Skip to content

Bump the npm-minor-and-patch group in /assets with 13 updates#25

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/assets/npm-minor-and-patch-f7769f31d7
Open

Bump the npm-minor-and-patch group in /assets with 13 updates#25
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/assets/npm-minor-and-patch-f7769f31d7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-minor-and-patch group in /assets with 13 updates:

Package From To
@inertiajs/react 3.5.0 3.6.0
@radix-ui/react-alert-dialog 1.1.17 1.1.18
@radix-ui/react-dropdown-menu 2.1.18 2.1.19
@radix-ui/react-popover 1.1.17 1.1.18
@radix-ui/react-select 2.3.1 2.3.2
@radix-ui/react-toast 1.2.17 1.2.18
@radix-ui/react-tooltip 1.2.10 1.2.11
@sentry/node 10.62.0 10.63.0
@sentry/react 10.62.0 10.63.0
i18next 26.3.3 26.3.4
lucide-react 1.22.0 1.23.0
@biomejs/biome 2.5.1 2.5.2
@types/node 26.0.1 26.1.0

Updates @inertiajs/react from 3.5.0 to 3.6.0

Release notes

Sourced from @​inertiajs/react's releases.

v3.6.0

What's Changed

Full Changelog: inertiajs/inertia@v3.5.0...v3.6.0

Changelog

Sourced from @​inertiajs/react's changelog.

v3.6.0 - 2026-07-02

What's Changed

Full Changelog: inertiajs/inertia@v3.5.0...v3.6.0

Commits

Updates @radix-ui/react-alert-dialog from 1.1.17 to 1.1.18

Changelog

Sourced from @​radix-ui/react-alert-dialog's changelog.

1.1.18

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dialog@1.1.18
Commits

Updates @radix-ui/react-dropdown-menu from 2.1.18 to 2.1.19

Changelog

Sourced from @​radix-ui/react-dropdown-menu's changelog.

2.1.19

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.

Other updates

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-menu@2.1.19
Commits

Updates @radix-ui/react-popover from 1.1.17 to 1.1.18

Changelog

Sourced from @​radix-ui/react-popover's changelog.

1.1.18

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-focus-scope@1.1.11, @radix-ui/react-popper@1.3.2, @radix-ui/react-portal@1.1.13
Commits

Updates @radix-ui/react-select from 2.3.1 to 2.3.2

Changelog

Sourced from @​radix-ui/react-select's changelog.

2.3.2

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.

Other updates

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-focus-scope@1.1.11, @radix-ui/react-popper@1.3.2, @radix-ui/react-collection@1.1.11, @radix-ui/react-portal@1.1.13, @radix-ui/react-visually-hidden@1.2.7
Commits

Updates @radix-ui/react-toast from 1.2.17 to 1.2.18

Changelog

Sourced from @​radix-ui/react-toast's changelog.

1.2.18

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.
  • Cleared the close timer on unmount to prevent memory leaks and errors in test environments
  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-collection@1.1.11, @radix-ui/react-portal@1.1.13, @radix-ui/react-visually-hidden@1.2.7
Commits

Updates @radix-ui/react-tooltip from 1.2.10 to 1.2.11

Changelog

Sourced from @​radix-ui/react-tooltip's changelog.

1.2.11

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-popper@1.3.2, @radix-ui/react-portal@1.1.13, @radix-ui/react-visually-hidden@1.2.7
Commits

Updates @sentry/node from 10.62.0 to 10.63.0

Release notes

Sourced from @​sentry/node's releases.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 26.97 KB
@​sentry/browser - with treeshaking flags 25.44 KB

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

Commits
  • 2362e9f release: 10.63.0
  • 5b51d5e Merge pull request #21874 from getsentry/prepare-release/10.63.0
  • 4e16503 meta(changelog): Update changelog for 10.63.0
  • 690f778 test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21...
  • 429cdaf test(node-integration-tests): Fix flaky postgresjs basic transaction/error or...
  • 35998e6 test(e2e/hono): Isolate request-data extraction tests onto a dedicated route ...
  • 88e7ad5 feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#...
  • e316151 ref(server-utils): Move mysql orchestrion integration onto bindTracingChannel...
  • e7c24a5 feat(server-utils): Restore caller context for callback tracing channels (#21...
  • bf21b16 fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#...
  • Additional commits viewable in compare view

Updates @sentry/react from 10.62.0 to 10.63.0

Release notes

Sourced from @​sentry/react's releases.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 26.97 KB
@​sentry/browser - with treeshaking flags 25.44 KB

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

Commits
  • 2362e9f release: 10.63.0
  • 5b51d5e Merge pull request #21874 from getsentry/prepare-release/10.63.0
  • 4e16503 meta(changelog): Update changelog for 10.63.0
  • 690f778 test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21...
  • 429cdaf test(node-integration-tests): Fix flaky postgresjs basic transaction/error or...
  • 35998e6 test(e2e/hono): Isolate request-data extraction tests onto a dedicated route ...
  • 88e7ad5 feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#...
  • e316151 ref(server-utils): Move mysql orchestrion integration onto bindTracingChannel...
  • e7c24a5 feat(server-utils): Restore caller context for callback tracing channels (#21...
  • bf21b16 fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#...
  • Additional commits viewable in compare view

Updates i18next from 26.3.3 to 26.3.4

Release notes

Sourced from i18next's releases.

v26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). Thanks to zx (Jace) for the responsible disclosure.
Changelog

Sourced from i18next's changelog.

26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). See advisory GHSA-6jcc-5g8w-32mx, CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). Thanks to zx (Jace) @​manus-use for the responsible disclosure.
Commits

Updates lucide-react from 1.22.0 to 1.23.0

Release notes

Sourced from lucide-react's releases.

Version 1.23.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.22.0...1.23.0

Commits

Updates @biomejs/biome from 2.5.1 to 2.5.2

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.2

2.5.2

Patch Changes

  • #10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #10752 f62fb8b Thanks @​ematipico! - Fixed #10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #10796 f1b3ab2 Thanks @​ematipico! - Fixed #10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

    // No longer flagged (returns are `string`):
    function getValue(b: boolean): string {
      if (b) return "a" as string;
      return "b" as string;
    }
    // Now also reported, like as const (returns false):
    function isReady(): boolean {
    return false as false;
    }

  • #10678 8f073a7 Thanks @​PranavAchar01! - Fixed #7718: Biome now correctly parses CSS nesting selectors when & appears as a trailing sub-selector after a type selector, e.g. h1& { color: red; }.

  • #10756 5ec965a Thanks @​denbezrukov! - Fixed CSS formatter output for selector lists with allowWrongLineComments and // comments after a selector comma. Biome now keeps the selector before the line comment inline instead of breaking it across descendant combinators.

    -.powerPathNavigator
    -  .helm
    -  button.pressedButton, // pressed
    +.powerPathNavigator .helm button.pressedButton, // pressed
     .powerPathNavigator .helm button:active:not(.disabledButton) {
     }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.2

Patch Changes

  • #10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #10752 f62fb8b Thanks @​ematipico! - Fixed #10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #10796 f1b3ab2 Thanks @​ematipico! - Fixed #10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

    // No longer flagged (returns are `string`):
    function getValue(b: boolean): string {
      if (b) return "a" as string;
      return "b" as string;
    }
    // Now also reported, like as const (returns false):
    function isReady(): boolean {
    return false as false;
    }

  • #10678 8f073a7 Thanks @​PranavAchar01! - Fixed #7718: Biome now correctly parses CSS nesting selectors when & appears as a trailing sub-selector after a type selector, e.g. h1& { color: red; }.

  • #10756 5ec965a Thanks @​denbezrukov! - Fixed CSS formatter output for selector lists with allowWrongLineComments and // comments after a selector comma. Biome now keeps the selector before the line comment inline instead of breaking it across descendant combinators.

    -.powerPathNavigator
    -  .helm
    -  button.pressedButton, // pressed
    +.powerPathNavigator .helm button.pressedButton, // pressed
     .powerPathNavigator .helm button:active:not(.disabledButton) {
     }
  • #10757 6232fcd Thanks @​PranavAchar01! - Fixed #8269: the CSS parser now accepts Tailwind @variant and @utility names that start with a digit, such as the 2xl breakpoint.

... (truncated)

Commits

Updates @types/node from 26.0.1 to 26.1.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm-minor-and-patch group in /assets with 13 updates:

| Package | From | To |
| --- | --- | --- |
| [@inertiajs/react](https://github.com/inertiajs/inertia/tree/HEAD/packages/react) | `3.5.0` | `3.6.0` |
| [@radix-ui/react-alert-dialog](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/alert-dialog) | `1.1.17` | `1.1.18` |
| [@radix-ui/react-dropdown-menu](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dropdown-menu) | `2.1.18` | `2.1.19` |
| [@radix-ui/react-popover](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/popover) | `1.1.17` | `1.1.18` |
| [@radix-ui/react-select](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/select) | `2.3.1` | `2.3.2` |
| [@radix-ui/react-toast](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/toast) | `1.2.17` | `1.2.18` |
| [@radix-ui/react-tooltip](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tooltip) | `1.2.10` | `1.2.11` |
| [@sentry/node](https://github.com/getsentry/sentry-javascript) | `10.62.0` | `10.63.0` |
| [@sentry/react](https://github.com/getsentry/sentry-javascript) | `10.62.0` | `10.63.0` |
| [i18next](https://github.com/i18next/i18next) | `26.3.3` | `26.3.4` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.22.0` | `1.23.0` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.5.1` | `2.5.2` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `26.0.1` | `26.1.0` |


Updates `@inertiajs/react` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/inertiajs/inertia/releases)
- [Changelog](https://github.com/inertiajs/inertia/blob/3.x/CHANGELOG.md)
- [Commits](https://github.com/inertiajs/inertia/commits/v3.6.0/packages/react)

Updates `@radix-ui/react-alert-dialog` from 1.1.17 to 1.1.18
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/alert-dialog/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/alert-dialog)

Updates `@radix-ui/react-dropdown-menu` from 2.1.18 to 2.1.19
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dropdown-menu/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dropdown-menu)

Updates `@radix-ui/react-popover` from 1.1.17 to 1.1.18
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/popover/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/popover)

Updates `@radix-ui/react-select` from 2.3.1 to 2.3.2
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/select/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/select)

Updates `@radix-ui/react-toast` from 1.2.17 to 1.2.18
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/toast/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/toast)

Updates `@radix-ui/react-tooltip` from 1.2.10 to 1.2.11
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tooltip/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tooltip)

Updates `@sentry/node` from 10.62.0 to 10.63.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.62.0...10.63.0)

Updates `@sentry/react` from 10.62.0 to 10.63.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.62.0...10.63.0)

Updates `i18next` from 26.3.3 to 26.3.4
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v26.3.3...v26.3.4)

Updates `lucide-react` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react)

Updates `@biomejs/biome` from 2.5.1 to 2.5.2
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.2/packages/@biomejs/biome)

Updates `@types/node` from 26.0.1 to 26.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@inertiajs/react"
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: "@radix-ui/react-alert-dialog"
  dependency-version: 1.1.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@radix-ui/react-dropdown-menu"
  dependency-version: 2.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@radix-ui/react-popover"
  dependency-version: 1.1.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@radix-ui/react-select"
  dependency-version: 2.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@radix-ui/react-toast"
  dependency-version: 1.2.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@radix-ui/react-tooltip"
  dependency-version: 1.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@sentry/node"
  dependency-version: 10.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: "@sentry/react"
  dependency-version: 10.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: i18next
  dependency-version: 26.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: lucide-react
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
- dependency-name: "@types/node"
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
@dependabot dependabot Bot requested a review from andreogle as a code owner July 9, 2026 11:55
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants