Bump the dependencies group across 1 directory with 22 updates

[dependabot]

Bumps the dependencies group with 22 updates in the / directory:

Package	From	To
@aws-sdk/client-s3	3.946.0	3.958.0
@react-email/components	1.0.1	1.0.2
@react-email/tailwind	2.0.1	2.0.2
@sentry/nextjs	10.29.0	10.32.1
@trpc/client	11.7.2	11.8.1
@trpc/next	11.7.2	11.8.1
@trpc/react-query	11.7.2	11.8.1
@trpc/server	11.7.2	11.8.1
@types/pg	8.15.6	8.16.0
better-auth	1.4.5	1.4.9
bullmq	5.65.1	5.66.3
drizzle-orm	0.45.0	0.45.1
framer-motion	12.23.25	12.23.26
lucide-react	0.556.0	0.562.0
next	16.0.7	16.1.1
react	19.2.1	19.2.3
react-day-picker	9.12.0	9.13.0
react-dom	19.2.1	19.2.3
react-email	5.0.5	5.1.0
react-hook-form	7.68.0	7.69.0
resend	6.5.2	6.6.0
zod	4.1.13	4.2.1

Updates @aws-sdk/client-s3 from 3.946.0 to 3.958.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.958.0

3.958.0(2025-12-23)

Chores

• client-elastic-transcoder: remove elastic transcoder due to service shutdown (#7602) (4381b2dc)
• build: generate clients without formatting prettier/eslint (#7599) (da9c913a)
• codegen: bump codegen version to 0.40.0 (#7601) (4dc2bcb7)

New Features

• clients: update client endpoints as of 2025-12-23 (f5aa61b9)
• client-s3: Add additional validation to Outpost bucket names. (2f30457f)
• client-geo-places: Adds support for InferredSecondaryAddress place type, Designator in SecondaryAddressComponent and Heading in ReverseGeocode. (1c6374da)
• client-pinpoint-sms-voice-v2: This release adds support for the Registration Reviewer feature, which provides generative AI feedback on a phone number or sender ID registration to ensure completeness before sending to downstream (carrier) review. (ac0c236b)

Tests

• client-sqs: increase timeout from 5s to 60s (#7603) (c140520a)

---

For list of updated packages, view updated-packages.md in assets-3.958.0.zip

v3.957.0

3.957.0(2025-12-22)

Chores

• move crc64NvmeCrtContainer to '@​aws-sdk/crc64-nvme' (#7600) (69196b71)
• move e2e tests from cucumber to vitest (#7539) (561b8900)
• build: replace lerna partial-tree build with turbo (#7597) (04bdba3e)

Documentation Changes

• client-pcs: Change API Reference Documentation for default Mode in Accounting and SlurmRest (966f60ac)

New Features

• client-config-service: Added supported resourceTypes for Config from July to November 2025 (2c7dab27)
• client-ec2: Adds support for linkedGroupId on the CreatePlacementGroup and DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use. (a492f734)
• client-guardduty: Make accountIds a required field in GetRemainingFreeTrialDays API to reflect service behavior. (53e59c65)
• middleware-flexible-checksums: use CRC64NVME JS implementation if CRT is not available (#7595) (4c6ad409)

Bug Fixes

• middleware-flexible-checksums: advise user on InvalidChunkSizeError (#7598) (6fa3b4cc)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.958.0 (2025-12-23)

Features

• client-s3: Add additional validation to Outpost bucket names. (2f30457)

3.957.0 (2025-12-22)

Note: Version bump only for package @​aws-sdk/client-s3

3.956.0 (2025-12-19)

Note: Version bump only for package @​aws-sdk/client-s3

3.955.0 (2025-12-18)

Note: Version bump only for package @​aws-sdk/client-s3

3.954.0 (2025-12-17)

Note: Version bump only for package @​aws-sdk/client-s3

3.953.0 (2025-12-16)

Features

• clients: allow protocol selection by class constructor (#7568) (5c5fd2e)

... (truncated)

Commits

• 57ab7df Publish v3.958.0
• 2f30457 feat(client-s3): Add additional validation to Outpost bucket names.
• da9c913 chore(build): generate clients without formatting prettier/eslint (#7599)
• bd65e3e Publish v3.957.0
• 04bdba3 chore(build): replace lerna partial-tree build with turbo (#7597)
• 7804018 Publish v3.956.0
• a3f0202 chore(codegen): differentiate union and struct schema (#7594)
• 2c73829 chore(codegen): update for $unknown union member handling (#7591)
• 8e9ad47 chore(codegen): upgrade smithy to 1.65.0 (#7588)
• 821ba3b Publish v3.955.0
• Additional commits viewable in compare view

Updates @react-email/components from 1.0.1 to 1.0.2

Release notes

Sourced from @​react-email/components's releases.

@​react-email/components@​1.0.2

Patch Changes

• Updated dependencies [0e57e2a]
  • @​react-email/tailwind@​2.0.2

Changelog

Sourced from @​react-email/components's changelog.

1.0.2

Patch Changes

• Updated dependencies [0e57e2a]
  • @​react-email/tailwind@​2.0.2

Commits

• 42a72f1 chore(root): version packages (#2741)
• ca5f650 fix: use devEngines for node >=22 instead of engines (#2694)
• See full diff in compare view

Updates @react-email/tailwind from 2.0.1 to 2.0.2

Release notes

Sourced from @​react-email/tailwind's releases.

@​react-email/tailwind@​2.0.2

Patch Changes

• 0e57e2a: update tailwindcss, fixing camelCased colors not working

Changelog

Sourced from @​react-email/tailwind's changelog.

2.0.2

Patch Changes

• 0e57e2a: update tailwindcss, fixing camelCased colors not working

Commits

• 42a72f1 chore(root): version packages (#2741)
• 0e57e2a fix(tailwind): camel cased colors not working (#2738)
• 8e6ae06 chore(tailwind): add test for #2388
• 3b4a570 chore(deps): update dependency vite to v6.4.1 [security] (#2584)
• ca5f650 fix: use devEngines for node >=22 instead of engines (#2694)
• See full diff in compare view

Updates @sentry/nextjs from 10.29.0 to 10.32.1

Release notes

Sourced from @​sentry/nextjs's releases.

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

Bundle size 📦

Path	Size
@​sentry/browser	24.24 KB
@​sentry/browser - with treeshaking flags	22.77 KB
@​sentry/browser (incl. Tracing)	40.62 KB
@​sentry/browser (incl. Tracing, Profiling)	45.12 KB
@​sentry/browser (incl. Tracing, Replay)	78.3 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	68.28 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	82.88 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	94.83 KB
@​sentry/browser (incl. Feedback)	40.57 KB
@​sentry/browser (incl. sendFeedback)	28.82 KB
@​sentry/browser (incl. FeedbackAsync)	33.7 KB
@​sentry/react	25.92 KB
@​sentry/react (incl. Tracing)	42.77 KB
@​sentry/vue	28.6 KB
@​sentry/vue (incl. Tracing)	42.39 KB
@​sentry/svelte	24.25 KB
CDN Bundle	26.62 KB
CDN Bundle (incl. Tracing)	41.25 KB
CDN Bundle (incl. Tracing, Replay)	77.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	82.44 KB
CDN Bundle - uncompressed	78.18 KB
CDN Bundle (incl. Tracing) - uncompressed	122.47 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	236.27 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	248.74 KB
@​sentry/nextjs (client)	44.94 KB
@​sentry/sveltekit (client)	40.98 KB
@​sentry/node-core	50.4 KB
@​sentry/node	157.73 KB
@​sentry/node - without tracing	90.87 KB
@​sentry/aws-serverless	106.02 KB

10.32.0

Important Changes

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

10.32.0

Important Changes

• feat(core): Apply scope attributes to logs (#18184)

  You can now set attributes on the SDK's scopes which will be applied to all logs as long as the respective scopes are active. For the time being, only string, number and boolean attribute values are supported.

  Sentry.geGlobalScope().setAttributes({ is_admin: true, auth_provider: 'google' });
  Sentry.withScope(scope => {
  scope.setAttribute('step', 'authentication');
  // scope attributes is_admin, auth_provider and step are added
  Sentry.logger.info(user ${user.id} logged in, { activeSince: 100 });
  Sentry.logger.info(updated ${user.id} last activity);
  });
  // scope attributes is_admin and auth_provider are added
  Sentry.logger.warn('stale website version, reloading page');

• feat(replay): Add Request body with attachRawBodyFromRequest option (#18501)

  To attach the raw request body (from Request objects passed as the first fetch argument) to replay events, you can now use the attachRawBodyFromRequest option in the Replay integration:

  Sentry.init({
    integrations: [
      Sentry.replayIntegration({
        attachRawBodyFromRequest: true,
      }),
    ],
  });

... (truncated)

Commits

• 528ade2 release: 10.32.1
• 25f695d Merge pull request #18578 from getsentry/prepare-release/10.32.1
• a981a3d meta(changelog): Update changelog for 10.32.1
• 0d8547c fix(vercelai): Fix input token count (#18574)
• 71384a2 chore(lint): prefer 'unknown' to 'any', fix lint warnings
• d1dd308 chore(test): Remove cloudflare-astro e2e test (#18567)
• 12f3007 fix(ember): Make implementation field optional (hash routes) (#18564)
• 3fda84d fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• a538901 Merge pull request #18563 from getsentry/master
• 063c4dc Merge pull request #18562 from getsentry/ab/skip-ci-when-no-code-changes
• Additional commits viewable in compare view

Updates @trpc/client from 11.7.2 to 11.8.1

Release notes

Sourced from @​trpc/client's releases.

v11.8.1

What's Changed

• fix(server): pass maxDurationMs timeout signal to subscription handlers by @​tt-a1i in trpc/trpc#7037
• fix(tanstack-react-query): useSubscription prop tracking by @​Julusian in trpc/trpc#7036
• fix(server): fastify form-data type by @​wszgrcy in trpc/trpc#6974

New Contributors

• @​bsdahl made their first contribution in trpc/trpc#6995
• @​tt-a1i made their first contribution in trpc/trpc#7037
• @​Julusian made their first contribution in trpc/trpc#7036
• @​wszgrcy made their first contribution in trpc/trpc#6974

Full Changelog: trpc/trpc@v11.8.0...v11.8.1

v11.8.0

What's Changed

• feat(server): support streaming in API Gateway REST API by @​anatolzak in trpc/trpc#7039
• fixes GHSA-43p4-m455-4f4j

Commits

• 0d08831 v11.8.1
• a247ce2 v11.8.0
• See full diff in compare view

Updates @trpc/next from 11.7.2 to 11.8.1

Release notes

Sourced from @​trpc/next's releases.

v11.8.1

What's Changed

• fix(server): pass maxDurationMs timeout signal to subscription handlers by @​tt-a1i in trpc/trpc#7037
• fix(tanstack-react-query): useSubscription prop tracking by @​Julusian in trpc/trpc#7036
• fix(server): fastify form-data type by @​wszgrcy in trpc/trpc#6974

New Contributors

• @​bsdahl made their first contribution in trpc/trpc#6995
• @​tt-a1i made their first contribution in trpc/trpc#7037
• @​Julusian made their first contribution in trpc/trpc#7036
• @​wszgrcy made their first contribution in trpc/trpc#6974

Full Changelog: trpc/trpc@v11.8.0...v11.8.1

v11.8.0

What's Changed

• feat(server): support streaming in API Gateway REST API by @​anatolzak in trpc/trpc#7039
• fixes GHSA-43p4-m455-4f4j

Commits

• 0d08831 v11.8.1
• 6820949 chore: bump next (#7045)
• a247ce2 v11.8.0
• See full diff in compare view

Updates @trpc/react-query from 11.7.2 to 11.8.1

Release notes

Sourced from @​trpc/react-query's releases.

v11.8.1

What's Changed

• fix(server): pass maxDurationMs timeout signal to subscription handlers by @​tt-a1i in trpc/trpc#7037
• fix(tanstack-react-query): useSubscription prop tracking by @​Julusian in trpc/trpc#7036
• fix(server): fastify form-data type by @​wszgrcy in trpc/trpc#6974

New Contributors

• @​bsdahl made their first contribution in trpc/trpc#6995
• @​tt-a1i made their first contribution in trpc/trpc#7037
• @​Julusian made their first contribution in trpc/trpc#7036
• @​wszgrcy made their first contribution in trpc/trpc#6974

Full Changelog: trpc/trpc@v11.8.0...v11.8.1

v11.8.0

What's Changed

• feat(server): support streaming in API Gateway REST API by @​anatolzak in trpc/trpc#7039
• fixes GHSA-43p4-m455-4f4j

Commits

• See full diff in compare view

Updates @trpc/server from 11.7.2 to 11.8.1

Release notes

Sourced from @​trpc/server's releases.

v11.8.1

What's Changed

• fix(server): pass maxDurationMs timeout signal to subscription handlers by @​tt-a1i in trpc/trpc#7037
• fix(tanstack-react-query): useSubscription prop tracking by @​Julusian in trpc/trpc#7036
• fix(server): fastify form-data type by @​wszgrcy in trpc/trpc#6974

New Contributors

• @​bsdahl made their first contribution in trpc/trpc#6995
• @​tt-a1i made their first contribution in trpc/trpc#7037
• @​Julusian made their first contribution in trpc/trpc#7036
• @​wszgrcy made their first contribution in trpc/trpc#6974

Full Changelog: trpc/trpc@v11.8.0...v11.8.1

v11.8.0

What's Changed

• feat(server): support streaming in API Gateway REST API by @​anatolzak in trpc/trpc#7039
• fixes GHSA-43p4-m455-4f4j

Commits

• 0d08831 v11.8.1
• b802056 fix(server): fastify form-data type (#6974)
• 1c9a6ec chore(deps): update dependency @​oxc-project/runtime to v0.104.0 (#7051)
• 172b6aa fix(server): pass maxDurationMs timeout signal to subscription handlers (#7037)
• 6820949 chore: bump next (#7045)
• d7adb37 chore(server): some internal refactors (#7044)
• a247ce2 v11.8.0
• 78629d5 Fix bug (#7043)
• 9a17cef feat(server): support streaming in API Gateway REST API (#7039)
• fa8d806 chore(deps): update dependency valibot to v1.2.0 [security] (#7026)
• See full diff in compare view

Updates @types/pg from 8.15.6 to 8.16.0

Commits

• See full diff in compare view

Updates better-auth from 1.4.5 to 1.4.9

Release notes

Sourced from better-auth's releases.

v1.4.9

   🚀 Features

• Add ctx.isTrustedDomain helper  -  by @​jonathansamines in better-auth/better-auth#6462 (d09c5)
• Drizzle pg supports JSON  -  by @​dvanmali in better-auth/better-auth#6518 (7d5f1)
• Add Refresh Token Support to Kick OAuth Provider  -  by @​CesarRodrigu in better-auth/better-auth#6263 (b1102)
• Add additionalFields option in verification table schema  -  by @​noctarius in better-auth/better-auth#6747 (eab5b)
• Add patreon social provider  -  by @​Spuffynism, benkingcode and Kinfe123 in better-auth/better-auth#6245 (07cdd)
• Add a global backgroundTasks config option to defer actions like sending email and updates to run after response is sent  -  by @​nexxeln and @​Bekacru in better-auth/better-auth#6713 (d544b)
• admin:
  • Prevent impersonating admins by default [breaking]  -  by @​jslno and @​Bekacru in better-auth/better-auth#6454 (5fb83)
  • Add support role with permissions for user updates and enforce role change validation  -  by @​Bekacru and Copilot in better-auth/better-auth#6699 (a0a16)
• expo:
  • Last-login-method client plugin  -  by @​jslno and @​himself65 in better-auth/better-auth#6413 (381f2)
• multi-session:
  • Allow to infer additional fields  -  by @​jslno in better-auth/better-auth#6585 (13786)
  • Allow to infer additional fields "  -  by @​Bekacru in better-auth/better-auth#6585 (e26fc)
• oauth-provider:
  • An oauth 2.1 compliant plugin  -  by @​dvanmali in better-auth/better-auth#4163 (686fb)
• oauth-proxy:
  • Add expirty timestamp for encrypted tokens  -  by @​Bekacru and Copilot in better-auth/better-auth#6538 (9f6b8)
• one-time-token:
  • Support setting session cookie on ott verify  -  by @​Bekacru in better-auth/better-auth#3659 (08e05)
• organization:
  • Allow invited users to see organization name  -  by @​GautamBytes and Copilot in better-auth/better-auth#6602 (a2476)
• phone-number:
  • Add password length validation for reset functionality  -  by @​Bekacru in better-auth/better-auth#6674 (4cdf8)
• saml:
  • Assertion timestamp validation with per-provider clock skew  -  by @​Paola3stefania in better-auth/better-auth#6706 (90c59)
  • Validate SAML crypto algorithms during initial phase  -  by @​Paola3stefania in better-auth/better-auth#6785 (b56d7)
  • Enforce one-time use of SAML assertions  -  by @​Paola3stefania in better-auth/better-auth#6719 (2053f)
  • Reject deprecated SAML signature and digest algorithms  -  by @​Paola3stefania in better-auth/better-auth#6784 (1f171)
  • Reject deprecated SAML signature and digest algorithms  -  by @​Paola3stefania in better-auth/better-auth#6784 (5bab6)
• sso:
  • Use domain verified flag to trust providers automatically  -  by @​Paola3stefania (6f283)
  • Add InResponseTo validation  -  by @​Paola3stefania in better-auth/better-auth#6557 (50ffe)
  • Add OIDC discovery  -  by @​Paola3stefania and @​Bekacru in better-auth/better-auth#6395 (57400)
  • Add URL normalization and validation to all discovery URLs  -  by @​jonathansamines, Paola Estefanía de Campos, @​Paola3stefania and @​Bekacru in better-auth/better-auth#6503 (17ff1)

   🐞 Bug Fixes

• Add helper types to exports  -  by @​himself65 in better-auth/better-auth#6479 (9b556)
• Avoid throwing on client side  -  by @​landoncolburn and @​Bekacru in better-auth/better-auth#6361 (b4f45)
• Export organization plugin types  -  by @​pffigueiredo in better-auth/better-auth#6490 (8efd5)
• Pathname should be normalized when basePath is set to root  -  by @​Bekacru (9228c)
• Prematurely deleting active sessions in secondary storage  -  by @​DevDuki in better-auth/better-auth#3885 (45cf4)
• Make sure non-chunked session data cookie is cleared  -  by @​Bekacru (26b2b)
• Array field handling across adapters and schema generation  -  by @​ping-maxwell and @​Bekacru in better-auth/better-auth#6601 (9d3d1)
• StoreStateStrategy default to database if provided  -  by @​himself65 in better-auth/better-auth#6619 (880e7)
• Should always remove 2FA verification token after successful verification  -  by @​delfortrie in better-auth/better-auth#6604 (13efb)

... (truncated)

Commits

• 35fcd1a chore: release v1.4.9
• b96c38b Merge branch 'canary'
• 148b32e chore: release v1.4.8
• 5c2180e fix: correct wildcard pattern matching for trustedOrigins (#6904)
• ae90b48 fix: correct wildcard pattern matching for trustedOrigins (#6904)
• 70d49e7 fix: don't set state query param if state is not provided (#6822)
• cd77223 fix: don't set state query param if state is not provided (#6822)
• 60c77fa fix: use operator in list members where clause (#6850)
• da82085 fix: use operator in list members where clause (#6850)
• d808c31 fix(client): set session data on refreshManager (#6932)
• Additional commits viewable in compare view

Updates bullmq from 5.65.1 to 5.66.3

Release notes

Sourced from bullmq's releases.

v5.66.3

5.66.3 (2025-12-26)

Bug Fixes

• flow: remove deduplication option from flow producer (#3637) (f60c172)

v5.66.2

5.66.2 (2025-12-19)

Bug Fixes

• telemetry: send most updated attemptsMade value when finishing (#3623) (1380a16)

v5.66.1

5.66.1 (2025-12-17)

Bug Fixes

• deps: pin dependencies (#3609) (5fbf778)

v5.66.0

5.66.0 (2025-12-11)

Features

• job: allow resetting attemptsMade and attemptsStarted attributes on retry (#3596) ref #2152 (241d847)

Commits

• f60c172 fix(flow): remove deduplication option from flow producer (#3637)
• bb66cf4 chore(release): vpy2.18.3 (#3644)
• 706da0d fix(queue): convert boolean force parameter to string in obliterate method [p...
• 68c2709 chore(release): vpy2.18.2 (#3641)
• 7f602e1 fix(flow): resolve KeyError when child job fails with failParentOnFailure opt...
• 533b321 chore(deps): update devdependencies (non-major) (#3636)
• 3c7c167 docs: fix invalid TypeScript destructuring in QueueEvents examples (#3627)
• 481bf0e chore(deps): update actions/setup-node digest to 3235b87 (#3630)
• 5b6fbd2 chore(deps): update github/codeql-action digest to b8d3b6e (#3633)
• 41ca6bf chore(deps): update dependency @​types/msgpack to v0.0.34 (#3634)
• Additional commits viewable in compare view

Updates drizzle-orm from 0.45.0 to 0.45.1

Release notes

Sourced from drizzle-orm's releases.

0.45.1

• Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

Commits

• a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
• See full diff in compare view

Updates framer-motion from 12.23.25 to 12.23.26

Changelog

Sourced from framer-motion's changelog.

[12.23.26] 2025-12-10

Fixed

• Moved initialisation of default scale correctors to allow for overwriting existing correctors.

Commits

• 611c7e8 v12.23.26
• e29cb76 Updating changelog
• 356141c Moving default scale corrector initialisation
• 42eefee Updating notify slack
• See full diff in compare view

Updates lucide-react from 0.556.0 to 0.562.0

Release notes

Sourced from lucide-react's releases.

Version 0.562.0

What's Changed

• fix(icons): changed paint-bucket icon by @​jguddas in lucide-icons/lucide#3880
• fix(site): Fix and unify color-picker font-size by @​taimar in lucide-icons/lucide#3889
• fix(react-native-web): only add className prop to parent Icon component by @​jguddas in lucide-icons/lucide#3892
• fix(lucide-react-native): remove icons namespace export to enable tree-shaking by @​jtomaszewski in lucide-icons/lucide#3868
• feat(icons): added toolbox icon by @​karsa-mistmere in lucide-icons/lucide#3871

New Contributors

• @​taimar made their first contribution in lucide-icons/lucide#3889
• @​jtomaszewski made their first contribution in lucide-icons/lucide#3868

Full Changelog: lucide-icons/lucide@0.561.0...0.562.0

Version 0.561.0

What's Changed

• fix(site): Small adjustments color picker and add clear button search bar by @​ericfennis in lucide-icons/lucide#3851
• feat(icons): added stone icon by @​Alportan in lucide-icons/lucide#3850

Full Changelog: lucide-icons/lucide@0.560.0...0.561.0

Version 0.560.0

What's Changed

• feat(icons): added cannabis-off icon by @​NickVeles in lucide-icons/lucide#3748

New Contributors

• @​NickVeles made their first contribution in lucide-icons/lucide#3748

Full ChangelogDescription has been truncated

[dependabot]

Labels

The following labels could not be found: bun, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.