-scroll-area from 1.2.10 to 1.2.14

Changelog

Sourced from @​radix-ui/react-scroll-area's changelog.

1.2.14

  • Fixed --radix-scroll-area-corner-width and --radix-scroll-area-corner-height not resetting to 0 when the corner is removed (eg. when one of the scrollbars is no longer visible). Previously these values would stick around and leave a permanent gap on the remaining scrollbar.
  • Updated dependencies: @radix-ui/primitive@1.1.5, @radix-ui/react-context@1.2.0, @radix-ui/react-presence@1.1.7

1.2.13

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.

Other updates

  • Updated dependencies: @radix-ui/react-primitive@2.1.7

1.2.12

  • Stabilized the viewport style tag unless the nonce changes.
  • Fixed Duplicate index signature errors that surfaced when consuming multiple packages together.
  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.2.11

  • Fixed missing data-state attribute for Scroll Area scrollbars
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-layout-effect@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-scroll-area since your current version.


Updates @radix-ui/react-separator from 1.1.8 to 1.1.11

Changelog

Sourced from @​radix-ui/react-separator's changelog.

1.1.11

  • Updated dependencies: @radix-ui/react-primitive@2.1.7

1.1.10

  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.1.9

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-primitive@2.1.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-separator since your current version.


Updates @radix-ui/react-slider from 1.3.6 to 1.4.3

Changelog

Sourced from @​radix-ui/react-slider's changelog.

1.4.3

  • Fixed a bug in form control components to ensure their values are updated when their associated form's is reset. This affects RadioGroup, Slider, Select, and Switch.
  • Fixed keyboard stepping skipping a valid value when the current value is off the step grid (eg, a defaultValue that isn't a multiple of step from min). Stepping now snaps to the next step-aligned value in the direction of travel, matching native <input type="range"> behavior.
  • Updated dependencies: @radix-ui/primitive@1.1.5, @radix-ui/react-context@1.2.0, @radix-ui/react-collection@1.1.12

1.4.2

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.

Other updates

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-collection@1.1.11

1.4.1

  • Fixed Duplicate index signature errors that surfaced when consuming multiple packages together.
  • Updated dependencies: @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10

1.4.0

  • Added unstable ThumbProvider, ThumbTrigger, and BubbleInput parts to Slider. SliderThumb was previously a single component that implicitly rendered a hidden native input for form submission. It is now composed from these new parts, which are exposed so consumers can decouple the bubble input from the thumb (for example, to render or customize it independently) instead of relying on SliderThumb to render it implicitly. SliderThumb continues to render all three by default, so existing usage is unaffected.
  • Added focusVisible for non-keyboard interactions with slider thumbs for progressively enabling styles using :focus-visible alongside programmatic focus management
  • Fixed Slider focus bugs in scrollable context
  • Fixed a Slider bug where very small step values made the thumbs unresponsive
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-use-size@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slider since your current version.


Updates @radix-ui/react-slot from 1.2.4 to 1.3.0

Changelog

Sourced from @​radix-ui/react-slot's changelog.

1.3.0

Added generic type arguments for SlotProps and createSlot

SlotProps and createSlot now accept generic type arguments to specify the type of element a slot should render, as well as its props.

const Slot = createSlot<HTMLButtonElement, MyCustomButtonProps>('Slot');

1.2.5

  • Fixed infinite re-render loop in React 19 caused by Slot creating a new ref callback on every render
  • Added support for nested Slottable via a render prop, so a slotted element can be wrapped while still merging Slot props and refs onto it
  • Added repository.directory to all package.json files
  • Improved error messages for invalid slot children
  • Updated dependencies: @radix-ui/react-compose-refs@1.1.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slot since your current version.


Updates @radix-ui/react-tabs from 1.1.13 to 1.1.17

Changelog

Sourced from @​radix-ui/react-tabs's changelog.

1.1.17

  • Fixed menu items, tab triggers, toolbar links, and select items intercepting Space/Enter keys that originate from focusable descendants.
  • Updated dependencies: @radix-ui/primitive@1.1.5, @radix-ui/react-context@1.2.0, @radix-ui/react-roving-focus@1.1.15, @radix-ui/react-presence@1.1.7

1.1.16

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-roving-focus@1.1.14

1.1.15

  • Updated dependencies: @radix-ui/react-primitive@2.1.6, @radix-ui/react-roving-focus@1.1.13

1.1.14

  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-roving-focus@1.1.12, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tabs since your current version.


Updates @radix-ui/react-toast from 1.2.15 to 1.2.19

Changelog

Sourced from @​radix-ui/react-toast's changelog.

1.2.19

  • Updated dependencies: @radix-ui/react-dismissable-layer@1.1.15, @radix-ui/primitive@1.1.5, @radix-ui/react-context@1.2.0, @radix-ui/react-presence@1.1.7, @radix-ui/react-collection@1.1.12

1.2.18

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.
  • Cleared the close timer on unmount to prevent memory leaks and errors in test environments
  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-collection@1.1.11, @radix-ui/react-portal@1.1.13, @radix-ui/react-visually-hidden@1.2.7

1.2.17

  • Updated dependencies: @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

1.2.16

  • Allow to specify container for ToastAnnounce
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-visually-hidden@1.2.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-toast since your current version.


Updates @radix-ui/react-tooltip from 1.2.8 to 1.2.12

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tooltip since your current version.


Updates @supabase/supabase-js from 2.99.3 to 2.110.3

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.110.3

2.110.3 (2026-07-13)

🩹 Fixes

  • auth: preserve pkce verifier (#2513)
  • postgrest: pin tstyche target off floating latest (#2509)

❤️ Thank You

v2.110.3-canary.1

2.110.3-canary.1 (2026-07-13)

🩹 Fixes

  • auth: preserve pkce verifier (#2513)

❤️ Thank You

v2.110.3-canary.0

2.110.3-canary.0 (2026-07-10)

🩹 Fixes

  • postgrest: pin tstyche target off floating latest (#2509)

❤️ Thank You

v2.110.2

2.110.2 (2026-07-09)

🩹 Fixes

  • auth: clear local session on signout failures (#2504)

❤️ Thank You

  • Luc Peng

v2.110.2-canary.0

2.110.2-canary.0 (2026-07-07)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.110.3 (2026-07-13)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.110.2 (2026-07-09)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.110.1 (2026-07-07)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.110.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

2.109.0 (2026-06-30)

🩹 Fixes

  • realtime: pin @​supabase/phoenix and browser test CDN deps (#2457)

❤️ Thank You

2.108.2 (2026-06-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.108.0 (2026-06-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.107.0 (2026-06-02)

🚀 Features

  • auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
  • supabase: update X-Client-Info to structured metadata format (#2359)
  • realtime: allow httpSend to send binary payload (#2400)

❤️ Thank You

... (truncated)

Commits
  • f8889ce docs(postgrest): fix outdated cross-fetch guidance (#2507)
  • 4164458 chore(release): version 2.110.2 changelogs (#2506)
  • 559dfb0 chore(release): version 2.110.1 changelogs (#2505)
  • b05dc29 docs(repo): register custom typedoc tags and clean up jsdoc warnings (#2500)
  • 291dfc8 chore(release): version 2.110.0 changelogs (#2483)
  • c3d5e6d feat(repo): drop Node.js 20 support (#2482)
  • b2e02b9 chore(release): version 2.109.0 changelogs (#2481)
  • dd2d4c2 fix(realtime): pin @​supabase/phoenix and browser test CDN deps (#2457)
  • a25062e chore(release): version 2.108.2 changelogs (#2449)
  • b3e5f2d chore(ci): unpin realtime version (#2432)
  • Additional commits viewable in compare view

Updates framer-motion from 12.38.0 to 12.42.2

Changelog

Sourced from framer-motion's changelog.

[12.42.2] 2026-07-01

Fixed

  • animateView: Cropped group layers now animate border-radius from the old to new radius.

[12.42.1] 2026-06-30

Fixed

  • animateView: Old layer fade out now cancelled when defining .new().

[12.42.0] 2026-06-24

Changed

  • animateView: Layers are automatically grouped to match their DOM-hierarchy. New .group(false) method opts-out.

Fixed

  • animateView: Auto-crop is now aspect-ratio aware, disabling crops for matching aspect-ratios.
  • animateView: Disabled automatic border-radius animation.

[12.41.0] 2026-06-23

Added

  • animateView: Moves from Motion+ Early Access and alpha to main library.
  • animateView: .add() resolves a CSS selector or Element to automatically generate, apply and remove view-transition-name.
  • animateView: .new() and .old() configures values to animate on new and old layers.
  • animateView: .layout() can set a custom transition on the size/position animation of the currently selected elements.
  • animateView: Group layers now automatically crop with children set to cover, with border-radius animating from old radius to new. .crop(false) disables this behaviour.
  • animateView: .class(name) tags currently selected elements with a view-transition-class as a custom CSS hook.

Fixed

  • AnimatePresence: Prevent stuck exit animations when children interrupt.
  • drag: Child e.stopPropagation() no longer break drag end.
  • Fixing Next.js OOM on Windows when importing via motion package.
  • animateLayout: Improve handling of parallel/interleaved calls.

Changed

  • animateView: .enter() and .exit() now refer specifically to new and old layers where there are no matching old or new layers.
  • animateView: Interrupted transition setups now return resolved animation rather than throwing.

[12.40.0] 2026-05-21

Added

... (truncated)

Commits
  • 40e8756 v12.42.2
  • 718ccc7 Merge pull request #3768 from motiondivision/view-cropped-corner-radius
  • 19195a4 Dedupe corner-radius longhands; merge crop box/radii measurements
  • 5299aa6 Resolve cropped-clip radius timing once; fix transition-option leak
  • 937cdf3 Animate cropped view-transition group corner radius
  • fd2d6f6 v12.42.1
  • 2223d87 Hold the old layer when only a non-opacity .new() is set
  • 9c84145 v12.42.0
  • 60d7c72 Add view-transition group nesting and aspect-aware cropping
  • 6437276 Updating
  • Additional commits viewable in compare view

Updates imapflow from 1.3.6 to 1.4.7

Changelog

Sourced from imapflow's changelog.

1.4.7 (2026-07-10)

Bug Fixes

  • treat \NonExistent mailboxes as \Noselect in LIST responses (af21245)

1.4.6 (2026-07-05)

Bug Fixes

  • update dependencies (@​zone-eu/mailsplit 5.4.14) (e977b7d)

1.4.5 (2026-07-05)

Bug Fixes

  • update dependencies (libmime 5.4.1) (2e8fa0e)

1.4.4 (2026-07-05)

Bug Fixes

  • update dependencies (nodemailer 9.0.3, iconv-lite 0.7.3) (1faf7e8)

1.4.3 (2026-06-26)

Bug Fixes

  • update dependencies (libmime 5.4.0, mailsplit 5.4.13) (ae175eb)

1.4.2 (2026-06-19)

Bug Fixes

  • bump nodemailer to 9.0.1 (9c46aa9)

1.4.1 (2026-06-15)

Bug Fixes

  • ship refreshed dependencies (nodemailer 9, updated toolchain) (e1d36e6)

1.4.0 (2026-06-09)

... (truncated)

Commits
  • c2a5ad5 Merge pull request #366 from postalsys/release-please--branches--master--comp...
  • 5ddbfd2 chore(master): release 1.4.7 [skip-ci]
  • af21245 fix: treat \NonExistent mailboxes as \Noselect in LIST responses
  • 376bcbd chore(master): release 1.4.6 [skip-ci] (#365)
  • e977b7d fix: update dependencies (@​zone-eu/mailsplit 5.4.14)
  • ce541bb chore(master): release 1.4.5 [skip-ci] (#364)
  • 2e8fa0e fix: update dependencies (libmime 5.4.1)
  • 2f27b29 chore(master): release 1.4.4 [skip-ci] (#363)
  • 1faf7e8 fix: update dependencies (nodemailer 9.0.3, iconv-lite 0.7.3)
  • 57cffd4 chore(master): release 1.4.3 [skip-ci] (#362)
  • Additional commits viewable in compare view

Updates ioredis from 5.10.1 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

v5.11.0

5.11.0 (2026-05-26)

Bug Fixes

Features

Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

5.11.0 (2026-05-26)

Bug Fixes

Features

Commits
  • fb224a7 chore(release): 5.11.1 [skip ci]
  • 131ee24 fix: parse protocol-relative Redis URLs as TCP connections (#2125)
  • c84b2ee fix(cluster): reconnect to nodes that restart without slot changes (#2096)
  • 1490432 chore(release): 5.11.0 [skip ci]
  • 5359d4d refactor(utils): inline defaults and isArguments helpers (#2107)
  • b7b3def feat: add vector set command support (#2116)
  • faa53fd ci: update Node.js and Redis test matrix (#2119)
  • 37d0695 feat: add increx command (#2115)
  • 612ee9d chore: update Redis 8.8 test image to custom (#2118)
  • baf68d6 feat: add array commands, typings and tests (#2114)
  • Additional commits viewable in compare view

Updates isomorphic-dompurify from 3.12.0 to 3.18.0

Release notes

Sourced from isomorphic-dompurify's releases.

3.18.0: Updated dependencies

  • dompurify 3.4.10 -> 3.4.11
  • vitest 4.1.8 -> 4.1.9
  • pnpm/action-setup 6 -> 6.0.8

3.17.0: Updated dependencies

  • dompurify 3.4.8 -> 3.4.10
  • @​biomejs/biome 2.4.16 -> 2.5.0
  • pnpm 11.4.0 -> 11.6.0

3.16.0: Updated dependencies

  • dompurify 3.4.7 -> 3.4.8
  • vitest 4.1.7 -> 4.1.8
  • lefthook 2.1.8 -> 2.1.9

3.15.0: Updated dependencies

  • dompurify 3.4.5 -> 3.4.7
  • @​biomejs/biome 2.4.15 -> 2.4.16
  • vitest 4.1.6 -> 4.1.7
  • packageManager pnpm 11.1.3 -> 11.4.0

3.14.0: Updated dependencies

What's Changed

  • chore(deps): bump dompurify from 3.4.3 to 3.4.5 by @​dependabot[bot]
  • chore: Allowed esbuild and disallowed lefthook for ci.
  • chore: Added homepage URL to package.json.

Full Changelog: kkomelin/isomorphic-dompurify@3.13.0...3.14.0

3.13.0: Updated dependencies

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.12.0...3.13.0

Commits
  • 1d5745c chore: release v3.18.0
  • e1202c5 chore(deps): bump dompurify from 3.4.10 to 3.4.11
  • ab9cc6b chore(deps-dev): bump vitest from 4.1.8 to 4.1.9
  • 60491d6 chore(deps): bump pnpm/action-setup from 6 to 6.0.8
  • 4b0f0db chore: Updated dependencies.
  • 1e537bd chore(deps): bump dompurify from 3.4.8 to 3.4.9
  • bee551b chore: Bump version to 3.16.0 and update dependencies.
  • e03b0c0 chore(deps): bump dompurify from 3.4.7 to 3.4.8
  • 86abe8b chore(deps-dev): bump lefthook from 2.1.8 to 2.1.9
  • 284831c chore(deps-dev): bump vitest from 4.1.7 to 4.1.8
  • Additional commits viewable in compare view

Updates linkedom from 0.18.12 to 0.18.13

Commits
  • fcd88e0 0.18.13
  • 195f7aa brought in better spec-compliant style and getComputed
  • b9ee7fd fix: reading an unset style property returns "" per CSSOM, not undefined (#328)
  • 2450493 Fix #320 - Updated build status
  • d001308 removed unnecessary .npmrc line + updated dev/dependencies - not htmlparser2
  • See full diff in compare view

Updates lucide-react from 1.14.0 to 1.24.0

Release notes

Sourced from lucide-react's releases.

Version 1.24.0

What's Changed

Bumps the minor-and-patch group with 37 updates:

| Package | From | To |
| --- | --- | --- |
| [@noriginmedia/norigin-spatial-navigation](https://github.com/NoriginMedia/norigin-spatial-navigation) | `3.1.0` | `3.2.1` |
| [@radix-ui/react-dialog](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dialog) | `1.1.15` | `1.1.19` |
| [@radix-ui/react-dropdown-menu](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dropdown-menu) | `2.1.16` | `2.1.20` |
| [@radix-ui/react-progress](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/progress) | `1.1.8` | `1.1.12` |
| [@radix-ui/react-scroll-area](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/scroll-area) | `1.2.10` | `1.2.14` |
| [@radix-ui/react-separator](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/separator) | `1.1.8` | `1.1.11` |
| [@radix-ui/react-slider](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slider) | `1.3.6` | `1.4.3` |
| [@radix-ui/react-slot](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slot) | `1.2.4` | `1.3.0` |
| [@radix-ui/react-tabs](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tabs) | `1.1.13` | `1.1.17` |
| [@radix-ui/react-toast](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/toast) | `1.2.15` | `1.2.19` |
| [@radix-ui/react-tooltip](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tooltip) | `1.2.8` | `1.2.12` |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.99.3` | `2.110.3` |
| [framer-motion](https://github.com/motiondivision/motion) | `12.38.0` | `12.42.2` |
| [imapflow](https://github.com/postalsys/imapflow) | `1.3.6` | `1.4.7` |
| [ioredis](https://github.com/luin/ioredis) | `5.10.1` | `5.11.1` |
| [isomorphic-dompurify](https://github.com/kkomelin/isomorphic-dompurify) | `3.12.0` | `3.18.0` |
| [linkedom](https://github.com/WebReflection/linkedom) | `0.18.12` | `0.18.13` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.14.0` | `1.24.0` |
| [mailparser](https://github.com/nodemailer/mailparser) | `3.9.9` | `3.9.14` |
| [next](https://github.com/vercel/next.js) | `16.2.4` | `16.2.10` |
| [openai](https://github.com/openai/openai-node) | `6.36.0` | `6.46.0` |
| [posthog-js](https://github.com/PostHog/posthog-js) | `1.381.0` | `1.399.2` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.7` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.17` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.7` |
| [resend](https://github.com/resend/resend-node) | `6.12.2` | `6.17.2` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` |
| [video.js](https://github.com/videojs/video.js) | `8.23.7` | `8.23.9` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.1` |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.4` | `4.3.2` |
| [@types/jsdom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsdom) | `28.0.0` | `28.0.3` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.8` | `4.1.10` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.2.4` | `16.2.10` |
| [postcss](https://github.com/postcss/postcss) | `8.5.14` | `8.5.19` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.4` | `4.3.2` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.23.1` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.10` |


Updates `@noriginmedia/norigin-spatial-navigation` from 3.1.0 to 3.2.1
- [Release notes](https://github.com/NoriginMedia/norigin-spatial-navigation/releases)
- [Changelog](https://github.com/NoriginMedia/Norigin-Spatial-Navigation/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NoriginMedia/norigin-spatial-navigation/compare/@noriginmedia/norigin-spatial-navigation@3.1.0...@noriginmedia/norigin-spatial-navigation@3.2.1)

Updates `@radix-ui/react-dialog` from 1.1.15 to 1.1.19
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dialog/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dialog)

Updates `@radix-ui/react-dropdown-menu` from 2.1.16 to 2.1.20
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dropdown-menu/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dropdown-menu)

Updates `@radix-ui/react-progress` from 1.1.8 to 1.1.12
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/progress/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/progress)

Updates `@radix-ui/react-scroll-area` from 1.2.10 to 1.2.14
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/scroll-area/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/scroll-area)

Updates `@radix-ui/react-separator` from 1.1.8 to 1.1.11
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/separator/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/separator)

Updates `@radix-ui/react-slider` from 1.3.6 to 1.4.3
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slider/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slider)

Updates `@radix-ui/react-slot` from 1.2.4 to 1.3.0
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slot/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slot)

Updates `@radix-ui/react-tabs` from 1.1.13 to 1.1.17
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tabs/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tabs)

Updates `@radix-ui/react-toast` from 1.2.15 to 1.2.19
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/toast/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/toast)

Updates `@radix-ui/react-tooltip` from 1.2.8 to 1.2.12
- [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tooltip)

Updates `@supabase/supabase-js` from 2.99.3 to 2.110.3
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.110.3/packages/core/supabase-js)

Updates `framer-motion` from 12.38.0 to 12.42.2
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](motiondivision/motion@v12.38.0...v12.42.2)

Updates `imapflow` from 1.3.6 to 1.4.7
- [Release notes](https://github.com/postalsys/imapflow/releases)
- [Changelog](https://github.com/postalsys/imapflow/blob/master/CHANGELOG.md)
- [Commits](postalsys/imapflow@v1.3.6...v1.4.7)

Updates `ioredis` from 5.10.1 to 5.11.1
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](redis/ioredis@v5.10.1...v5.11.1)

Updates `isomorphic-dompurify` from 3.12.0 to 3.18.0
- [Release notes](https://github.com/kkomelin/isomorphic-dompurify/releases)
- [Commits](kkomelin/isomorphic-dompurify@3.12.0...3.18.0)

Updates `linkedom` from 0.18.12 to 0.18.13
- [Commits](WebReflection/linkedom@v0.18.12...v0.18.13)

Updates `lucide-react` from 1.14.0 to 1.24.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.24.0/packages/lucide-react)

Updates `mailparser` from 3.9.9 to 3.9.14
- [Release notes](https://github.com/nodemailer/mailparser/releases)
- [Changelog](https://github.com/nodemailer/mailparser/blob/master/CHANGELOG.md)
- [Commits](nodemailer/mailparser@v3.9.9...v3.9.14)

Updates `next` from 16.2.4 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v16.2.4...v16.2.10)

Updates `openai` from 6.36.0 to 6.46.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/main/CHANGELOG.md)
- [Commits](openai/openai-node@v6.36.0...v6.46.0)

Updates `posthog-js` from 1.381.0 to 1.399.2
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/compare/posthog-js@1.381.0...posthog-js@1.399.2)

Updates `react` from 19.2.5 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `@types/react` from 19.2.14 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `react-dom` from 19.2.5 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `resend` from 6.12.2 to 6.17.2
- [Release notes](https://github.com/resend/resend-node/releases)
- [Changelog](https://github.com/resend/resend-node/blob/canary/CHANGELOG.md)
- [Commits](resend/resend-node@v6.12.2...v6.17.2)

Updates `tailwind-merge` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0)

Updates `video.js` from 8.23.7 to 8.23.9
- [Release notes](https://github.com/videojs/video.js/releases)
- [Changelog](https://github.com/videojs/video.js/blob/main/CHANGELOG.md)
- [Commits](videojs/video.js@v8.23.7...v8.23.9)

Updates `@playwright/test` from 1.60.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.1)

Updates `@tailwindcss/postcss` from 4.2.4 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-postcss)

Updates `@types/jsdom` from 28.0.0 to 28.0.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsdom)

Updates `@types/react` from 19.2.14 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `@vitest/coverage-v8` from 4.1.8 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/coverage-v8)

Updates `eslint-config-next` from 16.2.4 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.10/packages/eslint-config-next)

Updates `postcss` from 8.5.14 to 8.5.19
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.14...8.5.19)

Updates `tailwindcss` from 4.2.4 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

Updates `tsx` from 4.21.0 to 4.23.1
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.21.0...v4.23.1)

Updates `vitest` from 4.1.8 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

---
updated-dependencies:
- dependency-name: "@noriginmedia/norigin-spatial-navigation"
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-dialog"
  dependency-version: 1.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-dropdown-menu"
  dependency-version: 2.1.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-progress"
  dependency-version: 1.1.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-scroll-area"
  dependency-version: 1.2.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-separator"
  dependency-version: 1.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-slider"
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-slot"
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-tabs"
  dependency-version: 1.1.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-toast"
  dependency-version: 1.2.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-tooltip"
  dependency-version: 1.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.110.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: framer-motion
  dependency-version: 12.42.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: imapflow
  dependency-version: 1.4.7
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ioredis
  dependency-version: 5.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: isomorphic-dompurify
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: linkedom
  dependency-version: 0.18.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: lucide-react
  dependency-version: 1.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: mailparser
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: next
  dependency-version: 16.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: openai
  dependency-version: 6.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: posthog-js
  dependency-version: 1.399.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: resend
  dependency-version: 6.17.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: tailwind-merge
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: video.js
  dependency-version: 8.23.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@types/jsdom"
  dependency-version: 28.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: eslint-config-next
  dependency-version: 16.2.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: postcss
  dependency-version: 8.5.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: tsx
  dependency-version: 4.23.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vitest
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

Copy link
Copy Markdown

vu1nz Security Review

0 finding(s) in PR #?

No security issues found.

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @videojs/http-streaming is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/@videojs/http-streaming@3.17.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@videojs/http-streaming@3.17.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @videojs/http-streaming is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/@videojs/http-streaming@3.17.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@videojs/http-streaming@3.17.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @videojs/vhs-utils is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/@videojs/vhs-utils@4.1.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@videojs/vhs-utils@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @videojs/vhs-utils is now published by essk

Author: essk

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/@videojs/vhs-utils@4.1.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@videojs/vhs-utils@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @zone-eu/mailsplit under EUPL-1.2

License: EUPL-1.2 - The applicable license policy does not permit this license (5) (package/LICENSE.EUPL-1.2)

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/LICENSE.EUPL-1.2)

License: EUPL-1.1+ - This license classifier is not allowed by the applicable policy (package/package.json)

From: pnpm-lock.yamlnpm/mailparser@3.9.14npm/imapflow@1.4.7npm/@zone-eu/mailsplit@5.4.14

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@zone-eu/mailsplit@5.4.14. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm mpd-parser is now published by essk

Author: essk

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/mpd-parser@1.4.0

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/mpd-parser@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm playwright-core under ms-azure-data-studio

License: ms-azure-data-studio - The applicable license policy does not permit this license (5) (package/ThirdPartyNotices.txt)

From: pnpm-lock.yamlnpm/@playwright/test@1.61.1npm/playwright-core@1.61.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/playwright-core@1.61.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm playwright under ms-azure-data-studio

License: ms-azure-data-studio - The applicable license policy does not permit this license (5) (package/ThirdPartyNotices.txt)

From: pnpm-lock.yamlnpm/@playwright/test@1.61.1npm/playwright@1.61.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/playwright@1.61.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Telemetry collection: npm posthog-js

Note: A client-side telemetry and session-replay library at package/dist/array.full.no-external.js instruments browser activity by wrapping fetch/XMLHttpRequest, capturing errors and console output, recording DOM interactions, and optionally collecting request/response bodies and headers. It serializes/compresses the data and transmits payloads to backend endpoints, with configurable data redaction, masking, consent controls, and potential UI surveys. The module may utilize cookies/localStorage and possibly a Web Worker or remote config/scripts; misconfiguration can lead to excessive data capture or data exfiltration and privacy/compliance risks.

From: package.jsonnpm/posthog-js@1.399.2

ℹ Read more on: This package | This alert | What is telemetry?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/posthog-js@1.399.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Telemetry collection: npm posthog-js

Note: A client-side analytics/session-recording SDK embedded in package/dist/module.full.js instruments browser activity (DOM and network), patches fetch/XHR and console behavior, may capture request/response bodies and DOM content, serializes and transmits collected data, and persists identifiers and telemetry queues. It can dynamically load remote configurations or external scripts via a runtime injector, creating significant privacy, governance, and supply-chain risks; it also includes a potentially dangerous HTML rendering sink (dangerouslySetInnerHTML) in the UI. Enforce strict configuration validation, CSP/SRI/allowlists for external scripts, sanitize content, and monitor body/header capture settings.

From: package.jsonnpm/posthog-js@1.399.2

ℹ Read more on: This package | This alert | What is telemetry?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/posthog-js@1.399.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Telemetry collection: npm posthog-js

Note: The file package/dist/array.no-external.js loads remote transforms and external scripts, enabling server-driven DOM mutations and potential data exfiltration, which creates elevated supply-chain and privacy risks. Treat as a high data-handling/privacy-risk component requiring governance: review extension trust boundaries, enforce strict integrity checks and allowlists, apply a robust Content Security Policy, and assess consent/PII handling; note potential UUID generation quality issues when crypto RNG is unavailable. Malware likelihood from this fragment alone appears low, but data-handling risks warrant careful evaluation.

From: package.jsonnpm/posthog-js@1.399.2

ℹ Read more on: This package | This alert | What is telemetry?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/posthog-js@1.399.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Telemetry collection: npm posthog-js

Note: The JavaScript SDK loads and executes remote scripts at runtime to support server-driven experiments and DOM transformations, creating supply-chain and code-execution risks with potential data exfiltration if upstream content is compromised. The primary attack surface is remote script loading and DOM-injection via innerHTML/style; compromise of remote configuration, asset URLs, extension registries, or script hooks could allow arbitrary code execution in the page context. Mitigations include strict origin allowlisting, CSP/SRI integrity protections, server-side integrity checks, and safe script hook configurations. Overall risk is medium-to-high depending on exposure.

From: package.jsonnpm/posthog-js@1.399.2

ℹ Read more on: This package | This alert | What is telemetry?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/posthog-js@1.399.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm rollup under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@vitejs/plugin-react@5.1.4npm/vitest@4.1.10npm/rollup@4.62.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rollup@4.62.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Low adoption: npm node-exports-info

Location: Package overview

From: pnpm-lock.yamlnpm/eslint-config-next@16.2.10npm/node-exports-info@1.6.2

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-exports-info@1.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@ralyodio ralyodio closed this Jul 14, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@ralyodio
ralyodio deleted the dependabot/npm_and_yarn/minor-and-patch-ebfafb23e2 branch July 14, 2026 06:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant