deps(deps): bump the minor-and-patch group with 13 updates #15

dependabot · 2026-01-12T21:17:09Z

Bumps the minor-and-patch group with 13 updates:

Package	From	To
@supabase/supabase-js	`2.89.0`	`2.90.1`
framer-motion	`12.23.26`	`12.26.1`
ioredis	`5.8.2`	`5.9.1`
lucide-react	`0.468.0`	`0.562.0`
node-datachannel	`0.31.0`	`0.32.0`
openai	`6.15.0`	`6.16.0`
puppeteer	`24.34.0`	`24.35.0`
resend	`6.6.0`	`6.7.0`
sax	`1.4.3`	`1.4.4`
undici	`7.16.0`	`7.18.2`
@types/node	`25.0.3`	`25.0.6`
@types/react	`19.2.7`	`19.2.8`
@types/webtorrent	`0.109.10`	`0.110.1`

Updates @supabase/supabase-js from 2.89.0 to 2.90.1

Release notes

Sourced from @supabase/supabase-js's releases.

v2.90.1

2.90.1 (2026-01-08)

🩹 Fixes

postgrest: prevent shared state between query builder operations (#1978)

realtime: validate table filter in postgres_changes event dispatch (#1999)

❤️ Thank You

Vaibhav @7ttp

v2.90.1-canary.1

2.90.1-canary.1 (2026-01-08)

🩹 Fixes

postgrest: prevent shared state between query builder operations (#1978)

❤️ Thank You

Vaibhav @7ttp

v2.90.1-canary.0

2.90.1-canary.0 (2026-01-07)

🩹 Fixes

realtime: validate table filter in postgres_changes event dispatch (#1999)

❤️ Thank You

Vaibhav @7ttp

v2.90.0

2.90.0 (2026-01-07)

🚀 Features

realtime: expose heartbeat latency on heartbeat callback (#1982)

🩹 Fixes

auth: add banned_until property to user type (#1989)

auth: add last_challenged_at property to factor type (#1990)

auth: clear initial setTimeout in stopAutoRefresh (#1993)

auth: preserve session when magic link is clicked twice (#1996)

auth: add configurable lock acquisition timeout to prevent deadlocks (#1962)

functions: auto-stringify object body when custom Content-Type header is provided (#1988)

postgrest: use post with return minimal for rpc head requests with object args (#1994)

... (truncated)

Changelog

Sourced from @supabase/supabase-js's changelog.

2.90.1 (2026-01-08)

This was a version bump only for @supabase/supabase-js to align it with other projects, there were no code changes.

2.90.0 (2026-01-07)

🩹 Fixes

supabase: avoid edge runtime warnings in next.js (#1998)

supabase: inline string literal in databasewithoutinternals type (#1986)

supabase: split type-only exports to avoid unused import warnings (#1979)

❤️ Thank You

Nico Kempe @nicokempe

Vaibhav @7ttp

Commits

1b8410a chore(release): version 2.90.0 changelogs (#2003)
d3d05f8 fix(supabase): avoid edge runtime warnings in next.js (#1998)
9bfac7f fix(supabase): inline string literal in databasewithoutinternals type (#1986)
30f9600 fix(supabase): split type-only exports to avoid unused import warnings (#1979)
636f1e9 test(supabase): run build in integration tests (#1969)
9e747ce chore(release): version 2.89.0 changelogs (#1971)
See full diff in compare view

Updates framer-motion from 12.23.26 to 12.26.1

Changelog

Sourced from framer-motion's changelog.

[12.26.1] 2026-01-12

Fixed

Improve overload selection for useTransform.

[12.26.0] 2026-01-12

Added

Support for multiple output value maps with useTransform.

[12.25.0] 2026-01-09

Added

Support for auto-scrolling when a Reorder.Item reaches the edges of its parent scrollable container.

[12.24.12] 2026-01-08

Fixed

Draggable elements now track pointer during page and element scroll.

[12.24.11] 2026-01-08

Fixed

Fixed time sampling of GPU animations under heavy CPU load.

[12.24.10] 2026-01-07

Fixed

Fixing missing import from motion-dom.

[12.24.9] 2026-01-07

Fixed

Fixing Radix Dialog with AnimatePresence.

Ensure drag constraints animation resumes after press interruption.

Prevent drag gesture from triggering when pressing focusable elements.

[12.24.8] 2026-01-07

Fixed

Perform unit conversion when animating to/from calc() values.

... (truncated)

Commits

e4141d2 v12.26.1
e7a5d9f Updating useTransform types
564ab94 Updating changelog
05334c6 v12.26.0
7177727 Updating changelog
0f8a3f9 Updating changelog
b23c87b Merge pull request #3466 from motiondivision/claude/add-usetransform-signatur...
a1404a8 Remove stable values test and fix scale(1) assertion
c64be26 Fix test assertions for output map useTransform
69bb605 Fix TypeScript errors in useTransform tests
Additional commits viewable in compare view

Updates ioredis from 5.8.2 to 5.9.1

Release notes

Sourced from ioredis's releases.

v5.9.1

5.9.1 (2026-01-08)

Bug Fixes

make client-side blocking timeouts opt-in (#2058) (07ed493)

v5.9.0

5.9.0 (2026-01-05)

Bug Fixes

remove unnecessary case-sensitivity when working with commands (#2036) (f33a2c8)

Features

add timeout blocking commands (#2052) (6ec78be)

cluster: refactor sharded pub/sub v5 (#2043) (a523f3a)

Changelog

Sourced from ioredis's changelog.

5.9.1 (2026-01-08)

Bug Fixes

make client-side blocking timeouts opt-in (#2058) (07ed493)

5.9.0 (2026-01-05)

Bug Fixes

remove unnecessary case-sensitivity when working with commands (#2036) (f33a2c8)

Features

add timeout blocking commands (#2052) (6ec78be)

cluster: refactor sharded pub/sub v5 (#2043) (a523f3a)

Commits

9f42c5c chore(release): 5.9.1 [skip ci]
07ed493 fix: make client-side blocking timeouts opt-in (#2058)
3f8b94f chore(release): 5.9.0 [skip ci]
6ec78be feat: add timeout blocking commands (#2052)
a523f3a feat(cluster): refactor sharded pub/sub v5 (#2043)
3c521c6 chore(ci): add beta tags (#2054)
a1e7d02 docs: Fix Sentinel URL in README
648b58e chore(tests): bump test container version 8.4 (#2038)
f33a2c8 fix: remove unnecessary case-sensitivity when working with commands (#2036)
105dc72 ci: update redis test images (#2035)
See full diff in compare view

Updates lucide-react from 0.468.0 to 0.562.0

Release notes

Sourced from lucide-react's releases.

Version 0.562.0

What's Changed

fix(icons): changed paint-bucket icon by @jguddas in lucide-icons/lucide#3880

fix(site): Fix and unify color-picker font-size by @taimar in lucide-icons/lucide#3889

fix(react-native-web): only add className prop to parent Icon component by @jguddas in lucide-icons/lucide#3892

fix(lucide-react-native): remove icons namespace export to enable tree-shaking by @jtomaszewski in lucide-icons/lucide#3868

feat(icons): added toolbox icon by @karsa-mistmere in lucide-icons/lucide#3871

New Contributors

@taimar made their first contribution in lucide-icons/lucide#3889

@jtomaszewski made their first contribution in lucide-icons/lucide#3868

Full Changelog: lucide-icons/lucide@0.561.0...0.562.0

Version 0.561.0

What's Changed

fix(site): Small adjustments color picker and add clear button search bar by @ericfennis in lucide-icons/lucide#3851

feat(icons): added stone icon by @Alportan in lucide-icons/lucide#3850

Full Changelog: lucide-icons/lucide@0.560.0...0.561.0

Version 0.560.0

What's Changed

feat(icons): added cannabis-off icon by @NickVeles in lucide-icons/lucide#3748

New Contributors

@NickVeles made their first contribution in lucide-icons/lucide#3748

Full Changelog: lucide-icons/lucide@0.559.0...0.560.0

Version 0.559.0

What's Changed

feat(icons): added fishing-hook icon by @7ender in lucide-icons/lucide#3837

New Contributors

@7ender made their first contribution in lucide-icons/lucide#3837

Full Changelog: lucide-icons/lucide@0.558.0...0.559.0

Version 0.558.0

What's Changed

feat(icons): added hd icon by @jamiemlaw in lucide-icons/lucide#2958

Full Changelog: lucide-icons/lucide@0.557.0...0.558.0

Version 0.557.0

What's Changed

fix(github/workflows/ci): fixes linting issues by @karsa-mistmere in lucide-icons/lucide#3858

... (truncated)

Commits

076e0bb chore(dependencies): Update dependencies (#3809)
80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
1cfb3ff chore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)
e71198d chore: icon alias improvements (#2861)
3e644fd chore(scripts): Refactor scripts to typescript (#3316)
19fa01b build(deps-dev): bump vite from 6.3.2 to 6.3.4 (#3181)
03eb862 use implicit return in react package (#2325)
0fccc27 Bump dependencies (#3096)
7b95480 Added periods (#3065)
e4988bc build(deps-dev): bump vite from 5.4.15 to 5.4.17 (#2993)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lucide-react since your current version.

Updates node-datachannel from 0.31.0 to 0.32.0

Release notes

Sourced from node-datachannel's releases.

v0.32.0

What's Changed

Expose PacingHandler by @longnguyen2004 in murat-dogan/node-datachannel#388

Fix PacingHandler constructor by @longnguyen2004 in murat-dogan/node-datachannel#389

Merge all Windows builds by @longnguyen2004 in murat-dogan/node-datachannel#390

Full Changelog: murat-dogan/node-datachannel@v0.31.0...v0.32.0

Commits

3cd4142 v0.32.0
dcbc9a9 v0.32.0-dev
84640b0 Merge pull request #390 from Discord-RE/merge-win-ci
1f535f2 Merge pull request #389 from Discord-RE/pacinghandler-ctor-fix
15533f5 Export
c43cfed Types
7992b8f Tidying up
c161e66 Merge all Windows builds
a45609e Fix PacingHandler constructor
710424d Merge pull request #388 from longnguyen2004/pacinghandler
Additional commits viewable in compare view

Updates openai from 6.15.0 to 6.16.0

Release notes

Sourced from openai's releases.

v6.16.0

6.16.0 (2026-01-09)

Full Changelog: v6.15.0...v6.16.0

Features

api: add new Response completed_at prop (ca40534)

ci: add breaking change detection workflow (a6f3dea)

Chores

break long lines in snippets into multiline (80dee2f)

internal: codegen related update (b2fac3e)

Changelog

Sourced from openai's changelog.

6.16.0 (2026-01-09)

Full Changelog: v6.15.0...v6.16.0

Features

api: add new Response completed_at prop (ca40534)

ci: add breaking change detection workflow (a6f3dea)

Chores

break long lines in snippets into multiline (80dee2f)

internal: codegen related update (b2fac3e)

Commits

44b7ac2 Merge pull request #1731 from openai/release-please--branches--master--change...
e3059f7 release: 6.16.0
ca40534 feat(api): add new Response completed_at prop
80dee2f chore: break long lines in snippets into multiline
a6f3dea feat(ci): add breaking change detection workflow
f8828b7 Merge pull request #728 from stainless-sdks/cameron/detect-agents-breaks
8568b31 Merge branch 'next' into cameron/detect-agents-breaks
b2fac3e chore(internal): codegen related update
afd032e chore: fix previous commit
999b0b7 chore: Make fixes to CI from comments
Additional commits viewable in compare view

Updates puppeteer from 24.34.0 to 24.35.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.35.0

24.35.0 (2026-01-12)

🎉 Features

support background flag when creating pages (#14547) (77245fd)

🛠️ Fixes

puppeteer-core: Deprecate Cookie attribute sameParty (#14550) (d128a84)

roll to Chrome 143.0.7499.192 (#14541) (d3127b7)

webdriver: closing page with iframes via webdriver (#14549) (b89ce87)

Dependencies

The following workspace dependencies were updated

dependencies

@puppeteer/browsers bumped from 2.11.0 to 2.11.1

puppeteer: v24.35.0

24.35.0 (2026-01-12)

♻️ Chores

puppeteer: Synchronize puppeteer versions

Dependencies

The following workspace dependencies were updated

dependencies

@puppeteer/browsers bumped from 2.11.0 to 2.11.1

puppeteer-core bumped from 24.34.0 to 24.35.0

Changelog

Sourced from puppeteer's changelog.

24.35.0 (2026-01-12)

♻️ Chores

puppeteer: Synchronize puppeteer versions

Dependencies

The following workspace dependencies were updated

dependencies

@puppeteer/browsers bumped from 2.11.0 to 2.11.1

🎉 Features

support background flag when creating pages (#14547) (77245fd)

🛠️ Fixes

puppeteer-core: Deprecate Cookie attribute sameParty (#14550) (d128a84)

roll to Chrome 143.0.7499.192 (#14541) (d3127b7)

webdriver: closing page with iframes via webdriver (#14549) (b89ce87)

Commits

853796e chore: release main (#14542)
7deeb78 chore: expose originating targetId on ConsoleMessage (#14556)
2f56831 chore(deps): bump ws from 8.18.3 to 8.19.0 in the dependencies group (#14553)
b89ce87 fix(webdriver): closing page with iframes via webdriver (#14549)
695624e chore: add internal _tabId to page (#14548)
77245fd feat: support background flag when creating pages (#14547)
2ab534b chore: npm audit fix --force (#14546)
d128a84 fix(puppeteer-core): Deprecate Cookie attribute sameParty (#14550)
84d8de3 chore(deps-dev): bump the dev-dependencies group with 3 updates (#14537)
d3127b7 fix: roll to Chrome 143.0.7499.192 (#14541)
Additional commits viewable in compare view

Updates resend from 6.6.0 to 6.7.0

Release notes

Sourced from resend's releases.

v6.7.0

What's Changed

chore(deps): update actions/checkout action to v6 by @renovate[bot] in resend/resend-node#760

feat: bundler (esbuild, nextjs) integration tests by @gabrielmfern in resend/resend-node#699

fix(deps): update dependency svix to v1.84.1 by @renovate[bot] in resend/resend-node#686

chore(deps): update pnpm to v10.27.0 by @renovate[bot] in resend/resend-node#674

chore(deps): update dependency @biomejs/biome to v2.3.11 by @renovate[bot] in resend/resend-node#672

chore(deps): bump next from 15.5.6 to 15.5.9 in /integrations/nextjs by @dependabot[bot] in resend/resend-node#771

chore(deps): update pnpm/action-setup digest to 1e1c8ea by @renovate[bot] in resend/resend-node#769

chore(deps): update actions/checkout digest to 8e8c483 by @renovate[bot] in resend/resend-node#759

chore(deps): update dependency tsdown to v0.18.4 by @renovate[bot] in resend/resend-node#758

fix(deps): update react monorepo by @renovate[bot] in resend/resend-node#661

chore(deps): update tj-actions/changed-files digest to 3c4bc6f by @renovate[bot] in resend/resend-node#660

chore(deps): update dependency rimraf to v6.1.2 by @renovate[bot] in resend/resend-node#756

chore(deps): update dependency pkg-pr-new to v0.0.62 by @renovate[bot] in resend/resend-node#778

chore(deps): update dependency @types/node to v24.10.4 by @renovate[bot] in resend/resend-node#777

chore(deps): update dependency vitest to v4 by @renovate[bot] in resend/resend-node#707

feat: add return type for webhooks.verify method by @vcapretz in resend/resend-node#781

feat: release 6.7.0-canary.0 by @vcapretz in resend/resend-node#783

feat: release 6.7.0 by @vcapretz in resend/resend-node#784

Full Changelog: resend/resend-node@v6.6.0...v6.7.0

Commits

06f3189 feat: release 6.7.0 (#784)
9fd82d9 feat: release 6.7.0-canary.0 (#783)
189aa9a feat: add return type for webhooks.verify method (#781)
8c78bf1 chore(deps): update dependency vitest to v4 (#707)
d24ef9d chore(deps): update dependency @types/node to v24.10.4 (#777)
5bc2769 chore(deps): update dependency pkg-pr-new to v0.0.62 (#778)
06237c8 chore(deps): update dependency rimraf to v6.1.2 (#756)
d6cac0e chore(deps): update tj-actions/changed-files digest to 3c4bc6f (#660)
96a7cdb fix(deps): update react monorepo (#661)
7e3b5f5 chore(deps): update dependency tsdown to v0.18.4 (#758)
Additional commits viewable in compare view

Updates sax from 1.4.3 to 1.4.4

Commits

15f9055 1.4.4
2d1568c add engines requirement
8735c5c remove AUTHORS file, not updated
ab04012 replace string_decoder with global TextDecoder
e3db950 add missing character in onscript event.
See full diff in compare view

Updates undici from 7.16.0 to 7.18.2

Release notes

Sourced from undici's releases.

v7.18.2

What's Changed

fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by @mcollina in nodejs/undici#4729

Full Changelog: nodejs/undici@v7.18.1...v7.18.2

v7.18.1

What's Changed

Test and Fix running without SSL by @mcollina in nodejs/undici#4727

docs: add security warning for strictContentLength option by @mcollina in nodejs/undici#4726

build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by @dependabot[bot] in nodejs/undici#4718

build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in nodejs/undici#4719

Full Changelog: nodejs/undici@v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: nodejs/undici@v7.17.0...v7.18.0

v7.17.0

What's Changed

chore: extract infra and encoding methods by @Uzlopak in nodejs/undici#4523

ci: remove h2 by @Uzlopak in nodejs/undici#4534

ci: make nodejs-shared wf reusable, install binaryen for wasm-opt, test on node-nightly by @Uzlopak in nodejs/undici#4535

ci: fix nightly shared library case by @Uzlopak in nodejs/undici#4543

test: consume bodies of fetch responses to fix failing macos 20 ci by @Uzlopak in nodejs/undici#4528

docs: add Cache Interceptor example to README by @tawseefnabi in nodejs/undici#4393

test: remove node20 version check by @Uzlopak in nodejs/undici#4544

types: use MessagePort instance type in MessageEvent by @Renegade334 in nodejs/undici#4546

ci: set write permissions on job level by @Uzlopak in nodejs/undici#4537

lint: activate n/no-process-exit by @Uzlopak in nodejs/undici#4548

ci: run benchmarks on pull_requests and by pushing on specific branches only by @Uzlopak in nodejs/undici#4536

chore: activate n/prefer-node-protocol to enforce 'node:' prefix for requiring node built-ins by @Uzlopak in nodejs/undici#4547

feat(H2): correct CONNECT behaviour by @metcoder95 in nodejs/undici#4541

test: fix plans by @Uzlopak in nodejs/undici#4550

feat: add runtime feature "detection" by @Uzlopak in nodejs/undici#4545

perf: use less promises in extractBody by @Uzlopak in nodejs/undici#4458

fix(proxy-agent): add missing return after callback-call by @Uzlopak in nodejs/undici#4553

fix: remove redundant line in retry-handler by @Uzlopak in nodejs/undici#4554

ci: add no-wasm-simd option by @Uzlopak in nodejs/undici#4533

fix: use lazyloaders for runtime feature detection by @Uzlopak in nodejs/undici#4557

fix: minor changes in dispatcher-base.js and types for Dispatcher by @Uzlopak in nodejs/undici#4556

http2: refactor and split tests of http2.js into multiple files by @Uzlopak in nodejs/undici#4561

fix: dns-interceptor test should await plan to complete by @Uzlopak in nodejs/undici#4560

chore: remove istanbul instructions by @Uzlopak in nodejs/undici#4559

fix: keep promise chains intact by @Uzlopak in nodejs/undici#4558

... (truncated)

Commits

7e5cb2d Bumped v7.18.2 (#4730)
b04e3cb fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...
2bcb77b Bumped v7.18.1 (#4728)
58a12b7 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#4719)
5fa2930 build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (#4718)
fbbe283 docs: add security warning for strictContentLength option (#4726)
ce12d9e fix: do not crash if Node.js is compiled without SSL (#4727)
ebe3e33 Bumped v7.18.0 (#4725)
4e9b88b fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
d560767 Bumped v7.17.0 (#4724)
Additional commits viewable in compare view

Updates @types/node from 25.0.3 to 25.0.6

Commits

See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.8

Commits

See full diff in compare view

Updates @types/webtorrent from 0.109.10 to 0.110.1

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group with 13 updates: | Package | From | To | | --- | --- | --- | | [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.89.0` | `2.90.1` | | [framer-motion](https://github.com/motiondivision/motion) | `12.23.26` | `12.26.1` | | [ioredis](https://github.com/luin/ioredis) | `5.8.2` | `5.9.1` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.468.0` | `0.562.0` | | [node-datachannel](https://github.com/murat-dogan/node-datachannel) | `0.31.0` | `0.32.0` | | [openai](https://github.com/openai/openai-node) | `6.15.0` | `6.16.0` | | [puppeteer](https://github.com/puppeteer/puppeteer) | `24.34.0` | `24.35.0` | | [resend](https://github.com/resend/resend-node) | `6.6.0` | `6.7.0` | | [sax](https://github.com/isaacs/sax-js) | `1.4.3` | `1.4.4` | | [undici](https://github.com/nodejs/undici) | `7.16.0` | `7.18.2` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.3` | `25.0.6` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.7` | `19.2.8` | | [@types/webtorrent](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/webtorrent) | `0.109.10` | `0.110.1` | Updates `@supabase/supabase-js` from 2.89.0 to 2.90.1 - [Release notes](https://github.com/supabase/supabase-js/releases) - [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md) - [Commits](https://github.com/supabase/supabase-js/commits/v2.90.1/packages/core/supabase-js) Updates `framer-motion` from 12.23.26 to 12.26.1 - [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md) - [Commits](motiondivision/motion@v12.23.26...v12.26.1) Updates `ioredis` from 5.8.2 to 5.9.1 - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md) - [Commits](redis/ioredis@v5.8.2...v5.9.1) Updates `lucide-react` from 0.468.0 to 0.562.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.562.0/packages/lucide-react) Updates `node-datachannel` from 0.31.0 to 0.32.0 - [Release notes](https://github.com/murat-dogan/node-datachannel/releases) - [Commits](murat-dogan/node-datachannel@v0.31.0...v0.32.0) Updates `openai` from 6.15.0 to 6.16.0 - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md) - [Commits](openai/openai-node@v6.15.0...v6.16.0) Updates `puppeteer` from 24.34.0 to 24.35.0 - [Release notes](https://github.com/puppeteer/puppeteer/releases) - [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md) - [Commits](puppeteer/puppeteer@puppeteer-v24.34.0...puppeteer-v24.35.0) Updates `resend` from 6.6.0 to 6.7.0 - [Release notes](https://github.com/resend/resend-node/releases) - [Commits](resend/resend-node@v6.6.0...v6.7.0) Updates `sax` from 1.4.3 to 1.4.4 - [Commits](isaacs/sax-js@v1.4.3...v1.4.4) Updates `undici` from 7.16.0 to 7.18.2 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.16.0...v7.18.2) Updates `@types/node` from 25.0.3 to 25.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/react` from 19.2.7 to 19.2.8 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `@types/webtorrent` from 0.109.10 to 0.110.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/webtorrent) --- updated-dependencies: - dependency-name: "@supabase/supabase-js" dependency-version: 2.90.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: framer-motion dependency-version: 12.26.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: ioredis dependency-version: 5.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: lucide-react dependency-version: 0.562.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: node-datachannel dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: openai dependency-version: 6.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: puppeteer dependency-version: 24.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: resend dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: sax dependency-version: 1.4.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: undici dependency-version: 7.18.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@types/node" dependency-version: 25.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@types/react" dependency-version: 19.2.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@types/webtorrent" dependency-version: 0.110.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-01-12T21:17:10Z

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

socket-security · 2026-01-12T21:17:50Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
@types/webtorrent@0.109.10 ⏵ 0.110.1	^-2	^-2	⁺⁶
@types/react@19.2.7 ⏵ 19.2.8	⁺¹	⁺¹
@types/node@25.0.3 ⏵ 25.0.6	⁺¹	⁺¹
node-datachannel@0.31.0 ⏵ 0.32.0	⁺¹	⁺¹	^-1
sax@1.4.3 ⏵ 1.4.4		⁺¹
ioredis@5.8.2 ⏵ 5.9.1		⁺¹
lucide-react@0.468.0 ⏵ 0.562.0		⁺¹
framer-motion@12.23.26 ⏵ 12.26.1		⁺¹	⁺¹
undici@7.16.0 ⏵ 7.18.2	^-2	⁺¹
openai@6.15.0 ⏵ 6.16.0		⁺¹	⁺²
resend@6.6.0 ⏵ 6.7.0			⁺²
@supabase/supabase-js@2.89.0 ⏵ 2.90.1	⁺¹
puppeteer@24.34.0 ⏵ 24.35.0	⁺⁹	⁺¹³	⁺⁵

View full report

socket-security · 2026-01-12T21:17:52Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `node-datachannel` is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: package.json → `npm/node-datachannel@0.32.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/node-datachannel@0.32.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps(deps): bump the minor-and-patch group with 13 updates #15

deps(deps): bump the minor-and-patch group with 13 updates #15

Uh oh!

dependabot bot commented on behalf of github Jan 12, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 12, 2026

Uh oh!

socket-security bot commented Jan 12, 2026

Uh oh!

socket-security bot commented Jan 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

deps(deps): bump the minor-and-patch group with 13 updates #15

Are you sure you want to change the base?

deps(deps): bump the minor-and-patch group with 13 updates #15

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 12, 2026

v2.90.1

2.90.1 (2026-01-08)

🩹 Fixes

❤️ Thank You

v2.90.1-canary.1

2.90.1-canary.1 (2026-01-08)

🩹 Fixes

❤️ Thank You

v2.90.1-canary.0

2.90.1-canary.0 (2026-01-07)

🩹 Fixes

❤️ Thank You

v2.90.0

2.90.0 (2026-01-07)

🚀 Features

🩹 Fixes

2.90.1 (2026-01-08)

2.90.0 (2026-01-07)

🩹 Fixes

❤️ Thank You

[12.26.1] 2026-01-12

Fixed

[12.26.0] 2026-01-12

Added

[12.25.0] 2026-01-09

Added

[12.24.12] 2026-01-08

Fixed

[12.24.11] 2026-01-08

Fixed

[12.24.10] 2026-01-07

Fixed

[12.24.9] 2026-01-07

Fixed

[12.24.8] 2026-01-07

Fixed

v5.9.1

5.9.1 (2026-01-08)

Bug Fixes

v5.9.0

5.9.0 (2026-01-05)

Bug Fixes

Features

5.9.1 (2026-01-08)

Bug Fixes

5.9.0 (2026-01-05)

Bug Fixes

Features

Version 0.562.0

What's Changed

New Contributors

Version 0.561.0

What's Changed

Version 0.560.0

What's Changed

New Contributors

Version 0.559.0

What's Changed

New Contributors

Version 0.558.0

What's Changed

Version 0.557.0

What's Changed

v0.32.0

What's Changed

v6.16.0

6.16.0 (2026-01-09)

Features

Chores

6.16.0 (2026-01-09)

Features

Chores

puppeteer-core: v24.35.0

24.35.0 (2026-01-12)