fix(deps): update non-major

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@portabletext/react	^2.0.0 → ^2.0.3			dependencies	patch
@sanity/cli (source)	^4.8.1 → ^4.22.0			pnpm.catalog.default	minor
@sanity/client (source)	^7.11.1 → ^7.23.0			pnpm.catalog.default	minor
@sanity/client (source)	^6.12.3 → ^6.29.1			dependencies	minor
@sanity/document-internationalization (source)	^1.1.1 → ^1.1.2			dependencies	patch
@sanity/image-url (source)	^1.0.2 → ^1.2.0			dependencies	minor
@sanity/preview-url-secret (source)	^1.6.1 → ^1.6.21			dependencies	patch
@sanity/vercel-protection-bypass (source)	^2.0.2 → ^2.1.1			dependencies	minor
@sanity/vision (source)	^4.8.1 → ^4.22.0			pnpm.catalog.default	minor
@sanity/visual-editing (source)	^1.1.0 → ^1.8.22			dependencies	minor
@segment/snippet	^4.15.3 → ^4.16.2			dependencies	patch
@tailwindcss/forms	^0.5.3 → ^0.5.11			dependencies	patch
@tailwindcss/forms	^0.5.3 → ^0.5.11			dependencies	patch
@types/node (source)	^18.11.9 → ^18.19.130			devDependencies	patch
@types/react (source)	^19.1.12 → ^19.2.17			pnpm.catalog.default	minor
@types/react (source)	^18.0.25 → ^18.3.31			devDependencies	minor
@types/react-dom (source)	^19.1.9 → ^19.2.3			pnpm.catalog.default	minor
@types/styled-components (source)	^5.1.26 → ^5.1.36			devDependencies	patch
@vercel/analytics (source)	^1.5.0 → ^1.6.1			dependencies	minor
@vercel/related-projects (source)	^1.0.0 → ^1.1.0			dependencies	minor
@vercel/speed-insights (source)	^1.2.0 → ^1.3.1			dependencies	minor
@vercel/speed-insights (source)	^1.0.9 → ^1.3.1			dependencies	minor
EndBug/add-and-commit (changelog)	61a88be → a94899b			action	digest
actions/cache (changelog)	9b0c1fc → 6f8efc2			action	digest
autoprefixer	^10.4.13 → ^10.5.2			dependencies	minor
autoprefixer	^10.4.13 → ^10.5.2			devDependencies	minor
classnames	^2.3.2 → ^2.5.1			dependencies	patch
cryptr	^6.0.3 → ^6.4.0			dependencies	minor
date-fns	^2.29.3 → ^2.30.0			dependencies	patch
dotenv	^16.0.3 → ^16.6.1			devDependencies	minor
esbuild-plugin-replace (source)	^1.3.0 → ^1.4.0			devDependencies	patch
esbuild-register	^3.4.1 → ^3.6.0			devDependencies	minor
eslint (source)	^8.28.0 → ^8.57.1			devDependencies	minor
eslint-config-next (source)	^13.0.5 → ^13.5.11			devDependencies	patch
eslint-config-prettier	^8.5.0 → ^8.10.2			devDependencies	patch
groqd (source)	^0.0.4 → ^0.15.13			dependencies	minor
i18next (source)	^22.0.6 → ^22.5.1			dependencies	patch
libphonenumber-js	^1.10.14 → ^1.13.7			dependencies	minor
lodash.orderby (source)	^4.6.0 → ^4.18.0			dependencies	minor
lucide-react (source)	^0.102.0 → ^0.577.0			dependencies	minor
next-intl (source)	^2.9.1 → ^2.22.1			dependencies	patch
next-sanity (source)	^11.1.0 → ^11.6.13			dependencies	minor
polished (source)	^4.2.2 → ^4.3.1			dependencies	patch
postcss (source)	^8.5.6 → ^8.5.15			dependencies	patch
postcss (source)	^8.4.19 → ^8.5.15			devDependencies	minor
prettier (source)	^2.8.0 → ^2.8.8			devDependencies	patch
prettier-plugin-packagejson	^2.3.0 → ^2.5.22			devDependencies	minor
prettier-plugin-tailwindcss	^0.2.0 → ^0.8.0			devDependencies	minor
puppeteer (source)	^19.3.0 → ^19.11.1			devDependencies	patch
puppeteer-core (source)	^19.3.0 → ^19.11.1			devDependencies	patch
react (source)	^19.1.1 → ^19.2.7			pnpm.catalog.default	minor
react (source)	^18.2.0 → ^18.3.1			dependencies	minor
react-dom (source)	^19.1.1 → ^19.2.7			pnpm.catalog.default	minor
react-dom (source)	^18.2.0 → ^18.3.1			dependencies	minor
react-hot-toast	^2.4.0 → ^2.6.0			dependencies	minor
react-i18next	^12.0.0 → ^12.3.1			dependencies	patch
rxjs (source)	^7.8.1 → ^7.8.2			dependencies	patch
sanity (source)	^4.8.1 → ^4.22.0			pnpm.catalog.default	minor
sanity (source)	3.28.0 → 3.99.0			dependencies	minor
sanity-plugin-internationalized-array (source)	^1.10.8 → ^1.10.9			dependencies	patch
styled-components (source)	^6.1.19 → ^6.4.3			pnpm.catalog.default	minor
styled-components (source)	^5.3.6 → ^5.3.11			dependencies	patch
tailwindcss (source)	^3.2.4 → ^3.4.19			dependencies	minor
tailwindcss (source)	^3.2.4 → ^3.4.19			devDependencies	patch
type-fest	^3.2.0 → ^3.13.1			devDependencies	patch
typescript (source)	5.9.2 → 5.9.3			pnpm.catalog.default	patch
typescript (source)	^5.3.3 → ^5.9.3			devDependencies	minor
write-file-atomic	^5.0.0 → ^5.0.1			devDependencies	patch
zod (source)	^3.19.1 → ^3.25.76			dependencies	minor

---

Release Notes

sanity-io/cli (@​sanity/cli)

v4.22.0

Features

• update mcp configured prompt text (#​11514) (b595fee) by Matthew Ritter (matthew.ritter@sanity.io)

Bug Fixes

• cli: telemetry in MCP commands (#​11487) (9e805d6) by James Woods (<jwwoods01@​gmail.com>)
• cli: update runtime commands (#​11513) (6f9ae4f) by Taylor Beseda (tbeseda@gmail.com)

v4.21.1

Bug Fixes

• cli: blueprints doctor does not require existing blueprint config (#​11444) (b8d9a94) by Taylor Beseda (tbeseda@gmail.com)
• mcp cli wording (#​11457) (2aa0766) by James Woods (<jwwoods01@​gmail.com>)

v4.21.0

Features

• setup mcp on sanity init and add mcp add command to cli (#​11409) (4752fb1) by James Woods (<jwwoods01@​gmail.com>)
• setup mcp on sanity init and add mcp add command to cli (#​11434) (e27bea7) by James Woods (<jwwoods01@​gmail.com>)
• Update runtime-cli to v12 (#​11410) (3fea96a) by Dave Sewell (snocorp@gmail.com)

Bug Fixes

• deps: update dependency get-it to ^8.7.0 (#​11395) (5f4487a) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: update dependency groq-js to ^1.23.0 (#​11429) (b100ba4) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.20.3

Bug Fixes

• deps: Update react monorepo to ^19.2.1 (#​11389) (ad157b1) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.20.2

Note: Version bump only for package @​sanity/cli

v4.20.1

Bug Fixes

• deps: update dependency groq-js to ^1.22.0 (#​11366) (6976b77) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• ERR_REQUIRE_CYCLE_MODULE on older node, and windows resolve regression (#​11385) (bfaa1c7) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v4.20.0

Note: Version bump only for package @​sanity/cli

v4.19.0

Features

• cli: add typegen configuration through cli config (#​11135) (cfd2d9c) by Kristoffer Brabrand (kristoffer@brabrand.no)

v4.18.0

Bug Fixes

• deps: update dependency groq-js to ^1.21.0 (#​11216) (fc8f483) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.17.0

Bug Fixes

• actions: onComplete considered harmful, use local state instead (#​11199) (461f54d) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v4.16.0

Features

• allow configuring sanity CLI config in testing (#​11133) (dd909ce) by Kristoffer Brabrand (kristoffer@brabrand.no)

Bug Fixes

• deps: Update babel monorepo to ^7.28.5 (#​11181) (08d6e66) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: upgrade react compiler to v1 (#​10834) (2573cb1) by Cody Olsen (81981+stipsan@users.noreply.github.com)
• functions: support host flag in functions dev (#​11118) (9588b8b) by Simon MacDonald (simon.macdonald@gmail.com)

v4.15.0

Bug Fixes

• typegen: allow generating types to absolute path (#​7620) (#​11081) (f8b4e87) by Kristoffer Brabrand (kristoffer@brabrand.no)

Reverts

• deps: add patch-package as direct dependency (#​11085) (#​11086) (45a5dbf) by Bjørge Næss (bjoerge@gmail.com)

v4.14.2

Bug Fixes

• cli: disable dynamic-import when running cli from local source (#​11078) (a30a092) by Kristoffer Brabrand (kristoffer@brabrand.no)
• deps: add patch-package as direct dependency (#​11085) (3a6536c) by Bjørge Næss (bjoerge@gmail.com)

v4.14.1

Note: Version bump only for package @​sanity/cli

v4.14.0

Bug Fixes

• cli: add new function test flag (#​11007) (22bd071) by Simon MacDonald (simon.macdonald@gmail.com)
• deps: add @babel/parser, an implicit dep of recast (#​11042) (bc08d28) by Cody Olsen (81981+stipsan@users.noreply.github.com)
• deps: update dependency @​sanity/client to ^7.12.1 (#​11029) (df2aa67) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.13.0

Features

• Add shopify domain to shopify template (#​10983) (6138bda) by Indrek Kärner (152283155+indrekkarner@users.noreply.github.com)
• cli/blueprints: doctor command (#​10987) (7485f28) by Taylor Beseda (tbeseda@gmail.com)

Bug Fixes

• deps: catalog vitest, jsdom add overrides (a54467e) by Bjørge Næss (bjoerge@gmail.com)
• use www for sanity website urls (#​10994) (de66f58) by Bjørge Næss (bjoerge@gmail.com)

v4.12.0

Note: Version bump only for package @​sanity/cli

v4.11.0

Bug Fixes

• cli: pipe stderr when installing dependencies (#​10839) (704a357) by Bjørge Næss (bjoerge@gmail.com)
• deps: update dependency groq-js to ^1.20.0 (#​10852) (ae0f0c7) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v4.10.3

Bug Fixes

• deps: update dependency @​sanity/client to ^7.12.0 (#​10802) (391127a)

v4.10.2

Note: Version bump only for package @​sanity/cli

v4.10.1

Bug Fixes

• deps: update dependency groq-js to ^1.19.0 (#​10751) (0e61cf3)

v4.10.0

Bug Fixes

• deps: update dependency @​sanity/client to ^7.11.2 (#​10667) (3d3ea0d)
• use generated react compiler typings (#​10672) (ac6c9a0)

v4.9.0

Features

• cli: Add delta flags to functions test command (#​10607) (166f7af)
• init: update next.js init template to next-sanity v11 (#​10610) (bd3d363)

sanity-io/client (@​sanity/client)

v7.23.0

Compare Source

Features

• add documentsExists for batch existence checks (#​1215) (7c0406a)
• improve get-it HTTP stacktraces (#​1184) (d3aad14)

v7.22.1

Compare Source

Bug Fixes

• live: verify CORS via /check/cors (credentials-aware) before reporting CorsOriginError (#​1219) (566e1b5)

v7.22.0

Compare Source

Features

• error: expose trace id from backend responses (#​1212) (47fa1fe)

v7.21.0

Compare Source

Features

• live: add waitFor option to defer events until Sanity Function processing (#​1209) (3251113)
• support intercepting requests via internal requestHandler config (#​1208) (4d794f6)

Bug Fixes

• deps: update get-it to v8.7.2 (#​1211) (ad4fa50)

v7.20.0

Compare Source

Features

• add more query options to listing projects (#​1205) (e193fcb)

v7.19.0

Compare Source

Features

• types: add VideoSubtitleInfo types to playback info (#​1191) (7c55974)

v7.18.0

Compare Source

Features

• types: add VideoRenditionInfo types with typed resolution (#​1186) (6d9e85e)

Bug Fixes

• stega: allow zero-width space characters in content (#​1204) (3dcfca9)

v7.17.0

Compare Source

Features

• projects: add onlyExplicitMembership option to projects.list() (#​1200) (96619c5)

v7.16.0

Compare Source

Features

• dataset: added embeddings configuration options (d4cca13)

v7.15.0

Compare Source

Features

• add support for resuming listener events (#​1154) (18a5daa)

v7.14.1

Compare Source

Bug Fixes

• remove resource guard from live client (#​1141) (9b84983)

v7.14.0

Compare Source

Features

• media-library: add thumbhash support to AssetMetadataType (223fdbc)
• media-library: improve Media Library API support (#​1171) (df82583)

Bug Fixes

• types: thumbhash -> thumbHash (223fdbc)

v7.13.2

Compare Source

Bug Fixes

• csm: resolve root path mappings (#​1172) (f81b777)
• deps: update dependency get-it to ^8.7.0 (#​1169) (ad1b878)
• docs: fix incorrect releases method name in readme (#​1162) (29e8e90)

v7.13.1

Compare Source

Bug Fixes

• perf: improving stega encoding (#​1149) (7165b6e)

v7.13.0

Compare Source

Features

• listen: return event type based on options.events (#​1159) (a0303f7)

v7.12.1

Compare Source

Bug Fixes

• make releaseId optional in createVersion method (#​1151) (660464b)

v7.12.0

Compare Source

Features

• add X-Sanity-Lineage header (#​1143) (44c3006)

v7.11.2

Compare Source

Bug Fixes

• types: add import release action type (#​1138) (d7aeae7)

sanity-io/plugins (@​sanity/document-internationalization)

v1.1.2

Compare Source

sanity-io/image-url (@​sanity/image-url)

v1.2.0

[Compare Source](https://redirect.github.com/sanity-io/image-url/compar

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 3am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/next@16.3.0-canary.69 → npm/@emnapi/runtime@1.11.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @esbuild/aix-ppc64 is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@esbuild/aix-ppc64@0.25.6 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@esbuild/aix-ppc64@0.25.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @pnpm/network.ca-file is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/@sanity/cli@4.22.0 → npm/@pnpm/network.ca-file@1.0.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@pnpm/network.ca-file@1.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm css-tree is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/css-tree@3.2.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/css-tree@3.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm data-urls is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/data-urls@7.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/data-urls@7.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm date-fns is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/date-fns@4.4.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/date-fns@4.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm jsdom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/jsdom@28.1.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@28.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm jsdom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/jsdom@28.1.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@28.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm next is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/next@16.3.0-canary.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.3.0-canary.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm next is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/next@16.3.0-canary.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.3.0-canary.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm next is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/next@16.3.0-canary.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.3.0-canary.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cv	Error		Jun 27, 2026 10:19pm
cv-studio	Ready	Preview, Comment	Jun 27, 2026 10:19pm
cv-web	Error		Jun 27, 2026 10:19pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​16.3.0-canary.69
	eslint@​8.57.1
	next-intl@​2.22.3
	puppeteer@​19.11.1
	eslint-config-next@​13.5.11
	@​vercel/​analytics@​1.6.1
	eslint-config-prettier@​8.10.2
	@​types/​styled-components@​5.1.36
	@​types/​react-dom@​19.2.3
	@​sanity/​vercel-protection-bypass@​2.1.1
	lodash.orderby@​4.18.0
	@​sanity/​cli@​3.28.0 ⏵ 4.22.0	+5		+1
	@​types/​react@​19.2.17
	esbuild-plugin-replace@​1.4.0
	react-hot-toast@​2.6.0
	cryptr@​6.4.0
	@​types/​node@​18.19.130
	classnames@​2.5.1
	prettier-plugin-packagejson@​2.5.22
	postcss@​8.4.31 ⏵ 8.5.15	+1	+2	+1
	@​segment/​snippet@​4.16.2
	@​vercel/​related-projects@​1.1.0
	react@​18.2.0 ⏵ 19.2.7	+1
	react@​18.2.0 ⏵ 18.3.1	+1		+1
	groqd@​0.15.13
	@​vercel/​speed-insights@​1.3.1
	tailwindcss@​3.4.19
	@​tailwindcss/​forms@​0.5.11
	write-file-atomic@​5.0.1
	autoprefixer@​10.5.2
	dotenv@​16.6.1
	puppeteer-core@​19.11.1
	type-fest@​3.13.1
See 21 more rows in the dashboard

View full report