chore(deps): bump the patch-updates group with 6 updates by dependabot[bot] · Pull Request #449 · AnnabelJoe/solarproof

dependabot · 2026-06-03T02:45:54Z

Bumps the patch-updates group with 6 updates:

Package	From	To
turbo	`2.9.14`	`2.9.16`
next	`15.5.18`	`15.5.19`
react	`19.2.6`	`19.2.7`
@types/react	`19.2.15`	`19.2.16`
react-dom	`19.2.6`	`19.2.7`
eslint-config-next	`15.5.18`	`15.5.19`

Updates turbo from 2.9.14 to 2.9.16

Release notes

Sourced from turbo's releases.

Turborepo v2.9.16

What's Changed

Changelog

release(turborepo): 2.9.15 by @github-actions[bot] in vercel/turborepo#12955

fix: Avoid hanging PTY shutdown by @anthonyshew in vercel/turborepo#12958

fix: Retry npm tlog publish failures by @anthonyshew in vercel/turborepo#12959

release(turborepo): 2.9.16-canary.1 by @anthonyshew in vercel/turborepo#12960

fix: Preserve nested Bun dependency versions by @anthonyshew in vercel/turborepo#12963

Revert "fix: Preserve nested Bun dependency versions" by @anthonyshew in vercel/turborepo#12964

release(turborepo): 2.9.16-canary.2 by @github-actions[bot] in vercel/turborepo#12961

fix: Preserve nested Bun dependency versions by @anthonyshew in vercel/turborepo#12965

fix: Don't delete existing .git when using --no-git flag by @anthonyshew in vercel/turborepo#12968

Full Changelog: vercel/turborepo@v2.9.15...v2.9.16

Turborepo v2.9.16-canary.2

What's Changed

Changelog

release(turborepo): 2.9.15-canary.7 by @github-actions[bot] in vercel/turborepo#12935

fix: Restore a few internal invariant checks by @anthonyshew in vercel/turborepo#12933

fix: Improve profile tracing coverage by @anthonyshew in vercel/turborepo#12936

fix: Use build-scale OTel duration buckets by @anthonyshew in vercel/turborepo#12939

fix: Preserve pnpm injected peer package entries by @anthonyshew in vercel/turborepo#12940

feat: Add heap allocation profiling by @anthonyshew in vercel/turborepo#12943

release(turborepo): 2.9.15-canary.8 by @anthonyshew in vercel/turborepo#12945

docs: Correct attribute presence claims in turborepo-otel by @adityasingh2400 in vercel/turborepo#12932

chore(turbo-codemod): Remove duplicate "in" in transforms path comment by @mvanhorn in vercel/turborepo#12948

chore: Switch Geist font imports to npm geist package by @christopherkindl in vercel/turborepo#12952

fix: Respect root gitignore during prune by @anthonyshew in vercel/turborepo#12953

fix: Harden OTEL endpoint validation by @anthonyshew in vercel/turborepo#12954

release(turborepo): 2.9.15 by @github-actions[bot] in vercel/turborepo#12955

fix: Avoid hanging PTY shutdown by @anthonyshew in vercel/turborepo#12958

fix: Retry npm tlog publish failures by @anthonyshew in vercel/turborepo#12959

release(turborepo): 2.9.16-canary.1 by @anthonyshew in vercel/turborepo#12960

New Contributors

@adityasingh2400 made their first contribution in vercel/turborepo#12932

@mvanhorn made their first contribution in vercel/turborepo#12948

@christopherkindl made their first contribution in vercel/turborepo#12952

Full Changelog: vercel/turborepo@v2.9.15-canary.7...v2.9.16-canary.2

Turborepo v2.9.15

... (truncated)

Commits

5e2d466 publish 2.9.16 to registry
b4aa626 fix: Don't delete existing .git when using --no-git flag (#12968)
7952b46 fix: Preserve nested Bun dependency versions (#12965)
5e5b248 release(turborepo): 2.9.16-canary.2 (#12961)
3b1b6e9 Revert "fix: Preserve nested Bun dependency versions" (#12964)
8d4eaf8 fix: Preserve nested Bun dependency versions (#12963)
2284fa9 release(turborepo): 2.9.16-canary.1 (#12960)
5317f65 fix: Retry npm tlog publish failures (#12959)
52e81bd fix: Avoid hanging PTY shutdown (#12958)
c85d410 release(turborepo): 2.9.15 (#12955)
Additional commits viewable in compare view

Updates next from 15.5.18 to 15.5.19

Release notes

Sourced from next's releases.

15.5.19

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[15.5.x] Don't drop FormData entries (#94244)

Other

[15.5.x] Fix CI (#94281)

Credits

Huge thanks to @eps1lon for helping!

Commits

837635b v15.5.19
See full diff in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @unstubbable)

Commits

6117d7c Version 19.2.7 (#36591)
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.2.15 to 19.2.16

Commits

See full diff in compare view

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @unstubbable)

Commits

6117d7c Version 19.2.7 (#36591)
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates @types/react from 19.2.15 to 19.2.16

Commits

See full diff in compare view

Updates eslint-config-next from 15.5.18 to 15.5.19

Release notes

Sourced from eslint-config-next's releases.

15.5.19

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[15.5.x] Don't drop FormData entries (#94244)

Other

[15.5.x] Fix CI (#94281)

Credits

Huge thanks to @eps1lon for helping!

Commits

837635b v15.5.19
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the patch-updates group with 6 updates: | Package | From | To | | --- | --- | --- | | [turbo](https://github.com/vercel/turborepo) | `2.9.14` | `2.9.16` | | [next](https://github.com/vercel/next.js) | `15.5.18` | `15.5.19` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.15` | `19.2.16` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` | | [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `15.5.18` | `15.5.19` | Updates `turbo` from 2.9.14 to 2.9.16 - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.9.14...v2.9.16) Updates `next` from 15.5.18 to 15.5.19 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.18...v15.5.19) Updates `react` from 19.2.6 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react) Updates `@types/react` from 19.2.15 to 19.2.16 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `react-dom` from 19.2.6 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom) Updates `@types/react` from 19.2.15 to 19.2.16 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `eslint-config-next` from 15.5.18 to 15.5.19 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/commits/v15.5.19/packages/eslint-config-next) --- updated-dependencies: - dependency-name: turbo dependency-version: 2.9.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: next dependency-version: 15.5.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: react dependency-version: 19.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@types/react" dependency-version: 19.2.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: react-dom dependency-version: 19.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@types/react" dependency-version: 19.2.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: eslint-config-next dependency-version: 15.5.19 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-03T02:45:55Z

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-06-03T02:46:18Z

✅ cargo audit

�[1m�[32m    Updating�[0m crates.io index
�[1m�[32m     Locking�[0m 188 packages to latest compatible versions
�[1m�[36m      Adding�[0m arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m crypto-common v0.1.6 �[1m�[33m(available: v0.1.7)�[0m
�[1m�[36m      Adding�[0m derive_arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m soroban-builtin-sdk-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-common v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-guest v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-host v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-sdk v23.5.3 �[1m�[33m(available: v25.3.0)�[0m
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 1102 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (192 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m derivative
�[0m�[0m�[1m�[33mVersion:  �[0m 2.2.0
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m `derivative` is unmaintained; consider using an alternative
�[0m�[0m�[1m�[33mDate:     �[0m 2024-06-26
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mDependency tree:
�[0mderivative 2.2.0
├── ark-poly 0.4.2
│   └── ark-ec 0.4.2
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── ark-bls12-381 0.4.0
│           └── soroban-env-host 23.0.1
├── ark-ff 0.4.2
│   ├── soroban-env-host 23.0.1
│   ├── ark-poly 0.4.2
│   ├── ark-ec 0.4.2
│   └── ark-bls12-381 0.4.0
└── ark-ec 0.4.2

�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
├── wasmi_core 0.13.0
│   └── soroban-wasmi 0.31.1-soroban.20.0.1
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── soroban-env-common 23.0.1
│           ├── soroban-sdk-macros 23.5.3
│           │   └── soroban-sdk 23.5.3
│           ├── soroban-ledger-snapshot 23.5.3
│           ├── soroban-env-host 23.0.1
│           └── soroban-env-guest 23.0.1
│               └── soroban-sdk 23.5.3
└── ark-ff 0.4.2
    ├── soroban-env-host 23.0.1
    ├── ark-poly 0.4.2
    │   └── ark-ec 0.4.2
    │       ├── soroban-env-host 23.0.1
    │       └── ark-bls12-381 0.4.0
    │           └── soroban-env-host 23.0.1
    ├── ark-ec 0.4.2
    └── ark-bls12-381 0.4.0

�[0m�[0m�[1m�[33mwarning:�[0m 2 allowed warnings found

github-actions · 2026-06-03T02:46:20Z

🔍 Vercel Preview Deployment

URL: Learn More: https://err.sh/vercel/no-credentials-found

Uses Stellar testnet contract addresses.

github-actions · 2026-06-03T02:46:21Z

❌ pnpm audit

┌─────────────────────┬────────────────────────────────────────────────────────┐
│ critical            │ When Vitest UI server is listening, arbitrary file can │
│                     │ be read and executed                                   │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ vitest                                                 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <4.1.0                                                 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=4.1.0                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ apps/web > @vitest/coverage-v8@2.1.9 > vitest@2.1.9    │
│                     │                                                        │
│                     │ apps/web > vitest@2.1.9                                │
│                     │                                                        │
│                     │ packages/stellar > vitest@2.1.9                        │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-5xrq-8626-4rwp      │
└─────────────────────┴────────────────────────────────────────────────────────┘
5 vulnerabilities found
Severity: 4 moderate | 1 critical

github-actions Bot merged commit fb2e059 into main Jun 3, 2026
8 of 12 checks passed

dependabot Bot deleted the dependabot/npm_and_yarn/patch-updates-3ac8de212b branch June 3, 2026 02:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the patch-updates group with 6 updates#449

chore(deps): bump the patch-updates group with 6 updates#449
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/patch-updates-3ac8de212b

dependabot Bot commented on behalf of github Jun 3, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 3, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jun 3, 2026

Uh oh!

github-actions Bot commented Jun 3, 2026

Uh oh!

github-actions Bot commented Jun 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 3, 2026

Turborepo v2.9.16

What's Changed

Changelog

Turborepo v2.9.16-canary.2

What's Changed

Changelog

New Contributors

Turborepo v2.9.15

15.5.19

Core Changes

Other

Credits

19.2.7 (June 1st, 2026)

React Server Components

19.2.7 (June 1st, 2026)

React Server Components

15.5.19

Core Changes

Other

Credits

Uh oh!

dependabot Bot commented on behalf of github Jun 3, 2026

Labels

Uh oh!

Uh oh!

github-actions Bot commented Jun 3, 2026

✅ cargo audit

Uh oh!

github-actions Bot commented Jun 3, 2026

🔍 Vercel Preview Deployment

Uh oh!

github-actions Bot commented Jun 3, 2026

❌ pnpm audit

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants