Skip to content

chore(deps)(deps): bump the prod-deps group across 1 directory with 4 updates#32

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/prod-deps-5dee5d523b
Open

chore(deps)(deps): bump the prod-deps group across 1 directory with 4 updates#32
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/prod-deps-5dee5d523b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-deps group with 4 updates in the / directory: js.foresight, next, react and react-dom.

Updates js.foresight from 3.5.0 to 4.2.0

Release notes

Sourced from js.foresight's releases.

V4.2.0 - The <Foresight> Component

v4.2 reworks the React and Vue packages around a single declarative <Foresight> component. Registering a list of elements no longer means wiring up useForesights and juggling callback refs. You wrap your items in <Foresight> and you're done. Under the hood the core also got a round of dedup and cleanup: duplicated settings/registration/logging paths are gone, and data-attribute mirroring is now a single global manager setting instead of a per-element concern.

js.foresight v4.2.0

  • New: dataAttributeMirroring global setting. Mirroring registration data to element data-* attributes is now controlled once on the manager instead of per element (#133).
  • Changed: active/parked element counts are now derived from state rather than tracked separately, removing a class of drift bugs (#134).
  • Fix: changing the touch strategy to its current value no longer triggers a no-op settings change (#125).
  • Fix: the desktop handler now respects positionHistorySize on init (#124).
  • Performance: only active elements are observed on handler connect; parked elements stay out of the observer until reactivated (#126).
  • Internal: removed duplicated settings/registration/logging code paths (#129) and dropped the unused HasListenersFunction type export (#127).

js.foresight-devtools v2.2.0

  • Updated for the core changes above; element data-attribute display follows the new global dataAttributeMirroring setting (#133).

@foresightjs/react v0.3.0

  • New: <Foresight> component replaces useForesights for registering dynamic lists of elements declaratively (#131).
  • Fix: useForesight now handles multiple refs correctly (#135).

@foresightjs/vue v0.3.0

  • New: <Foresight> component replaces useForesights for registering dynamic lists of elements declaratively (#132).
  • Fix: useForesight now handles multiple refs correctly (#135).

Full Changelog: spaansba/ForesightJS@V4.1.0...V4.2.0

V4.1.0 - Bounds channel & scroll re-render fix

js.foresight v4.1.0

  • New: element geometry moved to a dedicated bounds channel -> ForesightRegisterResult now has getBounds() and subscribeToBounds() for position/size updates (fired on every scroll/resize tick while visible) (#120)
  • Changed: subscribe()/getSnapshot() now only fire/change on logical state changes, never on scroll/resize —> state snapshots are referentially stable while scrolling (#120)
  • Breaking-ish: ForesightElementState.elementBounds removed; hitSlop now lives directly on the state snapshot; new exported ElementBounds type (#120)

js.foresight-devtools v2.1.0

  • Performance: log tab rewritten around a dedicated log store, element tab render optimizations, cheaper/batched overlay updates (#119)
  • Element overlays read geometry from the new core bounds channel (#120)

@​foresightjs/react v0.2.0

  • Performance: useForesights coalesces store notifications to one snapshot check per microtask instead of one per element per scroll tick (#120)
  • Components no longer re-render on scroll/resize —> only on logical state changes, thanks to the core bounds split (#120)

@​foresightjs/vue v0.2.0

  • No functional changes; peer dependency bumped to js.foresight ^4.1.0

ForesightJS v4.0 - Official Framework Packages

The goal of v4.0 is to make ForesightJS a lot easier to use with popular frameworks. Until now, the docs handed you premade hooks, composables and directives to copy into your own project. v4 replaces all of that with two official wrapper packages: @foresightjs/react and @foresightjs/vue. Install one, delete your copied files, and you're done.

To make reactive bindings possible, the core element data model was reworked into immutable state snapshots with a subscription model. The same primitives the wrapper packages are built on, and the same ones you can use to build a binding for your own framework (Angular, Svelte, Solid, …).

Upgrading from v3.5? Follow the migration guide. The v3.5 docs stay available via the version dropdown.

js.foresight v4.0.0

... (truncated)

Commits
  • 5d56480 Core: refactor derive active/parked element counts from state (#134)
  • 7cf4435 Make data-attribute mirroring a global manager setting (#133)
  • 1cb3642 React: Replace useForesights with the Foresight component (#131)
  • 822ce8c Remove duplicated settings/registration/logging code paths (#129)
  • 23ec1ac fix: only observe active elements on handler connect (#126)
  • 09dd863 Remove unused type export for HasListenersFunction from index.ts (#127)
  • bfa4818 Respect position history size on init desktop handler (#124)
  • 9aae720 Fix no-op touch strategy settings change (#125)
  • f698b1c Update package numbers for 4.1.0 release (#123)
  • 01a83cf Split element geometry out of ForesightElementState into a separate bounds ch...
  • Additional commits viewable in compare view

Updates next from 16.2.1 to 16.2.9

Release notes

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

... (truncated)

Commits
  • f37fad9 v16.2.9
  • d9aaaed [cd] Allow tagging semver-lower releases as @latest if @latest po… (#94627)
  • 6f16804 v16.2.8
  • 0dbc1d5 [16.2.x][cd] Ensure release can be triggered on old branches (#94598)
  • 90e3c81 [16.2.x] Align Actions dependencies with Canary (#94339)
  • 83f402c [16.2.x][cd] Stop fetching all tags when searching parent tag (#94334)
  • 411c455 v16.2.7
  • c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
  • 63115c7 [16.2.x] Don't drop FormData entries (#94240)
  • aef22fd [backport] Propagate adapter preferred regions (#94200)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.


Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Bumps the prod-deps group with 4 updates in the / directory: [js.foresight](https://github.com/spaansba/ForesightJS/tree/HEAD/packages/js.foresight), [next](https://github.com/vercel/next.js), [react](https://github.com/facebook/react/tree/HEAD/packages/react) and [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom).


Updates `js.foresight` from 3.5.0 to 4.2.0
- [Release notes](https://github.com/spaansba/ForesightJS/releases)
- [Commits](https://github.com/spaansba/ForesightJS/commits/V4.2.0/packages/js.foresight)

Updates `next` from 16.2.1 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.1...v16.2.9)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

---
updated-dependencies:
- dependency-name: js.foresight
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
- dependency-name: next
  dependency-version: 16.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies javascript Pull requests that update javascript code labels Jun 15, 2026
@changeset-bot

changeset-bot Bot commented Jun 15, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 8a41830

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants