Skip to content

build(deps): Bump the production-dependencies group across 1 directory with 9 updates#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-77ef595caa
Open

build(deps): Bump the production-dependencies group across 1 directory with 9 updates#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-77ef595caa

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 21, 2026
edited
Loading

Bumps the production-dependencies group with 9 updates in the / directory:

Package From To
@supabase/supabase-js 2.99.3 2.106.1
hono 4.12.8 4.12.21
tsx 4.21.0 4.22.3
@remotion/cli 4.0.438 4.0.464
@remotion/player 4.0.438 4.0.464
react 19.2.4 19.2.6
react-dom 19.2.4 19.2.6
remotion 4.0.438 4.0.464
@supabase/ssr 0.6.1 0.10.3

Updates @supabase/supabase-js from 2.99.3 to 2.106.1

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.1

2.106.1 (2026-05-20)

🩹 Fixes

  • auth: encode client-id in oauth requests (#2383)
  • misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

v2.106.1-canary.1

2.106.1-canary.1 (2026-05-20)

🩹 Fixes

  • misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

v2.106.1-canary.0

2.106.1-canary.0 (2026-05-20)

🩹 Fixes

  • auth: encode client-id in oauth requests (#2383)

❤️ Thank You

v2.106.1-beta.3

2.106.1-beta.3 (2026-05-20)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.106.1 (2026-05-20)

🩹 Fixes

  • misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

2.106.0 (2026-05-18)

🚀 Features

  • supabase: W3C/OpenTelemetry trace context propagation (#2163)

🩹 Fixes

  • release: mark @​supabase/tracing private and snapshot it for JSR (#2370)

❤️ Thank You

  • Claude Sonnet 4.5
  • Guilherme Souza
  • Katerina Skroumpelou @​mandarini

2.105.4 (2026-05-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.105.2 (2026-05-04)

🩹 Fixes

  • auth: forward lockAcquireTimeout to SupabaseAuthClient (#2309)
  • misc: widen enum-like unions with (string & {}) for forward compat (#2303)

❤️ Thank You

2.105.1 (2026-04-28)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.105.0 (2026-04-27)

🚀 Features

  • auth: add passkey support with WebAuthn registration, authentication, and management (#2283)

... (truncated)

Commits

Updates hono from 4.12.8 to 4.12.21

Release notes

Sourced from hono's releases.

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

Affects: hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5

Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Affects: hono/cookie. Fixes missing validation of sameSite and priority options against injection characters (;, \r, \n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x

JWT middleware accepts any Authorization scheme, not only Bearer

Affects: hono/jwt, hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474

Users who use app.mount(), hono/ip-restriction, hono/cookie, or hono/jwt/hono/jwk are encouraged to upgrade to this version.

v4.12.20

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.19...v4.12.20

v4.12.19

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.18...v4.12.19

... (truncated)

Commits

Updates tsx from 4.21.0 to 4.22.3

Release notes

Sourced from tsx's releases.

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

  • decode typed loader source (dce02fc)
  • preserve entrypoint with TypeScript preload hooks (68f72f3)

This release is also available on:

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

  • preserve CJS JSON require in ESM hooks (35b700b)
  • preserve named exports from CommonJS TypeScript (11de737)
  • support module.exports require(esm) interop (cf8f199)

This release is also available on:

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

  • resolve tsconfig path aliases containing a colon (#780) (6979f28)

This release is also available on:

v4.22.0

4.22.0 (2026-05-14)

Features

This release is also available on:

... (truncated)

Commits
  • dce02fc fix: decode typed loader source
  • 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
  • 69455cf test: cover package exports for ambiguous ESM reexports
  • 35b700b fix: preserve CJS JSON require in ESM hooks
  • ef807db chore: update testing dependencies
  • 3917090 test: document compatibility test taxonomy
  • de8113f refactor: centralize Node capability facts
  • c1f62db test: consolidate tsconfig path edge coverage
  • 4e08174 test: consolidate loader hook coverage
  • 674bb30 test: consolidate tsImport commonjs mts coverage
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.


Updates @remotion/cli from 4.0.438 to 4.0.464

Release notes

Sourced from @​remotion/cli's releases.

v4.0.464

What's Changed

Templates

Internals

Docs

Internal

Full Changelog: remotion-dev/remotion@v4.0.463...v4.0.464

v4.0.463

What's Changed

... (truncated)

Commits
  • 27a425d v4.0.464
  • 6d7d85b Merge pull request #7475 from remotion-dev/clean/timeline-show-in-timeline-fi...
  • 8079340 @remotion/studio: Consolidate timeline showInTimeline filtering
  • f9dc7f5 Merge pull request #7473 from remotion-dev/cursor/8adf9f09
  • 0180c25 Merge pull request #7472 from remotion-dev/cursor/90237755
  • e1d0219 @remotion/rive: Draw + flush synchronously so the first paint isn't empty
  • 05b029f @remotion/rive: Forward auto-injected stack prop through to <Sequence>
  • 9a93120 fix(studio): widen timeline field labels and drop layout tests
  • 5b1c406 fix(studio): align timeline field values across nesting depths
  • 364e581 fix(studio): render effects below sequence control fields
  • Additional commits viewable in compare view

Updates @remotion/player from 4.0.438 to 4.0.464

Release notes

Sourced from @​remotion/player's releases.

v4.0.464

What's Changed

Templates

Internals

Docs

Internal

Full Changelog: remotion-dev/remotion@v4.0.463...v4.0.464

v4.0.463

What's Changed

... (truncated)

Commits
  • 27a425d v4.0.464
  • 6d7d85b Merge pull request #7475 from remotion-dev/clean/timeline-show-in-timeline-fi...
  • 8079340 @remotion/studio: Consolidate timeline showInTimeline filtering
  • f9dc7f5 Merge pull request #7473 from remotion-dev/cursor/8adf9f09
  • 0180c25 Merge pull request #7472 from remotion-dev/cursor/90237755
  • e1d0219 @remotion/rive: Draw + flush synchronously so the first paint isn't empty
  • 05b029f @remotion/rive: Forward auto-injected stack prop through to <Sequence>
  • 9a93120 fix(studio): widen timeline field labels and drop layout tests
  • 5b1c406 fix(studio): align timeline field values across nesting depths
  • 364e581 fix(studio): render effects below sequence control fields
  • Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits

Updates react-dom from 19.2.4 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits

Updates remotion from 4.0.438 to 4.0.464

Release notes

Sourced from remotion's releases.

v4.0.464

What's Changed

Templates

Internals

Docs

Internal

Full Changelog: remotion-dev/remotion@v4.0.463...v4.0.464

v4.0.463

What's Changed

... (truncated)

Commits
  • 27a425d v4.0.464
  • 6d7d85b Merge pull request #7475 from remotion-dev/clean/timeline-show-in-timeline-fi...
  • 8079340 @remotion/studio: Consolidate timeline showInTimeline filtering
  • f9dc7f5 Merge pull request #7473 from remotion-dev/cursor/8adf9f09
  • 0180c25 Merge pull request #7472 from remotion-dev/cursor/90237755
  • e1d0219 @remotion/rive: Draw + flush synchronously so the first paint isn't empty
  • 05b029f @remotion/rive: Forward auto-injected stack prop through to <Sequence>
  • 9a93120 fix(studio): widen timeline field labels and drop layout tests
  • 5b1c406 fix(studio): align timeline field values across nesting depths
  • 364e581 fix(studio): render effects below sequence control fields
  • Additional commits viewable in compare view

Updates @supabase/ssr from 0.6.1 to 0.10.3

Release notes

Sourced from @​supabase/ssr's releases.

v0.10.3

0.10.3 (2026-05-07)

Bug Fixes

  • allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
  • enable tree-shaking for browser bundles (#216) (f009d71)
  • tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
  • validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

v0.10.3-rc.101

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.100...v0.10.3-rc.101

v0.10.3-rc.100

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.98...v0.10.3-rc.100

v0.10.3-rc.98

What's Changed

Full Changelog: supabase/ssr@v0.10.3-rc.96...v0.10.3-rc.98

v0.10.3-rc.96

What's Changed

@dependabot dependabot Bot requested a review from masonwyatt23 as a code owner May 21, 2026 07:36
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 21, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
binary-scanner Error Error May 21, 2026 9:28pm

Request Review

@dependabot dependabot Bot changed the title build(deps): Bump the production-dependencies group with 9 updates build(deps): Bump the production-dependencies group across 1 directory with 9 updates May 21, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-77ef595caa branch from 8fea940 to 24fcd8d Compare May 21, 2026 21:04
@dependabot
build(deps): Bump the production-dependencies group across 1 director…
fac147a 
…y with 9 updates

Bumps the production-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.99.3` | `2.106.1` |
| [hono](https://github.com/honojs/hono) | `4.12.8` | `4.12.21` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.3` |
| [@remotion/cli](https://github.com/remotion-dev/remotion) | `4.0.438` | `4.0.464` |
| [@remotion/player](https://github.com/remotion-dev/remotion) | `4.0.438` | `4.0.464` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.6` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.6` |
| [remotion](https://github.com/remotion-dev/remotion) | `4.0.438` | `4.0.464` |
| [@supabase/ssr](https://github.com/supabase/ssr) | `0.6.1` | `0.10.3` |



Updates `@supabase/supabase-js` from 2.99.3 to 2.106.1
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.106.1/packages/core/supabase-js)

Updates `hono` from 4.12.8 to 4.12.21
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.8...v4.12.21)

Updates `tsx` from 4.21.0 to 4.22.3
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.21.0...v4.22.3)

Updates `@remotion/cli` from 4.0.438 to 4.0.464
- [Release notes](https://github.com/remotion-dev/remotion/releases)
- [Commits](remotion-dev/remotion@v4.0.438...v4.0.464)

Updates `@remotion/player` from 4.0.438 to 4.0.464
- [Release notes](https://github.com/remotion-dev/remotion/releases)
- [Commits](remotion-dev/remotion@v4.0.438...v4.0.464)

Updates `react` from 19.2.4 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom)

Updates `remotion` from 4.0.438 to 4.0.464
- [Release notes](https://github.com/remotion-dev/remotion/releases)
- [Commits](remotion-dev/remotion@v4.0.438...v4.0.464)

Updates `@supabase/ssr` from 0.6.1 to 0.10.3
- [Release notes](https://github.com/supabase/ssr/releases)
- [Changelog](https://github.com/supabase/ssr/blob/main/CHANGELOG.md)
- [Commits](supabase/ssr@v0.6.1...v0.10.3)

---
updated-dependencies:
- dependency-name: "@remotion/cli"
  dependency-version: 4.0.464
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@remotion/player"
  dependency-version: 4.0.464
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@supabase/ssr"
  dependency-version: 0.10.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.106.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: hono
  dependency-version: 4.12.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: remotion
  dependency-version: 4.0.464
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: tsx
  dependency-version: 4.22.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-77ef595caa branch from 24fcd8d to fac147a Compare May 21, 2026 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@masonwyatt23 masonwyatt23 Awaiting requested review from masonwyatt23 masonwyatt23 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants