deps(deps): bump the minor-and-patch group across 1 directory with 13 updates

[dependabot]

Bumps the minor-and-patch group with 13 updates in the / directory:

Package	From	To
@supabase/supabase-js	2.99.2	2.101.1
framer-motion	12.37.0	12.38.0
ioredis	5.10.0	5.10.1
isomorphic-dompurify	3.3.0	3.7.1
next	16.1.6	16.2.2
node-datachannel	0.32.1	0.32.2
openai	6.29.0	6.33.0
puppeteer	24.39.1	24.40.0
resend	6.9.3	6.10.0
sax	1.5.0	1.6.0
@types/node	25.5.0	25.5.2
dotenv	17.3.1	17.4.1
eslint-config-next	16.1.6	16.2.2

Updates @supabase/supabase-js from 2.99.2 to 2.101.1

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.101.1

2.101.1 (2026-03-31)

🩹 Fixes

• storage: support exactOptionalPropertyTypes (#2200)

❤️ Thank You

• Vaibhav @​7ttp

v2.101.1-canary.0

2.101.1-canary.0 (2026-03-31)

🩹 Fixes

• storage: support exactOptionalPropertyTypes (#2200)

❤️ Thank You

• Vaibhav @​7ttp

v2.101.0

2.101.0 (2026-03-30)

🚀 Features

• realtime: add copyBindings functionality (#2197)
• realtime: block setting postgres_changes event listener after joining (#2201)

❤️ Thank You

• Dominik Pilipczuk @​snickerdoodle2

v2.101.0-canary.0

2.101.0-canary.0 (2026-03-30)

This was a version bump only, there were no code changes.

v2.100.1

2.100.1 (2026-03-26)

🩹 Fixes

• postgrest: add type safety for eq() and neq() column names (#2175)
• postgrest: fix maybeSingle for all request methods by removing Accept header override (#2182)
• postgrest: narrow tstyche testFileMatch to only type test files (#2193)
• postgrest: prevent Args: never functions from being classified as computed fields (#2195)
• storage: spread all DEFAULT_FILE_OPTIONS in uploadToSignedUrl (#2194)

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.101.1 (2026-03-31)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.101.0 (2026-03-30)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.100.1 (2026-03-26)

🩹 Fixes

• postgrest: narrow tstyche testFileMatch to only type test files (#2193)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.100.0 (2026-03-23)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

Commits

• 79d1a08 chore(release): version 2.101.0 changelogs (#2203)
• 5053334 chore(release): version 2.100.1 changelogs (#2196)
• cd6335e docs(repo): enrich docs comment for remaining packages (#2165)
• 9f487bd fix(postgrest): narrow tstyche testFileMatch to only type test files (#2193)
• 379ce05 chore(release): version 2.100.0 changelogs (#2185)
• bc435b3 chore(release): version 2.99.2 changelogs (#2168)
• See full diff in compare view

Updates framer-motion from 12.37.0 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates ioredis from 5.10.0 to 5.10.1

Release notes

Sourced from ioredis's releases.

v5.10.1

5.10.1 (2026-03-19)

Bug Fixes

• cluster: lazily start sharded subscribers (#2090) (4f167bb)

Changelog

Sourced from ioredis's changelog.

5.10.1 (2026-03-19)

Bug Fixes

• cluster: lazily start sharded subscribers (#2090) (4f167bb)

Commits

• 9e26f8b chore(release): 5.10.1 [skip ci]
• 4f167bb fix(cluster): lazily start sharded subscribers (#2090)
• See full diff in compare view

Updates isomorphic-dompurify from 3.3.0 to 3.7.1

Release notes

Sourced from isomorphic-dompurify's releases.

3.7.1

Bug Fix

• Fixed missing browser type declarations — browser.d.ts and browser.d.mts were not included in the 3.7.0 published package due to a race condition in the build process. This caused TS7016: Could not find a declaration file for module 'isomorphic-dompurify' errors in tsgo and TypeScript 6 when resolving through the default (browser) exports condition. (#411)

Thanks to @​asterikx and @​ElPrudi for their help with the issue.

3.7.0: TypeScript 6 compatibility

TypeScript 6 compatibility fixes:

• Add explicit type annotation for sanitize to satisfy TS6
• Silence baseUrl deprecation warning from tsup dts build in TS6

Dependency updates:

• bump typescript from 5.9.3 to 6.0.2
• bump vitest from 4.1.0 to 4.1.1

3.6.0: Updated dependencies

Dependency updates:

• bump jsdom from 29.0.0 to 29.0.1
• bump @​types/jsdom from 28.0.0 to 28.0.1
• bump @​biomejs/biome from 2.4.7 to 2.4.8

3.5.1

Fix outdated build artifacts published in 3.5.0.

3.5.0: Add factory function support

What's new

Features

• The default export is now callable as a factory function, matching the dompurify API — DOMPurify(window) now returns a new DOMPurify instance bound to the given window (#405)

Bug fixes

• Fixed isEqualNode returning false when comparing RETURN_DOM + FORCE_BODY output against nodes from a separate JSDOM context (#405)

Thanks to @​probablykasper for helping with this release.

3.4.0: jsdom update, performance improvement and node 22 requirement update

What's Changed

• Upgraded jsdom from 28 to 29, which fixes performance degradation in long-running processes; note that heap memory still grows over time without calling clearWindow()
• Bumped minimum Node.js 22 requirement from 22.12.0 to 22.13.0 (LTS)
• Added format script (biome format --write) and pre-commit hook
• Updated dev dependencies (biome, vitest)

Commits

• 11315f4 chore: Bumped project version.
• 97770c7 fix: prevent race condition dropping browser type declarations
• 8a06c60 chore: Incremented project version.
• 51ebc9d fix: silence baseUrl deprecation warning from tsup dts build in TS6
• b0fab7e chore: Updated deps.
• 0e86f89 chore(deps-dev): bump typescript from 5.9.3 to 6.0.2
• a028523 fix: add explicit type annotation for sanitize to satisfy TS6
• cb38b24 chore(deps-dev): bump vitest from 4.1.0 to 4.1.1
• 009574a chore: Updated deps. Incremented project version.
• 21b362d chore(deps): bump jsdom from 29.0.0 to 29.0.1
• Additional commits viewable in compare view

Updates next from 16.1.6 to 16.2.2

Release notes

Sourced from next's releases.

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.21

Misc Changes

• next-core: deduplicate output assets and detect content conflicts on emit: #92292
• docs: add deploy tests documentation to contributing guide: #92388

Credits

Huge thanks to @​sokra and @​ztanner for helping!

v16.2.1-canary.20

... (truncated)

Commits

• 52faae3 v16.2.2
• 8d0f77b Backport: #92177
• e151e5f Fix CI for glibc linux builds
• 1a319ea [backport] Fix CSS HMR on Safari (#92174)
• c0edad2 Turbopack: exclude metadata routes from server HMR (#92034)
• d644699 Turbopack: enable server HMR for app route handlers (#91466)
• 34de2ca next.config.js: Accept an option for serverFastRefresh (#91968)
• c4779d1 [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• edcf19a Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• eee3f52 backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Additional commits viewable in compare view

Updates node-datachannel from 0.32.1 to 0.32.2

Release notes

Sourced from node-datachannel's releases.

v0.32.2

What's Changed

• feat: add callback to initLogger by @​valainisgt in murat-dogan/node-datachannel#407
• chore: bump libdatachannel to v0.24.2 by @​mertushka in murat-dogan/node-datachannel#414

New Contributors

• @​valainisgt made their first contribution in murat-dogan/node-datachannel#407

Full Changelog: murat-dogan/node-datachannel@v0.32.1...v0.32.2

Commits

• 0fd224d v0.32.2
• 6d8d9dc Merge pull request #414 from mertushka/patch-1
• 14e6cc5 chore: bump libdatachannel to v0.24.2
• be063f9 Merge pull request #407 from valainisgt/logger-callback
• 579e489 feat: add callback to initLogger
• 31721af #398 Add rebuild command
• 7a85259 try intel
• bce6ac1 macos-14 is default arm64
• d63fd1d Since macos-14 is amr64, we need to revert that
• See full diff in compare view

Updates openai from 6.29.0 to 6.33.0

Release notes

Sourced from openai's releases.

v6.33.0

6.33.0 (2026-03-25)

Full Changelog: v6.32.0...v6.33.0

Features

• api: add keys field to computer action types (27a850e)
• client: add async iterator and stream() to WebSocket classes (e1c16ee)

Bug Fixes

• api: align SDK response types with expanded item schemas (491cd52)
• types: make type required in ResponseInputMessageItem (2012293)

Chores

• ci: skip lint on metadata-only changes (74a917f)
• internal: refactor imports (cfe9c60)
• internal: update gitignore (71bd114)
• tests: bump steady to v0.19.4 (f2e9dea)
• tests: bump steady to v0.19.5 (37c6cf4)
• tests: bump steady to v0.19.6 (496b3af)
• tests: bump steady to v0.19.7 (8491eb6)

Refactors

• tests: switch from prism to steady (47c0581)

v6.32.0

6.32.0 (2026-03-17)

Full Changelog: v6.31.0...v6.32.0

Features

• api: 5.4 nano and mini model slugs (068df6d)

v6.31.0

6.31.0 (2026-03-16)

Full Changelog: v6.30.1...v6.31.0

Features

• api: add in/nin filter types to ComparisonFilter (b2eda27)

... (truncated)

Changelog

Sourced from openai's changelog.

6.33.0 (2026-03-25)

Full Changelog: v6.32.0...v6.33.0

Features

• api: add keys field to computer action types (27a850e)
• client: add async iterator and stream() to WebSocket classes (e1c16ee)

Bug Fixes

• api: align SDK response types with expanded item schemas (491cd52)
• types: make type required in ResponseInputMessageItem (2012293)

Chores

• ci: skip lint on metadata-only changes (74a917f)
• internal: refactor imports (cfe9c60)
• internal: update gitignore (71bd114)
• tests: bump steady to v0.19.4 (f2e9dea)
• tests: bump steady to v0.19.5 (37c6cf4)
• tests: bump steady to v0.19.6 (496b3af)
• tests: bump steady to v0.19.7 (8491eb6)

Refactors

• tests: switch from prism to steady (47c0581)

6.32.0 (2026-03-17)

Full Changelog: v6.31.0...v6.32.0

Features

• api: 5.4 nano and mini model slugs (068df6d)

6.31.0 (2026-03-16)

Full Changelog: v6.30.1...v6.31.0

Features

• api: add in/nin filter types to ComparisonFilter (b2eda27)

6.30.1 (2026-03-16)

Full Changelog: v6.30.0...v6.30.1

... (truncated)

Commits

• e412414 release: 6.33.0
• 8ad76b2 fix(api): align SDK response types with expanded item schemas
• c160eb9 feat(api): add keys field to computer action types
• 499d71e chore(tests): bump steady to v0.19.7
• 6170c06 chore(ci): skip lint on metadata-only changes
• f895852 chore(tests): bump steady to v0.19.6
• 33baf00 fix(types): make type required in ResponseInputMessageItem
• 33f69d0 chore(internal): update gitignore
• 4ddd31b chore(tests): bump steady to v0.19.5
• 78d2abf feat(client): add async iterator and stream() to WebSocket classes
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openai since your current version.

Updates puppeteer from 24.39.1 to 24.40.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.40.0

24.40.0 (2026-03-19)

🎉 Features

• support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756) (2a8276e)

🛠️ Fixes

• roll to Chrome 146.0.7680.153 (#14787) (443e87f)
• roll to Chrome 146.0.7680.80 (#14778) (14685a0)

puppeteer: v24.40.0

24.40.0 (2026-03-19)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.39.1 to 24.40.0

Changelog

Sourced from puppeteer's changelog.

24.40.0 (2026-03-19)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.39.1 to 24.40.0

🎉 Features

• support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756) (2a8276e)

🛠️ Fixes

• roll to Chrome 146.0.7680.153 (#14787) (443e87f)
• roll to Chrome 146.0.7680.80 (#14778) (14685a0)

Commits

• 2f17622 chore: release main (#14783)
• 443e87f fix: roll to Chrome 146.0.7680.153 (#14787)
• 2a8276e feat: support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756)
• 14685a0 fix: roll to Chrome 146.0.7680.80 (#14778)
• 7a8b8e6 chore(deps): bump the all group with 2 updates (#14780)
• See full diff in compare view

Updates resend from 6.9.3 to 6.10.0

Release notes

Sourced from resend's releases.

v6.10.0

What's Changed

• fix(deps): update dependency next to v16.1.7 [security] by @​renovate[bot] in resend/resend-node#884
• chore(deps): update dependency pkg-pr-new to v0.0.66 by @​renovate[bot] in resend/resend-node#880
• chore(deps): update dependency vitest to v4.1.0 by @​renovate[bot] in resend/resend-node#876
• fix(deps): update dependency postal-mime to v2.7.4 by @​renovate[bot] in resend/resend-node#886
• fix(deps): update dependency esbuild to v0.27.4 by @​renovate[bot] in resend/resend-node#875
• fix(deps): update dependency next to v16.2.0 by @​renovate[bot] in resend/resend-node#882
• chore(deps): update pnpm to v10.32.1 by @​renovate[bot] in resend/resend-node#871
• chore(deps): update dependency tsdown to v0.21.4 by @​renovate[bot] in resend/resend-node#872
• chore(deps): update tj-actions/changed-files digest to 445b0eb by @​renovate[bot] in resend/resend-node#870
• fix(deps): update dependency svix to v1.88.0 by @​renovate[bot] in resend/resend-node#873
• feat(ci): split script and workflow for e2e test by @​gabrielmfern in resend/resend-node#887
• chore(deps): update dependency @​types/node to v24.12.0 by @​renovate[bot] in resend/resend-node#869
• chore(ci): pin GitHub Actions workflows to commit SHAs by @​gabrielmfern in resend/resend-node#889
• feat: support logs endpoints by @​felipefreitag in resend/resend-node#899
• chore: bump 6.10.0 by @​felipefreitag in resend/resend-node#900

New Contributors

• @​felipefreitag made their first contribution in resend/resend-node#899

Full Changelog: resend/resend-node@v6.9.4...v6.10.0

v6.9.4

What's Changed

• chore(deps): update dependency tsdown to v0.21.0 by @​renovate[bot] in resend/resend-node#868
• chore(deps): update pnpm to v10.30.3 by @​renovate[bot] in resend/resend-node#846
• chore(deps): update tj-actions/changed-files digest to c23d52b by @​renovate[bot] in resend/resend-node#851
• chore(deps): update pnpm/action-setup digest to 9b5745c by @​renovate[bot] in resend/resend-node#852
• chore(deps): update dependency rimraf to v6.1.3 by @​renovate[bot] in resend/resend-node#850
• chore(deps): update dependency @​types/react to v19.2.14 by @​renovate[bot] in resend/resend-node#845
• chore(deps): update dependency dotenv to v17.3.1 by @​renovate[bot] in resend/resend-node#848
• fix(deps): update dependency svix to v1.86.0 by @​renovate[bot] in resend/resend-node#849
• chore(deps): update dependency @​types/node to v24.11.0 by @​renovate[bot] in resend/resend-node#856
• chore(deps): update dependency @​biomejs/biome to v2.4.6 by @​renovate[bot] in resend/resend-node#847
• feat(api-keys): add last_used_at field to API key response by @​joaopcm in resend/resend-node#877
• chore(deps): update dependency @​biomejs/biome to v2.4.7 by @​renovate[bot] in resend/resend-node#879
• chore: bump package version to 6.9.4 by @​joaopcm in resend/resend-node#878

Full Changelog: resend/resend-node@v6.9.3...v6.9.4

Commits

• 0d8923c chore: bump 6.10.0 (#900)
• c643cf2 feat: support logs endpoints (#899)
• ed788b1 chore(ci): pin GitHub Actions workflows to commit SHAs (#889)
• e0c0b15 chore(deps): update dependency @​types/node to v24.12.0 (#869)
• f86ff17 feat(ci): split script and workflow for e2e test (#887)
• 264bfde fix(deps): update dependency svix to v1.88.0 (#873)
• bd8fd85 chore(deps): update tj-actions/changed-files digest to 445b0eb (#870)
• ca968c7 chore(deps): update dependency tsdown to v0.21.4 (#872)
• b64ba52 chore(deps): update pnpm to v10.32.1 (#871)
• 440843d fix(deps): update dependency next to v16.2.0 (#882)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by felipefreitag, a new releaser for resend since your current version.

Updates sax from 1.5.0 to 1.6.0

Commits

• be26f54 1.6.0
• 888182e feat: Add UTF-16 stream decoding and strict XML encoding validation
• 10108ee fix pkg
• See full diff in compare view

Updates @types/node from 25.5.0 to 25.5.2

Commits

• See full diff in compare view

Updates dotenv from 17.3.1 to 17.4.1

Changelog

Sourced from dotenv's changelog.

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

• 48aa216 17.4.1
• e4282b0 changelog 🪵
• c540e75 Merge pull request #1006 from motdotla/skills-update
• 5626f9b dotenvx skill
• 2411f2a update dotenvx skill
• 1e08a70 simplify dotenv skill
• 747f417 Merge pull request #1005 from motdotla/injected
• 271df30 changelog 🪵
• 3f01a8b injecting to injected
• ccc50d5 update
• Additional commits viewable in compare view

Updates eslint-config-next from 16.1.6 to 16.2.2

Release notes

Sourced from eslint-config-next's releases.

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.21

Misc Changes

• next-core: deduplicate output assets and detect content conflicts on emit: #92292
• docs: add deploy tests documentation to contributing guide: #92388

Credits

Huge thanks to @​sokra and @​ztanner for helping!

v16.2.1-canary.20

... (truncated)

Commits

• 52faae3 v16.2.2
• ed7d2ce v16.2.1
• c5c94df v16.2.0
• 3683192 v16.2.0-canary.104
• 6689814 v16.2.0-canary.103
• ad66dbc v16.2.0-canary.102
• b856498 v16.2.0-canary.101
• 136b77e v16.2.0-canary.100
• 0f59973 v16.2.0-canary.99
• 792522d v16.2.0-canary.98
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​16.1.6 ⏵ 16.2.2		+6	+1
	eslint-config-next@​16.1.6 ⏵ 16.2.2
	openai@​6.29.0 ⏵ 6.33.0	+1		+1	-1
	@​supabase/​supabase-js@​2.99.2 ⏵ 2.101.1	+1
	@​types/​node@​25.5.0 ⏵ 25.5.2	+1		+1
	node-datachannel@​0.32.1 ⏵ 0.32.2
	sax@​1.5.0 ⏵ 1.6.0	+1		+1
	puppeteer@​24.39.1 ⏵ 24.40.0				-1
	ioredis@​5.10.0 ⏵ 5.10.1	+1		+1
	isomorphic-dompurify@​3.3.0 ⏵ 3.7.1	+1			+1
	dotenv@​17.3.1 ⏵ 17.4.1	+2
	framer-motion@​12.37.0 ⏵ 12.38.0	+1		+1	-1
	resend@​6.9.3 ⏵ 6.10.0	+1			+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Low adoption: npm node-exports-info Location: Package overview From: pnpm-lock.yaml → npm/eslint-config-next@16.2.2 → npm/node-exports-info@1.6.0 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-exports-info@1.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report