build(deps): bump the dependencies group with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates:

Package	From	To
@aws-sdk/client-s3	3.1026.0	3.1027.0
better-auth	1.6.0	1.6.1
next	16.2.1-canary.26	16.2.1-canary.29
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
@playwright/test	1.60.0-alpha-1775584683000	1.60.0-alpha-1775674864000

Updates @aws-sdk/client-s3 from 3.1026.0 to 3.1027.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1027.0

3.1027.0(2026-04-08)

New Features

• clients: update client endpoints as of 2026-04-08 (88eb6682)
• client-outposts: Add AWS Outposts APIs to view renewal pricing options and submit renewal requests for Outpost contracts (ba6c2a7e)
• client-ecr: Add UnableToListUpstreamImageReferrersException in ListImageReferrers (459df0bc)
• client-backup: Adding EKS specific backup vault notification types for AWS Backup. (c5badfde)
• client-marketplace-discovery: AWS Marketplace Discovery API provides an interface that enables programmatic access to the AWS Marketplace catalog, including searching and browsing listings, retrieving product details and fulfillment options, and accessing public and private offer pricing and terms. (1523d996)
• client-ivs-realtime: Adds support for Amazon IVS real-time streaming redundant ingest. (1a8caf9e)
• client-medialive: MediaLive is adding support for MediaConnect Router by supporting a new output type called MEDIACONNECT ROUTER. This new output type will provide seamless encrypted transport between your MediaLive channel and MediaConnect Router. (9d257a3f)
• client-drs: This changes adds support for modifying the replication configuration to support data replication using IPv6. (b2cd4452)

---

For list of updated packages, view updated-packages.md in assets-3.1027.0.zip

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1027.0 (2026-04-08)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• 690d8d4 Publish v3.1027.0
• See full diff in compare view

Updates better-auth from 1.6.0 to 1.6.1

Release notes

Sourced from better-auth's releases.

v1.6.1

Install: npm i better-auth@latest

Core

• endpoint instrumentation to always use route template (#9023) by @​jonathansamines
• restore getSession accessibility in generic Auth context (#9017) by @​bytaesu
• Update endpoint instrumentation to always use endpoint routes
• use INVALID_PASSWORD for all checkPassword failures (#8902) by @​ping-maxwell

Full changelog: v1.6.0...v1.6.1

Changelog

Sourced from better-auth's changelog.

1.6.1

Patch Changes

• #9023 2e537df Thanks @​jonathansamines! - Update endpoint instrumentation to always use endpoint routes

• #8902 f61ad1c Thanks @​ping-maxwell! - use INVALID_PASSWORD for all checkPassword failures

• #9017 7495830 Thanks @​bytaesu! - restore getSession accessibility in generic Auth context

• Updated dependencies []:

  • @​better-auth/core@​1.6.1
  • @​better-auth/drizzle-adapter@​1.6.1
  • @​better-auth/kysely-adapter@​1.6.1
  • @​better-auth/memory-adapter@​1.6.1
  • @​better-auth/mongo-adapter@​1.6.1
  • @​better-auth/prisma-adapter@​1.6.1
  • @​better-auth/telemetry@​1.6.1

Commits

• 85bb710 chore: version packages (#9018)
• 7495830 fix(api): restore getSession accessibility in generic Auth<O> context (#9017)
• 2e537df fix: endpoint instrumentation to always use route template (#9023)
• f61ad1c fix: use INVALID_PASSWORD for all checkPassword failures (#8902)
• See full diff in compare view

Updates next from 16.2.1-canary.26 to 16.2.1-canary.29

Release notes

Sourced from next's releases.

v16.2.1-canary.29

Core Changes

• Turbopack: switch from immutable token to path prefix: #92164
• [build info]: distinguish between PPR and fully static routes in gSP: #92518
• [build info]: omit symbol from top level gSP route: #92525

Misc Changes

• CI: Fix issue with conflicting 'engines.pnpm' field in next-stats-action: #92533
• Exclude use tests from react18 testing: #92542
• Fix React18 tests for unstable_io: #92543

Credits

Huge thanks to @​bgw, @​mischnic, @​gnoff, and @​ztanner for helping!

v16.2.1-canary.27

Core Changes

• fix: mention params and searchParams in blocking-route error messages: #92360
• CPU prof: Write profiles to .next-profiles instead of .next/cpu-profiles: #92078
• feat: generate root params types: #91019
• fix: resolve function configs in unstable_getResponseFromNextConfig: #92501
• Bundle skills/ directory into next/dist/skills: #92493
• Node.js streams: Fork points: #92252
• fix: replace docs/canary links with stable docs paths in error messages: #92528

Misc Changes

• CI: Remove unused dependencies from next-stats-action dockerfile: #92485
• docs: add note on React canary version to View transitions guide: #92315
• docs: note PPR default in cacheComponents reference: #92378
• Upgrade swc_core 57 -> 58, swc_sourcemap 9 -> 10, swc_plugin_runner 24 -> 25: #91532
• docs: instant-navs draft, samples for build validation: #91850
• docs: add middleware.mdx deprecation stub for discoverability: #92281
• docs: improve blocking-route error page for params discoverability: #92359
• docs: clarify cacheLife() cannot be called at module scope: #92326
• perf: use whole_app_module_graph for get_compilation_issues MCP tool: #92473
• Turbopack: Write trace file to .next-profiles: #92189
• Update Rspack development test manifest: #92502
• Update Rspack production test manifest: #92503
• CI: Use pnpm lockfile for next-stats-action: #92488
• docs: add note on installing server-only in data security guide: #92445
• CI: Use minimumReleaseAge in pnpm workspace files: #92480

Credits

Huge thanks to @​bgw, @​aurorascharff, @​lukesandberg, @​icyJoseph, @​timneutkens, @​sokra, @​vercel-release-bot, @​abhishekmardiya, @​bgub, @​TooTallNate, and @​gaojude for helping!

Commits

• 71228c4 v16.2.1-canary.29
• da1ec0d [build info]: omit symbol from top level gSP route (#92525)
• b5da7b7 [build info]: distinguish between PPR and fully static routes in gSP (#92518)
• fd34045 Fix React18 tests for unstable_io (#92543)
• de35327 Exclude use tests from react18 testing (#92542)
• 7ac7194 Turbopack: switch from immutable token to path prefix (#92164)
• 96f759d CI: Fix issue with conflicting 'engines.pnpm' field in next-stats-action (#92...
• cd01ca9 v16.2.1-canary.28
• bdf8bea Update React from 74568e86-20260328 to 404b38c7-20260408 (#92536)
• e22dc27 Add experimental unstable_io() API behind experimental.unstableIO flag (#92521)
• Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates @playwright/test from 1.60.0-alpha-1775584683000 to 1.60.0-alpha-1775674864000

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dcrs	Ready	Preview, Comment	Apr 8, 2026 11:57pm

[github-actions]

🪄 Deploy Preview for ready!

Learn more about StackBlitz Codeflow.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1e07a93.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

package.json

Package	Version	License	Issue Type
@aws-sdk/client-s3	^3.1027.0	Null	Unknown License
better-auth	^1.6.1	Null	Unknown License
react	^19.2.5	Null	Unknown License
react-dom	^19.2.5	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
npm/@aws-sdk/client-s3	^3.1027.0	Unknown	Unknown
npm/better-auth	^1.6.1	Unknown	Unknown
npm/react	^19.2.5	Unknown	Unknown
npm/react-dom	^19.2.5	Unknown	Unknown

Scanned Files

• package.json

[github-actions]

Overview

Image reference	marukome0743/dcrs:canary	marukome0743/dcrs:pr-1465
- digest	122e7150a906	4f69a8eabe90
- tag	canary	pr-1465
- provenance		1e07a93
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	80 MB	92 MB (+12 MB)
- packages	177	182 (+5)
Base Image	distroless/static:nonroot	distroless/static:nonroot
- vulnerabilities

Labels (3 changes)

• ± 3 changed
• 5 unchanged

-org.opencontainers.image.created=2026-04-08T00:07:00.717Z
+org.opencontainers.image.created=2026-04-08T23:57:00.699Z
 org.opencontainers.image.description=Disability Certificate Register System📇
 org.opencontainers.image.licenses=Apache-2.0
-org.opencontainers.image.revision=247aace5d669d4c181b083e471a6a0bad410d4ad
+org.opencontainers.image.revision=1e07a9349298b518f400bf0494572ffa21f6e45b
 org.opencontainers.image.source=https://github.com/OpenUp-LabTakizawa/dcrs
 org.opencontainers.image.title=dcrs
 org.opencontainers.image.url=https://github.com/OpenUp-LabTakizawa/dcrs
-org.opencontainers.image.version=canary
+org.opencontainers.image.version=pr-1465

Packages and Vulnerabilities (11 package changes and 1 vulnerability changes)

• ➕ 5 packages added
• ♾️ 6 packages changed
• 166 packages unchanged

• ✔️ 1 vulnerabilities removed

Changes for packages of type deb (5 changes)

	Package	Version marukome0743/dcrs:canary	Version marukome0743/dcrs:pr-1465
➕	gcc-14		14.2.0-19
➕	glibc		2.41-12+deb13u2
➕	libzstd		1.5.7+dfsg-1
➕	openssl		3.5.5-1~deb13u1
➕	zlib		1:1.3.dfsg+really1.3.1-1

Changes for packages of type npm (6 changes)

	Package	Version marukome0743/dcrs:canary	Version marukome0743/dcrs:pr-1465
♾️	@aws-sdk/client-s3	3.1026.0	3.1027.0
♾️	@next/env	16.2.1-canary.26	16.2.1-canary.29
♾️	next	16.2.1-canary.26	16.2.1-canary.29
♾️	react	19.2.4	19.2.5
♾️	react-dom	19.2.4	19.2.5
♾️	react-is	19.3.0-canary-74568e86-20260328	19.3.0-canary-404b38c7-20260408

[Marukome0743]