chore(deps): bump the minor-and-patch group across 1 directory with 25 updates by dependabot[bot] · Pull Request #33 · jp1337/momo

dependabot · 2026-06-15T14:51:05Z

Bumps the minor-and-patch group with 24 updates in the / directory:

Package	From	To
@radix-ui/react-dialog	`1.1.15`	`1.1.16`
@radix-ui/react-dropdown-menu	`2.1.16`	`2.1.17`
@radix-ui/react-popover	`1.1.15`	`1.1.16`
@radix-ui/react-toggle-group	`1.1.11`	`1.1.12`
@radix-ui/react-tooltip	`1.2.8`	`1.2.9`
@simplewebauthn/server	`13.3.0`	`13.3.1`
framer-motion	`12.38.0`	`12.40.0`
next	`16.2.6`	`16.2.9`
next-intl	`4.11.1`	`4.13.0`
otplib	`13.4.0`	`13.4.1`
pg	`8.20.0`	`8.21.0`
react	`19.2.6`	`19.2.7`
@types/react	`19.2.14`	`19.2.17`
react-dom	`19.2.6`	`19.2.7`
sharp	`0.34.5`	`0.35.1`
swagger-ui-react	`5.32.5`	`5.32.6`
@playwright/test	`1.59.1`	`1.61.0`
@tailwindcss/postcss	`4.2.4`	`4.3.1`
@types/node	`25.6.0`	`25.9.3`
@vitest/coverage-v8	`4.1.5`	`4.1.9`
@vitest/ui	`4.1.5`	`4.1.9`
eslint-config-next	`16.2.6`	`16.2.9`
npm-check-updates	`22.1.1`	`22.2.3`
vitest	`4.1.5`	`4.1.9`

Updates @radix-ui/react-dialog from 1.1.15 to 1.1.16

Changelog

Sourced from @radix-ui/react-dialog's changelog.

1.1.16

Fixed disabled pointer events in closed dialogs

Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken

Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @dodomorandi for the original PR)

Added repository.directory to all package.json files

Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @radix-ui/react-dialog since your current version.

Updates @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.17

Changelog

Sourced from @radix-ui/react-dropdown-menu's changelog.

2.1.17

Added repository.directory to all package.json files

Updated dependencies: @radix-ui/react-menu@2.1.17, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @radix-ui/react-dropdown-menu since your current version.

Updates @radix-ui/react-popover from 1.1.15 to 1.1.16

Changelog

Sourced from @radix-ui/react-popover's changelog.

1.1.16

Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken

Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @dodomorandi for the original PR)

Added repository.directory to all package.json files

Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @radix-ui/react-popover since your current version.

Updates @radix-ui/react-toggle-group from 1.1.11 to 1.1.12

Changelog

Sourced from @radix-ui/react-toggle-group's changelog.

1.1.12

Added repository.directory to all package.json files

Updated dependencies: @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-roving-focus@1.1.12, @radix-ui/react-toggle@1.1.11, @radix-ui/react-use-controllable-state@1.2.3

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @radix-ui/react-toggle-group since your current version.

Updates @radix-ui/react-tooltip from 1.2.8 to 1.2.9

Changelog

Sourced from @radix-ui/react-tooltip's changelog.

1.2.9

Fixed runtime error when event target is non-Node

Fixed a Tooltip bug so that skipDelayDuration={0} works as expected. Previously, the open delay could still be skipped when moving between triggers.

Added repository.directory to all package.json files

Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-visually-hidden@1.2.5

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @radix-ui/react-tooltip since your current version.

Updates @simplewebauthn/server from 13.3.0 to 13.3.1

Release notes

Sourced from @simplewebauthn/server's releases.

v13.3.1

Changes:

[server] Fixed an issue with verifyRegistrationResponse() failing to verify some Packed and SafetyNet statements (#767)

Changelog

Sourced from @simplewebauthn/server's changelog.

v13.3.1

Changes:

[server] Fixed an issue with verifyRegistrationResponse() failing to verify some Packed and SafetyNet statements (#767)

Commits

615538f Update version to 13.3.1
61601dd Ignore E2E test for now
6c43af7 Use attStmt.alg in Safety Net and Packed Full
See full diff in compare view

Updates framer-motion from 12.38.0 to 12.40.0

Changelog

Sourced from framer-motion's changelog.

[12.40.0] 2026-05-21

Added

path option to transition.

arc() for motion along an arc.

[12.39.0] 2026-05-18

Added

Support for repeatType and repeatDelay in animation sequences.

Fixed

Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.

Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so dragSnapToOrigin no longer leaves the drag transform stranded after a layout swap.

LazyMotion: Share React contexts between the framer-motion and framer-motion/m (and therefore motion/react and motion/react-m) CJS bundles so that <m.div> from the /m subpath picks up features loaded by <LazyMotion> from the main entry point.

useScroll: Support hydrating target and container refs from anywhere in the tree.

Drag: Gesture no longer starts from incorrect start point when rendered inside <AnimatePresence initial={false} />.

Drag: dragConstraints, when set as viewport-relative ref, no longer break on scroll.§

Updated visualElement hydration order.

useAnimate: Now respects skipAnimations.

AnimatePresence: Fix object-form initial values not applied on re-entry after exit completes.

scroll: Fixed callback progress when tracking an element.

useScroll: Fix hardware acceleration when tracking an element.

Commits

38ebb94 v12.40.0
b1f766c Latest
bca5544 Merge pull request #3699 from motiondivision/lochie/arcs-injectable
f1a96cf arc(): rename amp/rotate, expose MotionPath, fix explicit cw/ccw
b4aaba0 pathRotation: non-destructive orientToPath rotation channel
8604ef3 Make arcs injectable via transition.path = arc()
f90fe29 add orientToPath
9ebe999 fix: test
bc2107e Revert "no should"
6eeb92d no should
Additional commits viewable in compare view

Updates next from 16.2.6 to 16.2.9

Release notes

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Backport documentation fixes for v16.2 (#93804)

[backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)

[backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)

[backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)

[backport] Encode non-ASCII characters in cache tags at construction (#93918)

[backport] Fix server action forwarding loop with middleware rewrites (#93919)

[backport] Turbopack: switch from base40 to base38 hash encoding (#93932)

[ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)

[backport] Fix "type: module" in project dir when using standalone or adapters (#94050)

[backport] Propagate adapter preferred regions (#94200)

[16.2.x] Don't drop FormData entries (#94240)

[backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @eps1lon, @icyJoseph, @unstubbable, @mischnic, @bgw, @timneutkens, and @lukesandberg for helping!

Commits

f37fad9 v16.2.9
d9aaaed [cd] Allow tagging semver-lower releases as @latest if @latest po… (#94627)
6f16804 v16.2.8
0dbc1d5 [16.2.x][cd] Ensure release can be triggered on old branches (#94598)
90e3c81 [16.2.x] Align Actions dependencies with Canary (#94339)
83f402c [16.2.x][cd] Stop fetching all tags when searching parent tag (#94334)
411c455 v16.2.7
c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
63115c7 [16.2.x] Don't drop FormData entries (#94240)
aef22fd [backport] Propagate adapter preferred regions (#94200)
Additional commits viewable in compare view

Updates next-intl from 4.11.1 to 4.13.0

Release notes

Sourced from next-intl's releases.

v4.13.0

4.13.0 (2026-05-28)

Features

Use URL-safe base64 for auto-generated message keys of useExtracted (#2330) (a003d3a) – by @spokodev

⚠️ If you're using useExtracted, this requires an update to your existing keys. Please point your agent at amannn/next-intl#2330 to upgrade.

v4.12.0

4.12.0 (2026-05-13)

Features

Improvements for useExtracted (#2316) (bff2f96) – by @amannn

⚠️ A small config change is required for useExtracted users to upgrade, please see amannn/next-intl#2316 for details.

v4.11.2

4.11.2 (2026-05-11)

Bug Fixes

Revert x-forwarded-host redirect domain change (#2322) (eb3a6a4) – by @amannn

Changelog

Sourced from next-intl's changelog.

4.13.0 (2026-05-28)

Features

Use URL-safe base64 for auto-generated message keys of useExtracted (#2330) (a003d3a) – by @spokodev

4.12.0 (2026-05-13)

Features

Improvements for useExtracted (#2316) (bff2f96) – by @amannn

4.11.2 (2026-05-11)

Bug Fixes

Revert x-forwarded-host redirect domain change (#2322) (eb3a6a4) – by @amannn

Commits

3e013c4 v4.13.0
a003d3a feat: Use URL-safe base64 for auto-generated message keys of useExtracted (...
2e351ae docs: Add ElevenLabs logo
d7aaa62 docs: Add note on Promise.all
233af94 docs: Reorder extraction docs
d7bf7af v4.12.0
bff2f96 feat: Improvements for useExtracted (#2316)
940dfbf v4.11.2
eb3a6a4 fix: Revert x-forwarded-host redirect domain change (#2322)
See full diff in compare view

Updates otplib from 13.4.0 to 13.4.1

Release notes

Sourced from otplib's releases.

v13.4.1

What's Changed

fix: override flatted package security alert by @yeojz in yeojz/otplib#820

fix: override picomatch and yaml package security alerts by @yeojz in yeojz/otplib#822

refactor(testing): replace custom Deno adapter with @std/expect by @yeojz in yeojz/otplib#821

fix: override brace-expansion package security alert by @yeojz in yeojz/otplib#824

chore: update github actions pinned images by @yeojz in yeojz/otplib#823

Add @otplib/plugin-base32-alt to dependencies by @yeojz in yeojz/otplib#825

chore: harden supply chain with cooldown and version pinning by @yeojz in yeojz/otplib#826

refactor(testing): centralize test secrets into shared module by @yeojz in yeojz/otplib#831

chore(deps): bump the github-actions group with 5 updates by @dependabot[bot] in yeojz/otplib#827

refactor(testing): rename test secret constants for semantic clarity by @yeojz in yeojz/otplib#832

chore(deps-dev): bump the dev-dependencies-minor group with 4 updates by @dependabot[bot] in yeojz/otplib#828

refactor: replace size-limit with native bundle size check by @yeojz in yeojz/otplib#835

chore(deps-dev): bump vite from 7.3.1 to 8.0.0 by @dependabot[bot] in yeojz/otplib#830

refactor/docs/unusedImport by @ValeriYanev98 in yeojz/otplib#837

fix(security): address npm audit vulnerabilities by @yeojz in yeojz/otplib#839

fix(docker): bump pnpm to 10.30.1 to match packageManager by @yeojz in yeojz/otplib#847

docs: note short-secret guardrail override for legacy/test secrets by @yeojz in yeojz/otplib#848

docs(getting-started): clarify when each function runs by @yeojz in yeojz/otplib#846

chore(deps): bump vite from 5.4.21 to 8.0.10 by @dependabot[bot] in yeojz/otplib#845

chore(deps-dev): bump the dev-dependencies-patch group across 1 directory with 6 updates by @dependabot[bot] in yeojz/otplib#849

chore(deps-dev): bump the dev-dependencies-minor group across 1 directory with 6 updates by @dependabot[bot] in yeojz/otplib#841

docs(otplib): note 16-byte minimum and fix broken secret-handling link by @yeojz in yeojz/otplib#851

chore(deps-dev): bump @codecov/bundle-analyzer from 1.9.1 to 2.0.1 by @dependabot[bot] in yeojz/otplib#843

fix(benchmarks): adapt to tinybench v6 TaskResult shape by @yeojz in yeojz/otplib#852

chore(deps): bump the github-actions group across 1 directory with 6 updates by @dependabot[bot] in yeojz/otplib#844

chore(deps): bump @noble/hashes and @scure/base to 2.2.0 by @yeojz in yeojz/otplib#853

chore(deps-dev): bump turbo from 2.9.9 to 2.9.14 by @dependabot[bot] in yeojz/otplib#855

ci: split security audit into blocking prod and informational full scans by @yeojz in yeojz/otplib#857

chore(deps-dev): bump vite from 8.0.10 to 8.0.11 by @dependabot[bot] in yeojz/otplib#856

release(packages): v13.4.1 by @github-actions[bot] in yeojz/otplib#854

New Contributors

@ValeriYanev98 made their first contribution in yeojz/otplib#837

Full Changelog: yeojz/otplib@v13.4.0...v13.4.1

Commits

1d997b0 release(packages): v13.4.1 (#854)
0e9566f docs(otplib): note 16-byte minimum and fix broken secret-handling link (#851)
e01b4f1 chore(deps-dev): bump the dev-dependencies-patch group across 1 directory wit...
212534b chore(deps-dev): bump the dev-dependencies-minor group with 4 updates (#828)
b54adad refactor(testing): rename test secret constants for semantic clarity (#832)
4898252 refactor(testing): centralize test secrets and normalize naming (#831)
See full diff in compare view

Updates pg from 8.20.0 to 8.21.0

Changelog

Sourced from pg's changelog.

pg@8.21.0

Handle SASL SCRAM server error responses properly.

Add support for node@26.

Add scramMaxIterations config option.

Add client.getTransactionStatus() method.

Commits

544b1ce Publish
cc03fa5 Add scramMaxIterations option to limit SCRAM iteration count (#3677)
f776327 Remove compatibility code for unsupported versions of Node (<16) (#3678)
f252870 cleanup: pg utils (#3675)
c8da6ab Assorted test cleanup (#3673)
fa47e73 fix: Client#end callback being called multiple times when first is no-op (#...
88a7e60 cleanup: Move declaration to more natural place
2095247 cleanup: Combine duplicated code in Client#query and avoid unneeded early n...
0ac3edd fix: apply SASLprep (RFC 4013) to passwords before SCRAM-SHA-256 PBKDF2 (#3669)
be880d4 Assorted test fixes and cleanup (#3672)
Additional commits viewable in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @unstubbable)

Commits

6117d7c Version 19.2.7 (#36591)
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.2.14 to 19.2.17

Commits

See full diff in compare view

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @unstubbable)

Commits

6117d7c Version 19.2.7 (#36591)
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates sharp from 0.34.5 to 0.35.1

Release notes

Sourced from sharp's releases.

v0.35.1

TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.1

TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.0

TypeScript: Ensure type definitions are published #4537

WebAssembly: Ensure wrapper file is published. #4538

v0.35.0

Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

Breaking: Remove install script from package.json file. Compiling from source is now opt-in via the build script.

Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

Breaking: Add limitInputChannels with a default value of 5.

Breaking: Remove deprecated failOnError constructor property.

Breaking: Remove deprecated paletteBitDepth from metadata response.

Breaking: Remove deprecated properties from sharpen operation.

Breaking: Rename format.jp2k as format.jp2 for API consistency.

Upgrade to libvips v8.18.3 for upstream bug fixes.

Remove experimental status from WebAssembly binaries.

Add prebuilt binaries for FreeBSD (WebAssembly).

Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

Add AVIF/HEIF tune option for control over quality metrics.

... (truncated)

Commits

d781a2d Release v0.35.1
84fa853 Prerelease v0.35.1-rc.1
21263c3 TypeScript: Switch type defs to ESM, convert back to CJS #4537
8deceb4 Docs: fix link in changelog (#4541)
c9f08eb Revert "Docs: Highlight that Windows ARM64 support is experimental" (#4540)
3ec892f Prerelease v0.35.1-rc.0
fbdeac5 CI: Run packaging linter on sub-packages
1da92b3 WebAssembly: Ensure wrapper file is published #4538
32c029e Add packaging linter to help prevent regression e.g. #4537
98dc1df TypeScript: Ensure type definitions are published #4537
Additional commits viewable in compare view

Updates swagger-ui-react from 5.32.5 to 5.32.6

Release notes

Sourced from swagger-ui-react's releases.

v5.32.6

5.32.6 (2026-05-12)

Bug Fixes

deps-dev: address undici vulnerability (#10870) (35f5a6a)

docker: address CVE-2026-27135 nghttp2-libs vulnerability (#10879) (0a63415)

Commits

dcdca62 chore(release): cut the 5.32.6 release
871b897 chore(deps): swagger-client to 3.37.4 (#10880)
0a63415 fix(docker): address CVE-2026-27135 nghttp2-libs vulnerability (#10879)
9da9aed chore(deps-dev): bump fast-uri from 3.0.6 to 3.1.2 (#10875)
716b006 chore(deps): bump @babel/plugin-transform-modules-systemjs (#10877)
70120da chore(deps-dev): replace html-webpack-skip-assets-plugin with native excludeC...
f672bd2 chore(deps): bump axios from 1.15.0 to 1.16.0 (#10872)
35f5a6a fix(deps-dev): address undici vulnerability (#10870)
5210ab5 chore(deps-dev): bump postcss from 8.5.3 to 8.5.12 (#10859)
See full diff in compare view

Updates @playwright/test from 1.59.1 to 1.61.0

Release notes

Sourced from @playwright/test's releases.

v1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:
const context = await browser.newContext();
// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
id: credentialId,
userHandle,
privateKey,
publicKey,
});
await context.credentials.install();
const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.
You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:
await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();
New APIs

Network

apiResponse.securityDetails() and apiResponse.serverAddr() mirror the browser-side response.securityDetails() and response.serverAddr().

Browser and Screencast

New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.

New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.

The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.

Test runner

The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.

Supported expect.soft.poll(...).

New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.

New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.

testInfo.errors now lists each sub-error of an AggregateError as a separate entry.

... (truncated)

Commits

1cc5a90 cherry-pick(#41295): chore: PLAYWRIGHT_TRACING_NO_WEBSOCKET_FRAMES and PLAYWR...
a6772bd cherry-pick(#41280): Revert "fix(trace-viewer): add keyboard navigation to `N...
8133dcf cherry-pick(#41283): docs: add Ubuntu 26.04 and Node.js 26.x to system requir...
812432e chore: mark v1.61.0 (#41277)
ac05145 fix(fetch): report serverAddr and securityDetails for reused sockets (#41267)
056efc9 fix(trace-viewer): add keyboard navigation to NetworkFilters component (#41...
41f7b9a chore: fixes uncovered by the .NET 1.61 roll (#41266)
ba50778 fix(mcp): assign caps as array for legacy --vision flag (#41253)
b8ee5ae docs: release notes for v1.61 (#41261)
49c1f69 fix(trace viewer): load trace from a local file (#41263)
Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.2.4 to 4.3.1

Release notes

Sourced from @tailwindcss/postcss's releases.

v4.3.1

Added

Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)

Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)

Allow @apply to be used with CSS mixins (#19427)

Ensure not-* correctly negates @container queries, including style(…) queries (#20059)

Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)

Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)

Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)

Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)

Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)

Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)

Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)

Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)

Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)

Allow @variant to be used inside addBase (#19480)

Ensure @source globs with symlinks are preserved (#20203)

Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)

Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)

Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)

Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)

Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)

Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)

Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)

Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

v4.3.0

Added

Add @container-size utility (#18901)

Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)

Add scrollbar-gutter-* utilities (#20018)

Add zoom-* utilities (#20020)

Add tab-* utilities (#20022)

Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)

Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)

Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)
...
Description has been truncated

…5 updates Bumps the minor-and-patch group with 24 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@radix-ui/react-dialog](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dialog) | `1.1.15` | `1.1.16` | | [@radix-ui/react-dropdown-menu](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dropdown-menu) | `2.1.16` | `2.1.17` | | [@radix-ui/react-popover](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/popover) | `1.1.15` | `1.1.16` | | [@radix-ui/react-toggle-group](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/toggle-group) | `1.1.11` | `1.1.12` | | [@radix-ui/react-tooltip](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tooltip) | `1.2.8` | `1.2.9` | | [@simplewebauthn/server](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/server) | `13.3.0` | `13.3.1` | | [framer-motion](https://github.com/motiondivision/motion) | `12.38.0` | `12.40.0` | | [next](https://github.com/vercel/next.js) | `16.2.6` | `16.2.9` | | [next-intl](https://github.com/amannn/next-intl) | `4.11.1` | `4.13.0` | | [otplib](https://github.com/yeojz/otplib/tree/HEAD/packages/otplib) | `13.4.0` | `13.4.1` | | [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.20.0` | `8.21.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.17` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` | | [sharp](https://github.com/lovell/sharp) | `0.34.5` | `0.35.1` | | [swagger-ui-react](https://github.com/swagger-api/swagger-ui) | `5.32.5` | `5.32.6` | | [@playwright/test](https://github.com/microsoft/playwright) | `1.59.1` | `1.61.0` | | [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.4` | `4.3.1` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.0` | `25.9.3` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.5` | `4.1.9` | | [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) | `4.1.5` | `4.1.9` | | [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.2.6` | `16.2.9` | | [npm-check-updates](https://github.com/raineorshine/npm-check-updates) | `22.1.1` | `22.2.3` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.5` | `4.1.9` | Updates `@radix-ui/react-dialog` from 1.1.15 to 1.1.16 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dialog/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dialog) Updates `@radix-ui/react-dropdown-menu` from 2.1.16 to 2.1.17 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dropdown-menu/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dropdown-menu) Updates `@radix-ui/react-popover` from 1.1.15 to 1.1.16 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/popover/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/popover) Updates `@radix-ui/react-toggle-group` from 1.1.11 to 1.1.12 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/toggle-group/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/toggle-group) Updates `@radix-ui/react-tooltip` from 1.2.8 to 1.2.9 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tooltip/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tooltip) Updates `@simplewebauthn/server` from 13.3.0 to 13.3.1 - [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases) - [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md) - [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.1/packages/server) Updates `framer-motion` from 12.38.0 to 12.40.0 - [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md) - [Commits](motiondivision/motion@v12.38.0...v12.40.0) Updates `next` from 16.2.6 to 16.2.9 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.2.6...v16.2.9) Updates `next-intl` from 4.11.1 to 4.13.0 - [Release notes](https://github.com/amannn/next-intl/releases) - [Changelog](https://github.com/amannn/next-intl/blob/main/CHANGELOG.md) - [Commits](amannn/next-intl@v4.11.1...v4.13.0) Updates `otplib` from 13.4.0 to 13.4.1 - [Release notes](https://github.com/yeojz/otplib/releases) - [Commits](https://github.com/yeojz/otplib/commits/v13.4.1/packages/otplib) Updates `pg` from 8.20.0 to 8.21.0 - [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md) - [Commits](https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg) Updates `react` from 19.2.6 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react) Updates `@types/react` from 19.2.14 to 19.2.17 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `react-dom` from 19.2.6 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom) Updates `sharp` from 0.34.5 to 0.35.1 - [Release notes](https://github.com/lovell/sharp/releases) - [Commits](lovell/sharp@v0.34.5...v0.35.1) Updates `swagger-ui-react` from 5.32.5 to 5.32.6 - [Release notes](https://github.com/swagger-api/swagger-ui/releases) - [Commits](swagger-api/swagger-ui@v5.32.5...v5.32.6) Updates `@playwright/test` from 1.59.1 to 1.61.0 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.59.1...v1.61.0) Updates `@tailwindcss/postcss` from 4.2.4 to 4.3.1 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/@tailwindcss-postcss) Updates `@types/node` from 25.6.0 to 25.9.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/react` from 19.2.14 to 19.2.17 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `@vitest/coverage-v8` from 4.1.5 to 4.1.9 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/HEAD/packages/coverage-v8) Updates `@vitest/ui` from 4.1.5 to 4.1.9 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/HEAD/packages/ui) Updates `eslint-config-next` from 16.2.6 to 16.2.9 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/commits/v16.2.9/packages/eslint-config-next) Updates `npm-check-updates` from 22.1.1 to 22.2.3 - [Release notes](https://github.com/raineorshine/npm-check-updates/releases) - [Changelog](https://github.com/raineorshine/npm-check-updates/blob/main/CHANGELOG.md) - [Commits](raineorshine/npm-check-updates@v22.1.1...v22.2.3) Updates `tailwindcss` from 4.2.4 to 4.3.1 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/tailwindcss) Updates `vitest` from 4.1.5 to 4.1.9 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/HEAD/packages/vitest) --- updated-dependencies: - dependency-name: "@radix-ui/react-dialog" dependency-version: 1.1.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@radix-ui/react-dropdown-menu" dependency-version: 2.1.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@radix-ui/react-popover" dependency-version: 1.1.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@radix-ui/react-toggle-group" dependency-version: 1.1.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@radix-ui/react-tooltip" dependency-version: 1.2.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@simplewebauthn/server" dependency-version: 13.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: framer-motion dependency-version: 12.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: next dependency-version: 16.2.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: next-intl dependency-version: 4.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: otplib dependency-version: 13.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: pg dependency-version: 8.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: react dependency-version: 19.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@types/react" dependency-version: 19.2.17 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: react-dom dependency-version: 19.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: sharp dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: swagger-ui-react dependency-version: 5.32.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@playwright/test" dependency-version: 1.61.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@tailwindcss/postcss" dependency-version: 4.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@types/node" dependency-version: 25.9.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@types/react" dependency-version: 19.2.17 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@vitest/ui" dependency-version: 4.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: eslint-config-next dependency-version: 16.2.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: npm-check-updates dependency-version: 22.2.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: tailwindcss dependency-version: 4.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: vitest dependency-version: 4.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-15T14:51:07Z

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 15, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the minor-and-patch group across 1 directory with 25 updates#33

chore(deps): bump the minor-and-patch group across 1 directory with 25 updates#33
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-289c347ee9

dependabot Bot commented on behalf of github Jun 15, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 15, 2026

1.1.16

2.1.17

1.1.16

1.1.12

1.2.9

v13.3.1

v13.3.1

[12.40.0] 2026-05-21

Added

[12.39.0] 2026-05-18

Added

Fixed

v16.2.9

v16.2.8

v16.2.7

Core Changes

Credits

v4.13.0

4.13.0 (2026-05-28)

Features

v4.12.0

4.12.0 (2026-05-13)

Features

v4.11.2

4.11.2 (2026-05-11)

Bug Fixes

4.13.0 (2026-05-28)

Features

4.12.0 (2026-05-13)

Features

4.11.2 (2026-05-11)

Bug Fixes

v13.4.1

What's Changed

New Contributors

pg@8.21.0

19.2.7 (June 1st, 2026)

React Server Components

19.2.7 (June 1st, 2026)

React Server Components

v0.35.1

v0.35.1-rc.1

v0.35.1-rc.0

v0.35.0

v5.32.6

5.32.6 (2026-05-12)

Bug Fixes

v1.61.0

🔑 WebAuthn passkeys

🗃️ Web Storage

New APIs

Network

Browser and Screencast

Test runner

v4.3.1

Added

Fixed

Changed

v4.3.0

Added

Uh oh!

dependabot Bot commented on behalf of github Jun 15, 2026

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants