Skip to content

chore(deps): bump runtime and dev dependencies#141

Merged
hyp3rd merged 2 commits into
mainfrom
feat/TDEE-and-insights
Jun 30, 2026
Merged

chore(deps): bump runtime and dev dependencies#141
hyp3rd merged 2 commits into
mainfrom
feat/TDEE-and-insights

Conversation

@hyp3rd

@hyp3rd hyp3rd commented Jun 30, 2026

Copy link
Copy Markdown
Owner

chore(deps): bump runtime and dev dependencies

Update production and tooling dependencies to their latest minor and
patch releases. No application code changes.

Production:

  • @anthropic-ai/sdk 0.106.0 to 0.107.0
  • @supabase/supabase-js 2.108.2 to 2.109.0 (and related packages)
  • lucide-react 1.21.0 to 1.22.0
  • resend 6.14.0 to 6.16.0

Tooling:

  • tailwindcss and @tailwindcss/postcss 4.3.1 to 4.3.2
  • prettier 3.8.4 to 3.9.4
  • typescript-eslint 8.62.0 to 8.62.1
  • vite 8.1.0 to 8.1.1, postcss 8.5.15 to 8.5.16

Also lower the minimum Node engine in the lockfile from 26 to 24

hyp3rd added 2 commits June 30, 2026 13:52
Update production and tooling dependencies to their latest minor and
patch releases. No application code changes.

Production:
- @anthropic-ai/sdk 0.106.0 to 0.107.0
- @supabase/supabase-js 2.108.2 to 2.109.0 (and related packages)
- lucide-react 1.21.0 to 1.22.0
- resend 6.14.0 to 6.16.0

Tooling:
- tailwindcss and @tailwindcss/postcss 4.3.1 to 4.3.2
- prettier 3.8.4 to 3.9.4
- typescript-eslint 8.62.0 to 8.62.1
- vite 8.1.0 to 8.1.1, postcss 8.5.15 to 8.5.16

Also lower the minimum Node engine in the lockfile from 26 to 24.
@hyp3rd hyp3rd self-assigned this Jun 30, 2026
@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
maqro Ready Ready Preview, Comment Jun 30, 2026 11:54am

Request Review

@supabase

supabase Bot commented Jun 30, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project xlhadpxnprtmiblgxprg because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​anthropic-ai/​sdk@​0.106.0 ⏵ 0.107.06610091 +4100100
Updatedlucide-react@​1.21.0 ⏵ 1.22.0100 +110098 +19680
Updatedtailwindcss@​4.3.1 ⏵ 4.3.210010081 -398100
Updated@​supabase/​supabase-js@​2.108.2 ⏵ 2.109.089 +110010097 +2100
Updatedresend@​6.14.0 ⏵ 6.16.098100100100 +2100
Updated@​tailwindcss/​postcss@​4.3.1 ⏵ 4.3.29910010098100
Updatedprettier@​3.8.4 ⏵ 3.9.4100 +3100100 +4100 +2100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/eslint-config-next@16.2.9npm/@typescript-eslint/eslint-plugin@8.62.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.62.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@hyp3rd hyp3rd merged commit 5566abd into main Jun 30, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant