Skip to content

deps(deps): bump the minor-and-patch group with 36 updates#124

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-0e717061c5
Open

deps(deps): bump the minor-and-patch group with 36 updates#124
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-0e717061c5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 36 updates:

Package From To
@noriginmedia/norigin-spatial-navigation 3.1.0 3.2.1
@radix-ui/react-dialog 1.1.15 1.1.18
@radix-ui/react-dropdown-menu 2.1.16 2.1.19
@radix-ui/react-progress 1.1.8 1.1.11
@radix-ui/react-scroll-area 1.2.10 1.2.13
@radix-ui/react-separator 1.1.8 1.1.11
@radix-ui/react-slider 1.3.6 1.4.2
@radix-ui/react-slot 1.2.4 1.3.0
@radix-ui/react-tabs 1.1.13 1.1.16
@radix-ui/react-toast 1.2.15 1.2.18
@radix-ui/react-tooltip 1.2.8 1.2.11
@supabase/supabase-js 2.99.3 2.110.0
framer-motion 12.38.0 12.42.2
imapflow 1.3.6 1.4.6
ioredis 5.10.1 5.11.1
isomorphic-dompurify 3.12.0 3.18.0
lucide-react 1.14.0 1.23.0
mailparser 3.9.9 3.9.14
next 16.2.4 16.2.10
openai 6.36.0 6.45.0
posthog-js 1.381.0 1.396.8
react 19.2.5 19.2.7
@types/react 19.2.14 19.2.17
react-dom 19.2.5 19.2.7
resend 6.12.2 6.17.1
tailwind-merge 3.5.0 3.6.0
video.js 8.23.7 8.23.9
@playwright/test 1.60.0 1.61.1
@tailwindcss/postcss 4.2.4 4.3.2
@types/jsdom 28.0.0 28.0.3
@vitest/coverage-v8 4.1.8 4.1.10
eslint-config-next 16.2.4 16.2.10
postcss 8.5.14 8.5.16
tailwindcss 4.2.4 4.3.2
tsx 4.21.0 4.23.0
vitest 4.1.8 4.1.10

Updates @noriginmedia/norigin-spatial-navigation from 3.1.0 to 3.2.1

Release notes

Sourced from @​noriginmedia/norigin-spatial-navigation's releases.

@​noriginmedia/norigin-spatial-navigation-react@​3.2.1

Patch Changes

  • 54353b0: - Add nextFocusResolver to override default behavior
  • Updated dependencies [54353b0]
  • Updated dependencies [54353b0]
  • Updated dependencies [54353b0]
    • @​noriginmedia/norigin-spatial-navigation-core@​4.0.0

@​noriginmedia/norigin-spatial-navigation@​3.2.1

Patch Changes

  • Updated dependencies [54353b0]
  • Updated dependencies [54353b0]
  • Updated dependencies [54353b0]
    • @​noriginmedia/norigin-spatial-navigation-core@​4.0.0
    • @​noriginmedia/norigin-spatial-navigation-react@​3.2.1

@​noriginmedia/norigin-spatial-navigation-core@​3.2.0

Minor Changes

  • a18ed66: Add focusOnPresetKey init option (default true) to control whether a component is automatically focused when it is added and its focus key was already set as the current focus key (e.g. setFocus was called before the component mounted). Set it to false to disable this implicit refocus on add.

@​noriginmedia/norigin-spatial-navigation-react@​3.2.0

Minor Changes

  • a18ed66: Add focusOnPresetKey init option (default true) to control whether a component is automatically focused when it is added and its focus key was already set as the current focus key (e.g. setFocus was called before the component mounted). Set it to false to disable this implicit refocus on add.

Patch Changes

  • Updated dependencies [a18ed66]
    • @​noriginmedia/norigin-spatial-navigation-core@​3.2.0

@​noriginmedia/norigin-spatial-navigation@​3.2.0

Minor Changes

  • a18ed66: Add focusOnPresetKey init option (default true) to control whether a component is automatically focused when it is added and its focus key was already set as the current focus key (e.g. setFocus was called before the component mounted). Set it to false to disable this implicit refocus on add.

Patch Changes

  • Updated dependencies [a18ed66]
    • @​noriginmedia/norigin-spatial-navigation-core@​3.2.0
    • @​noriginmedia/norigin-spatial-navigation-react@​3.2.0
Commits

Updates @radix-ui/react-dialog from 1.1.15 to 1.1.18

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.18

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-focus-scope@1.1.11, @radix-ui/react-portal@1.1.13

1.1.17

  • Removed dev-only warnings for dialogs when title and/or description is not rendered.
  • Fixed Dismissable Layer so outside interactions stopped by extension UI overlays do not dismiss dialogs or popovers.
  • Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12

1.1.16

  • Fixed disabled pointer events in closed dialogs
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dialog since your current version.


Updates @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.19

Changelog

Sourced from @​radix-ui/react-dropdown-menu's changelog.

2.1.19

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.

Other updates

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-menu@2.1.19

2.1.18

  • Fixed a bug where menus and submenus remained open after a window loses focus.
  • Updated dependencies: @radix-ui/react-menu@2.1.18, @radix-ui/react-primitive@2.1.6

2.1.17

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-menu@2.1.17, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dropdown-menu since your current version.


Updates @radix-ui/react-progress from 1.1.8 to 1.1.11

Changelog

Sourced from @​radix-ui/react-progress's changelog.

1.1.11

  • Updated dependencies: @radix-ui/react-primitive@2.1.7

1.1.10

  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.1.9

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-progress since your current version.


Updates @radix-ui/react-scroll-area from 1.2.10 to 1.2.13

Changelog

Sourced from @​radix-ui/react-scroll-area's changelog.

1.2.13

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.

Other updates

  • Updated dependencies: @radix-ui/react-primitive@2.1.7

1.2.12

  • Stabilized the viewport style tag unless the nonce changes.
  • Fixed Duplicate index signature errors that surfaced when consuming multiple packages together.
  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.2.11

  • Fixed missing data-state attribute for Scroll Area scrollbars
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-layout-effect@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-scroll-area since your current version.


Updates @radix-ui/react-separator from 1.1.8 to 1.1.11

Changelog

Sourced from @​radix-ui/react-separator's changelog.

1.1.11

  • Updated dependencies: @radix-ui/react-primitive@2.1.7

1.1.10

  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.1.9

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-primitive@2.1.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-separator since your current version.


Updates @radix-ui/react-slider from 1.3.6 to 1.4.2

Changelog

Sourced from @​radix-ui/react-slider's changelog.

1.4.2

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.

Other updates

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-collection@1.1.11

1.4.1

  • Fixed Duplicate index signature errors that surfaced when consuming multiple packages together.
  • Updated dependencies: @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10

1.4.0

  • Added unstable ThumbProvider, ThumbTrigger, and BubbleInput parts to Slider. SliderThumb was previously a single component that implicitly rendered a hidden native input for form submission. It is now composed from these new parts, which are exposed so consumers can decouple the bubble input from the thumb (for example, to render or customize it independently) instead of relying on SliderThumb to render it implicitly. SliderThumb continues to render all three by default, so existing usage is unaffected.
  • Added focusVisible for non-keyboard interactions with slider thumbs for progressively enabling styles using :focus-visible alongside programmatic focus management
  • Fixed Slider focus bugs in scrollable context
  • Fixed a Slider bug where very small step values made the thumbs unresponsive
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-use-size@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slider since your current version.


Updates @radix-ui/react-slot from 1.2.4 to 1.3.0

Changelog

Sourced from @​radix-ui/react-slot's changelog.

1.3.0

Added generic type arguments for SlotProps and createSlot

SlotProps and createSlot now accept generic type arguments to specify the type of element a slot should render, as well as its props.

const Slot = createSlot<HTMLButtonElement, MyCustomButtonProps>('Slot');

1.2.5

  • Fixed infinite re-render loop in React 19 caused by Slot creating a new ref callback on every render
  • Added support for nested Slottable via a render prop, so a slotted element can be wrapped while still merging Slot props and refs onto it
  • Added repository.directory to all package.json files
  • Improved error messages for invalid slot children
  • Updated dependencies: @radix-ui/react-compose-refs@1.1.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slot since your current version.


Updates @radix-ui/react-tabs from 1.1.13 to 1.1.16

Changelog

Sourced from @​radix-ui/react-tabs's changelog.

1.1.16

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-roving-focus@1.1.14

1.1.15

  • Updated dependencies: @radix-ui/react-primitive@2.1.6, @radix-ui/react-roving-focus@1.1.13

1.1.14

  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-roving-focus@1.1.12, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tabs since your current version.


Updates @radix-ui/react-toast from 1.2.15 to 1.2.18

Changelog

Sourced from @​radix-ui/react-toast's changelog.

1.2.18

  • Fixed infinite re-render loop in React 19 caused by unstable composed ref callback references.
  • Cleared the close timer on unmount to prevent memory leaks and errors in test environments
  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-collection@1.1.11, @radix-ui/react-portal@1.1.13, @radix-ui/react-visually-hidden@1.2.7

1.2.17

  • Updated dependencies: @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

1.2.16

  • Allow to specify container for ToastAnnounce
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-visually-hidden@1.2.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-toast since your current version.


Updates @radix-ui/react-tooltip from 1.2.8 to 1.2.11

Changelog

Sourced from @​radix-ui/react-tooltip's changelog.

1.2.11

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-popper@1.3.2, @radix-ui/react-portal@1.1.13, @radix-ui/react-visually-hidden@1.2.7

1.2.10

  • Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-popper@1.3.1, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

1.2.9

  • Fixed runtime error when event target is non-Node
  • Fixed a Tooltip bug so that skipDelayDuration={0} works as expected. Previously, the open delay could still be skipped when moving between triggers.
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-visually-hidden@1.2.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tooltip since your current version.


Updates @supabase/supabase-js from 2.99.3 to 2.110.0

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.110.0

2.110.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

v2.110.0-canary.0

2.110.0-canary.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

v2.109.0

2.109.0 (2026-06-30)

🚀 Features

  • auth: add custom_claims_allowlist to custom providers admin API (#2473)
  • realtime: add postgres_changes filter builder, new operators and select (#2463)
  • storage: expose purgeCache for buckets and single objects (#2429)

🩹 Fixes

  • functions: honor a caller's Content-Type override regardless of casing (#2455)
  • realtime: pin @​supabase/phoenix and browser test CDN deps (#2457)
  • realtime: add replication connection system message option (#2470)
  • storage: keep sortBy defaults when list() is given a partial sortBy (#2454)

❤️ Thank You

v2.108.3-canary.2

2.108.3-canary.2 (2026-06-19)

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.110.0 (2026-06-30)

🚀 Features

  • repo: drop Node.js 20 support (#2482)

❤️ Thank You

2.109.0 (2026-06-30)

🩹 Fixes

  • realtime: pin @​supabase/phoenix and browser test CDN deps (#2457)

❤️ Thank You

2.108.2 (2026-06-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.108.0 (2026-06-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.107.0 (2026-06-02)

🚀 Features

  • auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
  • supabase: update X-Client-Info to structured metadata format (#2359)
  • realtime: allow httpSend to send binary payload (#2400)

❤️ Thank You

2.106.2 (2026-05-25)

🩹 Fixes

  • misc: add react-native export condition for Hermes-safe resolution (#2393)

... (truncated)

Commits
  • c3d5e6d feat(repo): drop Node.js 20 support (#2482)
  • b2e02b9 chore(release): version 2.109.0 changelogs (#2481)
  • dd2d4c2 fix(realtime): pin @​supabase/phoenix and browser test CDN deps (#2457)
  • a25062e chore(release): version 2.108.2 changelogs (#2449)
  • b3e5f2d chore(ci): unpin realtime version (#2432)
  • 76f3f02 test(auth): add passkey unit and e2e coverage (#2442)
  • 65fafe5 chore(release): version 2.108.0 changelogs (#2433)
  • 57014e1 chore(release): version 2.107.0 changelogs (#2421)
  • 54ec2b6 feat(auth): remove navigator.locks-based mutex; introduce commit guard + disp...
  • 3397c92 feat(supabase): update X-Client-Info to structured metadata format (#2359)
  • Additional commits viewable in compare view

Updates framer-motion from 12.38.0 to 12.42.2

Changelog

Sourced from framer-motion's changelog.

[12.42.2] 2026-07-01

Fixed

  • animateView: Cropped group layers now animate border-radius from the old to new radius.

[12.42.1] 2026-06-30

Fixed

  • animateView: Old layer fade out now cancelled when defining .new().

[12.42.0] 2026-06-24

Changed

  • animateView: Layers are automatically grouped to match their DOM-hierarchy. New .group(false) method opts-out.

Fixed

  • animateView: Auto-crop is now aspect-ratio aware, disabling crops for matching aspect-ratios.
  • animateView: Disabled automatic border-radius animation.

[12.41.0] 2026-06-23

Added

  • animateView: Moves from Motion+ Early Access and alpha to main library.
  • animateView: .add() resolves a CSS selector or Element to automatically generate, apply and remove view-transition-name.
  • animateView: .new() and .old() configures values to animate on new and old layers.
  • animateView: .layout() can set a custom transition on the size/position animation of the currently selected elements.
  • animateView: Group layers now automatically crop with children set to cover, with border-radius animating from old radius to new. .crop(false) disables this behaviour.
  • animateView: .class(name) tags currently selected elements with a view-transition-class as a custom CSS hook.

Fixed

  • AnimatePresence: Prevent stuck exit animations when children interrupt.
  • drag: Child e.stopPropagation() no longer break drag end.
  • Fixing Next.js OOM on Windows when importing via motion package.
  • animateLayout: Improve handling of parallel/interleaved calls.

Changed

  • animateView: .enter() and .exit() now refer specifically to new and old layers where there are no matching old or new layers.
  • animateView: Interrupted transition setups now return resolved animation rather than throwing.

[12.40.0] 2026-05-21

Added

... (truncated)

Commits
  • 40e8756 v12.42.2
  • 718ccc7 Merge pull request #3768 from motiondivision/view-cropped-corner-radius
  • 19195a4 Dedupe corner-radius longhands; merge crop box/radii measurements
  • 5299aa6 Resolve cropped-clip radius timing once; fix transition-option leak
  • 937cdf3 Animate cropped view-transition group corner radius
  • fd2d6f6 v12.42.1
  • 2223d87 Hold the old layer when only a non-opacity .new() is set
  • 9c84145 v12.42.0
  • 60d7c72 Add view-transition group nesting and aspect-aware cropping
  • 6437276 Updating
  • Additional commits viewable in compare view

Updates imapflow from 1.3.6 to 1.4.6

Changelog

Sourced from imapflow's changelog.

1.4.6 (2026-07-05)

Bug Fixes

  • update dependencies (@​zone-eu/mailsplit 5.4.14) (e977b7d)

1.4.5 (2026-07-05)

Bug Fixes

  • update dependencies (libmime 5.4.1) (2e8fa0e)

1.4.4 (2026-07-05)

Bug Fixes

  • update dependencies (nodemailer 9.0.3, iconv-lite 0.7.3) (1faf7e8)

1.4.3 (2026-06-26)

Bug Fixes

  • update dependencies (libmime 5.4.0, mailsplit 5.4.13) (ae175eb)

1.4.2 (2026-06-19)

Bug Fixes

  • bump nodemailer to 9.0.1 (9c46aa9)

1.4.1 (2026-06-15)

Bug Fixes

  • ship refreshed dependencies (nodemailer 9, updated toolchain) (e1d36e6)

1.4.0 (2026-06-09)

Features

  • add Gmail label search term to the search compiler (4b2d173)

1.3.7 (2026-06-08)

... (truncated)

Commits
  • 376bcbd chore(master): release 1.4.6 [skip-ci] (#365)
  • e977b7d fix: update dependencies (@​zone-eu/mailsplit 5.4.14)
  • ce541bb chore(master): release 1.4.5 [skip-ci] (#364)
  • 2e8fa0e fix: update dependencies (libmime 5.4.1)
  • 2f27b29 chore(master): release 1.4.4 [skip-ci] (#363)
  • 1faf7e8 fix: update dependencies (nodemailer 9.0.3, iconv-lite 0.7.3)
  • 57cffd4 chore(master): release 1.4.3 [skip-ci] (#362)
  • ae175eb fix: update dependencies (libmime 5.4.0, mailsplit 5.4.13)
  • 03f6831 chore(master): release 1.4.2 [skip-ci] (#361)
  • 9c46aa9 fix: bump nodemailer to 9.0.1
  • Additional commits viewable in compare view

Updates ioredis from 5.10.1 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

v5.11.0

5.11.0 (2026-05-26)

Bug Fixes

Features

Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

5.11.0 (2026-05-26)

Bug Fixes

Features

Commits
  • fb224a7 chore(release): 5.11.1 [skip ci]
  • 131ee24 fix: parse protocol-relative Redis URLs as TCP connections (#2125)
  • c84b2ee fix(cluster): reconnect to nodes that restart without slot changes (#2096)
  • 1490432 chore(release): 5.11.0 [skip ci]
  • 5359d4d refactor(utils): inline defaults and isArguments helpers (#2107)
  • b7b3def feat: add vector set command support (#2116)
  • faa53fd ci: update Node.js and Redis test matrix (#2119)
  • 37d0695 feat: add increx command (#2115)
  • 612ee9d chore: update Redis 8.8 test image to custom (#2118)
  • baf68d6 feat: add array commands, typings and tests (#2114)
  • Additional commits viewable in compare view

Updates isomorphic-dompurify from 3.12.0 to 3.18.0

Release notes

Sourced from isomorphic-dompurify's releases.

3.18.0: Updated dependencies

  • dompurify 3.4.10 -> 3.4.11
  • vitest 4.1.8 -> 4.1.9
  • pnpm/action-setup 6 -> 6.0.8

3.17.0: Updated dependencies

  • dompurify 3.4.8 -> 3.4.10
  • @​biomejs/biome 2.4.16 -> 2.5.0
  • pnpm 11.4.0 -> 11.6.0

3.16.0: Updated dependencies

  • dompurify 3.4.7 -> 3.4.8
  • vitest 4.1.7 -> 4.1.8
  • lefthook 2.1.8 -> 2.1.9

3.15.0: Updated dependencies

  • dompurify 3.4.5 -> 3.4.7
  • @​biomejs/biome 2.4.15 -> 2.4.16
  • vitest 4.1.6 -> 4.1.7
  • packageManager pnpm 11.1.3 -> 11.4.0

3.14.0: Updated dependencies

What's Changed

  • chore(deps): bump dompurify from 3.4.3 to 3.4.5 by @​dependabot[bot]
  • chore: Allowed esbuild and disallowed lefthook for ci.
  • chore: Added homepage URL to package.json.

Full Changelog: kkomelin/isomorphic-dompurify@3.13.0...3.14.0

3.13.0: Updated dependencies

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.12.0...3.13.0

Commits
  • 1d5745c chore: release v3.18.0
  • e1202c5 chore(deps): bump dompurify from 3.4.10 to 3.4.11
  • ab9cc6b chore(deps-dev): bump vitest from 4.1.8 to 4.1.9
  • 60491d6 chore(deps): bump pnpm/action-setup from 6 to 6.0.8
  • 4b0f0db chore: Updated dependencies.
  • 1e537bd chore(deps): bump dompurify from 3.4.8 to 3.4.9
  • bee551b chore: Bump version to 3.16.0 and update dependencies.
  • e03b0c0 chore(deps): bump dompurify from 3.4.7 to 3.4.8
  • 86abe8b chore(deps-dev): bump lefthook from 2.1.8 to 2.1.9
  • 284831c chore(deps-dev): bump vitest from 4.1.7 to 4.1.8
  • Additional commits viewable in compare view

Updates lucide-react from 1.14.0 to 1.23.0

Release notes

Sourced from lucide-react's releases.

Version 1.23.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.22.0...1.23.0

Version 1.22.0

What's Changed

Bumps the minor-and-patch group with 36 updates:

| Package | From | To |
| --- | --- | --- |
| [@noriginmedia/norigin-spatial-navigation](https://github.com/NoriginMedia/norigin-spatial-navigation) | `3.1.0` | `3.2.1` |
| [@radix-ui/react-dialog](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dialog) | `1.1.15` | `1.1.18` |
| [@radix-ui/react-dropdown-menu](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dropdown-menu) | `2.1.16` | `2.1.19` |
| [@radix-ui/react-progress](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/progress) | `1.1.8` | `1.1.11` |
| [@radix-ui/react-scroll-area](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/scroll-area) | `1.2.10` | `1.2.13` |
| [@radix-ui/react-separator](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/separator) | `1.1.8` | `1.1.11` |
| [@radix-ui/react-slider](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slider) | `1.3.6` | `1.4.2` |
| [@radix-ui/react-slot](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slot) | `1.2.4` | `1.3.0` |
| [@radix-ui/react-tabs](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tabs) | `1.1.13` | `1.1.16` |
| [@radix-ui/react-toast](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/toast) | `1.2.15` | `1.2.18` |
| [@radix-ui/react-tooltip](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tooltip) | `1.2.8` | `1.2.11` |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.99.3` | `2.110.0` |
| [framer-motion](https://github.com/motiondivision/motion) | `12.38.0` | `12.42.2` |
| [imapflow](https://github.com/postalsys/imapflow) | `1.3.6` | `1.4.6` |
| [ioredis](https://github.com/luin/ioredis) | `5.10.1` | `5.11.1` |
| [isomorphic-dompurify](https://github.com/kkomelin/isomorphic-dompurify) | `3.12.0` | `3.18.0` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.14.0` | `1.23.0` |
| [mailparser](https://github.com/nodemailer/mailparser) | `3.9.9` | `3.9.14` |
| [next](https://github.com/vercel/next.js) | `16.2.4` | `16.2.10` |
| [openai](https://github.com/openai/openai-node) | `6.36.0` | `6.45.0` |
| [posthog-js](https://github.com/PostHog/posthog-js) | `1.381.0` | `1.396.8` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.7` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.17` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.7` |
| [resend](https://github.com/resend/resend-node) | `6.12.2` | `6.17.1` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` |
| [video.js](https://github.com/videojs/video.js) | `8.23.7` | `8.23.9` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.1` |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.4` | `4.3.2` |
| [@types/jsdom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsdom) | `28.0.0` | `28.0.3` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.8` | `4.1.10` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.2.4` | `16.2.10` |
| [postcss](https://github.com/postcss/postcss) | `8.5.14` | `8.5.16` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.4` | `4.3.2` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.23.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.10` |


Updates `@noriginmedia/norigin-spatial-navigation` from 3.1.0 to 3.2.1
- [Release notes](https://github.com/NoriginMedia/norigin-spatial-navigation/releases)
- [Changelog](https://github.com/NoriginMedia/Norigin-Spatial-Navigation/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NoriginMedia/norigin-spatial-navigation/compare/@noriginmedia/norigin-spatial-navigation@3.1.0...@noriginmedia/norigin-spatial-navigation@3.2.1)

Updates `@radix-ui/react-dialog` from 1.1.15 to 1.1.18
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dialog/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dialog)

Updates `@radix-ui/react-dropdown-menu` from 2.1.16 to 2.1.19
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dropdown-menu/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dropdown-menu)

Updates `@radix-ui/react-progress` from 1.1.8 to 1.1.11
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/progress/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/progress)

Updates `@radix-ui/react-scroll-area` from 1.2.10 to 1.2.13
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/scroll-area/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/scroll-area)

Updates `@radix-ui/react-separator` from 1.1.8 to 1.1.11
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/separator/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/separator)

Updates `@radix-ui/react-slider` from 1.3.6 to 1.4.2
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slider/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slider)

Updates `@radix-ui/react-slot` from 1.2.4 to 1.3.0
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slot/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slot)

Updates `@radix-ui/react-tabs` from 1.1.13 to 1.1.16
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tabs/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tabs)

Updates `@radix-ui/react-toast` from 1.2.15 to 1.2.18
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/toast/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/toast)

Updates `@radix-ui/react-tooltip` from 1.2.8 to 1.2.11
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tooltip/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tooltip)

Updates `@supabase/supabase-js` from 2.99.3 to 2.110.0
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.110.0/packages/core/supabase-js)

Updates `framer-motion` from 12.38.0 to 12.42.2
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](motiondivision/motion@v12.38.0...v12.42.2)

Updates `imapflow` from 1.3.6 to 1.4.6
- [Release notes](https://github.com/postalsys/imapflow/releases)
- [Changelog](https://github.com/postalsys/imapflow/blob/master/CHANGELOG.md)
- [Commits](postalsys/imapflow@v1.3.6...v1.4.6)

Updates `ioredis` from 5.10.1 to 5.11.1
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](redis/ioredis@v5.10.1...v5.11.1)

Updates `isomorphic-dompurify` from 3.12.0 to 3.18.0
- [Release notes](https://github.com/kkomelin/isomorphic-dompurify/releases)
- [Commits](kkomelin/isomorphic-dompurify@3.12.0...3.18.0)

Updates `lucide-react` from 1.14.0 to 1.23.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react)

Updates `mailparser` from 3.9.9 to 3.9.14
- [Release notes](https://github.com/nodemailer/mailparser/releases)
- [Changelog](https://github.com/nodemailer/mailparser/blob/master/CHANGELOG.md)
- [Commits](nodemailer/mailparser@v3.9.9...v3.9.14)

Updates `next` from 16.2.4 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v16.2.4...v16.2.10)

Updates `openai` from 6.36.0 to 6.45.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/main/CHANGELOG.md)
- [Commits](openai/openai-node@v6.36.0...v6.45.0)

Updates `posthog-js` from 1.381.0 to 1.396.8
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/compare/posthog-js@1.381.0...posthog-js@1.396.8)

Updates `react` from 19.2.5 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `@types/react` from 19.2.14 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `react-dom` from 19.2.5 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `resend` from 6.12.2 to 6.17.1
- [Release notes](https://github.com/resend/resend-node/releases)
- [Commits](resend/resend-node@v6.12.2...v6.17.1)

Updates `tailwind-merge` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0)

Updates `video.js` from 8.23.7 to 8.23.9
- [Release notes](https://github.com/videojs/video.js/releases)
- [Changelog](https://github.com/videojs/video.js/blob/main/CHANGELOG.md)
- [Commits](videojs/video.js@v8.23.7...v8.23.9)

Updates `@playwright/test` from 1.60.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.1)

Updates `@tailwindcss/postcss` from 4.2.4 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-postcss)

Updates `@types/jsdom` from 28.0.0 to 28.0.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsdom)

Updates `@types/react` from 19.2.14 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `@vitest/coverage-v8` from 4.1.8 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/coverage-v8)

Updates `eslint-config-next` from 16.2.4 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.10/packages/eslint-config-next)

Updates `postcss` from 8.5.14 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.14...8.5.16)

Updates `tailwindcss` from 4.2.4 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

Updates `tsx` from 4.21.0 to 4.23.0
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.21.0...v4.23.0)

Updates `vitest` from 4.1.8 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

---
updated-dependencies:
- dependency-name: "@noriginmedia/norigin-spatial-navigation"
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-dialog"
  dependency-version: 1.1.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-dropdown-menu"
  dependency-version: 2.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-progress"
  dependency-version: 1.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-scroll-area"
  dependency-version: 1.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-separator"
  dependency-version: 1.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-slider"
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-slot"
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-tabs"
  dependency-version: 1.1.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-toast"
  dependency-version: 1.2.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-tooltip"
  dependency-version: 1.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.110.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: framer-motion
  dependency-version: 12.42.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: imapflow
  dependency-version: 1.4.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ioredis
  dependency-version: 5.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: isomorphic-dompurify
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: lucide-react
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: mailparser
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: next
  dependency-version: 16.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: openai
  dependency-version: 6.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: posthog-js
  dependency-version: 1.396.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: resend
  dependency-version: 6.17.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: tailwind-merge
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: video.js
  dependency-version: 8.23.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@types/jsdom"
  dependency-version: 28.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: eslint-config-next
  dependency-version: 16.2.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: tsx
  dependency-version: 4.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vitest
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

vu1nz Security Review

0 finding(s) in PR #?

No security issues found.

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @videojs/http-streaming is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/@videojs/http-streaming@3.17.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@videojs/http-streaming@3.17.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @videojs/http-streaming is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/@videojs/http-streaming@3.17.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@videojs/http-streaming@3.17.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @videojs/vhs-utils is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/@videojs/vhs-utils@4.1.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@videojs/vhs-utils@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @videojs/vhs-utils is now published by essk

Author: essk

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/@videojs/vhs-utils@4.1.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@videojs/vhs-utils@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @zone-eu/mailsplit under EUPL-1.2

License: EUPL-1.2 - The applicable license policy does not permit this license (5) (package/LICENSE.EUPL-1.2)

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/LICENSE.EUPL-1.2)

License: EUPL-1.1+ - This license classifier is not allowed by the applicable policy (package/package.json)

From: pnpm-lock.yamlnpm/mailparser@3.9.14npm/imapflow@1.4.6npm/@zone-eu/mailsplit@5.4.14

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@zone-eu/mailsplit@5.4.14. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm mpd-parser is now published by essk

Author: essk

From: pnpm-lock.yamlnpm/video.js@8.23.9npm/mpd-parser@1.4.0

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/mpd-parser@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm playwright-core under ms-azure-data-studio

License: ms-azure-data-studio - The applicable license policy does not permit this license (5) (package/ThirdPartyNotices.txt)

From: pnpm-lock.yamlnpm/@playwright/test@1.61.1npm/playwright-core@1.61.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/playwright-core@1.61.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm playwright under ms-azure-data-studio

License: ms-azure-data-studio - The applicable license policy does not permit this license (5) (package/ThirdPartyNotices.txt)

From: pnpm-lock.yamlnpm/@playwright/test@1.61.1npm/playwright@1.61.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/playwright@1.61.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm rollup under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@vitejs/plugin-react@5.1.4npm/vitest@4.1.10npm/rollup@4.62.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rollup@4.62.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Low adoption: npm node-exports-info

Location: Package overview

From: pnpm-lock.yamlnpm/eslint-config-next@16.2.10npm/node-exports-info@1.6.2

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-exports-info@1.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants