Skip to content

chore(deps): bump the npm group across 1 directory with 16 updates#21

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/web/npm-80044b08a0
Open

chore(deps): bump the npm group across 1 directory with 16 updates#21
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/web/npm-80044b08a0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown

Bumps the npm group with 16 updates in the /apps/web directory:

Package From To
@better-auth/infra 0.1.9-beta.1 0.2.14
@better-auth/utils 0.3.1 0.4.2
@tanstack/react-hotkeys 0.3.3 0.10.0
@vercel/analytics 1.6.1 2.0.1
auth 1.5.0-beta.18 1.6.20
better-auth 1.5.1 1.6.20
foxact 0.2.55 0.3.7
inngest 3.54.2 4.7.0
lucide-react 0.575.0 1.21.0
next 16.1.6 16.2.9
react 19.2.4 19.2.7
react-dom 19.2.4 19.2.7
shiki 3.23.0 4.2.0
vercel 50.44.0 54.14.2
@types/node 25.9.4 26.0.0
typescript 6.0.2 6.0.3

Updates @better-auth/infra from 0.1.9-beta.1 to 0.2.14

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​better-auth/infra since your current version.


Updates @better-auth/utils from 0.3.1 to 0.4.2

Release notes

Sourced from @​better-auth/utils's releases.

v0.4.2

   🐞 Bug Fixes

    View changes on GitHub

v0.4.1

   🐞 Bug Fixes

    View changes on GitHub

v0.4.0

   🚀 Features

    View changes on GitHub
Commits
  • b20329a chore: release v0.4.2
  • d741ab7 fix(otp): use constant-time comparison when verifying codes (#25)
  • be85f69 ci: harden release workflow (#23)
  • d80a031 ci: migrate release to npm OIDC trusted publishing (#19)
  • 9d6fbe3 chore: release v0.4.1
  • 3e36329 ci: pin actions to sha and bump pnpm/node toolchain (#18)
  • 249f5fb chore(pnpm): configure allowBuilds field
  • 83ee446 fix(password): add workerd export condition (#17)
  • 23a924c chore: release v0.4.0
  • 1639b0d feat: add password module with native node:crypto scrypt support (#16)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​better-auth/utils since your current version.


Updates @tanstack/react-hotkeys from 0.3.3 to 0.10.0

Release notes

Sourced from @​tanstack/react-hotkeys's releases.

@​tanstack/react-hotkeys@​0.10.0

Minor Changes

  • feat: upgrade to latest tanstack store version (3104ee4)

Patch Changes

  • Updated dependencies [3104ee4]:
    • @​tanstack/hotkeys@​0.8.0

@​tanstack/react-hotkeys@​0.9.1

Patch Changes

  • Updated dependencies [0e46137]:
    • @​tanstack/hotkeys@​0.7.1

@​tanstack/react-hotkeys@​0.9.0

Minor Changes

  • feat: options.meta with name and descriptions by default and new useHotkeysRegistrations hooks (#95)

Patch Changes

  • Updated dependencies [63bfa22]:
    • @​tanstack/hotkeys@​0.7.0

@​tanstack/react-hotkeys@​0.8.4

Patch Changes

  • Updated dependencies [b04c88e]:
    • @​tanstack/hotkeys@​0.6.4

@​tanstack/react-hotkeys@​0.8.3

Patch Changes

  • Updated dependencies [1999147]:
    • @​tanstack/hotkeys@​0.6.3

@​tanstack/react-hotkeys@​0.8.2

Patch Changes

  • Updated dependencies [6939ac7]:
    • @​tanstack/hotkeys@​0.6.2

@​tanstack/react-hotkeys@​0.8.1

Patch Changes

  • chore: upgrade tanstack store version (19a960f)

  • Updated dependencies [19a960f]:

... (truncated)

Changelog

Sourced from @​tanstack/react-hotkeys's changelog.

0.10.0

Minor Changes

  • feat: upgrade to latest tanstack store version (3104ee4)

Patch Changes

  • Updated dependencies [3104ee4]:
    • @​tanstack/hotkeys@​0.8.0

0.9.1

Patch Changes

  • Updated dependencies [0e46137]:
    • @​tanstack/hotkeys@​0.7.1

0.9.0

Minor Changes

  • feat: options.meta with name and descriptions by default and new useHotkeysRegistrations hooks (#95)

Patch Changes

  • Updated dependencies [63bfa22]:
    • @​tanstack/hotkeys@​0.7.0

0.8.4

Patch Changes

  • Updated dependencies [b04c88e]:
    • @​tanstack/hotkeys@​0.6.4

0.8.3

Patch Changes

  • Updated dependencies [1999147]:
    • @​tanstack/hotkeys@​0.6.3

0.8.2

Patch Changes

  • Updated dependencies [6939ac7]:
    • @​tanstack/hotkeys@​0.6.2

... (truncated)

Commits

Updates @vercel/analytics from 1.6.1 to 2.0.1

Release notes

Sourced from @​vercel/analytics's releases.

v2.0.1

What's Changed

New Contributors

Full Changelog: vercel/analytics@v2.0.0...v2.0.1

v2.0.0

What's Changed

Breaking Changes

  • License changed from MPL-2.0 to MIT (#170)
  • Nuxt: introduce module support. If you need to configure it, load injectAnalytics() from @vercel/analytics/nuxt/runtime (#183)

Features

  • feat: load dynamic configuration (#184) — analytics config can now be loaded dynamically

Bug Fixes

  • fix: src and endpoint paths do not work when relative (#186)

Full Changelog: vercel/speed-insights@1.6.1...2.0.0

v2.0.0-canary.1

Canary release for testing 2.0.0 changes

Commits

Updates auth from 1.5.0-beta.18 to 1.6.20

Release notes

Sourced from auth's releases.

v1.6.20

better-auth

Bug Fixes

  • Fixed account-linking logs to route through the configured logger (#10121)
  • Fixed TypeScript inference errors by declaring inherited APIError properties (#8734)
  • Fixed refresh cookie Max-Age to be capped at expiresIn (#9621)

For detailed changes, see CHANGELOG

@better-auth/i18n

Bug Fixes

  • Fixed English language fallback behavior and improved i18n documentation (#9872)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​adityachaudhary99, @​dipan-ck, @​sleepe229, @​WilsonnnTan

Full changelog: v1.6.19...v1.6.20

v1.6.19

better-auth

Features

  • Added support for pre-binding device codes to a specific user in the device authorization plugin (#9995)

Bug Fixes

  • Fixed headerless session checks (#10053)
  • Fixed cookie cache fallback lookup (#9348)
  • Fixed sendVerificationEmail errors not being surfaced to the client (#8863)
  • Fixed auth client return types not being emitted correctly in TypeScript declaration builds (#10071)
  • Fixed session and account cache cookies being silently dropped when near the browser's per-cookie size limit by splitting them into chunks (#10088)
  • Fixed single-use verification flows (such as magic-link) hanging on connection-limited database adapters by reusing active transactions (#10070)
  • Fixed the domain not being included when clearing cross-subdomain cookies in the last-login-method plugin (#9319)
  • Fixed the oauth-popup plugin leaking internal OAuth state keys into additionalData (#10067)
  • Reverted the headerless session check fix (#10074)

For detailed changes, see CHANGELOG

auth

... (truncated)

Changelog

Sourced from auth's changelog.

1.6.20

Patch Changes

1.6.19

Patch Changes

1.6.18

Patch Changes

  • Updated dependencies [9ef7240, b21a5f7]:
    • better-auth@1.6.18
    • @​better-auth/core@​1.6.18
    • @​better-auth/telemetry@​1.6.18

1.6.17

Patch Changes

1.6.16

... (truncated)

Commits
  • c342f42 chore: release v1.6.20 (#10108)
  • ac4d81d chore: release v1.6.19 (#10034)
  • 8b2ef2c test(cli): avoid shell interpolation in info tests (#10089)
  • d6aec12 fix(cli): serialize array additionalField defaultValue in drizzle generator (...
  • cfbb9a0 fix(cli): handle directory path passed to --output in generate command (#9564)
  • 04debbf chore: release v1.6.18 (#10026)
  • 0d8b238 chore: release v1.6.17 (#9984)
  • ac69e81 fix(cli): skip Unsupported() fields when regenerating prisma schema (#10011)
  • 108aadd fix(cli): update existing prisma field types (#9729)
  • baeaa00 fix: make single-use credentials, counters, and replay markers atomic (#9993)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for auth since your current version.


Updates better-auth from 1.5.1 to 1.6.20

Release notes

Sourced from better-auth's releases.

v1.6.20

better-auth

Bug Fixes

  • Fixed account-linking logs to route through the configured logger (#10121)
  • Fixed TypeScript inference errors by declaring inherited APIError properties (#8734)
  • Fixed refresh cookie Max-Age to be capped at expiresIn (#9621)

For detailed changes, see CHANGELOG

@better-auth/i18n

Bug Fixes

  • Fixed English language fallback behavior and improved i18n documentation (#9872)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​adityachaudhary99, @​dipan-ck, @​sleepe229, @​WilsonnnTan

Full changelog: v1.6.19...v1.6.20

v1.6.19

better-auth

Features

  • Added support for pre-binding device codes to a specific user in the device authorization plugin (#9995)

Bug Fixes

  • Fixed headerless session checks (#10053)
  • Fixed cookie cache fallback lookup (#9348)
  • Fixed sendVerificationEmail errors not being surfaced to the client (#8863)
  • Fixed auth client return types not being emitted correctly in TypeScript declaration builds (#10071)
  • Fixed session and account cache cookies being silently dropped when near the browser's per-cookie size limit by splitting them into chunks (#10088)
  • Fixed single-use verification flows (such as magic-link) hanging on connection-limited database adapters by reusing active transactions (#10070)
  • Fixed the domain not being included when clearing cross-subdomain cookies in the last-login-method plugin (#9319)
  • Fixed the oauth-popup plugin leaking internal OAuth state keys into additionalData (#10067)
  • Reverted the headerless session check fix (#10074)

For detailed changes, see CHANGELOG

auth

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.20

Patch Changes

  • #10121 21448b1 Thanks @​adityachaudhary99! - OAuth account-linking and create-user error logs now respect a custom logger configured in betterAuth(), instead of always being written to the default console logger.

  • #9621 8ecf238 Thanks @​dipan-ck! - Session refresh no longer emits a cookie Max-Age above the browser's 400-day ceiling when using a database without fractional-second precision.

  • #8734 930f534 Thanks @​sleepe229! - declare inherited APIError properties to fix TypeScript inference errors

  • Updated dependencies []:

    • @​better-auth/core@​1.6.20
    • @​better-auth/drizzle-adapter@​1.6.20
    • @​better-auth/kysely-adapter@​1.6.20
    • @​better-auth/memory-adapter@​1.6.20
    • @​better-auth/mongo-adapter@​1.6.20
    • @​better-auth/prisma-adapter@​1.6.20
    • @​better-auth/telemetry@​1.6.20

1.6.19

Patch Changes

  • #10088 de4aa52 Thanks @​bytaesu! - Session and account cache cookies near the browser's per-cookie size limit (for example with a long cookiePrefix or many cached fields) are now split into chunks instead of being silently dropped by the browser. A cache too large to fit even when chunked is skipped with a warning rather than failing the request, so reads fall back to the database.

  • #9995 b4b0266 Thanks @​ElGauchooooo! - The device authorization plugin now accepts an optional user_id when issuing a device code via /device/code, pre-binding the code to that user. Only the bound user can approve or deny the code, so a publicly visible user code can no longer be claimed by someone else.

  • #10086 5bd5e1c Thanks @​gustavovalverde! - Refresh-token rotation and token revocation, two-factor backup-code regeneration, device-code claiming, and organization invitation acceptance now work on Prisma. Concurrent or repeat requests in these flows could previously return an error on Prisma instead of the expected result.

    On MongoDB servers older than 5.0, these flows and other guarded value updates (rate-limit window resets, API-key refills) no longer fail with an empty-update error.

    @better-auth/core: incrementOne now reports a clear error when called with no increment and no set.

  • #9319 581f827 Thanks @​ping-maxwell! - fix(last-login-method): include domain when clearing cross-subdomain cookies

  • #10067 8407885 Thanks @​bytaesu! - The oauth-popup plugin now ignores internal OAuth state fields passed through its additionalData parameter, so additionalData only ever carries your own custom values.

  • #9555 c1a8a64 Thanks @​ChrisMGeo! - Fix invalid OpenAPI output for Better Auth callback, session, and passkey routes so client generators can consume the schema.

  • #10071 635f190 Thanks @​gustavovalverde! - Auth clients exported from wrapper packages can now be emitted in TypeScript declaration builds without extra type annotations.

  • #10070 a787e0b Thanks @​gustavovalverde! - Single-use verification flows no longer hang on database adapters that use a one-connection pool. This fixes magic-link verification and similar token checks in connection-limited serverless database setups.

  • #9348 c2f718f Thanks @​ping-maxwell! - fix: cookie cache fallback lookup

  • #8863 7d18175 Thanks @​ping-maxwell! - sendVerificationEmail was invoked via runInBackgroundOrAwait, which could defer work when advanced.backgroundTasks.handler is configured (so the handler could return 200 before the email callback finished) and, in the default path, caught and logged errors without rethrowing. User callbacks that throw APIError (e.g. 429 from a rate limiter) were therefore not reliably reflected in the HTTP response (better-auth/better-auth#8757).

    Now we await sendVerificationEmailFn so failures surface to the client with the correct status. The unauthenticated /send-verification-email path enforces a constant-time floor (500 ms) so that the response duration does not reveal whether the email belongs to a real unverified user.

  • Updated dependencies [0895993, 5bd5e1c, a787e0b]:

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for better-auth since your current version.


Updates foxact from 0.2.55 to 0.3.7

Release notes

Sourced from foxact's releases.

0.3.7

Core Changes

  • Introduce new useResizing, a React hook that allows you to detect whether an element is currently being resized via ResizeObserver and ref callback.

Other Changes

  • Add displayName for Breadcrumbs's components (guarded with non-production mode check), enabling better DX via React DevTools.
  • Disable hoistTransitiveImports in foxact's Rollup build config.

0.3.6

Core Changes

  • Introduce new Breadcrumbs, a React utility that allows you to colocate your breadcrumb declarations within your UI, without breaking React's one-way data flow. See the documentation for more information.

Other Changes

  • Removed the undocumented and unstable <EmailProtection /> component. It was never intended to be used.

0.3.5

Core Changes

  • <ComposeContextProvider /> now has more strict types. Only React.ReactElement<React.PropsWithChildren> is allowed from now on at the TypeScript level.
    • You will most likely not affect by this. The types update is to align with the actual runtime behavior.
  • useStateWithDeps is now finalized, stable, and documented.

Other Changes

  • foxact now has a test suite (mocha + earl + Happy DOM + @testing-library/react, with nyc coverage), covering every documented behavior of every hook, including SSR, hydration, and a worker-thread based "real server realm" harness for typeof window-dependent behaviors.

0.3.4

Core Changes

  • useClipboard now implements a new fallback mechanism using document.execCommand('copy') when navigator.clipboard is unavailable or throws an error. This fallback method is enabled by default and can be disabled via the useExecCommandAsFallback option.
    • Now useClipboard will try navigator.clipboard first
    • If navigator.clipboard fails, it will try document.execCommand('copy') + hidden <span /> if useExecCommandAsFallback option is set to true (which is the default)
    • If document.execCommand('copy') also fails, it will show a window.prompt for manual copy if usePromptAsFallback option is set to true (which is false by default, as previous version)

0.3.3

Core Changes

  • Add NoopComponent, a component that renders nothing by returning an empty fragment (<Fragment />). This is useful when a library expects a React component or a ReactElement (instead of ReactNode, so you can't pass a null or undefined) but you intentionally want no UI output.
    • NoopComponent is a client component. This is to avoid potential issues when <NoopComponent /> is passed to a React Server Component that uses React.cloneElement under the hood.

0.3.1

Core Changes

  • Add undocumented createStacklessError utility function, which creates an error without stack trace (Firefox and SpiderMonkey are not supported). This is an internal utility that is exposed for some other libraries to use.

  • Previously, foxact/create-local-storage-state / foxact/create-session-storage-state has an undocumented 3rd returned hook, which is the setter hook. The implementation is now finalized, stable, and documented.

... (truncated)

Commits
  • 92a45ac release: 0.3.7
  • 654b164 chore: make eslint happy
  • 5994704 test: shared trap console test util
  • e049669 chore: housekeeping
  • 718fb5e docs(use-resizing): bring up, with real world example
  • bad44ac feat(use-resizing): bring up
  • be07ce6 chore: disable rollup hoistTransitiveImports
  • 4629632 chore(breadcrumbs): adjust return tuple element name
  • 96cbc79 docs(breadcrumbs): adjust a few wording
  • 6c5a2a5 docs: typo in example breadcrumb data shape
  • Additional commits viewable in compare view

Updates inngest from 3.54.2 to 4.7.0

Release notes

Sourced from inngest's releases.

inngest@4.7.0

Minor Changes

Patch Changes

inngest@4.6.0

Minor Changes

  • #1567 1c3ad876 Thanks @​Linell! - Deprecate optimizeParallelism: false — use group.parallel({ mode: "race" }) for race semantics instead. Opting out prevents runs from resuming checkpointing after a Promise.all.

  • #1568 bd6016c1 Thanks @​scottnuma! - Add metadata to steps containing OTel instrumented LLM calls

Patch Changes

inngest@4.5.1

Patch Changes

inngest@4.5.0

Minor Changes

  • #1522 ebeb4516 Thanks @​Linell! - Bump minimum @opentelemetry/auto-instrumentations-node to 0.75.0 to address GHSA-q7rr-3cgh-j5r3 in the transitive @opentelemetry/sdk-node / @opentelemetry/exporter-prometheus packages.

    Note that upstream auto-instrumentations-node@0.72.0 dropped bundled Fastify, instrumentation, so if you relied on it for tracing your Fastify routes, add @opentelemetry/instrumentation-fastify directly.

Patch Changes

  • #1540 10dad398Description has been truncated


    Summary by cubic

    Update dependencies in apps/web (16 packages) to current releases for stability, security, and better DX. Notable majors: inngest v4, lucide-react v1, shiki v4, @vercel/analytics v2, vercel CLI v54, and @types/node v26.

    • Dependencies

      • Auth: better-auth 1.6.20, auth 1.6.20, @better-auth/infra, @better-auth/utils.
      • UI/UX: lucide-react v1, @tanstack/react-hotkeys 0.10.x, foxact 0.3.x.
      • Framework: next 16.2.x, react/react-dom 19.2.7.
      • Tooling: @vercel/analytics v2, vercel v54, @types/node v26, typescript 6.0.3.
      • Other: inngest v4, shiki v4.
    • Migration

      • inngest v4: replace optimizeParallelism: false with group.parallel({ mode: "race" }); if tracing is enabled, ensure @opentelemetry/auto-instrumentations-node ≥ 0.75.0.
      • lucide-react v1 and shiki v4: re-run typecheck and verify icons and code highlighting; adjust imports/API if needed.
      • Tooling: verify @vercel/analytics config still loads as expected and align Node runtime with @types/node v26.

    Written for commit 286af3fb0774203d2e251c13fee2412f94775225. Summary will update on new commits.

Bumps the npm group with 16 updates in the /apps/web directory:

| Package | From | To |
| --- | --- | --- |
| [@better-auth/infra](https://github.com/better-auth/better-auth-infra/tree/HEAD/packages/infra) | `0.1.9-beta.1` | `0.2.14` |
| [@better-auth/utils](https://github.com/better-auth/utils) | `0.3.1` | `0.4.2` |
| [@tanstack/react-hotkeys](https://github.com/TanStack/hotkeys/tree/HEAD/packages/react-hotkeys) | `0.3.3` | `0.10.0` |
| [@vercel/analytics](https://github.com/vercel/analytics/tree/HEAD/packages/web) | `1.6.1` | `2.0.1` |
| [auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/cli) | `1.5.0-beta.18` | `1.6.20` |
| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.5.1` | `1.6.20` |
| [foxact](https://github.com/SukkaW/foxact) | `0.2.55` | `0.3.7` |
| [inngest](https://github.com/inngest/inngest-js/tree/HEAD/packages/inngest) | `3.54.2` | `4.7.0` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.575.0` | `1.21.0` |
| [next](https://github.com/vercel/next.js) | `16.1.6` | `16.2.9` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.7` |
| [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) | `3.23.0` | `4.2.0` |
| [vercel](https://github.com/vercel/vercel/tree/HEAD/packages/cli) | `50.44.0` | `54.14.2` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.4` | `26.0.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.2` | `6.0.3` |



Updates `@better-auth/infra` from 0.1.9-beta.1 to 0.2.14
- [Commits](https://github.com/better-auth/better-auth-infra/commits/HEAD/packages/infra)

Updates `@better-auth/utils` from 0.3.1 to 0.4.2
- [Release notes](https://github.com/better-auth/utils/releases)
- [Commits](better-auth/utils@v0.3.1...v0.4.2)

Updates `@tanstack/react-hotkeys` from 0.3.3 to 0.10.0
- [Release notes](https://github.com/TanStack/hotkeys/releases)
- [Changelog](https://github.com/TanStack/hotkeys/blob/main/packages/react-hotkeys/CHANGELOG.md)
- [Commits](https://github.com/TanStack/hotkeys/commits/@tanstack/react-hotkeys@0.10.0/packages/react-hotkeys)

Updates `@vercel/analytics` from 1.6.1 to 2.0.1
- [Release notes](https://github.com/vercel/analytics/releases)
- [Commits](https://github.com/vercel/analytics/commits/v2.0.1/packages/web)

Updates `auth` from 1.5.0-beta.18 to 1.6.20
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/cli/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.6.20/packages/cli)

Updates `better-auth` from 1.5.1 to 1.6.20
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.6.20/packages/better-auth)

Updates `foxact` from 0.2.55 to 0.3.7
- [Release notes](https://github.com/SukkaW/foxact/releases)
- [Commits](SukkaW/foxact@0.2.55...0.3.7)

Updates `inngest` from 3.54.2 to 4.7.0
- [Release notes](https://github.com/inngest/inngest-js/releases)
- [Changelog](https://github.com/inngest/inngest-js/blob/main/packages/inngest/CHANGELOG.md)
- [Commits](https://github.com/inngest/inngest-js/commits/inngest@4.7.0/packages/inngest)

Updates `lucide-react` from 0.575.0 to 1.21.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.21.0/packages/lucide-react)

Updates `next` from 16.1.6 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.1.6...v16.2.9)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `shiki` from 3.23.0 to 4.2.0
- [Release notes](https://github.com/shikijs/shiki/releases)
- [Commits](https://github.com/shikijs/shiki/commits/v4.2.0/packages/shiki)

Updates `vercel` from 50.44.0 to 54.14.2
- [Release notes](https://github.com/vercel/vercel/releases)
- [Changelog](https://github.com/vercel/vercel/blob/main/packages/cli/CHANGELOG.md)
- [Commits](https://github.com/vercel/vercel/commits/vercel@54.14.2/packages/cli)

Updates `@types/node` from 25.9.4 to 26.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `typescript` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v6.0.2...v6.0.3)

---
updated-dependencies:
- dependency-name: "@better-auth/infra"
  dependency-version: 0.2.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@better-auth/utils"
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@tanstack/react-hotkeys"
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@vercel/analytics"
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: auth
  dependency-version: 1.6.20
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: better-auth
  dependency-version: 1.6.20
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: foxact
  dependency-version: 0.3.7
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: inngest
  dependency-version: 4.7.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: lucide-react
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: next
  dependency-version: 16.2.9
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: shiki
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: vercel
  dependency-version: 54.14.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: "@types/node"
  dependency-version: 26.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 20, 2026
@sonarqubecloud

Copy link
Copy Markdown

@codecov

codecov Bot commented Jun 20, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@dependabot @github

dependabot Bot commented on behalf of github Jun 27, 2026

Copy link
Copy Markdown
Author

Dependabot can't access a private package registry without explicit configuration. Because of this, Dependabot cannot update this pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants