chore(deps): bump the production-dependencies group across 1 directory with 26 updates

[dependabot]

Bumps the production-dependencies group with 26 updates in the / directory:

Package	From	To
@aws-sdk/client-pricing	3.1053.0	3.1073.0
@hono/node-server	2.0.4	2.0.5
better-auth	1.6.11	1.6.20
hono	4.12.23	4.12.26
ioredis	5.11.0	5.11.1
pg	8.21.0	8.22.0
resend	6.12.4	6.14.0
uuid	14.0.0	14.0.1
@radix-ui/react-avatar	1.1.11	1.2.0
@radix-ui/react-dialog	1.1.15	1.1.17
@radix-ui/react-dropdown-menu	2.1.16	2.1.18
@radix-ui/react-label	2.1.8	2.1.10
@radix-ui/react-scroll-area	1.2.10	1.2.12
@radix-ui/react-select	2.2.6	2.3.1
@radix-ui/react-separator	1.1.8	1.1.10
@radix-ui/react-slot	1.2.4	1.3.0
@radix-ui/react-tabs	1.1.13	1.1.15
@radix-ui/react-toast	1.2.15	1.2.17
@radix-ui/react-tooltip	1.2.8	1.2.10
@tanstack/react-query	5.100.14	5.101.0
@tanstack/react-router	1.170.8	1.170.16
lucide-react	1.16.0	1.21.0
react	19.2.6	19.2.7
react-dom	19.2.6	19.2.7
vscode-languageserver-protocol	3.17.5	3.18.0
zustand	5.0.13	5.0.14

Updates @aws-sdk/client-pricing from 3.1053.0 to 3.1073.0

Release notes

Sourced from @​aws-sdk/client-pricing's releases.

v3.1073.0

3.1073.0(2026-06-19)

New Features

• client-glue: Adds the SearchAssets operation for discovering assets in the AWS Glue Data Catalog using full-text search and filters. Minor naming refinements across the Glossary Terms and Attachment APIs for consistency. (ef204650)
• client-connect: This is the release for point based scoring system and the evaluation form validation project (b19c162a)
• client-bedrock-agent: Add support for metadata-only retrieval on GetFlow, GetFlowVersion, and GetPrompt APIs. (c9d5fb33)
• client-appstream: Amazon WorkSpaces Agent Access now supports domain-joined fleets for enterprise identity integration, real-time agent observation with instant stop controls, and MCP tool forwarding for lower-latency, cost-effective desktop tool access. (d9c25f0b)
• client-opensearch: This release introduces data source attachment APIs, enabling users to attach and detach Amazon OpenSearch Service domains and Amazon OpenSearch Serverless collections to an OpenSearch application. (6cce3d69)

---

For list of updated packages, view updated-packages.md in assets-3.1073.0.zip

v3.1072.0

3.1072.0(2026-06-18)

Documentation Changes

• client-ec2: Documentation updates clarifying CancelCapacityReservation cancellable states (e3723ba7)

New Features

• client-compute-optimizer: This release surfaces two new metrics Volume IOPS Exceeded and Volume Throughput Exceeded into EBS volume rightsizing recommendations. (ded6618d)
• client-application-auto-scaling: Adds support for ECS high-resolution predefined scaling metrics (ECSServiceAverageCPUUtilizationHighResolution, ECSServiceAverageMemoryUtilizationHighResolution) enabling 20-second metric periods for faster scaling (95b3513a)
• client-cognito-identity-provider: In order to support the new TLS Self-Service feature, this change adds SecurityPolicyType to CustomDomainConfigType. During CreateUserPoolDomain and UpdateUserPoolDomain this is used to select a custom domain's TLS enforcement, and for DescribeUserPoolDomain it informs users about the current TLS. (e8937787)
• client-sagemaker: Adds support for automatic AMI patching on HyperPod clusters. Customers can configure patching strategies to automatically apply security patch with zero job termination. Customers can also specify an AMI version at instance group level and update cluster software to a certain AMI version. (fd33a5e4)
• client-ecs: Amazon ECS services now support high resolution (20 second) CloudWatch metrics for CPUUtilization and MemoryUtilization. Use these metrics for faster service auto scaling. (93055ac9)
• client-healthlake: Adding New Configurations to the FHIR Create Datastore. The new configurations include NLP Configuration, AnalyticsConfiguration, ProfileConfiguration (494fa59f)
• client-gamelift: Amazon GameLift Servers has launched support for customizing Linux capabilities in container fleets. You can now specify additional Linux capabilities for containers in a container group definition, giving you finer control over the default Docker capabilities available to your containers. (93cefd90)
• client-eks: Adds support for configurable control plane egress routing in Amazon EKS, allowing you to route control plane egress traffic through your VPC and control how the control plane reaches resources in your network such as webhook servers and OIDC providers. (693db629)
• client-lambda: Converging and fixing existing documentation gaps in Lambda SDK (6555a565)
• client-synthetics: CloudWatch Synthetics adds support for multi-location canaries. Customers can now monitor their endpoints from multiple locations with centralized management from a primary location. The SDK includes new parameters for configuring multiple locations and tracking their state. (f2c8b480)
• client-cloudwatch-logs: Added optional startFromHead parameter to FilterLogEvents enabling descending timestamp order (newest first) when set to false. Default true preserves existing ascending order. Reverse sorting requires a startTime on or after Jan 1, 2024. (1be63ed9)
• client-batch: Adds Support for ordered allocation strategies- BEST-FIT-PROGRESSIVE-ORDERED or SPOT-CAPACITY-OPTIMIZED-PRIORITIZED (0e57e53b)

---

For list of updated packages, view updated-packages.md in assets-3.1072.0.zip

v3.1071.0

3.1071.0(2026-06-17)

New Features

• client-partnercentral-selling: Cosell Resonate AND Prospecing API Launch with ARN correction (7e8c98ab)
• client-compute-optimizer-automation: This launch adds IfExists comparison operators to Compute Optimizer Automation rule criteria, so a rule can include recommended actions whose specified attribute isn't present. (ab2c616d)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-pricing's changelog.

3.1073.0 (2026-06-19)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1072.0 (2026-06-18)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1071.0 (2026-06-17)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1070.0 (2026-06-16)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1069.0 (2026-06-15)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1068.0 (2026-06-12)

Note: Version bump only for package @​aws-sdk/client-pricing

3.1067.0 (2026-06-11)

... (truncated)

Commits

• ee71adc Publish v3.1073.0
• 501cd33 Publish v3.1072.0
• 3ce820a Publish v3.1071.0
• 4f2cfe1 Publish v3.1070.0
• 7058d13 Publish v3.1069.0
• 67981c5 chore(scripts): tuning the build graph (#8095)
• 0632f6d Publish v3.1068.0
• 0a3246f Publish v3.1067.0
• 4b11912 Publish v3.1066.0
• 62daf07 Publish v3.1065.0
• Additional commits viewable in compare view

Updates @hono/node-server from 2.0.4 to 2.0.5

Release notes

Sourced from @​hono/node-server's releases.

v2.0.5

Security Fix

Fixed a security issue in Serve Static Middleware where prefix-mounted middleware could be bypassed on Windows. This only affects applications running on Windows that use Serve Static Middleware. Affected users are encouraged to upgrade to this version.

See GHSA-frvp-7c67-39w9 for details.

Commits

• 9d56900 2.0.5
• cd076e1 Merge commit from fork
• See full diff in compare view

Updates better-auth from 1.6.11 to 1.6.20

Release notes

Sourced from better-auth's releases.

v1.6.20

better-auth

Bug Fixes

• Fixed account-linking logs to route through the configured logger (#10121)
• Fixed TypeScript inference errors by declaring inherited APIError properties (#8734)
• Fixed refresh cookie Max-Age to be capped at expiresIn (#9621)

For detailed changes, see CHANGELOG

@better-auth/i18n

Bug Fixes

• Fixed English language fallback behavior and improved i18n documentation (#9872)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​adityachaudhary99, @​dipan-ck, @​sleepe229, @​WilsonnnTan

Full changelog: v1.6.19...v1.6.20

v1.6.19

better-auth

Features

• Added support for pre-binding device codes to a specific user in the device authorization plugin (#9995)

Bug Fixes

• Fixed headerless session checks (#10053)
• Fixed cookie cache fallback lookup (#9348)
• Fixed sendVerificationEmail errors not being surfaced to the client (#8863)
• Fixed auth client return types not being emitted correctly in TypeScript declaration builds (#10071)
• Fixed session and account cache cookies being silently dropped when near the browser's per-cookie size limit by splitting them into chunks (#10088)
• Fixed single-use verification flows (such as magic-link) hanging on connection-limited database adapters by reusing active transactions (#10070)
• Fixed the domain not being included when clearing cross-subdomain cookies in the last-login-method plugin (#9319)
• Fixed the oauth-popup plugin leaking internal OAuth state keys into additionalData (#10067)
• Reverted the headerless session check fix (#10074)

For detailed changes, see CHANGELOG

auth

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.20

Patch Changes

• #10121 21448b1 Thanks @​adityachaudhary99! - OAuth account-linking and create-user error logs now respect a custom logger configured in betterAuth(), instead of always being written to the default console logger.

• #9621 8ecf238 Thanks @​dipan-ck! - Session refresh no longer emits a cookie Max-Age above the browser's 400-day ceiling when using a database without fractional-second precision.

• #8734 930f534 Thanks @​sleepe229! - declare inherited APIError properties to fix TypeScript inference errors

• Updated dependencies []:

  • @​better-auth/core@​1.6.20
  • @​better-auth/drizzle-adapter@​1.6.20
  • @​better-auth/kysely-adapter@​1.6.20
  • @​better-auth/memory-adapter@​1.6.20
  • @​better-auth/mongo-adapter@​1.6.20
  • @​better-auth/prisma-adapter@​1.6.20
  • @​better-auth/telemetry@​1.6.20

1.6.19

Patch Changes

• #10088 de4aa52 Thanks @​bytaesu! - Session and account cache cookies near the browser's per-cookie size limit (for example with a long cookiePrefix or many cached fields) are now split into chunks instead of being silently dropped by the browser. A cache too large to fit even when chunked is skipped with a warning rather than failing the request, so reads fall back to the database.

• #9995 b4b0266 Thanks @​ElGauchooooo! - The device authorization plugin now accepts an optional user_id when issuing a device code via /device/code, pre-binding the code to that user. Only the bound user can approve or deny the code, so a publicly visible user code can no longer be claimed by someone else.

• #10086 5bd5e1c Thanks @​gustavovalverde! - Refresh-token rotation and token revocation, two-factor backup-code regeneration, device-code claiming, and organization invitation acceptance now work on Prisma. Concurrent or repeat requests in these flows could previously return an error on Prisma instead of the expected result.

  On MongoDB servers older than 5.0, these flows and other guarded value updates (rate-limit window resets, API-key refills) no longer fail with an empty-update error.

  @better-auth/core: incrementOne now reports a clear error when called with no increment and no set.

• #9319 581f827 Thanks @​ping-maxwell! - fix(last-login-method): include domain when clearing cross-subdomain cookies

• #10067 8407885 Thanks @​bytaesu! - The oauth-popup plugin now ignores internal OAuth state fields passed through its additionalData parameter, so additionalData only ever carries your own custom values.

• #9555 c1a8a64 Thanks @​ChrisMGeo! - Fix invalid OpenAPI output for Better Auth callback, session, and passkey routes so client generators can consume the schema.

• #10071 635f190 Thanks @​gustavovalverde! - Auth clients exported from wrapper packages can now be emitted in TypeScript declaration builds without extra type annotations.

• #10070 a787e0b Thanks @​gustavovalverde! - Single-use verification flows no longer hang on database adapters that use a one-connection pool. This fixes magic-link verification and similar token checks in connection-limited serverless database setups.

• #9348 c2f718f Thanks @​ping-maxwell! - fix: cookie cache fallback lookup

• #8863 7d18175 Thanks @​ping-maxwell! - sendVerificationEmail was invoked via runInBackgroundOrAwait, which could defer work when advanced.backgroundTasks.handler is configured (so the handler could return 200 before the email callback finished) and, in the default path, caught and logged errors without rethrowing. User callbacks that throw APIError (e.g. 429 from a rate limiter) were therefore not reliably reflected in the HTTP response (better-auth/better-auth#8757).

  Now we await sendVerificationEmailFn so failures surface to the client with the correct status. The unauthenticated /send-verification-email path enforces a constant-time floor (500 ms) so that the response duration does not reveal whether the email belongs to a real unverified user.

• Updated dependencies [0895993, 5bd5e1c, a787e0b]:

... (truncated)

Commits

• c342f42 chore: release v1.6.20 (#10108)
• 21448b1 fix: route account-linking logs through the configured logger (#10121)
• 8ecf238 fix(session): cap refresh cookie Max-Age at expiresIn (#9621)
• ac4d81d chore: release v1.6.19 (#10034)
• 1e69725 docs: clarify stateless Cognito token refresh (#10092)
• de4aa52 fix(cookies): chunk session and account cookies near the browser size limit (...
• 5bd5e1c fix: make guarded state transitions portable on Prisma (#10086)
• 36f345b revert: fix: allow headerless get session checks (#10053) (#10074)
• 635f190 fix(client): name auth client return types (#10071)
• d009dae fix: allow headerless get session checks (#10053)
• Additional commits viewable in compare view

Updates hono from 4.12.23 to 4.12.26

Release notes

Sourced from hono's releases.

v4.12.26

What's Changed

• fix(lambda-edge): satisfy Deno lib types for Content-Length body encoding by @​yusukebe in honojs/hono#5013
• ci: publish to npm from CI with OIDC trusted publishing by @​yusukebe in honojs/hono#5028
• chore: remove unused devcontainer and gitpod configs by @​yusukebe in honojs/hono#5029
• chore: replace arg and glob with Bun native APIs in build script by @​yusukebe in honojs/hono#5030

Full Changelog: honojs/hono@v4.12.25...v4.12.26

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

Affects: hono/aws-lambda. Fixes multiple Set-Cookie response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf

Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Affects: hono/lambda-edge. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as X-Forwarded-For reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p

v4.12.24

What's Changed

• docs(contribution): simplifyAI Usage Policy by @​yusukebe in honojs/hono#4972
• chore: remove @​types/glob by @​rtritto in honojs/hono#4978
• fix(bearer-auth): mention verifyToken in missing-options error message by @​tan7vir in honojs/hono#4987
• refactor(language): Test/improve tests on languages middleware by @​iNeoO in honojs/hono#4980
• fix(utils/ipaddr): expand "::" to eight zero groups by @​youcefzemmar in honojs/hono#4973
• fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @​Mohammad-Faiz-Cloud-Engineer in honojs/hono#4982
• refactor(timing): Test/add test for middleware timing by @​iNeoO in honojs/hono#4991
• fix(utils/ipaddr): render the unspecified address binary as "::" by @​sarathfrancis90 in honojs/hono#4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

Commits

• 27b7992 4.12.26
• d29982c chore: replace arg and glob with Bun native APIs in build script
• 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
• c574cf1 ci: publish to npm from CI with OIDC trusted publishing (#5028)
• e50df01 fix(lambda-edge): satisfy Deno lib types for Content-Length body encoding (#5...
• fce483e 4.12.25
• 751ba41 Merge commit from fork
• f0b094d Merge commit from fork
• fa5f9bf Merge commit from fork
• 3892a6c Merge commit from fork
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.

Updates ioredis from 5.11.0 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

• cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
• parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

• cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
• parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

Commits

• fb224a7 chore(release): 5.11.1 [skip ci]
• 131ee24 fix: parse protocol-relative Redis URLs as TCP connections (#2125)
• c84b2ee fix(cluster): reconnect to nodes that restart without slot changes (#2096)
• See full diff in compare view

Updates pg from 8.21.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

• Add support for sslnegotiation=direct for PostgreSQL 17+.

Commits

• b617619 Publish
• d80b261 Update docs & changelog
• 835fb83 Fix error handling for exceptions on values parsing. (#3574)
• f49ab4a fix: correct spelling mistakes across codebase (#3692)
• d7175a4 Expand CI matrix of PG versions and add direct SSL test (#3693)
• 882fc30 Add support for sslnegotiation=direct (PostgreSQL 17) (#3688)
• See full diff in compare view

Updates resend from 6.12.4 to 6.14.0

Release notes

Sourced from resend's releases.

v6.13.0

What's Changed

• chore: migrate to pnpm 11 by @​gabrielmfern in resend/resend-node#972
• feat: add ContactImports class for managing contact imports by @​vcapretz in resend/resend-node#963
• feat: release 6.13.0-canary.0 by @​vcapretz in resend/resend-node#976
• fix: typos in custom HTML example (readme.md) by @​SRKrukowski in resend/resend-node#981
• feat: remove contact import onError option by @​vcapretz in resend/resend-node#982
• feat: options for html_format in receiving.get by @​gabrielmfern in resend/resend-node#983
• feat: release 6.13.0 by @​vcapretz in resend/resend-node#984

New Contributors

• @​SRKrukowski made their first contribution in resend/resend-node#981

Full Changelog: resend/resend-node@v6.12.4...v6.13.0

Commits

• See full diff in compare view

Updates uuid from 14.0.0 to 14.0.1

Release notes

Sourced from uuid's releases.

v14.0.1

14.0.1 (2026-06-20)

Bug Fixes

• add types condition to node export for moduleResolution bundler (#961) (27ffae5)

Changelog

Sourced from uuid's changelog.

14.0.1 (2026-06-20)

Bug Fixes

• add types condition to node export for moduleResolution bundler (#961) (27ffae5)

Commits

• 7017780 chore(main): release 14.0.1 (#964)
• f2c3e4b chore: fix release-please workflow (#963)
• 27ffae5 fix: add types condition to node export for moduleResolution bundler (#961)
• 664cb31 Remove outdated security contact information (#959)
• d729016 fix(ci): checkout PR head commit in browser workflow (#957)
• 89a5ebc Workflows (#948)
• 196e208 chore: fix workflow (#947)
• 95af448 chore: update workflows (#946)
• 3b57f95 chore: add workflow_dispatch (#944)
• a433096 chore: add 12.x and 13.x maintenance release branches (#941)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates @radix-ui/react-avatar from 1.1.11 to 1.2.0

Changelog

Sourced from @​radix-ui/react-avatar's changelog.

1.2.0

• Fixed several edge cases with Avatar's loading state
  • An avatar's fallback would not be displayed again if its image component unmounted. This is now fixed.
  • Rendering multiple Avatar.Image components per Avatar.Root was never supported and results in buggy, unpredictable behavior. We now warn about this in development.
  • Zero-sized images were treated as loading, meaning that onLoadingStatusChange is never called once loaded. A zero-sized image now triggers an error status on load.

Other updates

• Fixed console warnings to show in test environments.
• Updated dependencies: @radix-ui/react-primitive@2.1.6

1.1.12

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-is-hydrated@0.1.1, @radix-ui/react-use-layout-effect@1.1.2

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-avatar since your current version.

Updates @radix-ui/react-dialog from 1.1.15 to 1.1.17

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.17

• Removed dev-only warnings for dialogs when title and/or description is not rendered.
• Fixed Dismissable Layer so outside interactions stopped by extension UI overlays do not dismiss dialogs or popovers.
• Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12

1.1.16

• Fixed disabled pointer events in closed dialogs
• Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dialog since your current version.

Updates @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.18

Changelog

Sourced from @​radix-ui/react-dropdown-menu's changelog.

2.1.18

• Fixed a bug where menus and submenus remained open after a window loses focus.
• Updated dependencies: @radix-ui/react-menu@2.1.18, @radix-ui/react-primitive@2.1.6

2.1.17

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-menu@2.1.17, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dropdown-menu since your current version.

Updates @radix-ui/react-label from 2.1.8 to 2.1.10

Changelog

Sourced from @​radix-ui/react-label's changelog.

2.1.10

• Updated dependencies: @radix-ui/react-primitive@2.1.6

2.1.9

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-primitive@2.1.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-label since your current version.

Updates @radix-ui/react-scroll-area from 1.2.10 to 1.2.12

Changelog

Sourced from @​radix-ui/react-scroll-area's changelog.

1.2.12

• Stabilized the viewport style tag unless the nonce changes.
• Fixed Duplicate index signature errors that surfaced when consuming multiple packages together.
• Updated dependencies: @radix-ui/react-primitive@2.1.6

1.2.11

• Fixed missing data-state attribute for Scroll Area scrollbars
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-layout-effect@1.1.2

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-scroll-area since your current version.

Updates @radix-ui/react-select from 2.2.6 to 2.3.1

Changelog

Sourced from @​radix-ui/react-select's changelog.

2.3.1

• Allowed a Select.Item with an empty string value to act as a "clear" option. Selecting it resets the selection back to the placeholder, restoring the native <select> behavior for optional selects.
• Fixed a bug where typeahead search resulted in focusing an element that no longer exists.
• Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-popper@1.3.1, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

2.3.0

• Added unstable Provider and BubbleInput parts to Select. Select.unstable_Provider sets up Select's context and state without implicitly rendering the hidden native select, and Select.unstable_BubbleInput exposes that previously internal native select so consumers can recompose it explicitly. Select continues to render both by default.
• Added support for presence-based exit animations in Select
• Fixed Select hidden input so it submits empty string when no value is selected
• Fixed placeholder rendering when a controlled Select is reset to an empty value
• Added missing __selectScope prop to PopperContent component
• Fixed Select closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM
• Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Fixed SelectValue logging invalid prop errors when used with both asChild and a placeholder
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-visually-hidden@1.2.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-select since your current version.

Updates @radix-ui/react-separator from 1.1.8 to 1.1.10

Changelog

Sourced from @​radix-ui/react-separator's changelog.

1.1.10

• Updated dependencies: @radix-ui/react-primitive@2.1.6

1.1.9

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-primitive@2.1.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-separator since your current version.

Updates @radix-ui/react-slot from 1.2.4 to 1.3.0

Changelog

Sourced from @​radix-ui/react-slot's changelog.

1.3.0

Added generic type arguments for SlotProps and createSlot

SlotProps and createSlot now accept generic type arguments to specify the type of element a slot should render, as well as its props.

const Slot = createSlot<HTMLButtonElement, MyCustomButtonProps>("Slot");

1.2.5

• Fixed infinite re-render loop in React 19 caused by Slot creating a new ref callback on every render
• Added support for nested Slottable via a render prop, so a slotted element can be wrapped while still merging Slot props and refs onto it
• Added repository.directory to all package.json files
• Improved error messages for invalid slot children
• Updated dependencies: @radix-ui/react-compose-refs@1.1.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by

[pacphi]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.