Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 28 updates#70

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-5e09ec1496
Open

chore(deps): bump the production-dependencies group across 1 directory with 28 updates#70
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-5e09ec1496

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 28 updates in the / directory:

Package From To
@aws-sdk/client-pricing 3.1053.0 3.1075.0
@hono/node-server 2.0.4 2.0.6
better-auth 1.6.11 1.6.22
hono 4.12.23 4.12.27
ioredis 5.11.0 5.11.1
pg 8.21.0 8.22.0
resend 6.12.4 6.16.0
uuid 14.0.0 14.0.1
@radix-ui/react-avatar 1.1.11 1.2.0
@radix-ui/react-dialog 1.1.15 1.1.17
@radix-ui/react-dropdown-menu 2.1.16 2.1.18
@radix-ui/react-label 2.1.8 2.1.10
@radix-ui/react-scroll-area 1.2.10 1.2.12
@radix-ui/react-select 2.2.6 2.3.1
@radix-ui/react-separator 1.1.8 1.1.10
@radix-ui/react-slot 1.2.4 1.3.0
@radix-ui/react-tabs 1.1.13 1.1.15
@radix-ui/react-toast 1.2.15 1.2.17
@radix-ui/react-tooltip 1.2.8 1.2.10
@tanstack/react-query 5.100.14 5.101.2
@tanstack/react-router 1.170.8 1.170.16
lucide-react 1.16.0 1.22.0
react 19.2.6 19.2.7
react-dom 19.2.6 19.2.7
react-resizable-panels 4.11.2 4.12.0
recharts 3.8.1 3.9.0
vscode-languageserver-protocol 3.17.5 3.18.1
zustand 5.0.13 5.0.14

Updates @aws-sdk/client-pricing from 3.1053.0 to 3.1075.0

Release notes

Sourced from @​aws-sdk/client-pricing's releases.

v3.1075.0

3.1075.0(2026-06-23)

New Features
  • client-kafka: Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers. (005f9529)

For list of updated packages, view updated-packages.md in assets-3.1075.0.zip

v3.1074.0

3.1074.0(2026-06-22)

Chores
Documentation Changes
New Features
  • clients: update client endpoints as of 2026-06-22 (3a55a333)
  • client-cloudwatch-logs: CloudWatch Logs Updates - New APIs introduced to support syslog ingestion to a log group. For more information, see CloudWatch Logs API documentation. (01a3b513)
  • client-bedrock-agentcore: Adds an optional extractionMode field to CreateEvent. SKIP retains the event in short-term memory but excludes it from long-term memory extraction. (749753ad)
  • client-omics: Adds support for scratch ephemeral storage mounted at tmp (331e3023)
  • client-application-signals: Application Signals now supports dynamic instrumentation and Service Events telemetry. Add instrumentation at runtime without restarts, and use fine-grained profiling data to quickly pinpoint latency and error root causes. (f93b1c03)
  • client-mediaconnect: AWS MediaConnect now supports Content Quality Analysis for Router Inputs, enabling detection of black frames, frozen frames, and silent audio with configurable thresholds. (05054853)
  • client-lambda-core: Initial release of the AWS Lambda Core SDK with APIs to create, manage, and tag network connectors that enable Lambda compute resources to access private resources in your Amazon VPC. (e35cdab8)
  • client-lambda: Add support for tagging Network Connector resources in AWS Lambda. (fbfc4078)
  • client-guardduty: Added AI-powered investigations that automatically analyze security findings, correlate related activity, and produce structured summaries with risk assessment, confidence scoring, MITRE technique classification, and actionable next steps. (83c29839)
  • client-lambda-microvms: Lambda MicroVMs GA launch. Lambda MicroVMs enable isolated and highly responsive execution of user-supplied or LLM-generated code. (5519a7e2)
  • client-kafka: Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers. (ce7d1bf5)
  • client-quicksight: Updated the Amazon Quick Spaces API to remove unsupported SPACE and ARTIFACT values from the SpaceQuickSightResourceType enum. (e1b325d4)
  • client-ec2: This release adds support for AMI Watermark and Allowed AMIs integration (d1698bed)
  • client-direct-connect: Added VIF rate limiting support for AWS Direct Connect, allowing customers to set bandwidth allocations on virtual interfaces to manage traffic on dedicated connections. (228a95dc)
Bug Fixes
  • cloudfront-signer: filename asterisk apostrophe encoding fix (#8119) (35acab40)

For list of updated packages, view updated-packages.md in assets-3.1074.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-pricing's changelog.

3.1075.0 (2026-06-23)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1074.0 (2026-06-22)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1073.0 (2026-06-19)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1072.0 (2026-06-18)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1071.0 (2026-06-17)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1070.0 (2026-06-16)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1069.0 (2026-06-15)

... (truncated)

Commits

Updates @hono/node-server from 2.0.4 to 2.0.6

Release notes

Sourced from @​hono/node-server's releases.

v2.0.6

What's Changed

Full Changelog: honojs/node-server@v2.0.5...v2.0.6

v2.0.5

Security Fix

Fixed a security issue in Serve Static Middleware where prefix-mounted middleware could be bypassed on Windows. This only affects applications running on Windows that use Serve Static Middleware. Affected users are encouraged to upgrade to this version.

See GHSA-frvp-7c67-39w9 for details.

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​hono/node-server since your current version.


Updates better-auth from 1.6.11 to 1.6.22

Release notes

Sourced from better-auth's releases.

v1.6.22

better-auth

Bug Fixes

  • Fixed unproven credentials not being revoked during magic link and email OTP sign-in (#10239)
  • Fixed server-side OAuth requests to refuse redirect responses instead of following them (#10241)

For detailed changes, see CHANGELOG

@better-auth/scim

Bug Fixes

  • Fixed SCIM write-path operations to be properly scoped and to correctly honor the active attribute (#10242)

For detailed changes, see CHANGELOG

@better-auth/stripe

Bug Fixes

  • Fixed organization subscription actions (cancel, upgrade, restore, and the billing portal) that could act on the wrong organization.

For detailed changes, see CHANGELOG

auth

Bug Fixes

  • Added account-level verification lockout for two-factor authentication (#10240)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​gustavovalverde

Full changelog: v1.6.21...v1.6.22

v1.6.21

better-auth

Bug Fixes

  • Fixed rate limits to be enforced before plugin request handlers run (#10191)
  • Fixed admin permission changes and bans to take effect immediately, even when session cookie cache is enabled (#10187)
  • Fixed deviceAuthorization() throwing a ZodError when called without a schema option under Zod v4 (#9939)

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.22

Patch Changes

  • #10239 c06a56d Thanks @​gustavovalverde! - Magic-link and email-OTP sign-in now reset the credentials on an account whose email had never been confirmed. When verification resolves to such an account, any existing password on it is removed and its sessions are revoked before the user is signed in, so proven control of the mailbox is the source of truth for the account.

    If you signed up with email and password but first signed in through a magic link or email OTP rather than confirming the verification email, your password is cleared and you will need to set a new one through password reset.

  • #10240 3a035e9 Thanks @​gustavovalverde! - Add account-level lockout for two-factor verification. The attempt limit applies per account across sign-in challenges and across factors: TOTP, email-OTP, and backup codes share one counter, and a successful verification resets it.

    Enabled by default: an account locks for 15 minutes after 10 consecutive failed verifications, and locked attempts return 429 with the ACCOUNT_TEMPORARILY_LOCKED error code. Configure it with twoFactor({ accountLockout: { enabled, maxFailedAttempts, durationSeconds } }).

    Run a database migration after upgrading: this adds failedVerificationCount and lockedUntil columns to the twoFactor table.

  • Updated dependencies [8bd43d9]:

    • @​better-auth/core@​1.6.22
    • @​better-auth/drizzle-adapter@​1.6.22
    • @​better-auth/kysely-adapter@​1.6.22
    • @​better-auth/memory-adapter@​1.6.22
    • @​better-auth/mongo-adapter@​1.6.22
    • @​better-auth/prisma-adapter@​1.6.22
    • @​better-auth/telemetry@​1.6.22

1.6.21

Patch Changes

  • #10212 e0762a1 Thanks @​bytaesu! - In root-mounted deployments, requests whose path does not start with the configured basePath now return 404 instead of resolving to an endpoint.

  • #10187 882cf9e Thanks @​ping-maxwell! - Admin permission changes and bans now take effect immediately for admin APIs, even when session cookie cache is enabled. Sensitive session checks also continue to work in stateless apps where signed cookies are the session record.

  • #9939 f52e1ab Thanks @​benpsnyder! - fixes a bug causing deviceAuthorization() throwing a ZodError at construction when called without a schema option

  • #10196 b5bec19 Thanks @​Paola3stefania! - OAuth sign-up and account-link profile sync now ignore provider profile values for user fields marked input: false. Input-allowed additional fields still persist from mapProfileToUser, and schema defaults still apply when OAuth creates a user. Apps that used mapProfileToUser to fill input: false fields should set those fields in server-side provisioning code instead.

  • #10197 816d7f9 Thanks @​Paola3stefania! - Google sign-in now accepts hd: "*" to allow any Google Workspace hosted domain while still rejecting tokens with no hosted-domain claim.

    Google One Tap now applies the configured Google hosted-domain restriction before creating a session.

  • #10192 239bcc8 Thanks @​bytaesu! - Validate PayPal user info against the verified ID token subject during social sign-in.

  • #10228 1bc370a Thanks @​gustavovalverde! - The SIWE plugin no longer binds a provided email that already belongs to another account. With anonymous set to false, /siwe/verify previously created the new account using that email even when it was already in use; it now keeps the wallet-derived address in that case, so one email cannot be attached to two accounts.

  • #10198 570267c Thanks @​rachit367! - Honor disableMigration on plugin schema tables. Tables flagged with disableMigration: true are now skipped by better-auth generate (Drizzle and Prisma output) and by the runtime migrator, instead of being emitted and created anyway. The flag was previously dropped while assembling the table list, so it had no effect.

  • #10182 461ca6f Thanks @​bytaesu! - Only store display username fallbacks as usernames when they pass username validation during email sign-up.

  • #10183 88409b0 Thanks @​bytaesu! - Require OAuth proxy profile callbacks to match an issued OAuth state before creating sessions.

  • #10203 5953157 Thanks @​bytaesu! - Rate limiting no longer trusts multi-hop X-Forwarded-For chains, preventing a client behind an appending proxy from spoofing the leftmost hop to bypass the per-IP rate limit. Single-value IP headers continue to work. To key the real client behind a proxy chain, set advanced.ipAddress.trustedProxies to your reverse-proxy IPs or CIDR ranges (the chain is walked right to left, skipping trusted hops), or point advanced.ipAddress.ipAddressHeaders at a single trusted client-IP header.

... (truncated)

Commits
  • a90d061 chore: release v1.6.22 (#10245)
  • 3a035e9 fix(two-factor): add account-level verification lockout (#10240)
  • c06a56d fix: revoke unproven credentials on magic-link/email-OTP sign-in (#10239)
  • 414169d chore: release v1.6.21 (#10184)
  • f52e1ab fix(device-authorization): make schema option optional under Zod v4 (#9939)
  • 882cf9e fix(admin): use authoritative session reads for authorization (#10187)
  • b5bec19 fix(oauth): apply user input rules to provider profiles (#10196)
  • 471f81c refactor: centralize request IP resolver in core (#10216)
  • 816d7f9 fix(one-tap): apply configured Google hosted domain (hd) on the callback (#10...
  • 1bc370a fix(siwe): reject sign-in when the provided email already belongs to another ...
  • Additional commits viewable in compare view

Updates hono from 4.12.23 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

v4.12.26

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

... (truncated)

Commits
  • 97c6fe1 4.12.27
  • aa92177 Merge commit from fork
  • cd3f6f7 Merge commit from fork
  • d4853a8 fix(jsx): make merged context-isolation tests pass tsc type check (#5037)
  • 6735fea fix(jsx): cast awaitedFallback through unknown to fix Deno type check (#5036)
  • fab3b13 Merge commit from fork
  • 9f0dadf ci: use npm Staged publishing (#5035)
  • 27b7992 4.12.26
  • d29982c chore: replace arg and glob with Bun native APIs in build script
  • 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates ioredis from 5.11.0 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)
Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)
Commits
  • fb224a7 chore(release): 5.11.1 [skip ci]
  • 131ee24 fix: parse protocol-relative Redis URLs as TCP connections (#2125)
  • c84b2ee fix(cluster): reconnect to nodes that restart without slot changes (#2096)
  • See full diff in compare view

Updates pg from 8.21.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

Commits

Updates resend from 6.12.4 to 6.16.0

Release notes

Sourced from resend's releases.

v6.15.0

What's Changed

Full Changelog: resend/resend-node@v6.14.0...v6.15.0

v6.14.0

What's Changed

Full Changelog: resend/resend-node@v6.13.0...v6.14.0

v6.13.0

What's Changed

New Contributors

Full Changelog: resend/resend-node@v6.12.4...v6.13.0

Commits

Updates uuid from 14.0.0 to 14.0.1

Release notes

Sourced from uuid's releases.

v14.0.1

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)
Changelog

Sourced from uuid's changelog.

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)
Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates @radix-ui/react-avatar from 1.1.11 to 1.2.0

Changelog

Sourced from @​radix-ui/react-avatar's changelog.

1.2.0

  • Fixed several edge cases with Avatar's loading state
    • An avatar's fallback would not be displayed again if its image component unmounted. This is now fixed.
    • Rendering multiple Avatar.Image components per Avatar.Root was never supported and results in buggy, unpredictable behavior. We now warn about this in development.
    • Zero-sized images were treated as loading, meaning that onLoadingStatusChange is never called once loaded. A zero-sized image now triggers an error status on load.

Other updates

  • Fixed console warnings to show in test environments.
  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.1.12

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-is-hydrated@0.1.1, @radix-ui/react-use-layout-effect@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-avatar since your current version.


Updates @radix-ui/react-dialog from 1.1.15 to 1.1.17

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.17

  • Removed dev-only warnings for dialogs when title and/or description is not rendered.
  • Fixed Dismissable Layer so outside interactions stopped by extension UI overlays do not dismiss dialogs or popovers.
  • Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12

1.1.16

  • Fixed disabled pointer events in closed dialogs
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dialog since your current version.


Updates @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.18

Changelog

Sourced from @​radix-ui/react-dropdown-menu's changelog.

2.1.18

  • Fixed a bug where menus and submenus remained open after a window loses focus.
  • Updated dependencies: @radix-ui/react-menu@2.1.18, @radix-ui/react-primitive@2.1.6

2.1.17

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-menu@2.1.17, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dropdown-menu since your current version.


Updates @radix-ui/react-label from 2.1.8 to 2.1.10

Changelog

Sourced from @​radix-ui/react-label's changelog.

2.1.10

  • Updated dependencies: @radix-ui/react-primitive@2.1.6

2.1.9

  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-primitive@2.1.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-label since your current version.


Updates @radix-ui/react-scroll-area from 1.2.10 to 1.2.12

Changelog

Sourced from @​radix-ui/react-scroll-area's changelog.

1.2.12

  • Stabilized the viewport style tag unless the nonce changes.
  • Fixed Duplicate index signature errors that surfaced when consuming multiple packages together.
  • Updated dependencies: @radix-ui/react-primitive@2.1.6

1.2.11

  • Fixed missing data-state attribute for Scroll Area scrollbars
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-layout-effect@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-scroll-area since your current version.


Updates @radix-ui/react-select from 2.2.6 to 2.3.1

Changelog

Sourced from @​radix-ui/react-select's changelog.

2.3.1

  • Allowed a Select.Item with an empty string value to act as a "clear" option. Selecting it resets the selection back to the placeholder, restoring the native <select> behavior for optional selects.
  • Fixed a bug where typeahead search resulted in focusing an element that no longer exists.
  • Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-popper@1.3.1, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

2.3.0

  • Added unstable Provider and BubbleInput parts to Select. Select.unstable_Provider sets up Select's context and state without implicitly rendering the hidden native select, and Select.unstable_BubbleInput exposes that previously internal native select so consumers can recompose it explicitly. Select continues to render both by default.
  • Added support for presence-based exit animations in Select
  • Fixed Select hidden input so it submits empty string when no value is selected
  • Fixed placeholder rendering when a controlled Select is reset to an empty value
  • Added missing __selectScope prop to PopperContent component
  • Fixed Select closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Fixed SelectValue logging invalid prop errors when used with both asChild and a placeholder
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1....

    Description has been truncated

…y with 28 updates

Bumps the production-dependencies group with 28 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-pricing](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-pricing) | `3.1053.0` | `3.1075.0` |
| [@hono/node-server](https://github.com/honojs/node-server) | `2.0.4` | `2.0.6` |
| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.6.11` | `1.6.22` |
| [hono](https://github.com/honojs/hono) | `4.12.23` | `4.12.27` |
| [ioredis](https://github.com/luin/ioredis) | `5.11.0` | `5.11.1` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.21.0` | `8.22.0` |
| [resend](https://github.com/resend/resend-node) | `6.12.4` | `6.16.0` |
| [uuid](https://github.com/uuidjs/uuid) | `14.0.0` | `14.0.1` |
| [@radix-ui/react-avatar](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/avatar) | `1.1.11` | `1.2.0` |
| [@radix-ui/react-dialog](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dialog) | `1.1.15` | `1.1.17` |
| [@radix-ui/react-dropdown-menu](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dropdown-menu) | `2.1.16` | `2.1.18` |
| [@radix-ui/react-label](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/label) | `2.1.8` | `2.1.10` |
| [@radix-ui/react-scroll-area](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/scroll-area) | `1.2.10` | `1.2.12` |
| [@radix-ui/react-select](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/select) | `2.2.6` | `2.3.1` |
| [@radix-ui/react-separator](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/separator) | `1.1.8` | `1.1.10` |
| [@radix-ui/react-slot](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slot) | `1.2.4` | `1.3.0` |
| [@radix-ui/react-tabs](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tabs) | `1.1.13` | `1.1.15` |
| [@radix-ui/react-toast](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/toast) | `1.2.15` | `1.2.17` |
| [@radix-ui/react-tooltip](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tooltip) | `1.2.8` | `1.2.10` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.14` | `5.101.2` |
| [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router) | `1.170.8` | `1.170.16` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.16.0` | `1.22.0` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |
| [react-resizable-panels](https://github.com/bvaughn/react-resizable-panels) | `4.11.2` | `4.12.0` |
| [recharts](https://github.com/recharts/recharts) | `3.8.1` | `3.9.0` |
| [vscode-languageserver-protocol](https://github.com/Microsoft/vscode-languageserver-node/tree/HEAD/protocol) | `3.17.5` | `3.18.1` |
| [zustand](https://github.com/pmndrs/zustand) | `5.0.13` | `5.0.14` |



Updates `@aws-sdk/client-pricing` from 3.1053.0 to 3.1075.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-pricing/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1075.0/clients/client-pricing)

Updates `@hono/node-server` from 2.0.4 to 2.0.6
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v2.0.4...v2.0.6)

Updates `better-auth` from 1.6.11 to 1.6.22
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.6.22/packages/better-auth)

Updates `hono` from 4.12.23 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.23...v4.12.27)

Updates `ioredis` from 5.11.0 to 5.11.1
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](redis/ioredis@v5.11.0...v5.11.1)

Updates `pg` from 8.21.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `resend` from 6.12.4 to 6.16.0
- [Release notes](https://github.com/resend/resend-node/releases)
- [Commits](resend/resend-node@v6.12.4...v6.16.0)

Updates `uuid` from 14.0.0 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v14.0.0...v14.0.1)

Updates `@radix-ui/react-avatar` from 1.1.11 to 1.2.0
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/avatar/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/avatar)

Updates `@radix-ui/react-dialog` from 1.1.15 to 1.1.17
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dialog/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dialog)

Updates `@radix-ui/react-dropdown-menu` from 2.1.16 to 2.1.18
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dropdown-menu/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dropdown-menu)

Updates `@radix-ui/react-label` from 2.1.8 to 2.1.10
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/label/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/label)

Updates `@radix-ui/react-scroll-area` from 1.2.10 to 1.2.12
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/scroll-area/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/scroll-area)

Updates `@radix-ui/react-select` from 2.2.6 to 2.3.1
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/select/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/select)

Updates `@radix-ui/react-separator` from 1.1.8 to 1.1.10
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/separator/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/separator)

Updates `@radix-ui/react-slot` from 1.2.4 to 1.3.0
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slot/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slot)

Updates `@radix-ui/react-tabs` from 1.1.13 to 1.1.15
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tabs/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tabs)

Updates `@radix-ui/react-toast` from 1.2.15 to 1.2.17
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/toast/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/toast)

Updates `@radix-ui/react-tooltip` from 1.2.8 to 1.2.10
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tooltip/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tooltip)

Updates `@tanstack/react-query` from 5.100.14 to 5.101.2
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.2/packages/react-query)

Updates `@tanstack/react-router` from 1.170.8 to 1.170.16
- [Release notes](https://github.com/TanStack/router/releases)
- [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router@1.170.16/packages/react-router)

Updates `lucide-react` from 1.16.0 to 1.22.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.22.0/packages/lucide-react)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `react-resizable-panels` from 4.11.2 to 4.12.0
- [Release notes](https://github.com/bvaughn/react-resizable-panels/releases)
- [Changelog](https://github.com/bvaughn/react-resizable-panels/blob/main/CHANGELOG.md)
- [Commits](bvaughn/react-resizable-panels@4.11.2...4.12.0)

Updates `recharts` from 3.8.1 to 3.9.0
- [Release notes](https://github.com/recharts/recharts/releases)
- [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md)
- [Commits](recharts/recharts@v3.8.1...v3.9.0)

Updates `vscode-languageserver-protocol` from 3.17.5 to 3.18.1
- [Release notes](https://github.com/Microsoft/vscode-languageserver-node/releases)
- [Commits](https://github.com/Microsoft/vscode-languageserver-node/commits/release/protocol/3.18.1/protocol)

Updates `zustand` from 5.0.13 to 5.0.14
- [Release notes](https://github.com/pmndrs/zustand/releases)
- [Commits](pmndrs/zustand@v5.0.13...v5.0.14)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-pricing"
  dependency-version: 3.1075.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@hono/node-server"
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: better-auth
  dependency-version: 1.6.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: ioredis
  dependency-version: 5.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: resend
  dependency-version: 6.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-avatar"
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-dialog"
  dependency-version: 1.1.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-dropdown-menu"
  dependency-version: 2.1.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-label"
  dependency-version: 2.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-scroll-area"
  dependency-version: 1.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-select"
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-separator"
  dependency-version: 1.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-slot"
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-tabs"
  dependency-version: 1.1.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-toast"
  dependency-version: 1.2.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@radix-ui/react-tooltip"
  dependency-version: 1.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.101.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@tanstack/react-router"
  dependency-version: 1.170.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: lucide-react
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-resizable-panels
  dependency-version: 4.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: recharts
  dependency-version: 3.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: vscode-languageserver-protocol
  dependency-version: 3.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: zustand
  dependency-version: 5.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@pacphi

pacphi commented Jun 29, 2026

Copy link
Copy Markdown
Owner

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant