build(deps): bump the production-dependencies group across 1 directory with 18 updates by dependabot[bot] · Pull Request #80 · BODMAT/FinTrack

dependabot · 2026-06-07T15:09:57Z

Bumps the production-dependencies group with 18 updates in the / directory:

Package	From	To
next	`16.2.6`	`16.2.9`
@rolldown/binding-linux-x64-gnu	`1.0.1`	`1.1.0`
@rolldown/binding-linux-x64-musl	`1.0.1`	`1.1.0`
@rollup/rollup-linux-x64-gnu	`4.60.4`	`4.61.1`
google-auth-library	`10.6.2`	`10.7.0`
helmet	`8.1.0`	`8.2.0`
nodemailer	`8.0.7`	`8.0.11`
openai	`6.38.0`	`6.42.0`
stripe	`22.1.1`	`22.2.0`
swagger-jsdoc	`6.2.8`	`6.3.0`
@tanstack/react-query	`5.100.10`	`5.101.0`
@tanstack/react-query-devtools	`5.100.10`	`5.101.0`
axios	`1.16.1`	`1.17.0`
framer-motion	`12.39.0`	`12.40.0`
i18next	`26.2.0`	`26.3.1`
react	`19.2.6`	`19.2.7`
react-dom	`19.2.6`	`19.2.7`
zustand	`5.0.13`	`5.0.14`

Updates next from 16.2.6 to 16.2.9

Release notes

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Backport documentation fixes for v16.2 (#93804)

[backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)

[backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)

[backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)

[backport] Encode non-ASCII characters in cache tags at construction (#93918)

[backport] Fix server action forwarding loop with middleware rewrites (#93919)

[backport] Turbopack: switch from base40 to base38 hash encoding (#93932)

[ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)

[backport] Fix "type: module" in project dir when using standalone or adapters (#94050)

[backport] Propagate adapter preferred regions (#94200)

[16.2.x] Don't drop FormData entries (#94240)

[backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @eps1lon, @icyJoseph, @unstubbable, @mischnic, @bgw, @timneutkens, and @lukesandberg for helping!

Commits

f37fad9 v16.2.9
d9aaaed [cd] Allow tagging semver-lower releases as @latest if @latest po… (#94627)
6f16804 v16.2.8
0dbc1d5 [16.2.x][cd] Ensure release can be triggered on old branches (#94598)
90e3c81 [16.2.x] Align Actions dependencies with Canary (#94339)
83f402c [16.2.x][cd] Stop fetching all tags when searching parent tag (#94334)
411c455 v16.2.7
c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
63115c7 [16.2.x] Don't drop FormData entries (#94240)
aef22fd [backport] Propagate adapter preferred regions (#94200)
Additional commits viewable in compare view

Updates @rolldown/binding-linux-x64-gnu from 1.0.1 to 1.1.0

Release notes

Sourced from @rolldown/binding-linux-x64-gnu's releases.

v1.1.0

[!IMPORTANT] This is a minor release. Two changes alter default behavior compared to 1.0.3. Please read this section before upgrading. Everything else is additive (new features, fixes, deps).

⚠️ Notable behavior changes

1. experimental.lazyBarrel is now enabled by default (#9632)

What changed. experimental.lazyBarrel now defaults to true. When a barrel module is recognized as side-effect-free, Rolldown skips compiling the re-exported modules that are never actually used.

Impact. For codebases with large barrel files (component libraries such as Ant Design, @mui/icons-material, etc.) this is a meaningful build-time speedup, and for the vast majority of projects the emitted output is unchanged. In rare cases where a barrel is incorrectly treated as side-effect-free, the optimization could drop a module that was being relied on for its side effects.

How to opt out (backward compatible).
// rolldown.config.js
export default {
  experimental: { lazyBarrel: false },
}
Note: this opt-out flag is planned to be removed in a future release. If you have a case where you must turn it off, please open an issue so we can fix the underlying detection instead.

2. tsconfig project-reference resolution now aligns with TypeScript

Upgrading oxc_resolver (11.19.1 → 11.20.0 in #9549, then → 11.21.0 in #9634) changes how a solution-style tsconfig.json (one that only lists references and delegates the real settings to tsconfig.app.json / tsconfig.node.json, as Vite scaffolds) is resolved, bringing it in line with how TypeScript (tsc) itself behaves:

Reference match priority (oxc-resolver #1151): when the root has references, a referenced project that includes the file now takes precedence over the root, instead of the root matching it first (this is what TypeScript already does). So that project's compilerOptions.paths now apply.

allowJs (oxc-resolver #1198): whether a .js/.jsx/.mjs/.cjs file is included is now decided by each referenced project's own allowJs, not the root's (again matching TypeScript). So tsconfig.app.json with allowJs: true + paths now resolves aliases for .js files even when the root doesn't set allowJs.

For most projects this is a fix (the standard Vite paths aliases now resolve, closes rolldown/rolldown#8468), but it is a behavior change if you relied on the previous behavior, where the root's paths / allowJs took precedence.

If you relied on the old "root wins" behavior. There is no exact toggle back, because the old behavior was the bug being fixed. The recommended path is to align your config with TypeScript: declare the paths / allowJs on the referenced project that actually owns the files.

If you must keep the old precedence while still using references: a referenced project's match wins, and the first matching references entry takes priority (the root is only a fallback when no reference claims the file). So extract the old root settings into their own config and list it first:
// tsconfig.json (solution root)
{
  "files": [],
  "references": [
    { "path": "./tsconfig.base.json" }, // old root paths/allowJs — listed first, so it wins
    { "path": "./tsconfig.app.json" },
    { "path": "./tsconfig.node.json" }
  ]
}

... (truncated)

Changelog

Sourced from @rolldown/binding-linux-x64-gnu's changelog.

[1.1.0] - 2026-06-03

🚀 Features

enable experimental.lazyBarrel by default (#9632) by @shulaoda

import.meta.glob support caseSensitive option (#9594) by @btea

add SOURCEMAP_BROKEN warning for renderChunk hook (#9601) by @sapphi-red

add SOURCEMAP_BROKEN warning for transform hook (#9600) by @sapphi-red

add @__NO_SIDE_EFFECTS__ hint for invalid @__PURE__ before function declarations (#9505) by @Copilot

code-splitting: support group-local includeDependenciesRecursively (#9587) by @hyf0

🐛 Bug Fixes

report TSCONFIG_ERROR instead of UNHANDLEABLE_ERROR for a missing tsconfig file (#9633) by @shulaoda

browser: add missing exports and ensure consistency with rolldown package (#9629) by @sapphi-red

should build test-dev-server when test-node (#9610) by @situ2001

chunk-optimizer: refuse asymmetric merge for cyclic dynamic entries (#9320) (#9322) by @aminpaks

dev: handle the remaining errors in dev (#9570) by @h-a-n-a

handle slash-normalized ids with preserveModulesRoot (#9595) by @IWANABETHATGUY

json: preserve .default access on JSON default imports (#9568) by @IWANABETHATGUY

testing: remove unintended trigger_full_build from test harness (#9573) by @hyf0

🚜 Refactor

js-regex: use regress native replace/replace_all (#9607) by @IWANABETHATGUY

remove never-constructed ImportStatus variants (#9606) by @Boshen

📚 Documentation

clarify that RolldownBuild::close method should be called in most cases (#9619) by @sapphi-red

⚡ Performance

avoid unnecessary intermediate sourcemaps (#9599) by @sapphi-red

🧪 Testing

add unit test for collapsing module sourcemap (#9626) by @sapphi-red

cover vite-alias regex capture-group expansion (#9602) (#9608) by @IWANABETHATGUY

⚙️ Miscellaneous Tasks

deps: update oxc_resolver to 11.21.0 (#9634) by @shulaoda

update invalid option diagnostic link to point to Rolldown docs (#9631) by @sapphi-red

deps: update vite+ to v0.1.24 (#9628) by @renovate[bot]

deps: update oxc resolver to v11.20.0 (#9549) by @renovate[bot]

deps: update dependency vite-plus to v0.1.24 (#9470) by @renovate[bot]

deps: update npm packages (#9614) by @renovate[bot]

deps: upgrade oxc to 0.134.0 (#9625) by @shulaoda

deps: update crate-ci/typos action to v1.47.0 (#9620) by @renovate[bot]

... (truncated)

Commits

c462c7c release: v1.1.0 (#9637)
432bac8 feat: enable experimental.lazyBarrel by default (#9632)
239ca4c feat: import.meta.glob support caseSensitive option (#9594)
be8eacc fix(browser): add missing exports and ensure consistency with rolldown pack...
93632ab chore(deps): update dependency vite-plus to v0.1.24 (#9470)
b403112 feat: add SOURCEMAP_BROKEN warning for renderChunk hook (#9601)
84b7ed1 feat: add SOURCEMAP_BROKEN warning for transform hook (#9600)
31ad110 perf: avoid unnecessary intermediate sourcemaps (#9599)
5e05eba feat(code-splitting): support group-local includeDependenciesRecursively (#...
4265367 fix(dev): handle the remaining errors in dev (#9570)
Additional commits viewable in compare view

Updates @rolldown/binding-linux-x64-musl from 1.0.1 to 1.1.0

Release notes

Sourced from @rolldown/binding-linux-x64-musl's releases.

v1.1.0

[!IMPORTANT] This is a minor release. Two changes alter default behavior compared to 1.0.3. Please read this section before upgrading. Everything else is additive (new features, fixes, deps).

⚠️ Notable behavior changes

1. experimental.lazyBarrel is now enabled by default (#9632)

What changed. experimental.lazyBarrel now defaults to true. When a barrel module is recognized as side-effect-free, Rolldown skips compiling the re-exported modules that are never actually used.

Impact. For codebases with large barrel files (component libraries such as Ant Design, @mui/icons-material, etc.) this is a meaningful build-time speedup, and for the vast majority of projects the emitted output is unchanged. In rare cases where a barrel is incorrectly treated as side-effect-free, the optimization could drop a module that was being relied on for its side effects.

How to opt out (backward compatible).
// rolldown.config.js
export default {
  experimental: { lazyBarrel: false },
}
Note: this opt-out flag is planned to be removed in a future release. If you have a case where you must turn it off, please open an issue so we can fix the underlying detection instead.

2. tsconfig project-reference resolution now aligns with TypeScript

Upgrading oxc_resolver (11.19.1 → 11.20.0 in #9549, then → 11.21.0 in #9634) changes how a solution-style tsconfig.json (one that only lists references and delegates the real settings to tsconfig.app.json / tsconfig.node.json, as Vite scaffolds) is resolved, bringing it in line with how TypeScript (tsc) itself behaves:

Reference match priority (oxc-resolver #1151): when the root has references, a referenced project that includes the file now takes precedence over the root, instead of the root matching it first (this is what TypeScript already does). So that project's compilerOptions.paths now apply.

allowJs (oxc-resolver #1198): whether a .js/.jsx/.mjs/.cjs file is included is now decided by each referenced project's own allowJs, not the root's (again matching TypeScript). So tsconfig.app.json with allowJs: true + paths now resolves aliases for .js files even when the root doesn't set allowJs.

For most projects this is a fix (the standard Vite paths aliases now resolve, closes rolldown/rolldown#8468), but it is a behavior change if you relied on the previous behavior, where the root's paths / allowJs took precedence.

If you relied on the old "root wins" behavior. There is no exact toggle back, because the old behavior was the bug being fixed. The recommended path is to align your config with TypeScript: declare the paths / allowJs on the referenced project that actually owns the files.

If you must keep the old precedence while still using references: a referenced project's match wins, and the first matching references entry takes priority (the root is only a fallback when no reference claims the file). So extract the old root settings into their own config and list it first:
// tsconfig.json (solution root)
{
  "files": [],
  "references": [
    { "path": "./tsconfig.base.json" }, // old root paths/allowJs — listed first, so it wins
    { "path": "./tsconfig.app.json" },
    { "path": "./tsconfig.node.json" }
  ]
}

... (truncated)

Changelog

Sourced from @rolldown/binding-linux-x64-musl's changelog.

[1.1.0] - 2026-06-03

🚀 Features

enable experimental.lazyBarrel by default (#9632) by @shulaoda

import.meta.glob support caseSensitive option (#9594) by @btea

add SOURCEMAP_BROKEN warning for renderChunk hook (#9601) by @sapphi-red

add SOURCEMAP_BROKEN warning for transform hook (#9600) by @sapphi-red

add @__NO_SIDE_EFFECTS__ hint for invalid @__PURE__ before function declarations (#9505) by @Copilot

code-splitting: support group-local includeDependenciesRecursively (#9587) by @hyf0

🐛 Bug Fixes

report TSCONFIG_ERROR instead of UNHANDLEABLE_ERROR for a missing tsconfig file (#9633) by @shulaoda

browser: add missing exports and ensure consistency with rolldown package (#9629) by @sapphi-red

should build test-dev-server when test-node (#9610) by @situ2001

chunk-optimizer: refuse asymmetric merge for cyclic dynamic entries (#9320) (#9322) by @aminpaks

dev: handle the remaining errors in dev (#9570) by @h-a-n-a

handle slash-normalized ids with preserveModulesRoot (#9595) by @IWANABETHATGUY

json: preserve .default access on JSON default imports (#9568) by @IWANABETHATGUY

testing: remove unintended trigger_full_build from test harness (#9573) by @hyf0

🚜 Refactor

js-regex: use regress native replace/replace_all (#9607) by @IWANABETHATGUY

remove never-constructed ImportStatus variants (#9606) by @Boshen

📚 Documentation

clarify that RolldownBuild::close method should be called in most cases (#9619) by @sapphi-red

⚡ Performance

avoid unnecessary intermediate sourcemaps (#9599) by @sapphi-red

🧪 Testing

add unit test for collapsing module sourcemap (#9626) by @sapphi-red

cover vite-alias regex capture-group expansion (#9602) (#9608) by @IWANABETHATGUY

⚙️ Miscellaneous Tasks

deps: update oxc_resolver to 11.21.0 (#9634) by @shulaoda

update invalid option diagnostic link to point to Rolldown docs (#9631) by @sapphi-red

deps: update vite+ to v0.1.24 (#9628) by @renovate[bot]

deps: update oxc resolver to v11.20.0 (#9549) by @renovate[bot]

deps: update dependency vite-plus to v0.1.24 (#9470) by @renovate[bot]

deps: update npm packages (#9614) by @renovate[bot]

deps: upgrade oxc to 0.134.0 (#9625) by @shulaoda

deps: update crate-ci/typos action to v1.47.0 (#9620) by @renovate[bot]

... (truncated)

Commits

c462c7c release: v1.1.0 (#9637)
432bac8 feat: enable experimental.lazyBarrel by default (#9632)
239ca4c feat: import.meta.glob support caseSensitive option (#9594)
be8eacc fix(browser): add missing exports and ensure consistency with rolldown pack...
93632ab chore(deps): update dependency vite-plus to v0.1.24 (#9470)
b403112 feat: add SOURCEMAP_BROKEN warning for renderChunk hook (#9601)
84b7ed1 feat: add SOURCEMAP_BROKEN warning for transform hook (#9600)
31ad110 perf: avoid unnecessary intermediate sourcemaps (#9599)
5e05eba feat(code-splitting): support group-local includeDependenciesRecursively (#...
4265367 fix(dev): handle the remaining errors in dev (#9570)
Additional commits viewable in compare view

Updates @rollup/rollup-linux-x64-gnu from 4.60.4 to 4.61.1

Release notes

Sourced from @rollup/rollup-linux-x64-gnu's releases.

v4.61.1

4.61.1

2026-06-04

Bug Fixes

Avoid extraneous newlines when adding headers via plugins (#6403)

Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

#6402: Improve documentation for manualPureFunctions (@lukastaegert)

#6403: Does not add an extra leading line feed for addons (@TrickyPi)

#6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@jdz321, @lukastaegert)

v4.61.0

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6382: chore(deps): update dependency @types/node to ^20.19.41 (@renovate[bot])

#6386: fix(deps): update minor/patch updates (@renovate[bot])

#6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@renovate[bot])

#6388: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6389: chore(deps): lock file maintenance (@renovate[bot])

#6391: Sort entry modules to make chunk hash names deterministic (@TrickyPi)

#6394: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6395: chore(deps): update react monorepo to v19 (@renovate[bot], @lukastaegert)

#6396: fix(deps): update rust crate swc_compiler_base to v57 (@renovate[bot], @lukastaegert)

#6397: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6400: docs: fix broken links (@jiyujie2006)

Changelog

Sourced from @rollup/rollup-linux-x64-gnu's changelog.

4.61.1

2026-06-04

Bug Fixes

Avoid extraneous newlines when adding headers via plugins (#6403)

Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

#6402: Improve documentation for manualPureFunctions (@lukastaegert)

#6403: Does not add an extra leading line feed for addons (@TrickyPi)

#6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@jdz321, @lukastaegert)

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6382: chore(deps): update dependency @types/node to ^20.19.41 (@renovate[bot])

#6386: fix(deps): update minor/patch updates (@renovate[bot])

#6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@renovate[bot])

#6388: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6389: chore(deps): lock file maintenance (@renovate[bot])

#6391: Sort entry modules to make chunk hash names deterministic (@TrickyPi)

#6394: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6395: chore(deps): update react monorepo to v19 (@renovate[bot], @lukastaegert)

#6396: fix(deps): update rust crate swc_compiler_base to v57 (@renovate[bot], @lukastaegert)

#6397: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6400: docs: fix broken links (@jiyujie2006)

Commits

b77daf0 4.61.1
91b6dc4 fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR ...
f2a0449 Improve documentation for manualPureFunctions (#6402)
7bdce6c Does not add an extra leading line feed for addons (#6403)
765167f 4.61.0
0f547eb Sort entry modules to make chunk hash names deterministic (#6391)
5838787 docs: fix broken links (#6400)
cc0f51a chore(deps): update react monorepo to v19 (#6395)
dd30037 fix(deps): update rust crate swc_compiler_base to v57 (#6396)
cb86c3e chore(deps): lock file maintenance (#6397)
Additional commits viewable in compare view

Updates google-auth-library from 10.6.2 to 10.7.0

Changelog

Sourced from google-auth-library's changelog.

Changelog

npm history

Commits

See full diff in compare view

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522

Improve error message when passing duplicate options

Commits

638e43b 8.2.0
fdf25a8 Update changelog for 8.2.0 release
bd293b7 Update devDependencies to latest versions
81ce5cc Test supported Node versions on CI
807a888 Update to new URL
d4e0128 Add direct link to FAQ
437d2eb Bump actions/setup-node from 6.3.0 to 6.4.0 (#537)
a6bd779 Upgrade actions/setup-node to 6.3.0
1e09f5f Fix changelog typo
d526f5c Bump Picomatch dev sub-dependency
Additional commits viewable in compare view

Updates nodemailer from 8.0.7 to 8.0.11

Release notes

Sourced from nodemailer's releases.

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

apply the transport-level newline option in stream and sendmail transports (cb4f904)

include icalEvent path/href content in the application/ics attachment (b801c48)

parse Ethereal response props without polynomial regex backtracking (067aebe)

resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)

return the promise from every resolveContent branch (07ffe8c)

strip the url scheme from List-ID header values (77e5885)

tag AWS SES transport errors with the ESES code (efa647a)

v8.0.10

8.0.10 (2026-05-29)

Bug Fixes

fall back to lower-severity handler when custom logger lacks a level method (6d849df)

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

v8.0.8

8.0.8 (2026-05-23)

Bug Fixes

enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)

four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

Changelog

Sourced from nodemailer's changelog.

8.0.11 (2026-06-10)

Bug Fixes

apply the transport-level newline option in stream and sendmail transports (cb4f904)

include icalEvent path/href content in the application/ics attachment (b801c48)

parse Ethereal response props without polynomial regex backtracking (067aebe)

resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)

return the promise from every resolveContent branch (07ffe8c)

strip the url scheme from List-ID header values (77e5885)

tag AWS SES transport errors with the ESES code (efa647a)

8.0.10 (2026-05-29)

Bug Fixes

fall back to lower-severity handler when custom logger lacks a level method (6d849df)

8.0.9 (2026-05-26)

Bug Fixes

two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)

four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

Commits

e3b1bda chore(master): release 8.0.11 (#1826)
4358caf refactor: remove dead checks flagged by Code Quality analysis
cf5195c chore: harden workflow token permissions and update GitHub Actions
067aebe fix: parse Ethereal response props without polynomial regex backtracking
0cee4fe chore: add CodeQL code scanning workflow
cb9da47 chore: update dev dependencies
e0a4928 chore: format CLAUDE.md with prettier
8620f2f docs: correct stale timeout defaults in SMTPConnection options JSDoc
efa647a fix: tag AWS SES transport errors with the ESES code
07ffe8c fix: return the promise from every resolveContent branch
Additional commits viewable in compare view

Updates openai from 6.38.0 to 6.42.0

Release notes

Sourced from openai's releases.

v6.42.0

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

api: responses.moderation and chat_completions.moderation (6d8f592)

v6.41.0

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

api: Add Amazon Bedrock Responses support (#1899) (535b045)

v6.40.0

6.40.0 (2026-06-01)

Full Changelog: v6.39.1...v6.40.0

Features

api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (aee09f3)

Chores

remove migrate CLI (673c618)

v6.39.1

6.39.1 (2026-05-27)

Full Changelog: v6.39.0...v6.39.1

Bug Fixes

Improve undici dispatcher mismatch guidance (#1898) (b6e5fd6)

treat text/plan with format: binary as raw upload (f9a632a)

treat text/plan with format: binary as raw upload (323cb78)

Chores

internal: codegen related update (d32deef)

v6.39.0

6.39.0 (2026-05-21)

... (truncated)<...

Description has been truncated

vercel · 2026-06-07T15:09:59Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fin-track-web	Ready	Preview, Comment	Jun 10, 2026 8:58pm

BODMAT · 2026-06-10T20:29:21Z

@dependabot rebase

BODMAT · 2026-06-10T20:47:54Z

@dependabot rebase

…y with 18 updates Bumps the production-dependencies group with 18 updates in the / directory: | Package | From | To | | --- | --- | --- | | [next](https://github.com/vercel/next.js) | `16.2.6` | `16.2.9` | | [@rolldown/binding-linux-x64-gnu](https://github.com/rolldown/rolldown/tree/HEAD/packages/rolldown) | `1.0.1` | `1.1.0` | | [@rolldown/binding-linux-x64-musl](https://github.com/rolldown/rolldown/tree/HEAD/packages/rolldown) | `1.0.1` | `1.1.0` | | [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) | `4.60.4` | `4.61.1` | | [google-auth-library](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/google-auth-library-nodejs) | `10.6.2` | `10.7.0` | | [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.7` | `8.0.11` | | [openai](https://github.com/openai/openai-node) | `6.38.0` | `6.42.0` | | [stripe](https://github.com/stripe/stripe-node) | `22.1.1` | `22.2.0` | | [swagger-jsdoc](https://github.com/Surnet/swagger-jsdoc) | `6.2.8` | `6.3.0` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.10` | `5.101.0` | | [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.100.10` | `5.101.0` | | [axios](https://github.com/axios/axios) | `1.16.1` | `1.17.0` | | [framer-motion](https://github.com/motiondivision/motion) | `12.39.0` | `12.40.0` | | [i18next](https://github.com/i18next/i18next) | `26.2.0` | `26.3.1` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` | | [zustand](https://github.com/pmndrs/zustand) | `5.0.13` | `5.0.14` | Updates `next` from 16.2.6 to 16.2.9 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.2.6...v16.2.9) Updates `@rolldown/binding-linux-x64-gnu` from 1.0.1 to 1.1.0 - [Release notes](https://github.com/rolldown/rolldown/releases) - [Changelog](https://github.com/rolldown/rolldown/blob/main/CHANGELOG.md) - [Commits](https://github.com/rolldown/rolldown/commits/v1.1.0/packages/rolldown) Updates `@rolldown/binding-linux-x64-musl` from 1.0.1 to 1.1.0 - [Release notes](https://github.com/rolldown/rolldown/releases) - [Changelog](https://github.com/rolldown/rolldown/blob/main/CHANGELOG.md) - [Commits](https://github.com/rolldown/rolldown/commits/v1.1.0/packages/rolldown) Updates `@rollup/rollup-linux-x64-gnu` from 4.60.4 to 4.61.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.4...v4.61.1) Updates `google-auth-library` from 10.6.2 to 10.7.0 - [Release notes](https://github.com/googleapis/google-cloud-node-core/releases) - [Changelog](https://github.com/googleapis/google-cloud-node-core/blob/main/packages/google-auth-library-nodejs/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-cloud-node-core/commits/HEAD/packages/google-auth-library-nodejs) Updates `helmet` from 8.1.0 to 8.2.0 - [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md) - [Commits](helmetjs/helmet@v8.1.0...v8.2.0) Updates `nodemailer` from 8.0.7 to 8.0.11 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.7...v8.0.11) Updates `openai` from 6.38.0 to 6.42.0 - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/main/CHANGELOG.md) - [Commits](openai/openai-node@v6.38.0...v6.42.0) Updates `stripe` from 22.1.1 to 22.2.0 - [Release notes](https://github.com/stripe/stripe-node/releases) - [Changelog](https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md) - [Commits](stripe/stripe-node@v22.1.1...v22.2.0) Updates `swagger-jsdoc` from 6.2.8 to 6.3.0 - [Release notes](https://github.com/Surnet/swagger-jsdoc/releases) - [Changelog](https://github.com/Surnet/swagger-jsdoc/blob/master/CHANGELOG.md) - [Commits](Surnet/swagger-jsdoc@v6.2.8...v6.3.0) Updates `@tanstack/react-query` from 5.100.10 to 5.101.0 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.0/packages/react-query) Updates `@tanstack/react-query-devtools` from 5.100.10 to 5.101.0 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.101.0/packages/react-query-devtools) Updates `axios` from 1.16.1 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.17.0) Updates `framer-motion` from 12.39.0 to 12.40.0 - [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md) - [Commits](motiondivision/motion@v12.39.0...v12.40.0) Updates `i18next` from 26.2.0 to 26.3.1 - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](i18next/i18next@v26.2.0...v26.3.1) Updates `react` from 19.2.6 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react) Updates `react-dom` from 19.2.6 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom) Updates `zustand` from 5.0.13 to 5.0.14 - [Release notes](https://github.com/pmndrs/zustand/releases) - [Commits](pmndrs/zustand@v5.0.13...v5.0.14) --- updated-dependencies: - dependency-name: "@rolldown/binding-linux-x64-gnu" dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@rolldown/binding-linux-x64-musl" dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@rollup/rollup-linux-x64-gnu" dependency-version: 4.61.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@tanstack/react-query" dependency-version: 5.101.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@tanstack/react-query-devtools" dependency-version: 5.101.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: framer-motion dependency-version: 12.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: google-auth-library dependency-version: 10.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: helmet dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: i18next dependency-version: 26.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: next dependency-version: 16.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: nodemailer dependency-version: 8.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: openai dependency-version: 6.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: react dependency-version: 19.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: react-dom dependency-version: 19.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: stripe dependency-version: 22.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: swagger-jsdoc dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: zustand dependency-version: 5.0.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 7, 2026

vercel Bot deployed to Preview June 7, 2026 15:11 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-222b2366ef branch from 51094ba to 948035c Compare June 10, 2026 19:38

vercel Bot deployed to Preview June 10, 2026 19:39 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-222b2366ef branch from 948035c to 16624cb Compare June 10, 2026 19:51

vercel Bot deployed to Preview June 10, 2026 20:04 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-222b2366ef branch from 16624cb to 47f4d1e Compare June 10, 2026 20:15

vercel Bot deployed to Preview June 10, 2026 20:16 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-222b2366ef branch from 47f4d1e to c142a1c Compare June 10, 2026 20:31

vercel Bot deployed to Preview June 10, 2026 20:32 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-222b2366ef branch from c142a1c to 14cf2bc Compare June 10, 2026 20:41

vercel Bot deployed to Preview June 10, 2026 20:43 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-222b2366ef branch from 14cf2bc to 3610f49 Compare June 10, 2026 20:57

vercel Bot deployed to Preview June 10, 2026 20:58 View deployment

BODMAT self-requested a review June 10, 2026 20:58

BODMAT approved these changes Jun 10, 2026

View reviewed changes

BODMAT merged commit 5d6413a into master Jun 10, 2026
14 checks passed

BODMAT deleted the dependabot/npm_and_yarn/production-dependencies-222b2366ef branch June 10, 2026 21:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the production-dependencies group across 1 directory with 18 updates#80

build(deps): bump the production-dependencies group across 1 directory with 18 updates#80
BODMAT merged 1 commit into
masterfrom
dependabot/npm_and_yarn/production-dependencies-222b2366ef

dependabot Bot commented on behalf of github Jun 7, 2026 •

edited

Loading

Uh oh!

vercel Bot commented Jun 7, 2026 •

edited

Loading

Uh oh!

BODMAT commented Jun 10, 2026

Uh oh!

BODMAT commented Jun 10, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v16.2.9

v16.2.8

v16.2.7

Core Changes

Credits

v1.1.0

⚠️ Notable behavior changes

1. experimental.lazyBarrel is now enabled by default (#9632)

2. tsconfig project-reference resolution now aligns with TypeScript

[1.1.0] - 2026-06-03

🚀 Features

🐛 Bug Fixes

🚜 Refactor

📚 Documentation

⚡ Performance

🧪 Testing

⚙️ Miscellaneous Tasks

v1.1.0

⚠️ Notable behavior changes

1. experimental.lazyBarrel is now enabled by default (#9632)

2. tsconfig project-reference resolution now aligns with TypeScript

[1.1.0] - 2026-06-03

🚀 Features

🐛 Bug Fixes

🚜 Refactor

📚 Documentation

⚡ Performance

🧪 Testing

⚙️ Miscellaneous Tasks

v4.61.1

4.61.1

Bug Fixes

Pull Requests

v4.61.0

4.61.0

Features

Pull Requests

4.61.1

Bug Fixes

Pull Requests

4.61.0

Features

Pull Requests

Changelog

8.2.0 - 2026-05-21

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

v8.0.10

8.0.10 (2026-05-29)

Bug Fixes

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

v8.0.8

8.0.8 (2026-05-23)

Bug Fixes

8.0.11 (2026-06-10)

Bug Fixes

8.0.10 (2026-05-29)

Bug Fixes

8.0.9 (2026-05-26)

Bug Fixes

8.0.8 (2026-05-23)

Bug Fixes

v6.42.0

6.42.0 (2026-06-03)

Features

v6.41.0

6.41.0 (2026-06-01)

Features

v6.40.0

6.40.0 (2026-06-01)

Features

Chores

v6.39.1

6.39.1 (2026-05-27)

dependabot Bot commented on behalf of github Jun 7, 2026 •

edited

Loading

1. `experimental.lazyBarrel` is now enabled by default (#9632)

2. `tsconfig` project-reference resolution now aligns with TypeScript

1. `experimental.lazyBarrel` is now enabled by default (#9632)

2. `tsconfig` project-reference resolution now aligns with TypeScript

vercel Bot commented Jun 7, 2026 •

edited

Loading