Bump the npm-minor-and-patch group across 1 directory with 5 updates

[dependabot]

Bumps the npm-minor-and-patch group with 5 updates in the / directory:

Package	From	To
@supabase/ssr	0.7.0	0.10.3
@supabase/supabase-js	2.106.2	2.107.0
react	19.1.0	19.2.7
@types/react	19.2.15	19.2.16
react-dom	19.1.0	19.2.7

Updates @supabase/ssr from 0.7.0 to 0.10.3

Release notes

Sourced from @​supabase/ssr's releases.

v0.10.3

0.10.3 (2026-05-07)

Bug Fixes

• allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
• enable tree-shaking for browser bundles (#216) (f009d71)
• tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
• validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

v0.10.3-rc.101

What's Changed

• fix: allow cookies encode without getAll/setAll on browser client by @​mandarini in supabase/ssr#213

Full Changelog: supabase/ssr@v0.10.3-rc.100...v0.10.3-rc.101

v0.10.3-rc.100

What's Changed

• chore: update @​supabase/supabase-js to v2.105.3 by @​supabase-libs-pr-manager[bot] in supabase/ssr#215
• fix: enable tree-shaking for browser bundles by @​mandarini in supabase/ssr#216

Full Changelog: supabase/ssr@v0.10.3-rc.98...v0.10.3-rc.100

v0.10.3-rc.98

What's Changed

• chore: update @​supabase/supabase-js to v2.105.2 by @​supabase-libs-pr-manager[bot] in supabase/ssr#214
• fix: validate base64-prefixed chunked cookies decode to valid JSON by @​mandarini in supabase/ssr#210

Full Changelog: supabase/ssr@v0.10.3-rc.96...v0.10.3-rc.98

v0.10.3-rc.96

What's Changed

• chore: update @​supabase/supabase-js to v2.103.0 by @​supabase-libs-pr-manager[bot] in supabase/ssr#199
• chore: update @​supabase/supabase-js to v2.103.2 by @​supabase-libs-pr-manager[bot] in supabase/ssr#201
• chore: update @​supabase/supabase-js to v2.104.0 by @​supabase-libs-pr-manager[bot] in supabase/ssr#203
• chore: update @​supabase/supabase-js to v2.104.1 by @​supabase-libs-pr-manager[bot] in supabase/ssr#204
• chore: update @​supabase/supabase-js to v2.105.0 by @​supabase-libs-pr-manager[bot] in supabase/ssr#206
• chore: update @​supabase/supabase-js to v2.105.1 by @​supabase-libs-pr-manager[bot] in supabase/ssr#208
• fix(tsconfig): set explicit rootDir to silence TS6059 in consumer IDEs by @​mandarini in supabase/ssr#211

Full Changelog: supabase/ssr@v0.10.2...v0.10.3-rc.96

v0.10.2

0.10.2 (2026-04-09)

... (truncated)

Changelog

Sourced from @​supabase/ssr's changelog.

0.10.3 (2026-05-07)

Bug Fixes

• allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
• enable tree-shaking for browser bundles (#216) (f009d71)
• tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
• validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

0.10.2 (2026-04-09)

Bug Fixes

• ci: remove packageManager field (#197) (6bf0226)

0.10.1 (2026-04-08)

Bug Fixes

• auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)

0.10.0 (2026-03-30)

Features

• pass cache headers to setAll to prevent CDN caching of auth responses (#176) (14962d2)

0.9.0 (2026-03-02)

Features

• release workflow RC versioning and publish reliability (#164) (81e68f4)

0.8.1 (2026-03-02)

Bug Fixes

• update README session docs (#159) (b859905)
• use skipAutoInitialize to prevent SSR token refresh race condition (#131) (0b7be28)

0.8.0 (2025-11-26)

Features

... (truncated)

Commits

• 9630b33 chore(main): release 0.10.3 (#212)
• 89f3f28 fix: allow cookies encode without getAll/setAll on browser client (#213)
• f009d71 fix: enable tree-shaking for browser bundles (#216)
• 4fef7d9 chore: update @​supabase/supabase-js to v2.105.3 (#215)
• 302cc0e fix: validate base64-prefixed chunked cookies decode to valid JSON (#210)
• 8449015 chore: update @​supabase/supabase-js to v2.105.2 (#214)
• a77ee8a fix(tsconfig): set explicit rootDir to silence TS6059 in consumer IDEs (#211)
• 65453df chore: update @​supabase/supabase-js to v2.105.1 (#208)
• 2ec3349 chore: update @​supabase/supabase-js to v2.105.0 (#206)
• 0ca0031 chore: update @​supabase/supabase-js to v2.104.1 (#204)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​supabase/ssr since your current version.

Updates @supabase/supabase-js from 2.106.2 to 2.107.0

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.107.0

2.107.0 (2026-06-02)

🚀 Features

• auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
• realtime: allow httpSend to send binary payload (#2400)
• supabase: update X-Client-Info to structured metadata format (#2359)

🩹 Fixes

• auth: return AuthInvalidJwtError from getClaims for expired JWT (#2395)
• auth: recognize ?error= redirects in implicit grant gate (#2407)
• auth): revert fix(auth: encode client-id in oauth requests (#2383, #2417)
• postgrest: return a structured error for non-JSON body on successful responses (#2398)
• release: pin workspace:* sibling deps before JSR publish (#2418)
• release: publish gotrue-js legacy mirror via pnpm (#2419)

❤️ Thank You

• Claude Opus 4.7 (1M context)
• Claude Sonnet 4.6
• Eduardo Gurgel
• Guilherme Souza
• Katerina Skroumpelou @​mandarini
• Omar Al Matar @​Bewinxed
• youcef zr @​youcefzemmar
• youcefzemmar

v2.107.0-canary.6

2.107.0-canary.6 (2026-06-02)

This was a version bump only, there were no code changes.

v2.107.0-canary.5

2.107.0-canary.5 (2026-06-02)

🩹 Fixes

• release: publish gotrue-js legacy mirror via pnpm (#2419)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.107.0-canary.4

2.107.0-canary.4 (2026-06-02)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.107.0 (2026-06-02)

🚀 Features

• auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
• supabase: update X-Client-Info to structured metadata format (#2359)
• realtime: allow httpSend to send binary payload (#2400)

❤️ Thank You

• Claude Sonnet 4.6
• Eduardo Gurgel
• Guilherme Souza
• Katerina Skroumpelou @​mandarini
• Omar Al Matar @​Bewinxed

Commits

• 54ec2b6 feat(auth): remove navigator.locks-based mutex; introduce commit guard + disp...
• 3397c92 feat(supabase): update X-Client-Info to structured metadata format (#2359)
• 335207f feat(realtime): allow httpSend to send binary payload (#2400)
• 42f12dd docs(repo): ship per-package AGENTS.md and migrations via npm (#2397)
• b200b74 chore(release): version 2.106.2 changelogs (#2396)
• See full diff in compare view

Updates react from 19.1.0 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

... (truncated)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

... (truncated)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• 90ab3f8 Version 19.2.4
• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• 053df4e Version 19.2.1
• 5667a41 Bump next prerelease version numbers (#34639)
• 8bb7241 Bump useEffectEvent to Canary (#34610)
• e3c9656 Ensure Performance Track are Clamped and Don't overlap (#34509)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.2.15 to 19.2.16

Commits

• See full diff in compare view

Updates react-dom from 19.1.0 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

... (truncated)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• 90ab3f8 Version 19.2.4
• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• 053df4e Version 19.2.1
• 8618113 Bump scheduler version (#34671)
• 1bd1f01 Ship partial-prerendering APIs to Canary (#34633)
• 2f0649a [Fizz] Remove nonce option from resume-and-prerender APIs (#34664)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates @types/react from 19.2.15 to 19.2.16

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
opensprout	Error		Jun 5, 2026 9:30pm