Skip to content

build(deps): Bump the npm-production group across 1 directory with 10 updates#32

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-beeb7075f4
Open

build(deps): Bump the npm-production group across 1 directory with 10 updates#32
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-beeb7075f4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-production group with 9 updates in the / directory:

Package From To
@tanstack/react-query 5.100.14 5.101.2
@trpc/client 11.17.0 11.18.0
@trpc/react-query 11.17.0 11.18.0
better-auth 1.6.12 1.6.23
next 16.2.6 16.2.10
pg 8.21.0 8.22.0
pg-boss 12.18.2 12.25.1
react 19.2.6 19.2.7
react-dom 19.2.6 19.2.7

Updates @tanstack/react-query from 5.100.14 to 5.101.2

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.2

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.2

@​tanstack/react-query-persist-client@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.2
    • @​tanstack/react-query@​5.101.2

@​tanstack/react-query@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.2

@​tanstack/react-query-devtools@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-next-experimental@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-persist-client@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query@​5.101.1

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.2

5.101.1

Patch Changes

  • Updated dependencies [9eff92e]:
    • @​tanstack/query-core@​5.101.1

5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0
Commits
  • 610e8d1 ci: Version Packages (#10996)
  • 1f84256 docs: document the select typing caveat for parallel-queries hooks (#10984)
  • b809297 ci: Version Packages (#10977)
  • ccc843e test({react,preact}-query/useQueries): move type-only tests to 'useQueries.te...
  • 4154613 test({react,preact}-query/useMutation): split 'should handle conditional logi...
  • 8bb5fde test({react,preact}-query/useMutation): split 'should pass meta to mutation' ...
  • 87426a3 test(react-query): replace deprecated 'toBeCalledTimes' with 'toHaveBeenCalle...
  • feb1efd test(*): move 'vi.useRealTimers' to the end of 'afterEach' so cleanup runs un...
  • f3d8d2a ci: Version Packages (#10774)
  • 532bb29 fix(tests): disable local coverage instrumentation (#10776)
  • See full diff in compare view

Updates @trpc/client from 11.17.0 to 11.18.0

Release notes

Sourced from @​trpc/client's releases.

v11.18.0

What's Changed

New Contributors

Full Changelog: trpc/trpc@v11.17.0...v11.18.0

Commits

Updates @trpc/react-query from 11.17.0 to 11.18.0

Release notes

Sourced from @​trpc/react-query's releases.

v11.18.0

What's Changed

New Contributors

Full Changelog: trpc/trpc@v11.17.0...v11.18.0

Commits

Updates @trpc/server from 11.17.0 to 11.18.0

Release notes

Sourced from @​trpc/server's releases.

v11.18.0

What's Changed

New Contributors

Full Changelog: trpc/trpc@v11.17.0...v11.18.0

Commits

Updates better-auth from 1.6.12 to 1.6.23

Release notes

Sourced from better-auth's releases.

v1.6.23

better-auth

Features

  • Added Yandex as a social OAuth provider (#9138)

For detailed changes, see CHANGELOG

@better-auth/drizzle-adapter

Bug Fixes

  • Fixed affected row counting for D1 and postgres-js adapters (#10257)

For detailed changes, see CHANGELOG

@better-auth/stripe

Bug Fixes

  • Fixed organization subscription actions (cancel, upgrade, restore, and the billing portal) that could act on the wrong organization.

For detailed changes, see CHANGELOG

auth

Bug Fixes

  • Fixed string default values not being properly escaped in the generated Drizzle schema (#10259)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​bytaesu, @​vladflotsky

Full changelog: v1.6.22...v1.6.23

v1.6.22

better-auth

Bug Fixes

  • Fixed unproven credentials not being revoked during magic link and email OTP sign-in (#10239)
  • Fixed server-side OAuth requests to refuse redirect responses instead of following them (#10241)

For detailed changes, see CHANGELOG

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.23

Patch Changes

  • #9138 8581f97 Thanks @​vladflotsky! - Add a pre-configured Yandex provider helper for the generic OAuth plugin.

  • Updated dependencies [930b260]:

    • @​better-auth/drizzle-adapter@​1.6.23
    • @​better-auth/core@​1.6.23
    • @​better-auth/kysely-adapter@​1.6.23
    • @​better-auth/memory-adapter@​1.6.23
    • @​better-auth/mongo-adapter@​1.6.23
    • @​better-auth/prisma-adapter@​1.6.23
    • @​better-auth/telemetry@​1.6.23

1.6.22

Patch Changes

  • #10239 c06a56d Thanks @​gustavovalverde! - Magic-link and email-OTP sign-in now reset the credentials on an account whose email had never been confirmed. When verification resolves to such an account, any existing password on it is removed and its sessions are revoked before the user is signed in, so proven control of the mailbox is the source of truth for the account.

    If you signed up with email and password but first signed in through a magic link or email OTP rather than confirming the verification email, your password is cleared and you will need to set a new one through password reset.

  • #10240 3a035e9 Thanks @​gustavovalverde! - Add account-level lockout for two-factor verification. The attempt limit applies per account across sign-in challenges and across factors: TOTP, email-OTP, and backup codes share one counter, and a successful verification resets it.

    Enabled by default: an account locks for 15 minutes after 10 consecutive failed verifications, and locked attempts return 429 with the ACCOUNT_TEMPORARILY_LOCKED error code. Configure it with twoFactor({ accountLockout: { enabled, maxFailedAttempts, durationSeconds } }).

    Run a database migration after upgrading: this adds failedVerificationCount and lockedUntil columns to the twoFactor table.

  • Updated dependencies [8bd43d9]:

    • @​better-auth/core@​1.6.22
    • @​better-auth/drizzle-adapter@​1.6.22
    • @​better-auth/kysely-adapter@​1.6.22
    • @​better-auth/memory-adapter@​1.6.22
    • @​better-auth/mongo-adapter@​1.6.22
    • @​better-auth/prisma-adapter@​1.6.22
    • @​better-auth/telemetry@​1.6.22

1.6.21

Patch Changes

  • #10212 e0762a1 Thanks @​bytaesu! - In root-mounted deployments, requests whose path does not start with the configured basePath now return 404 instead of resolving to an endpoint.

  • #10187 882cf9e Thanks @​ping-maxwell! - Admin permission changes and bans now take effect immediately for admin APIs, even when session cookie cache is enabled. Sensitive session checks also continue to work in stateless apps where signed cookies are the session record.

  • #9939 f52e1ab Thanks @​benpsnyder! - fixes a bug causing deviceAuthorization() throwing a ZodError at construction when called without a schema option

  • #10196 b5bec19 Thanks @​Paola3stefania! - OAuth sign-up and account-link profile sync now ignore provider profile values for user fields marked input: false. Input-allowed additional fields still persist from mapProfileToUser, and schema defaults still apply when OAuth creates a user. Apps that used mapProfileToUser to fill input: false fields should set those fields in server-side provisioning code instead.

... (truncated)

Commits

Updates next from 16.2.6 to 16.2.10

Release notes

Sourced from next's releases.

v16.2.10

Contains no changes except publishing @next/swc-wasm-web which was accidentally not published since 16.2.4.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

Commits

Updates pg from 8.21.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

Commits

Updates pg-boss from 12.18.2 to 12.25.1

Release notes

Sourced from pg-boss's releases.

12.25.1

What's Changed

Full Changelog: timgit/pg-boss@12.25.0...12.25.1

12.25.0

What's Changed

New: update()

Update the payload and/or options of one or more not-yet-active jobs (state created or retry). Terminal or active jobs can't be touched.

  • Target with exactly one of options.id (single job) or options.singletonKey (jobs sharing a key).
  • Partial updates — only the fields you supply change; omitted options keep their current values. Pass just data to replace the payload without disturbing startAfter, priority, retry settings, etc. Pass undefined for data to edit options only; null clears it.
  • singletonKey and the throttle slot (singletonOn) are always preserved.
  • When several pre-active jobs share a key, options.match picks which are updated by createdOn: newest (default), oldest, or all.
  • If an updated job becomes runnable on a LISTEN/NOTIFY-enabled queue, a wake-up notification fires so idle workers pick it up promptly.
  • Returns { jobs, updated }.
// by id
await boss.update('email', { to: 'a@b.co' }, { id: jobId })
// by singletonKey — overwrite the queued job with the latest body
await boss.update('article', { articleId: 42, body: '…latest…' }, { singletonKey: 'article-42' })
// object overload; data optional
await boss.update({ name: 'article', options: { singletonKey: 'article-42', priority: 5 } })

Updatable fields: data, priority, startAfter, retryLimit, retryDelay, retryBackoff, retryDelayMax, expireInSeconds, retentionSeconds, deleteAfterSeconds, deadLetter, heartbeatSeconds, group.

New: upsert()

Update-or-insert in one call: it runs update() first, and if nothing matched, falls back to insert(). Same targeting and match semantics as update(). When matching by id, the inserted job is created with that id.

  • Returns { jobs, updated, inserted } — on a hit, updated reflects the change and inserted is 0; on a miss, inserted is 1 and jobs holds the new id.
  • Object overload supported, mirroring update().
// ensure exactly one queued job carries the latest article body
await boss.upsert('article', { articleId: 42, body: '…latest…' }, { singletonKey: 'article-42' })

Type fixes

  • Fix public type for spies
  • Dropped obsolete keepUntil insertion-time type

... (truncated)

Commits

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Changelog

Sourced from react's changelog.

19.2.7 (June 1, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

Changelog

Sourced from react-dom's changelog.

19.2.7 (June 1, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


@dependabot @github

dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel

vercel Bot commented Jun 21, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
autonomous-ehs-management Ready Ready Preview, Comment Jul 5, 2026 10:28am

… updates

Bumps the npm-production group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.14` | `5.101.2` |
| [@trpc/client](https://github.com/trpc/trpc/tree/HEAD/packages/client) | `11.17.0` | `11.18.0` |
| [@trpc/react-query](https://github.com/trpc/trpc/tree/HEAD/packages/react) | `11.17.0` | `11.18.0` |
| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.6.12` | `1.6.23` |
| [next](https://github.com/vercel/next.js) | `16.2.6` | `16.2.10` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.21.0` | `8.22.0` |
| [pg-boss](https://github.com/timgit/pg-boss) | `12.18.2` | `12.25.1` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |



Updates `@tanstack/react-query` from 5.100.14 to 5.101.2
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.2/packages/react-query)

Updates `@trpc/client` from 11.17.0 to 11.18.0
- [Release notes](https://github.com/trpc/trpc/releases)
- [Commits](https://github.com/trpc/trpc/commits/v11.18.0/packages/client)

Updates `@trpc/react-query` from 11.17.0 to 11.18.0
- [Release notes](https://github.com/trpc/trpc/releases)
- [Commits](https://github.com/trpc/trpc/commits/v11.18.0/packages/react)

Updates `@trpc/server` from 11.17.0 to 11.18.0
- [Release notes](https://github.com/trpc/trpc/releases)
- [Commits](https://github.com/trpc/trpc/commits/v11.18.0/packages/server)

Updates `better-auth` from 1.6.12 to 1.6.23
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.6.23/packages/better-auth)

Updates `next` from 16.2.6 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v16.2.6...v16.2.10)

Updates `pg` from 8.21.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `pg-boss` from 12.18.2 to 12.25.1
- [Release notes](https://github.com/timgit/pg-boss/releases)
- [Commits](timgit/pg-boss@12.18.2...12.25.1)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

---
updated-dependencies:
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.101.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: "@trpc/client"
  dependency-version: 11.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: "@trpc/react-query"
  dependency-version: 11.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: "@trpc/server"
  dependency-version: 11.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: better-auth
  dependency-version: 1.6.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: next
  dependency-version: 16.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: pg-boss
  dependency-version: 12.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-beeb7075f4 branch from ad18ef6 to e0a8e83 Compare July 5, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants