Skip to content

deps(deps): bump the production-dependencies group across 1 directory with 8 updates#1

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-c3aad6a460
Open

deps(deps): bump the production-dependencies group across 1 directory with 8 updates#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-c3aad6a460

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026
edited
Loading

Bumps the production-dependencies group with 8 updates in the / directory:

Package From To
@hookform/resolvers 5.2.2 5.4.0
@supabase/supabase-js 2.106.1 2.107.0
lucide-react 1.14.0 1.17.0
react 19.2.6 19.2.7
react-dom 19.2.6 19.2.7
react-hook-form 7.75.0 7.77.0
react-router-dom 7.15.1 7.16.0
zustand 5.0.13 5.0.14

Updates @hookform/resolvers from 5.2.2 to 5.4.0

Release notes

Sourced from @​hookform/resolvers's releases.

v5.4.0

5.4.0 (2026-05-21)

Features

  • feat: add ata-validator resolver (#845)

Fixes

  • fix issue with toNestErrors.ts (#848)
  • add guidance on passing context to yupResolver (useForm context) (#835) (3d29924)
Commits

Updates @supabase/supabase-js from 2.106.1 to 2.107.0

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.107.0

2.107.0 (2026-06-02)

🚀 Features

  • auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
  • realtime: allow httpSend to send binary payload (#2400)
  • supabase: update X-Client-Info to structured metadata format (#2359)

🩹 Fixes

  • auth: return AuthInvalidJwtError from getClaims for expired JWT (#2395)
  • auth: recognize ?error= redirects in implicit grant gate (#2407)
  • auth): revert fix(auth: encode client-id in oauth requests (#2383, #2417)
  • postgrest: return a structured error for non-JSON body on successful responses (#2398)
  • release: pin workspace:* sibling deps before JSR publish (#2418)
  • release: publish gotrue-js legacy mirror via pnpm (#2419)

❤️ Thank You

v2.107.0-canary.6

2.107.0-canary.6 (2026-06-02)

This was a version bump only, there were no code changes.

v2.107.0-canary.5

2.107.0-canary.5 (2026-06-02)

🩹 Fixes

  • release: publish gotrue-js legacy mirror via pnpm (#2419)

❤️ Thank You

v2.107.0-canary.4

2.107.0-canary.4 (2026-06-02)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.107.0 (2026-06-02)

🚀 Features

  • auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
  • supabase: update X-Client-Info to structured metadata format (#2359)
  • realtime: allow httpSend to send binary payload (#2400)

❤️ Thank You

2.106.2 (2026-05-25)

🩹 Fixes

  • misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

Commits
  • 54ec2b6 feat(auth): remove navigator.locks-based mutex; introduce commit guard + disp...
  • 3397c92 feat(supabase): update X-Client-Info to structured metadata format (#2359)
  • 335207f feat(realtime): allow httpSend to send binary payload (#2400)
  • 42f12dd docs(repo): ship per-package AGENTS.md and migrations via npm (#2397)
  • b200b74 chore(release): version 2.106.2 changelogs (#2396)
  • a5f09cf chore(repo): adopt pnpm catalog and clean up devDeps (#2389)
  • c72cc56 fix(misc): add react-native export condition for Hermes-safe resolution (#2393)
  • a7bdb23 docs(supabase): expand tracePropagation tsdoc with examples (#2388)
  • f4c149c chore(release): version 2.106.1 changelogs (#2384)
  • See full diff in compare view

Updates lucide-react from 1.14.0 to 1.17.0

Release notes

Sourced from lucide-react's releases.

Version 1.17.0

What's Changed

Full Changelog: lucide-icons/lucide@1.16.0...1.17.0

Version 1.16.0

What's Changed

Full Changelog: lucide-icons/lucide@1.15.0...1.16.0

Version 1.15.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.14.0...1.15.0

Commits

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates react-hook-form from 7.75.0 to 7.77.0

Release notes

Sourced from react-hook-form's releases.

Version 7.77.0

🥡 feat: add resetDefaultValues API (#13427)

https://react-hook-form.com/docs/useform/resetdefaultvalues

const { resetDefaultValues } = useForm();
resetDefaultValues(currentValues);

🐚 harden get() against prototype-path traversal (proto / constructor / prototype) (#13479) 🐞 fix FieldArray errors overriding nested fields (#13476) 🐞 fix inconsistent reset({}) behavior requiring double-call to take effect (#13473) 🐞 fix: preserve values with shouldUnregister (#13464) 🐞 fix stale isDirty in subscribe payload after reset(..., { keepValues: true }) (#13461) 👝 save bundle size (#13468)

thanks to @​puneetdixit200 & @​dfedoryshchev

Version 7.76.1

🐞 fix: pass options parameter through setValues to enable validation (#13457) 🐞 fix(setValues): emit whole-form change without stale name/type (#13450) 🚗 perf(setValues): thread skipClone through setFieldValue (#13448) 🚗 perf(setValues): skip redundant per-field deep clones (#13445) Revert "🐞 fix: treat NaN as empty when valueAsNumber is true in validateField (#13388)"

thanks to @​philibea & @​maxkostow

Version v7.76.0

🪭 close #13141 improve isDirty sync with dirtyFields state (#13370) 🐞 fix isValidating reactivity when validatingFields is not subscribed (#13440) 🛺 test: fix duplicate-word typos in test descriptions (#13439) 🐞 fix #13436: errors state when using form level validation (#13437) 🐞 fix #13429 append({ obj: null }) is silently replaced by defaultValues after remove() (#13435) 🐞 fix native validation tooltip suppression caused by duplicate submit-error focus (#13432) 🐞 fix: propagate setValues updates to mounted Controller fields (#13431) 🐞 fix: rreserve reset values for conditionally mounted Controller fields with shouldUnregister 🐞 fix: useFieldArray remove leaves array with empty object when using values prop (#13422) 🐞 fix #13260: notify all matching field-array roots on nested setValue updates (#13420) 🐞 fix #13104: preserve nested resolver field-array errors in trigger() (#13419) 🐞 fix #13413: preserve formState.defaultValues when useFieldArray + watch are used together 📝 docs: fix JSDoc for IsNever, register, and getFieldState (#13410) (#13411) 🐞 fix(Watch): restore TypeScript 4 compatibility (#13409)

Big thanks to @​dfedoryshchev for multiple fixes, and to @​EduardF1, @​in-ch and @​johnstrand.

Changelog

Sourced from react-hook-form's changelog.

[7.77.0] - 2026-05-31

Added

  • resetDefaultValues API

Fixed

  • Stale isDirty in subscribe payload after reset(..., { keepValues: true })
  • Preserve values with shouldUnregister
  • Inconsistent reset({}) behavior requiring double-call to take effect
  • FieldArray errors overriding nested fields

Security

  • Harden get() against prototype-path traversal (__proto__ / constructor / prototype)

Performance

  • Bundle size reduction

[7.76.1] - 2026-05-23

Fixed

  • Revert notify all matching field-array roots on nested setValue updates
  • Revert treat NaN as empty when valueAsNumber is true in validateField
  • setValues pass options parameter through to enable validation
  • setValues emit whole-form change without stale name/type

Performance

  • setValues skip redundant per-field deep clones
  • setValues thread skipClone through setFieldValue

[7.76.0] - 2026-05-16

Added

  • Improve isDirty sync with dirtyFields state

Fixed

  • Preserve formState.defaultValues when useFieldArray and watch are used together
  • Preserve nested resolver field-array errors in trigger()
  • Notify all matching field-array roots on nested setValue updates
  • useFieldArray remove leaves array with empty object when using values prop
  • Preserve reset values for conditionally mounted Controller fields with shouldUnregister
  • Propagate setValues updates to mounted Controller fields
  • Native validation tooltip suppression caused by duplicate submit-error focus

... (truncated)

Commits
  • 5b20741 7.77.0
  • f1a02d3 🧪 add regression coverage for createFormControl + useController remount defau...
  • ba88c3d 📚 docs: fix JSDoc for UseFormWatch (#13486)
  • 54198d9 🥡 feat: add resetDefaultValues API (#13427)
  • fe8276e 📚 docs: fix duplicate "de" in es-ES README image alt text (#13481)
  • 6aa81f9 🐚 harden get() against prototype-path traversal (__proto__ / `constructor...
  • 645478b 🐞 fix FieldArray errors overriding nested fields (#13476)
  • 889c752 🧪 add regression coverage for dynamic nested names with useController and wat...
  • 581321c 🐞 fix inconsistent reset({}) behavior requiring double-call to take effect (#...
  • f8eb2d7 🌭 upgrade deps (#13470)
  • Additional commits viewable in compare view

Updates react-router-dom from 7.15.1 to 7.16.0

Changelog

Sourced from react-router-dom's changelog.

v7.16.0

Patch Changes

  • Remove stale/invalid unpkg field from package.json. This was removed from other packages with the release of v7 but missed in the react-router-dom re-export package (#15075)
  • Updated dependencies:
Commits

Updates zustand from 5.0.13 to 5.0.14

Release notes

Sourced from zustand's releases.

v5.0.14

This release fixes a type issue in devtools.

What's Changed

New Contributors

Full Changelog: pmndrs/zustand@v5.0.13...v5.0.14

Commits
  • bfb2a9e 5.0.14
  • 62b2aff chore(deps): update dev dependencies (#3513)
  • ad77bd3 fix(devtools): improve type inference for Devtools initializer (#3511)
  • 8476d2c update pnpm etc (#3512)
  • d690ec2 docs(combine): add object constraints to T and U in signature (#3506)
  • fd8c601 docs(react): add Action constraint to redux middleware signature (#3492)
  • 2ce8226 docs(immer): fix setPerson updater type in usage examples (#3502)
  • 038b938 docs(updating-state): use curried create form with explicit state type (#3503)
  • 60a91b4 docs(devtools): add missing devtools import to troubleshooting example (#3501)
  • efad169 Update FUNDING.json
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Jun 3, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@netlify
Copy link
Copy Markdown

netlify Bot commented Jun 3, 2026
edited
Loading

Deploy Preview for savio-financial-app ready!

Name Link
🔨 Latest commit 476099c
🔍 Latest deploy log https://app.netlify.com/projects/savio-financial-app/deploys/6a213459d724110008f05e4e
😎 Deploy Preview https://deploy-preview-1--savio-financial-app.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

ritikadas98 pushed a commit that referenced this pull request Jun 4, 2026
@claude
Dependabot: ignore semver-major bumps for migration-heavy deps
33eeb60 
PR #4 (tailwindcss 3.4.19 → 4.3.0) broke `vite build` on the
Netlify deploy preview while CI passed. Tailwind v4 is a rewrite —
dropped the PostCSS plugin entry point, replaced `tailwind.config.ts`
with CSS-first `@theme {…}` config, and made tailwindcss-animate
incompatible. A real migration is ~2 hours and isn't in scope for
the portfolio's maintenance phase.

Added an `ignore` block scoped to semver-major bumps only, for the
six dependencies most likely to require human migration work when
they jump majors:

  tailwindcss   v4 = rewrite (the one that just bit us)
  react / react-dom    future v20 will be breaking
  vite          vN majors often change config shape
  eslint        flat-config era changes per major
  typescript    pinned with `~` already; major bumps would
                still surface and require attention

Minor + patch updates on all of these still come through normally,
so security-relevant fixes aren't suppressed. PR #4 itself needs to
be closed manually via the GitHub UI — Dependabot won't auto-close
existing PRs after a config change, the ignore rule only prevents
new ones.

Other Dependabot PRs (#1 production minor/patch group, #2 dev
minor/patch group, #3 @types/node 24→25) all pass CI and are safe
to merge.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@dependabot
deps(deps): bump the production-dependencies group across 1 directory…
476099c 
… with 8 updates

Bumps the production-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@hookform/resolvers](https://github.com/react-hook-form/resolvers) | `5.2.2` | `5.4.0` |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.106.1` | `2.107.0` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.14.0` | `1.17.0` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.75.0` | `7.77.0` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.15.1` | `7.16.0` |
| [zustand](https://github.com/pmndrs/zustand) | `5.0.13` | `5.0.14` |



Updates `@hookform/resolvers` from 5.2.2 to 5.4.0
- [Release notes](https://github.com/react-hook-form/resolvers/releases)
- [Commits](react-hook-form/resolvers@v5.2.2...v5.4.0)

Updates `@supabase/supabase-js` from 2.106.1 to 2.107.0
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.107.0/packages/core/supabase-js)

Updates `lucide-react` from 1.14.0 to 1.17.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.17.0/packages/lucide-react)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `react-hook-form` from 7.75.0 to 7.77.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.75.0...v7.77.0)

Updates `react-router-dom` from 7.15.1 to 7.16.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.16.0/packages/react-router-dom)

Updates `zustand` from 5.0.13 to 5.0.14
- [Release notes](https://github.com/pmndrs/zustand/releases)
- [Commits](pmndrs/zustand@v5.0.13...v5.0.14)

---
updated-dependencies:
- dependency-name: "@hookform/resolvers"
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.107.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: lucide-react
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-hook-form
  dependency-version: 7.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: react-router-dom
  dependency-version: 7.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: zustand
  dependency-version: 5.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title deps(deps): bump the production-dependencies group with 8 updates deps(deps): bump the production-dependencies group across 1 directory with 8 updates Jun 4, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-c3aad6a460 branch from f1d2ae6 to 476099c Compare June 4, 2026 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants