Skip to content

⬆️(deps): Bump the security-updates group across 1 directory with 5 updates#43

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/security-updates-2398b8c083
Closed

⬆️(deps): Bump the security-updates group across 1 directory with 5 updates#43
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/security-updates-2398b8c083

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026
edited
Loading

Bumps the security-updates group with 5 updates in the / directory:

Package From To
@sentry/nextjs 10.34.0 10.38.0
contentful 11.10.2 11.10.3
geist 1.5.1 1.7.0
lucide-react 0.562.0 0.563.0
shadcn 3.7.0 3.8.4

Updates @sentry/nextjs from 10.34.0 to 10.38.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.38.0

Important Changes

  • feat(tanstackstart-react): Auto-instrument request middleware (#18989)

The sentryTanstackStart Vite plugin now automatically instruments middleware arrays in createFileRoute(). This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

Other Changes

  • feat: Use v4.8.0 bundler plugins (#18993)
  • feat(browser): Add logs.metrics bundle (#19020)
  • feat(browser): Add replay.logs.metrics bundle (#19021)
  • feat(browser): Add tracing.replay.logs.metrics bundle (#19039)
  • feat(deps): bump import-in-the-middle from 2.0.1 to 2.0.6 (#19042)
  • feat(node): Add AI manual instrumentation exports to Node (#19063)
  • feat(wasm): initialised sentryWasmImages for webworkers (#18812)
  • fix(core): Classify custom AggregateErrors as exception groups (#19053)
  • fix(nextjs): Turn off debugID injection if sourcemaps are explicitly disabled (#19010)
  • fix(react): Avoid String(key) to fix Symbol conversion error (#18982)
  • fix(react): Prevent lazy route handlers from updating wrong navigation span (#18898)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.38.0

Important Changes

  • feat(tanstackstart-react): Auto-instrument request middleware (#18989)

    The sentryTanstackStart Vite plugin now automatically instruments middleware arrays in createFileRoute(). This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

Other Changes

  • feat: Use v4.8.0 bundler plugins (#18993)
  • feat(browser): Add logs.metrics bundle (#19020)
  • feat(browser): Add replay.logs.metrics bundle (#19021)
  • feat(browser): Add tracing.replay.logs.metrics bundle (#19039)
  • feat(deps): bump import-in-the-middle from 2.0.1 to 2.0.6 (#19042)
  • feat(node): Add AI manual instrumentation exports to Node (#19063)
  • feat(wasm): initialised sentryWasmImages for webworkers (#18812)
  • fix(core): Classify custom AggregateErrors as exception groups (#19053)
  • fix(nextjs): Turn off debugID injection if sourcemaps are explicitly disabled (#19010)
  • fix(react): Avoid String(key) to fix Symbol conversion error (#18982)
  • fix(react): Prevent lazy route handlers from updating wrong navigation span (#18898)

... (truncated)

Commits

Updates contentful from 11.10.2 to 11.10.3

Release notes

Sourced from contentful's releases.

v11.10.3

11.10.3 (2026-01-27)

Bug Fixes

  • deps: bump contentful-sdk-core version [DX-704] (#2631) (258aebf)
Commits

Updates geist from 1.5.1 to 1.7.0

Release notes

Sourced from geist's releases.

geist@1.7.0

We're excited to announce a new member to our font family: Geist Pixel

It's a display typeface family featuring five unique pixel-based variants, each with a distinct visual style. It is designed for decorative use in headlines, logos, and other display contexts where a pixelated aesthetic is desired.

It includes five distinct variants, each exported separately:

Export CSS Variable Description
GeistPixelSquare --font-geist-pixel-square Square pixel shapes
GeistPixelGrid --font-geist-pixel-grid Grid-based pixel pattern
GeistPixelCircle --font-geist-pixel-circle Circular pixel shapes
GeistPixelTriangle --font-geist-pixel-triangle Triangular pixel shapes
GeistPixelLine --font-geist-pixel-line Line-based pixel pattern 
import {
  GeistPixelSquare,
  GeistPixelGrid,
  GeistPixelCircle,
  GeistPixelTriangle,
  GeistPixelLine,
} from "geist/font/pixel";
Changelog

Sourced from geist's changelog.

1.7.0

Minor Changes

  • d7ef63c: We're excited to announce a new member to our font family: Geist Pixel

    It's a display typeface family featuring five unique pixel-based variants, each with a distinct visual style. It is designed for decorative use in headlines, logos, and other display contexts where a pixelated aesthetic is desired.

    It includes five distinct variants, each exported separately:

    Export CSS Variable Description
    GeistPixelSquare --font-geist-pixel-square Square pixel shapes
    GeistPixelGrid --font-geist-pixel-grid Grid-based pixel pattern
    GeistPixelCircle --font-geist-pixel-circle Circular pixel shapes
    GeistPixelTriangle --font-geist-pixel-triangle Triangular pixel shapes
    GeistPixelLine --font-geist-pixel-line Line-based pixel pattern 
    import {
  GeistPixelSquare,
  GeistPixelGrid,
  GeistPixelCircle,
  GeistPixelTriangle,
  GeistPixelLine,
} from "geist/font/pixel";
Commits
Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for geist since your current version.


Updates lucide-react from 0.562.0 to 0.563.0

Release notes

Sourced from lucide-react's releases.

Version 0.563.0

What's Changed

aria-hidden is by default added to icons components in all packages. This was already added to lucide-react before. Making icons accessible, you can add an aria-label or a title. See docs about accessibility.

All changes

New Contributors

Full Changelog: lucide-icons/lucide@0.562.0...0.563.0

Commits
  • 67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
  • b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
  • See full diff in compare view

Updates shadcn from 3.7.0 to 3.8.4

Release notes

Sourced from shadcn's releases.

shadcn@3.8.4

Patch Changes

shadcn@3.8.3

Patch Changes

shadcn@3.8.2

Patch Changes

shadcn@3.8.1

Patch Changes

shadcn@3.8.0

Minor Changes

Patch Changes

Changelog

Sourced from shadcn's changelog.

3.8.4

Patch Changes

3.8.3

Patch Changes

3.8.2

Patch Changes

3.8.1

Patch Changes

3.8.0

Minor Changes

Patch Changes

Commits
  • 0a2ad21 chore(release): version packages
  • be5b1bb feat: remove restricted blocks
  • b435e01 chore(deps): bump @​modelcontextprotocol/sdk from 1.17.2 to 1.26.0
  • c6dd35a chore(release): version packages
  • e006307 feat: add a test:apps script
  • a012542 fix: duplicate classes
  • d21c74f chore(release): version packages
  • 8d9be07 feat: update migrate radix command
  • aed9508 chore(release): version packages (#9503)
  • 2bf55c9 feat: add geist fonts (#9502)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
⬆️(deps): Bump the security-updates group across 1 directory with 5 u…
bb95319 
…pdates

Bumps the security-updates group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@sentry/nextjs](https://github.com/getsentry/sentry-javascript) | `10.34.0` | `10.38.0` |
| [contentful](https://github.com/contentful/contentful.js) | `11.10.2` | `11.10.3` |
| [geist](https://github.com/vercel/geist-font/tree/HEAD/packages/next) | `1.5.1` | `1.7.0` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.562.0` | `0.563.0` |
| [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `3.7.0` | `3.8.4` |



Updates `@sentry/nextjs` from 10.34.0 to 10.38.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.34.0...10.38.0)

Updates `contentful` from 11.10.2 to 11.10.3
- [Release notes](https://github.com/contentful/contentful.js/releases)
- [Commits](contentful/contentful.js@v11.10.2...v11.10.3)

Updates `geist` from 1.5.1 to 1.7.0
- [Release notes](https://github.com/vercel/geist-font/releases)
- [Changelog](https://github.com/vercel/geist-font/blob/main/packages/next/CHANGELOG.md)
- [Commits](https://github.com/vercel/geist-font/commits/geist@1.7.0/packages/next)

Updates `lucide-react` from 0.562.0 to 0.563.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.563.0/packages/lucide-react)

Updates `shadcn` from 3.7.0 to 3.8.4
- [Release notes](https://github.com/shadcn-ui/ui/releases)
- [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md)
- [Commits](https://github.com/shadcn-ui/ui/commits/shadcn@3.8.4/packages/shadcn)

---
updated-dependencies:
- dependency-name: "@sentry/nextjs"
  dependency-version: 10.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: contentful
  dependency-version: 11.10.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security-updates
- dependency-name: geist
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: lucide-react
  dependency-version: 0.563.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: shadcn
  dependency-version: 3.8.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 16, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Feb 16, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/security-updates-2398b8c083 branch February 16, 2026 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@zachlagden zachlagden

Labels

dependencies npm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zachlagden