chore(deps): bump the production-dependencies group across 1 directory with 21 updates

[dependabot]

Bumps the production-dependencies group with 21 updates in the / directory:

Package	From	To
@aws-sdk/client-pricing	3.1053.0	3.1063.0
better-auth	1.6.11	1.6.14
ioredis	5.11.0	5.11.1
@radix-ui/react-avatar	1.1.11	1.1.12
@radix-ui/react-dialog	1.1.15	1.1.16
@radix-ui/react-dropdown-menu	2.1.16	2.1.17
@radix-ui/react-label	2.1.8	2.1.9
@radix-ui/react-scroll-area	1.2.10	1.2.11
@radix-ui/react-select	2.2.6	2.3.0
@radix-ui/react-separator	1.1.8	1.1.9
@radix-ui/react-slot	1.2.4	1.2.5
@radix-ui/react-tabs	1.1.13	1.1.14
@radix-ui/react-toast	1.2.15	1.2.16
@radix-ui/react-tooltip	1.2.8	1.2.9
@tanstack/react-query	5.100.14	5.101.0
@tanstack/react-router	1.170.8	1.170.15
lucide-react	1.16.0	1.17.0
react	19.2.6	19.2.7
react-dom	19.2.6	19.2.7
vscode-languageserver-protocol	3.17.5	3.18.0
zustand	5.0.13	5.0.14

Updates @aws-sdk/client-pricing from 3.1053.0 to 3.1063.0

Release notes

Sourced from @​aws-sdk/client-pricing's releases.

v3.1063.0

3.1063.0(2026-06-05)

Chores

• update author URL in package.json (#8080) (9bd1a86b)
• crt-loader: update to latest aws-crt (#8079) (8c2bdabd)

New Features

• clients: update client endpoints as of 2026-06-05 (fe9a398f)
• client-sagemaker: This release adds support for MLflow experiment tracking in SageMaker inference optimization. CreateAIRecommendationJob and CreateAIBenchmarkJob now accept an optional OutputConfig.MlflowConfig (MLflow App ARN, experiment, run name) to stream benchmark metrics and artifacts to your own MLflow App. (39430442)
• client-emr-serverless: Adds support for updating max capacity and custom fields while application is started (6c9cce08)
• client-dynamodb: Adding new BDD representation of endpoint ruleset (416005d4)
• client-mediaconvert: Adds support for configurable number of Clear Lead segments at the beginning of encrypted output. Adds support for multiple trickplay variants. (40eb4c6b)
• client-payment-cryptography: Adds CloudFormation support for resource-based policies on AWS Payment Cryptography keys. (c32019a8)
• client-quicksight: Adds support for Knowledge Base APIs and Index Capacity API (8205152f)

Bug Fixes

• core/httpAuthSchemes: fix concurrent skew correction (#8078) (83e48928)

Tests

• middleware-endpoint-discovery: remove integration tests (#8077) (02363831)
• clients: add client error deserialization tests (#8075) (0dfa4ad1)

---

For list of updated packages, view updated-packages.md in assets-3.1063.0.zip

v3.1062.0

3.1062.0(2026-06-04)

Chores

• scripts: include generated packages when validating declared imports 1-1 with used imports (#8072) (291ad366)

Documentation Changes

• client-guardduty: Remove unsupported RDS field for filter (5815da7f)

New Features

• client-interconnect: Adding new BDD representation of endpoint ruleset (34e23ef2)
• client-ec2-instance-connect: Adding new BDD representation of endpoint ruleset (c2a4981e)
• client-mq: BDD bulk update change rollout (e058b8fd)
• client-workspaces: Adding new BDD representation of endpoint ruleset (6b1e3602)
• client-connectparticipant: Adding new BDD representation of endpoint ruleset (22db2a6a)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-pricing's changelog.

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1062.0 (2026-06-04)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1061.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1060.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1059.0 (2026-06-02)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1058.0 (2026-06-01)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1057.0 (2026-05-29)

... (truncated)

Commits

• 85dabf4 Publish v3.1063.0
• 9bd1a86 chore: update author URL in package.json (#8080)
• f5235bb Publish v3.1062.0
• 71df2cc Publish v3.1061.0
• 8aeb92d Publish v3.1060.0
• 75bb4fc Publish v3.1059.0
• 6b082a6 chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)
• d7602d4 Publish v3.1058.0
• e836d5c Publish v3.1057.0
• 4b03542 Publish v3.1056.0
• Additional commits viewable in compare view

Updates better-auth from 1.6.11 to 1.6.14

Release notes

Sourced from better-auth's releases.

v1.6.14

better-auth

Bug Fixes

• Fixed Google One Tap authenticating the wrong user when the presented Google account was already linked to a different local user.
• Fixed null values being rejected for optional fields in the generated database schema (#9841)
• Fixed getSessionCookie to prefer the __Secure- prefixed cookie over a non-secure leftover, preventing a stale cookie from shadowing the current session (#9806)
• Fixed redirect URI validation to work on all supported runtimes and to reject URIs containing a fragment component per RFC 6749 §3.1.2 (#9845)
• Fixed organization invitation verification to restore the normal emailed-invitation flow while enforcing stricter email verification for externally controlled or predictable invitation IDs (#9877)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

• Fixed SAML Single Logout leaving the user signed in due to the logout handlers matching the session by ID instead of token.

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​bytaesu, @​gustavovalverde

Full changelog: v1.6.13...v1.6.14

v1.6.13

better-auth

Features

• Added support for server-side accountInfo calls with an optional userId parameter, allowing trusted callers to read provider profiles without constructing session headers (#9813)

Bug Fixes

• Clarified that viewBackupCodes is a server-only function not accessible via HTTP in its API documentation (#9822)
• Fixed Google One Tap authenticating the wrong user when the presented Google account is already linked to a different local user, by resolving identity through the shared OAuth path
• Fixed storeStateStrategy defaulting to "cookie" instead of "database" when only secondaryStorage is configured, preventing oversized-cookie errors on platforms like AWS Lambda (#9591)
• Fixed updateUserInfoOnLink not being applied when linking accounts through the standard OAuth redirect flow (#8758)
• Fixed oidc-provider and mcp plugins accepting invalid redirect_uri schemes such as javascript: and data: (#9838)
• Fixed organization logo not accepting null, preventing users from clearing an existing logo on create and update (#9842)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.14

Patch Changes

• #9877 2d9781a Thanks @​gustavovalverde! - Restore the normal emailed-invitation flow while documenting the stricter verification posture for organization invitations.

  Client-side listUserInvitations now always requires a verified session email because it enumerates invitation IDs from session.user.email. The requireEmailVerificationOnInvitation option now controls recipient calls that carry an invitation ID (acceptInvitation, rejectInvitation, getInvitation). When unset, Better Auth keeps the emailed-invitation sign-up flow for built-in opaque invitation IDs, including the default generator or advanced.database.generateId: "uuid", and requires verified email when invitation IDs are externally controlled or predictable, such as advanced.database.generateId: "serial" / false or custom ID generation. Apps that expose invitation IDs outside the invited user's mailbox, expose organization invitation lists to members, or require stricter ownership proof should set requireEmailVerificationOnInvitation: true or require verified email before sign-in.

• #9841 5a2d642 Thanks @​bytaesu! - Optional fields (required: false) now accept null, not just omission. The generated input validation previously rejected null even though the column is nullable, so a nullable field could not be cleared by passing null.

• #9845 13abc79 Thanks @​gustavovalverde! - Harden redirect-URI validation across the OAuth provider plugins. isSafeUrlScheme and SafeUrlSchema no longer call URL.canParse, which is absent on some supported runtimes and could throw or silently disable the dangerous-scheme check. They now parse with a try/catch fallback. SafeUrlSchema also rejects redirect URIs that contain a fragment component, per RFC 6749 §3.1.2.

• #9806 9d3450a Thanks @​bytaesu! - getSessionCookie now prefers the __Secure- cookie when both it and a non-secure cookie are present, so the non-secure cookie no longer shadows the current session cookie.

• Updated dependencies [13abc79]:

  • @​better-auth/core@​1.6.14
  • @​better-auth/drizzle-adapter@​1.6.14
  • @​better-auth/kysely-adapter@​1.6.14
  • @​better-auth/memory-adapter@​1.6.14
  • @​better-auth/mongo-adapter@​1.6.14
  • @​better-auth/prisma-adapter@​1.6.14
  • @​better-auth/telemetry@​1.6.14

1.6.13

Patch Changes

• #9813 d3919dc Thanks @​gustavovalverde! - Support server-side accountInfo calls without session headers.

  auth.api.accountInfo now accepts an optional userId, so a trusted server-side caller can read a user's provider profile without constructing session headers. This mirrors getAccessToken and refreshToken. HTTP callers still require a valid session, and a session always takes precedence over a supplied userId.

  The shared "resolve the target user, then fetch a valid access token" logic behind these three endpoints now lives in one place. As part of that, a server-side call that supplies neither a session nor a userId reports USER_ID_OR_SESSION_REQUIRED (400) consistently, rather than UNAUTHORIZED on some endpoints.

• #9591 5f282bd Thanks @​Vishesh-Verma-07! - When only secondaryStorage is configured (no primary database), storeStateStrategy now defaults to "database" instead of "cookie", preventing oversized-cookie errors on platforms like AWS Lambda. The account cookie that holds OAuth tokens in database-less setups stays enabled, so getAccessToken keeps working.

• #9818 43c08a2 Thanks @​gustavovalverde! - Fix two buggy internalAdapter helpers.

  Remove findAccount(accountId). It looked accounts up by account ID alone, which is unique neither across providers nor across users, so it returned a non-deterministic match. All callers now use a user-scoped or provider-scoped lookup.

  Replace the ambiguous deleteSessions(string | string[]) with two explicit methods. deleteUserSessions(userId) revokes every session for a user, and deleteSessions(tokens) revokes sessions by token. The old single-string overload silently treated its argument as a user ID, so a caller that meant to delete one session token could instead wipe all of a user's sessions or quietly match nothing.

• #9818 43c08a2 Thanks @​gustavovalverde! - Fix Google One Tap signing in the wrong user when the presented Google account is already linked to someone else. One Tap now resolves identity through the shared OAuth path, so the user who owns the Google subject is signed in, matching the redirect and signIn.social flows. Previously it matched a local user by the token's email and used the subject only to decide linking, so a Google credential owned by one user could authenticate a different user who happened to share that email.

  /account-info now resolves the account from the signed-in user's own linked accounts and accepts an optional providerId to disambiguate when two providers issue the same account ID. A colliding account ID returns a distinct AMBIGUOUS_ACCOUNT error instead of a misleading "not found", and an account with no configured social provider returns a 400 rather than a 500.

• #9838 be32012 Thanks @​gustavovalverde! - Validate the scheme of OAuth redirect_uris in the oidc-provider and mcp plugins.

  Both plugins previously accepted any string as a redirect_uri at registration. They now reject the javascript:, data:, and vbscript: schemes, which are never valid OAuth redirect targets. The @better-auth/oauth-provider package already applied this check, so this change brings the two older plugins in line with it.

... (truncated)

Commits

• 5038d41 chore: release v1.6.14 (#9846)
• 2d9781a fix(organization): split invitation verification gates (#9877)
• 5a2d642 fix: accept null for optional fields in generated schema (#9841)
• 9d3450a fix(cookies): prefer __Secure- cookie in getSessionCookie (#9806)
• a6f38c7 chore: release v1.6.13 (#9804)
• 87c1a0c fix(organization): allow null logo on create and update (#9842)
• be32012 fix(oauth): validate redirect_uri schemes in oidc-provider and mcp (#9838)
• 9c8ded6 docs(two-factor): mark viewBackupCodes as server-only in its API comment (#...
• 43c08a2 fix(account): scope OAuth account identity and fix buggy internalAdapter help...
• 23d7cbf fix(oauth): apply updateUserInfoOnLink in OAuth callback link flow (#8758)
• Additional commits viewable in compare view

Updates ioredis from 5.11.0 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

• cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
• parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

• cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
• parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

Commits

• fb224a7 chore(release): 5.11.1 [skip ci]
• 131ee24 fix: parse protocol-relative Redis URLs as TCP connections (#2125)
• c84b2ee fix(cluster): reconnect to nodes that restart without slot changes (#2096)
• See full diff in compare view

Updates @radix-ui/react-avatar from 1.1.11 to 1.1.12

Changelog

Sourced from @​radix-ui/react-avatar's changelog.

1.1.12

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-is-hydrated@0.1.1, @radix-ui/react-use-layout-effect@1.1.2

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-avatar since your current version.

Updates @radix-ui/react-dialog from 1.1.15 to 1.1.16

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.16

• Fixed disabled pointer events in closed dialogs
• Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dialog since your current version.

Updates @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.17

Changelog

Sourced from @​radix-ui/react-dropdown-menu's changelog.

2.1.17

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-menu@2.1.17, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dropdown-menu since your current version.

Updates @radix-ui/react-label from 2.1.8 to 2.1.9

Changelog

Sourced from @​radix-ui/react-label's changelog.

2.1.9

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-primitive@2.1.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-label since your current version.

Updates @radix-ui/react-scroll-area from 1.2.10 to 1.2.11

Changelog

Sourced from @​radix-ui/react-scroll-area's changelog.

1.2.11

• Fixed missing data-state attribute for Scroll Area scrollbars
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-layout-effect@1.1.2

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-scroll-area since your current version.

Updates @radix-ui/react-select from 2.2.6 to 2.3.0

Changelog

Sourced from @​radix-ui/react-select's changelog.

2.3.0

• Added unstable Provider and BubbleInput parts to Select. Select.unstable_Provider sets up Select's context and state without implicitly rendering the hidden native select, and Select.unstable_BubbleInput exposes that previously internal native select so consumers can recompose it explicitly. Select continues to render both by default.
• Added support for presence-based exit animations in Select
• Fixed Select hidden input so it submits empty string when no value is selected
• Fixed placeholder rendering when a controlled Select is reset to an empty value
• Added missing __selectScope prop to PopperContent component
• Fixed Select closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM
• Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Fixed SelectValue logging invalid prop errors when used with both asChild and a placeholder
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-visually-hidden@1.2.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-select since your current version.

Updates @radix-ui/react-separator from 1.1.8 to 1.1.9

Changelog

Sourced from @​radix-ui/react-separator's changelog.

1.1.9

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-primitive@2.1.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-separator since your current version.

Updates @radix-ui/react-slot from 1.2.4 to 1.2.5

Changelog

Sourced from @​radix-ui/react-slot's changelog.

1.2.5

• Fixed infinite re-render loop in React 19 caused by Slot creating a new ref callback on every render
• Added support for nested Slottable via a render prop, so a slotted element can be wrapped while still merging Slot props and refs onto it
• Added repository.directory to all package.json files
• Improved error messages for invalid slot children
• Updated dependencies: @radix-ui/react-compose-refs@1.1.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slot since your current version.

Updates @radix-ui/react-tabs from 1.1.13 to 1.1.14

Changelog

Sourced from @​radix-ui/react-tabs's changelog.

1.1.14

• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-roving-focus@1.1.12, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tabs since your current version.

Updates @radix-ui/react-toast from 1.2.15 to 1.2.16

Changelog

Sourced from @​radix-ui/react-toast's changelog.

1.2.16

• Allow to specify container for ToastAnnounce
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-visually-hidden@1.2.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-toast since your current version.

Updates @radix-ui/react-tooltip from 1.2.8 to 1.2.9

Changelog

Sourced from @​radix-ui/react-tooltip's changelog.

1.2.9

• Fixed runtime error when event target is non-Node
• Fixed a Tooltip bug so that skipDelayDuration={0} works as expected. Previously, the open delay could still be skipped when moving between triggers.
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-visually-hidden@1.2.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tooltip since your current version.

Updates @tanstack/react-query from 5.100.14 to 5.101.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.0

Patch Changes

• Updated dependencies [3042860, e631dc3]:
  • @​tanstack/query-devtools@​5.101.0
  • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-next-experimental@​5.101.0

Patch Changes

• #10857 7cf5923 - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'

• Updated dependencies []:

  • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-persist-client@​5.101.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.101.0
  • @​tanstack/react-query@​5.101.0

@​tanstack/react-query@​5.101.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.101.0

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.101.0

Commits

• f3d8d2a ci: Version Packages (#10774)
• 532bb29 fix(tests): disable local coverage instrumentation (#10776)
• See full diff in compare view

Updates @tanstack/react-router from 1.170.8 to 1.170.15

Release notes

Sourced from @​tanstack/react-router's releases.

@​tanstack/react-router@​1.170.15

Patch Changes

• Updated dependencies [776d8ef]:
  • @​tanstack/router-core@​1.171.13

@​tanstack/react-router@​1.170.14

Patch Changes

• Updated dependencies [df1076c]:
  • @​tanstack/router-core@​1.171.12

Changelog

Sourced from @​tanstack/react-router's changelog.

1.170.15

Patch Changes

• Updated dependencies [776d8ef]:
  • @​tanstack/router-core@​1.171.13

1.170.14

Patch Changes

• Updated dependencies [df1076c]:
  • @​tanstack/router-core@​1.171.12

1.170.13

Patch Changes

• #7555 ac10815 - Fix search middleware composition so retainSearchParams does not restore search params that a downstream stripSearchParams removed.

• Updated dependencies [ac10815]:

  • @​tanstack/router-core@​1.171.11

1.170.12

Patch Changes

• Updated dependencies [2cca73c, 7a83e67, 76b3d3b]:
  • @​tanstack/router-core@​1.171.10

1.170.11

Patch Changes

• Updated dependencies [b4cd5af]:
  • @​tanstack/router-core@​1.171.9

1.170.10

Patch Changes

• #7505 2f53749 - Preserve primitive values thrown from beforeLoad error handling.

• Updated dependencies [2f53749]:

  • @​tanstack/router-core@​1.171.8

1.170.9

Patch Changes

... (truncated)

Commits

• 10a7ff8 ci: Version Packages (#7563)
• 996b9be ci: Version Packages (#7561)
• 65ad906 ci: Version Packages (#7556)
• a8647d2 ci: Version Packages (#7554)
• fee0b58 refactor: remove unused dependencies (#7541)
• bb99f66 refactor: remove unnecessary any assertions (#7542)
• 7fc7c34 ci: Version Packages (#7525)
• 0ac831b ci: Version Packages (#7508)
• 2f53749 fix: fix primitive beforeLoad errors (#7505)
• 8b36591 ci: Version Packages (#7504)
• Additional commits viewable in compare view

Updates lucide-react from 1.16.0 to 1.17.0

Release notes

Sourced from lucide-react's releases.

Version 1.17.0

What's Changed

• chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove deprecated packages by @​ericfennis in lucide-icons/lucide#4376
• chore(repo): Update issue templates and documentation for package ren… by @​ericfennis in lucide-icons/lucide#4379
• feat(site): Adds survey overlay to website by @​ericfennis in lucide-icons/lucide#4380
• feat(site): Certificate dev links by @​ericfennis in lucide-icons/lucide#4390
• fix(icons): changed martini icon by @​jamiemlaw in lucide-icons/lucide#4335
• chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by @​dependabot[bot] in lucide-icons/lucide#4386
• chore(deps): bump @​tootallnate/once from 2.0.0 to 2.0.1 by @​dependabot[bot] in lucide-icons/lucide#4404
• chore(deps): bump devalue from 5.8.0 to 5.8.1 by @​dependabot[bot] in lucide-icons/lucide#4391
• chore(deps): bump ws from 8.18.0 to 8.20.1 by @​dependabot[bot] in lucide-icons/lucide#4392
• fix(gh-icon): limit icon size to a maximum of 256 pixels by @​jguddas in lucide-icons/lucide#4398
• chore(dependencies): Update dependencies by @​ericfennis in lucide-icons/lucide#4377
• feat(copilot): Adding copilot instructions by @​ericfennis in lucide-icons/lucide#4407
• feat(icons): add globe-check by @​Barakudum in lucide-icons/lucide#4342
• feat(metadata): Require use-cases in meta json by @​ericfennis in lucide-icons/lucide#4321
• feat(icons): added parasol icon by @​karsa-mistmere in lucide-icons/lucide#4347

Full Changelog: lucide-icons/lucide@1.16.0...1.17.0

Commits

• See full diff in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates vscode-languageserver-protocol from 3.17.5 to 3.18.0

Release notes

Sourced from vscode-languageserver-protocol's releases.

release/protocol/3.18.0

No release notes provided.

release/types/3.18.0

Changes:

Feature Requests:

[pacphi]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.