Bump the dependencies group with 13 updates

[dependabot]

Bumps the dependencies group with 13 updates:

Package	From	To
@aws-sdk/client-s3	3.946.0	3.948.0
@sentry/nextjs	10.29.0	10.30.0
@types/pg	8.15.6	8.16.0
better-auth	1.4.5	1.4.6
bullmq	5.65.1	5.66.0
drizzle-orm	0.45.0	0.45.1
framer-motion	12.23.25	12.23.26
lucide-react	0.556.0	0.561.0
next	16.0.7	16.0.10
react	19.2.1	19.2.3
react-dom	19.2.1	19.2.3
react-email	5.0.5	5.0.8
resend	6.5.2	6.6.0

Updates @aws-sdk/client-s3 from 3.946.0 to 3.948.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.948.0

3.948.0(2025-12-09)

Chores

• middleware-recursion-detection: upgrade lambda-invoke-store dependency (#7559) (dbc65195)

New Features

• clients: update client endpoints as of 2025-12-09 (012e1f9a)
• client-mgn: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations. (a0a347c6)
• client-guardduty: Adding support for Ec2LaunchTemplate Version field (4903763d)
• client-appsync: Update Event API to require EventConfig parameter in creation and update requests. (6298ec44)
• client-route-53: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region (c21e90bc)
• client-account: This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition. (ae9e6fce)
• client-ivs-realtime: Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect. (db225910)

---

For list of updated packages, view updated-packages.md in assets-3.948.0.zip

v3.947.0

3.947.0(2025-12-08)

Chores

• codegen: service closure knowledge index (#7554) (731dbfef)
• core/client: emit warning for Node.js 18.x end-of-support (#7540) (fee7ba1d)

Documentation Changes

• add support policy section for Node.js/ECMAScript versions (#7556) (bf1f6e0b)

New Features

• clients: update client endpoints as of 2025-12-08 (7e0d61b2)
• client-cost-explorer: Add support for Cost Category resource associations including filtering by resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API. (011b4f65)
• client-sesv2: Update Mail Manager Archive ARN validation (18c203b2)
• client-redshift-serverless: Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages. (c3d27769)
• client-identitystore: Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support. (14887fde)
• client-rds: Adding support for tagging RDS Instance/Cluster Automated Backups (41b9a139)
• client-partnercentral-selling: Deal Sizing Service for AI-based deal size estimation with AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives. (867598e2)
• client-rolesanywhere: Increases certificate string length for trust anchor source data to support ML-DSA certificates. (481b863e)
• client-ec2: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a maximum frequency of 4.5 GHz. (229ff011)

Tests

• core/protocols: add test and additional condition for xml declaration (#7552) (c83c986a)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.948.0 (2025-12-09)

Note: Version bump only for package @​aws-sdk/client-s3

3.947.0 (2025-12-08)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• c6e71bf Publish v3.948.0
• 656bd00 Publish v3.947.0
• 731dbfe chore(codegen): service closure knowledge index (#7554)
• See full diff in compare view

Updates @sentry/nextjs from 10.29.0 to 10.30.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.30.0

• feat(nextjs): Deprecate Webpack top-level options (#18343)
• feat(node): Capture scope when event loop blocked (#18040)
• fix(aws-serverless): Remove hyphens from AWS-lambda origins (#18353)
• fix(core): Parse method from Request object in fetch (#18453)
• fix(react): Add transaction name guards for rapid lazy-route navigations (#18346)

• chore(ci): Fix double issue creation for unreferenced PRs (#18442)
• chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tests/test-applications/nextjs-15 (#18411)
• chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#18400)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#18399)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16-cacheComponents (#18427)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16-tunnel (#18439)
• chore(publish): Fix publish order for @sentry/types (#18429)
• ci(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#18362)

Bundle size 📦

Path	Size
@​sentry/browser	24.23 KB
@​sentry/browser - with treeshaking flags	22.76 KB
@​sentry/browser (incl. Tracing)	40.57 KB
@​sentry/browser (incl. Tracing, Profiling)	45.06 KB
@​sentry/browser (incl. Tracing, Replay)	78.09 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	68.07 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	82.66 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	94.61 KB
@​sentry/browser (incl. Feedback)	40.54 KB
@​sentry/browser (incl. sendFeedback)	28.8 KB
@​sentry/browser (incl. FeedbackAsync)	33.68 KB
@​sentry/react	25.9 KB
@​sentry/react (incl. Tracing)	42.73 KB
@​sentry/vue	28.58 KB
@​sentry/vue (incl. Tracing)	42.34 KB
@​sentry/svelte	24.24 KB
CDN Bundle	26.6 KB
CDN Bundle (incl. Tracing)	41.24 KB
CDN Bundle (incl. Tracing, Replay)	76.91 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	82.23 KB
CDN Bundle - uncompressed	78.16 KB
CDN Bundle (incl. Tracing) - uncompressed	122.45 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	235.76 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	248.23 KB
@​sentry/nextjs (client)	44.89 KB

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.30.0

• feat(nextjs): Deprecate Webpack top-level options (#18343)
• feat(node): Capture scope when event loop blocked (#18040)
• fix(aws-serverless): Remove hyphens from AWS-lambda origins (#18353)
• fix(core): Parse method from Request object in fetch (#18453)
• fix(react): Add transaction name guards for rapid lazy-route navigations (#18346)

• chore(ci): Fix double issue creation for unreferenced PRs (#18442)
• chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tests/test-applications/nextjs-15 (#18411)
• chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#18400)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#18399)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16-cacheComponents (#18427)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16-tunnel (#18439)
• chore(publish): Fix publish order for @sentry/types (#18429)
• ci(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#18362)

Commits

• 540dbef release: 10.30.0
• 90f9704 Merge pull request #18460 from getsentry/prepare-release/10.30.0
• cce2c81 meta(changelog): Update changelog for 10.30.0
• 741ad6a feat(node): Capture scope when event loop blocked (#18040)
• fd67c19 fix(core): Parse method from Request object in fetch (#18453)
• 8596086 fix(aws-serverless): Remove hyphens from AWS-lambda origins (#18353)
• 23c16fd chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-...
• 49facf2 chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-...
• ca146a5 chore(publish): Fix publish order for @sentry/types (#18429)
• c786fc5 chore(ci): Fix double issue creation for unreferenced PRs (#18442)
• Additional commits viewable in compare view

Updates @types/pg from 8.15.6 to 8.16.0

Commits

• See full diff in compare view

Updates better-auth from 1.4.5 to 1.4.6

Release notes

Sourced from better-auth's releases.

v1.4.6

   🚀 Features

• Add ctx.isTrustedDomain helper  -  by @​jonathansamines in better-auth/better-auth#6462 (197e8)
• Drizzle pg supports JSON  -  by @​dvanmali in better-auth/better-auth#6518 (59b61)
• Add Refresh Token Support to Kick OAuth Provider  -  by @​CesarRodrigu in better-auth/better-auth#6263 (e9543)
• admin: Prevent impersonating admins by default [breaking]  -  by @​jslno and @​Bekacru in better-auth/better-auth#6454 (9d452)
• expo: Last-login-method client plugin  -  by @​jslno and @​himself65 in better-auth/better-auth#6413 (b7d32)
• multi-session: Allow to infer additional fields  -  by @​jslno in better-auth/better-auth#6585 (812a6)
• organization: Allow invited users to see organization name  -  by @​GautamBytes and Copilot in better-auth/better-auth#6602 (cda99)
• sso: Use domain verified flag to trust providers automatically  -  by @​Paola3stefania (312fc)

   🐞 Bug Fixes

• Avoid throwing on client side  -  by @​landoncolburn and @​Bekacru in better-auth/better-auth#6361 (bd987)
• Export organization plugin types  -  by @​pffigueiredo in better-auth/better-auth#6490 (630c5)
• Prematurely deleting active sessions in secondary storage  -  by @​DevDuki in better-auth/better-auth#3885 (7d0a6)
• Pathname should be normalized when basePath is set to root  -  by @​Bekacru (126e4)
• Make sure non-chunked session data cookie is cleared  -  by @​Bekacru (aa2fb)
• Array field handling across adapters and schema generation  -  by @​ping-maxwell and @​Bekacru in better-auth/better-auth#6601 (6494d)
• StoreStateStrategy default to database if provided  -  by @​himself65 in better-auth/better-auth#6619 (49c6b)
• Should always remove 2FA verification token after successful verification  -  by @​delfortrie in better-auth/better-auth#6604 (c47b5)
• adapter:
  • Add logger creation in adapter factory  -  by @​ping-maxwell in better-auth/better-auth#6597 (99b4f)
  • Allow run internal adapter outside context  -  by @​himself65 in better-auth/better-auth#6617 (adb75)
• admin:
  • Clear admin session cookie on stopImpersonating  -  by @​jslno in better-auth/better-auth#6568 (8e6c6)
• cli:
  • secret generates empty  -  by @​himself65 in better-auth/better-auth#6504 (0ca6d)
  • Deduplicate drizzle schema relationships  -  by @​ping-maxwell in better-auth/better-auth#6547 (a501b)
• core:
  • Allow returning null in getUserInfo in provider options  -  by @​Zollerboy1 in better-auth/better-auth#6528 (d4957)
• db:
  • Correctly unwrap validator result in schema parsing  -  by @​GautamBytes in better-auth/better-auth#6488 (89030)
• deps:
  • Update dependency next to v16.0.7 [security]  -  in better-auth/better-auth#6501 (aeb0b)
  • Update dependency @​react-email/components to v1  -  in better-auth/better-auth#6600 (c4d27)
• kysely:
  • Wrong affected row count in updateMany & deleteMany  -  by @​jslno in better-auth/better-auth#6572 (df8be)
• magic-link:
  • Handle query params in errorCallbackUrl  -  by @​martinriviere in better-auth/better-auth#6383 (69b88)
• oidc:
  • Compatibility with exact-optional-property  -  by @​ping-maxwell in better-auth/better-auth#6502 (51e46)
• openapi:
  • Mark /get-session response as nullable  -  by @​GautamBytes in better-auth/better-auth#6540 (be00f)
• prisma:
  • Use findFirst instead of findMany for findOne  -  by @​Bekacru in better-auth/better-auth#6429 (d814c)
• saml:
  • Enforce trusted provider check  -  by @​Paola3stefania in better-auth/better-auth#6551 (816f1)
• sso:

... (truncated)

Commits

• f6f3752 chore: release v1.4.6
• 69b88f2 fix(magic-link): handle query params in errorCallbackUrl (#6383)
• 3e122f3 chore: cleanup account cookie and state on signout (#6624)
• 812a648 feat(multi-session): allow to infer additional fields (#6585)
• d814cdb fix(prisma): use findFirst instead of findMany for findOne (#6429)
• 9d4526b feat(admin): prevent impersonating admins by default [breaking] (#6454)
• df8be68 fix(kysely): wrong affected row count in updateMany & deleteMany (#6572)
• c47b559 fix: should always remove 2FA verification token after successful verificatio...
• b43205d fix(username): await username validator (#6611)
• 49c6bb2 fix: storeStateStrategy default to database if provided (#6619)
• Additional commits viewable in compare view

Updates bullmq from 5.65.1 to 5.66.0

Release notes

Sourced from bullmq's releases.

v5.66.0

5.66.0 (2025-12-11)

Features

• job: allow resetting attemptsMade and attemptsStarted attributes on retry (#3596) ref #2152 (241d847)

Commits

• 241d847 feat(job): allow resetting attemptsMade and attemptsStarted attributes on ret...
• 964707c chore(release): vex1.0.1 (#3599)
• 84e8745 fix(scheduler): add generated delayed job before processing current job [elix...
• 72111b6 docs: update first changelog version in new modules (#3597)
• d365bb3 feat: add php client library [php] (#3592)
• 6468a99 test: enhance local development [python] (#3594)
• 4038d01 chore(deps): lock file maintenance (#1945)
• ea99d21 ci: add renovate.json (#3595)
• dda8563 docs: update bullmq-pro changelog for version v7.40.3 (#3593)
• d962415 ci: upgrade dependencies of semantic-release (#3591)
• Additional commits viewable in compare view

Updates drizzle-orm from 0.45.0 to 0.45.1

Release notes

Sourced from drizzle-orm's releases.

0.45.1

• Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

Commits

• a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
• See full diff in compare view

Updates framer-motion from 12.23.25 to 12.23.26

Changelog

Sourced from framer-motion's changelog.

[12.23.26] 2025-12-10

Fixed

• Moved initialisation of default scale correctors to allow for overwriting existing correctors.

Commits

• 611c7e8 v12.23.26
• e29cb76 Updating changelog
• 356141c Moving default scale corrector initialisation
• 42eefee Updating notify slack
• See full diff in compare view

Updates lucide-react from 0.556.0 to 0.561.0

Release notes

Sourced from lucide-react's releases.

Version 0.561.0

What's Changed

• fix(site): Small adjustments color picker and add clear button search bar by @​ericfennis in lucide-icons/lucide#3851
• feat(icons): added stone icon by @​Alportan in lucide-icons/lucide#3850

Full Changelog: lucide-icons/lucide@0.560.0...0.561.0

Version 0.560.0

What's Changed

• feat(icons): added cannabis-off icon by @​NickVeles in lucide-icons/lucide#3748

New Contributors

• @​NickVeles made their first contribution in lucide-icons/lucide#3748

Full Changelog: lucide-icons/lucide@0.559.0...0.560.0

Version 0.559.0

What's Changed

• feat(icons): added fishing-hook icon by @​7ender in lucide-icons/lucide#3837

New Contributors

• @​7ender made their first contribution in lucide-icons/lucide#3837

Full Changelog: lucide-icons/lucide@0.558.0...0.559.0

Version 0.558.0

What's Changed

• feat(icons): added hd icon by @​jamiemlaw in lucide-icons/lucide#2958

Full Changelog: lucide-icons/lucide@0.557.0...0.558.0

Version 0.557.0

What's Changed

• fix(github/workflows/ci): fixes linting issues by @​karsa-mistmere in lucide-icons/lucide#3858
• fix(icons): changed memory-stick icon by @​karsa-mistmere in lucide-icons/lucide#3017
• fix(icons): changed microchip icon by @​karsa-mistmere in lucide-icons/lucide#3018
• chore(repo): Update Node version and overal cleanup by @​ericfennis in lucide-icons/lucide#3861
• fix(icons): changed paint-bucket icon by @​jguddas in lucide-icons/lucide#3865
• fix(icons): changed brush-cleaning icon by @​jguddas in lucide-icons/lucide#3863
• fix(icons): Swap thumbs-up thumbs-down paths to fix fill issue by @​theianjones in lucide-icons/lucide#3873
• fix(icons): changed tickets icon by @​karsa-mistmere in lucide-icons/lucide#3859
• feat(icons): added layers-plus icon by @​juanisidoro in lucide-icons/lucide#3367
• docs(dev): Fix code sample for vanilla JS by @​wavebeem in lucide-icons/lucide#3836
• feat(icons): add search-error icon by @​Veatec22 in lucide-icons/lucide#3292
• feat(icons): Add cloud-sync and cloud-backup by @​ericfennis in lucide-icons/lucide#3466
• feat(icons): added circle-pile icon by @​nathan-de-pachtere in lucide-icons/lucide#3681
• feat(icons): added balloon icon by @​peteruithoven in lucide-icons/lucide#2519

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lucide-react since your current version.

Updates next from 16.0.7 to 16.0.10

Release notes

Sourced from next's releases.

v16.0.10

Please see the Next.js Security Update for information about this security patch.

v16.0.8

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Update react version in cna templates (#86950)

Credits

Huge thanks to @​huozhi for helping!

Commits

• 581dee6 v16.0.10
• 9a0dc9c Backport facebook/react#35351 for 16.0.9 (#87085)
• 3f6a39f v16.0.9
• 75e136a Update React Versions (#40)
• 4e20596 Update React Version (#22)
• fa85848 Backport Next.js changes to v16.0.9 (#20)
• 817ee56 v16.0.8
• b298173 Update react version in cna templates (#86950)
• See full diff in compare view

Updates react from 19.2.1 to 19.2.3

Release notes

Sourced from react's releases.

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

Commits

• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• See full diff in compare view

Updates react-dom from 19.2.1 to 19.2.3

Release notes

Sourced from react-dom's releases.

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

Commits

• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• See full diff in compare view

Updates react-email from 5.0.5 to 5.0.8

Release notes

Sourced from react-email's releases.

react-email@5.0.8

No release notes provided.

react-email@5.0.7

No release notes provided.

react-email@5.0.6

No release notes provided.

Changelog

Sourced from react-email's changelog.

5.0.8

5.0.7

5.0.6

Commits

• dec085f chore(root): version packages (#2730)
• c5c86d8 fix(deps): update dependency next to v16.0.9 [security] (#2727)
• 1fc99f9 chore(root): version packages (#2723)
• 8f0ae22 chore(root): version packages (#2719)
• 1f43505 fix(deps): update dependency next to v16.0.7 [security] (#2716)
• 53c0a90 fix(all): shell option usage on child_process.spawn calls (#2708)
• 1d14411 fix(preview-server): multiple lockfile warnings (#2703)
• See full diff in compare view

Updates resend from 6.5.2 to 6.6.0

Release notes

Sourced from resend's releases.

v6.6.0

What's Changed

• feat: add open_tracking, click_tracking, and tls fields to domain create by @​vieiralucas in resend/resend-node#761
• fix: missing error code names by @​JacobLuckForLoop in resend/resend-node#766
• feat: automatically update docs on SDK changes by @​lucasfcosta in resend/resend-node#767
• chore: bump to 6.6.0 for release by @​lucasfcosta in resend/resend-node#768

New Contributors

• @​JacobLuckForLoop made their first contribution in resend/resend-node#766

Full Changelog: resend/resend-node@v6.5.2...v6.6.0

Commits

• f8e5a6d chore: bump to 6.6.0 for release (#768)
• b5f0cec feat: automatically update docs on SDK changes (#767)
• 81eedde fix: missing error code names (#766)
• 5631a68 feat: add open_tracking, click_tracking, and tls fields to domain create (#761)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: bun, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.