chore(deps)(deps): bump the production-dependencies group across 1 directory with 37 updates

[dependabot]

Bumps the production-dependencies group with 37 updates in the / directory:

Package	From	To
@auth/prisma-adapter	2.10.0	2.11.1
@paralleldrive/cuid2	2.2.2	2.3.1
@prisma/adapter-neon	7.1.0	7.3.0
@prisma/client	6.18.0	6.19.2
@react-pdf/renderer	4.3.1	4.3.2
@tanstack/react-query	5.90.2	5.90.20
@upstash/ratelimit	2.0.6	2.0.8
@upstash/redis	1.35.4	1.36.1
antd	5.27.4	5.29.3
bcryptjs	3.0.2	3.0.3
dompurify	3.2.7	3.3.1
focus-trap-react	11.0.4	11.0.6
framer-motion	12.23.22	12.29.0
isomorphic-dompurify	2.32.0	2.35.0
jose	6.1.0	6.1.3
jspdf	3.0.3	3.0.4
jspdf-autotable	5.0.2	5.0.7
lodash	4.17.21	4.17.23
@types/lodash	4.17.20	4.17.23
lucide-react	0.544.0	0.563.0
mermaid	11.12.1	11.12.2
next	15.5.7	15.5.9
next-auth	4.24.11	4.24.13
posthog-js	1.272.0	1.335.2
prisma	6.18.0	6.19.2
react	19.1.1	19.2.3
react-dom	19.1.1	19.2.3
react-hotkeys-hook	5.2.1	5.2.3
react-window	2.2.0	2.2.5
recharts	3.2.1	3.7.0
resend	6.1.2	6.8.0
tailwind-merge	3.3.1	3.4.0
ua-parser-js	2.0.6	2.0.8
vis-timeline	8.3.1	8.5.0
ws	8.18.3	8.19.0
zod	4.1.11	4.3.6
zustand	5.0.8	5.0.10

Updates @auth/prisma-adapter from 2.10.0 to 2.11.1

Release notes

Sourced from @​auth/prisma-adapter's releases.

@​auth/prisma-adapter@​2.11.1

Other

• @​auth/core: dependency update (8f3b2c7a)

@​auth/prisma-adapter@​2.11.0

Other

• @​auth/core: dependency update (745751e9)

Commits

• 089f0e3 chore(release): bump package version(s) [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• 8f3b2c7 fix: security issue from nodemailer (#13305)
• 240e343 docs: update the Prisma ORM page to use Prisma Postgres (#13299)
• 0bcd32d chore(drizzle): migrate sqliteTable to array API (#13280)
• 90188fa ci: enable merge queue (#13288)
• 8d02b3d docs: remove carbon developer ads widget from docs sidebar (#13286)
• c8cd9b1 chore: remove unused script (#13279)
• 3a7c669 docs: update links for Credentials-based Authentication (#13258)
• e9e2b50 chore(release): bump package version(s) [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/prisma-adapter since your current version.

Updates @paralleldrive/cuid2 from 2.2.2 to 2.3.1

Changelog

Sourced from @​paralleldrive/cuid2's changelog.

[2.3.1] - 2025-10-24

Fixed

• Maintenance release: Restore CommonJS compatibility for v2.x line
• This version is based on v2.2.2 to provide a non-breaking upgrade path
• Published with v2-compat tag for users who need CommonJS

Note: v2.3.0 was incorrectly released with a breaking change (ESM conversion). This version supersedes v2.3.0 for users on the v2.x line.

[2.3.0] - 2025-10-18 [DEPRECATED]

⚠️ This version contains a breaking change and should have been v3.0.0

Use v2.3.1 for CommonJS or v3.0.0+ for ESM.

Changed

• Converted to ES modules (breaking change)
• Added CLI with help flags
• Improved dark mode detection
• Upgraded @​noble/hashes to v2.0.1
• Modernized dev tooling

Added

• CLI tool with shell alias installer
• Better documentation

Commits

• 755f1f3 chore(release): v2.3.1
• See full diff in compare view

Updates @prisma/adapter-neon from 7.1.0 to 7.3.0

Release notes

Sourced from @​prisma/adapter-neon's releases.

7.3.0

Today, we are excited to share the 7.3.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

ORM

• #28976: Fast and Small Query Compilers We've been working on various performance-related bugs since the initial ORM 7.0 release. With 7.3.0, we're introducing a new compilerBuild option for the client generator block in schema.prisma with two options: fast and small. This allows you to swap the underlying Query Compiler engine based on your selection, one built for speed (with an increase in size), and one built for size (with the trade off for speed). By default, the fast mode is used, but this can be set by the user:

generator client {
  provider = "prisma-client"
  output   = "../src/generated/prisma"
  compilerBuild = "fast" // "fast" | "small"
}

We still have more in progress for performance, but this new compilerBuild option is our first step toward addressing your concerns!

• #29005: Bypass the Query Compiler for Raw Queries Raw queries ($executeRaw, $queryRaw) can now skip going through the query compiler and query interpreter infrastructure. They can be sent directly to the driver adapter, removing additional overhead.

• #28965: Update MSSQL to v12.2.0 This community PR updates the @prisma/adapter-mssql to use MSSQL v12.2.0. Thanks Jay-Lokhande!

• #29001: Pin better-sqlite3 version to avoid SQLite bug An underlying bug in SQLite 3.51.0 has affected the better-sqlite3 adapter. We’ve bumped the version that powers @prisma/better-sqlite3 and have pinned the version to prevent any unexpected issues. If you are using @prisma/better-sqlite3 , please upgrade to v7.3.0.

• #29002: Revert @map enums to v6.19.0 behavior In the initial release of v7.0, we made a change with Mapped Enums where the generated enum would get its value from the value passed to the @map function. This was a breaking change from v6 that caused issues for many users. We have reverted this change for the time being, as many different diverging approaches have emerged from the community discussion.

• prisma-engines#5745: Cast BigInt to text in JSON aggregation When using relationJoins with BigInt fields in Prisma 7, JavaScript's JSON.parse loses precision for integers larger than Number.MAX_SAFE_INTEGER (2^53 - 1). This happens because PostgreSQL's JSONB_BUILD_OBJECT returns BigInt values as JSON numbers, which JavaScript cannot represent precisely.

  // Original BigInt ID: 312590077454712834
  // After JSON.parse: 312590077454712830 (corrupted!)
  

  This PR cast BigInt columns to ::text inside JSONB_BUILD_OBJECT calls, similar to how MONEY is already cast to ::numeric.

  -- Before
  JSONB_BUILD_OBJECT('id', "id")
  -- After
  
  JSONB_BUILD_OBJECT('id', "id"::text)
  
  

... (truncated)

Commits

• 531886f fix: fix byte upserts by removing legacy byte array representation (#28913)
• 0c6db15 fix(adapter-{pg,neon,ppg}): handle 22P02 error in Postgres (#28849)
• See full diff in compare view

Updates @prisma/client from 6.18.0 to 6.19.2

Release notes

Sourced from @​prisma/client's releases.

6.19.2

Today, we are issuing a 6.19.2 patch release in the Prisma 6 release line. It fixes an issue with Prisma Accelerate support in some edge runtime configurations when the @prisma/client/edge entrypoint is not being used.

Changes:

• prisma/prisma#28934

6.19.1

Today, we are issuing a patch release for Prisma 6 that includes a fix for a diffing bug introduced in Prisma 6.13.1, which led to incorrectly reported empty diffs.

Changes

• prisma/prisma-engines#5706

6.19.0

Today, we are excited to share the 6.19.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X

Highlights

This release brings a lot of bug fixes and improvements to both the ORM and Prisma Postgres.

Prisma ORM

Prisma ORM is the most popular ORM in the TypeScript ecosystem. Today’s release brings a bunch of new bug fixes and overall improvements:

• #5675: When dropping a model from a schema, do not append the default schema to the migration.
• #5656: Align naming conventions for fields and relation fields
• #28341: Add biome ignore comments to generated client files. This was a community contribution from @​lonelyevil, thank you!

Prisma Postgres

Prisma Postgres is our fully managed Postgres service, designed with the same philosophy of great DX that has guided Prisma for close to a decade. With this release, we are introducing the following improvements:

Connection pooling with Prisma Postgres

We added support for direct connections in 6.17, opening Prisma Postgres up to working with any tool in the wider Postgres ecosystem. Now, you can confirm that connection to support connection pooling by appending the query parameter pool=true to the connection string.

postgres://555555..../postgres?sslmode=require&pool=true

VS Code extension

A frequently requested feature is to be able to use a local Prisma Postgres database within our VS Code Extension without having to log in. In this release, we’re happy to share that this is now supported! Now you can work on your project without having to connect to the database remotely.

#1924: previewFeatures = "" suggestion results in "[]" value

... (truncated)

Commits

• 8659f92 fix: correct engine for cloudflare (#28934)
• fea5638 chore: backport namespace fix for Prisma 6 (#28885)
• 2bd7a43 chore(deps): update engines to 6.19.0-26.2ba551f319ab1df4bc874a89965d8b364105...
• 833490a chore(deps): update engines to 6.19.0-25.420f95ba71ba52124fa101cda620b4e60cbe...
• ac84b74 chore(deps): update engines to 6.19.0-24.a2b481b117452ee9da10d6bf285cde25c0d6...
• f163371 chore(deps): update engines to 6.19.0-23.00f1b688fa033fd4de96af399b529227291b...
• 3635905 chore(deps): update engines to 6.19.0-19.1d6ed60aab371a6253e5b971615421eb9d33...
• bb013d6 chore(deps): update engines to 6.19.0-16.a964551b989543683858a5aa93090e8b4857...
• eb59767 chore(deps): update engines to 6.19.0-15.08761ddce3e1b2107c76ee662fbd0520fc11...
• 2ca964d chore(deps): update engines to 6.19.0-8.7b3c6b2f5cf8948c3c32b2898731d3222f349...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​prisma/client since your current version.

Updates @react-pdf/renderer from 4.3.1 to 4.3.2

Release notes

Sourced from @​react-pdf/renderer's releases.

@​react-pdf/renderer@​4.3.2

Patch Changes

• Updated dependencies [f034491b, 2eba70bd, fafbcb12, cc1aff24]:
  • @​react-pdf/pdfkit@​4.1.0
  • @​react-pdf/reconciler@​2.0.0
  • @​react-pdf/layout@​4.4.2
  • @​react-pdf/font@​4.0.4
  • @​react-pdf/render@​4.3.2
  • @​react-pdf/types@​2.9.2

Changelog

Sourced from @​react-pdf/renderer's changelog.

4.3.2

Patch Changes

• Updated dependencies [f034491b, 2eba70bd, fafbcb12, cc1aff24]:
  • @​react-pdf/pdfkit@​4.1.0
  • @​react-pdf/reconciler@​2.0.0
  • @​react-pdf/layout@​4.4.2
  • @​react-pdf/font@​4.0.4
  • @​react-pdf/render@​4.3.2
  • @​react-pdf/types@​2.9.2

Commits

• 52e97fd chore: release packages (#3263)
• e0db9bf fix: hyphenation (#3267)
• See full diff in compare view

Updates @tanstack/react-query from 5.90.2 to 5.90.20

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-persist-client@​5.90.20

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.17
  • @​tanstack/react-query@​5.90.18

@​tanstack/react-query@​5.90.20

Patch Changes

• Updated dependencies [e7258c5]:
  • @​tanstack/query-core@​5.90.20

@​tanstack/react-query-persist-client@​5.90.19

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.16
  • @​tanstack/react-query@​5.90.17

@​tanstack/react-query@​5.90.19

Patch Changes

• Updated dependencies [53fc74e]:
  • @​tanstack/query-core@​5.90.19

@​tanstack/react-query-persist-client@​5.90.18

Patch Changes

• Updated dependencies [4be3ad7]:
  • @​tanstack/react-query@​5.90.16
  • @​tanstack/query-persist-client-core@​5.91.15

@​tanstack/react-query@​5.90.18

Patch Changes

• Updated dependencies [dea1614]:
  • @​tanstack/query-core@​5.90.18

@​tanstack/react-query-persist-client@​5.90.17

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.14
  • @​tanstack/react-query@​5.90.15

@​tanstack/react-query@​5.90.17

Patch Changes

• Updated dependencies [269351b]:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

Commits

• 7ac4e20 ci: Version Packages (#10067)
• 9ff3de7 Upgrade to Vitest v4 (#9862)
• 0525ad1 ci: Version Packages (#10047)
• 53fc74e fix(query-core): fix combine not updating when queries change with stable ref...
• 64d5d62 ci: Version Packages (#10045)
• dea1614 fix(query-core): avoid throwing promise errors when data exists (#10025)
• bf7f47e ci: Version Packages (#10033)
• 44c3cb9 test(react-query/ssr): add 'useQueries' test for SSR (#9996)
• 167db32 ci: Version Packages (#10005)
• 4be3ad7 fix(react-query): allow retryOnMount when throwOnError is function (#9336) (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​tanstack/react-query since your current version.

Updates @upstash/ratelimit from 2.0.6 to 2.0.8

Release notes

Sourced from @​upstash/ratelimit's releases.

v2.0.8

What's Changed

• DX-2280: Remove large-group runners by @​CahidArda in upstash/ratelimit-js#144
• Fix React Server Components CVE vulnerabilities by @​vercel[bot] in upstash/ratelimit-js#145
• DX-2316: bump next by @​CahidArda in upstash/ratelimit-js#146
• DX-2254: add global dynamic limit by @​CahidArda in upstash/ratelimit-js#147

New Contributors

• @​vercel[bot] made their first contribution in upstash/ratelimit-js#145

Full Changelog: upstash/ratelimit-js@v2.0.7...v2.0.8

v2.0.7

What's Changed

Features

• DX-1261: allow negative rate values by @​CahidArda in upstash/ratelimit-js#143

Fixes

• Update context7.json by @​enesakar in upstash/ratelimit-js#138, upstash/ratelimit-js#139 and upstash/ratelimit-js#140
• DX-2218: Refactor rate limit test cases and update request timing in TestHarness by @​CahidArda in upstash/ratelimit-js#142

Full Changelog: upstash/ratelimit-js@v2.0.6...v2.0.7

Commits

• a8b1b99 DX-2254: add global dynamic limit (#147)
• 8589adb fix: bump next (#146)
• ade4aa8 Merge pull request #145 from upstash/vercel/react-server-components-cve-vu-qx...
• e19785d Fix React Server Components CVE vulnerabilities
• 67e8bc2 DX-2280: Remove specific runner configuration from test job in GitHub Actions...
• a447320 DX-1261: allow negative rate values (#143)
• 544454b DX-2218: Refactor rate limit test cases and update request timing in TestHarn...
• c12bee3 Update context7.json
• 6bc1514 Update context7.json
• 75f929e Merge pull request #140 from upstash/enesakar-patch-5
• Additional commits viewable in compare view

Updates @upstash/redis from 1.35.4 to 1.36.1

Release notes

Sourced from @​upstash/redis's releases.

v1.36.1

What's Changed

• feat: support chunked messages by @​joschan21 in upstash/redis-js#1404

Full Changelog: upstash/redis-js@v1.36.0...v1.36.1

v1.36.0

What's Changed

• feat: add redis functions support by @​ytkimirti in upstash/redis-js#1401

Full Changelog: upstash/redis-js@v1.35.8...v1.36.0

v1.36.0-rc.7

Full Changelog: upstash/redis-js@v1.36.0-rc.6...v1.36.0-rc.7

v1.36.0-rc.6

Full Changelog: upstash/redis-js@v1.36.0-rc.5...v1.36.0-rc.6

v1.36.0-rc.5

What's Changed

• fix: fix some issues found in the search sdk review by @​mdumandag in upstash/redis-js#1402

Full Changelog: upstash/redis-js@v1.36.0-rc.4...v1.36.0-rc.5

v1.36.0-rc.4

Full Changelog: upstash/redis-js@v1.36.0-rc.3...v1.36.0-rc.4

v1.36.0-rc.3

Full Changelog: upstash/redis-js@v1.36.0-rc.2...v1.36.0-rc.3

v1.36.0-rc.2

Full Changelog: upstash/redis-js@v1.36.0-rc.1...v1.36.0-rc.2

v1.36.0-rc.1

What's Changed

• DX-2204: document telemetry configuration option by @​CahidArda in upstash/redis-js#1393
• DX-2265: add Requester type declaration by @​CahidArda in upstash/redis-js#1397
• Fix: zremrangebyscore should accept string | number for min/max scores by @​mvonschledorn in upstash/redis-js#1396
• DX-2280: Remove large-group runners by @​CahidArda in upstash/redis-js#1398

New Contributors

• @​mvonschledorn made their first contribution in upstash/redis-js#1396

Full Changelog: upstash/redis-js@v1.35.6...v1.36.0-rc.1

v1.35.8

What's Changed

... (truncated)

Commits

• 8701b83 feat: support chunked messages (#1404)
• 09d5f81 feat: add redis functions support (#1401)
• 8f4f0dd fix: improve env variable access (#1399)
• 31cc261 fix: bump next (#1400)
• ff91bb1 DX-2280: Remove large-group runners (#1398)
• b635b96 Fix: zremrangebyscore should accept string | number for min/max scores (#1396)
• d47518c DX-2265: add Requester type declaration (#1397)
• fbead4f fix: document telemetry configuration option (#1393)
• e08c6d2 fix: catch json parse errors (#1392)
• a5ad849 DX-2161: fall back to returning the message string if message is not parsable...
• Additional commits viewable in compare view

Updates antd from 5.27.4 to 5.29.3

Release notes

Sourced from antd's releases.

5.29.3

• 🐞 Fix Breadcrumb link color being overridden when using custom itemRender. #56251 @​guoyunhe

---

• 🐞 修复 Breadcrumb 自定义 itemRender 时链接颜色被覆盖的问题。#56251 @​guoyunhe

5.29.2

• 🐞 Fix notification background colors incorrect when cssVar is disabled. #56133 @​afc163
• 🐞 Raise Breadcrumb link style priority to avoid being overridden by global styles (v5). #56139 @​guoyunhe
• 🐞 Fix Input.Search should not warn about deprecated addonAfter. #55806 @​zombieJ
• 🐞 Fix Splitter failing to fill its container when the sum of panel proportions is not 1. #56217 @​zombieJ

---

• 🐞 修复关闭 cssVar 时 notification 背景色异常的问题。#56133 @​afc163
• 🐞 提升 Breadcrumb 链接样式的优先级以避免被全局样式覆盖。#56139 @​guoyunhe
• 🐞 修复 Input.Search 会报 addonAfter 已经废弃的警告信息的问题。#55806 @​zombieJ
• 🐞 修复 Splitter 在 Panel 总占比不为 1 时出现占不满的情况。 #56217 @​zombieJ

5.29.1

• 🐞 Fix Carousel dot can not click when in vertical mode.#55757 @​wanpan11

---

• 🐞 修复 Carousel 选择器在垂直位置无法点击的问题。 #55757 @​wanpan11

5.29.0

• 🆕 InputNumber component deprecates addonAfter and addonBefore props, use Space.Compact instead. #55505 @​EmilyyyLiu
• ⌨️ Improve Drawer accessibility by adding aria-labelledby when a title is present. #55697 @​rxy001
• 🌐 Fixed spacing in Korean localization for “복사됨” message. #55672 @​rapsealk

---

• 🆕 InputNumber 组件废弃 addonAfter 和 addonBefore 属性，使用 Space.Compact 替换。 #55505 @​EmilyyyLiu
• ⌨️ 优化 Drawer 组件的可访问性，存在标题时的属性 aria-labelledby。#55697 @​rxy001
• 🌐 修复韩语本地化中“복사됨”文本的空格规则问题。#55672 @​rapsealk

5.28.1

• Carousel
  • 🐞 Fix Carousel style issue in vertical mode. #55615 @​wanpan11
  • 🐞 Fix Carousel dots animation missing when first render. #55589 @​wanpan11
• 🐞 Fix Descriptions where content style wrongly used labelStyle. #55572 @​li-jia-nan
• 💄 Adjust the height of the Select component to 32px when variant="underlined". #55607 @​ustcfury
• 💄 When the underlined property is enabled for the Input component, the border color changes on mouse hover. #55609 @​ustcfury
• 🛠 Flex gap prop support number type. #55591 @​ayangweb
• 🌐 Add missing TimePicker translations for locales: ar_EG, en_GB, gl_ES, bg_BG, ca_ES, cs_CZ, el_GR, es_ES, eu_ES, fi_FI, he_IL, hu_HU, is_IS, kn_IN, kmr_IQ, lv_LV, mk_MK, mn_MN, ms_MY, pl_PL, pt_BR, pt_PT, ro_RO, sk_SK, sl_SI, sv_SE, ta_IN, th_TH, zh_TW, et_EE. #55656 @​li-jia-nan

---

• Carousel
  • 🐞 修复 Carousel 组件纵向样式问题。#55615 @​wanpan11
  • 🐞 修复 Carousel 首次渲染时指示点动画丢失。#55589 @​wanpan11
• 🐞 修复 Popconfirm 在 actionFn 出错时未重置 ref 的问题。#55519 @​Taoister39
• 🐞 修复 Descriptions 组件内容样式错误使用 labelStyle 的问题。#55572 @​li-jia-nan
• 💄 修正 underlined 变体的 Select 组件高度为 32px。#55607 @​ustcfury

... (truncated)

Changelog

Sourced from antd's changelog.

5.29.3

2025-12-18

• 🐞 Fix Breadcrumb link color being overridden when using custom itemRender. #56251 @​guoyunhe

5.29.2

2025-12-15

• 🐞 Fix notification background colors incorrect when cssVar is disabled. #56133 @​afc163
• 🐞 Raise Breadcrumb link style priority to avoid being overridden by global styles (v5). #56139 @​guoyunhe
• 🐞 Fix Input.Search should not warn about deprecated addonAfter. #55806 @​zombieJ
• 🐞 Fix Splitter failing to fill its container when the sum of panel proportions is not 1. #56217 @​zombieJ

5.29.1

2025-11-18

• 🐞 Fix Carousel dot can not click when in vertical mode.#55757 @​wanpan11

5.29.0

2025-11-17

• 🆕 InputNumber component deprecates addonAfter and addonBefore props, use Space.Compact instead. #55505 @​EmilyyyLiu
• ⌨️ Improve Drawer accessibility by adding aria-labelledby when a title is present. #55697 @​rxy001
• 🌐 Fixed spacing in Korean localization for “복사됨” message. #55672 @​rapsealk

5.28.1

2025-11-11

• Carousel
  • 🐞 Fix Carousel style issue in vertical mode. #55615 @​wanpan11
  • 🐞 Fix Carousel dots animation missing when first render. #55589 @​wanpan11
• 🐞 Fix Descriptions where content style wrongly used labelStyle. #55572 @​li-jia-nan
• 💄 Adjust the height of the Select component to 32px when variant="underlined". #55607 @​ustcfury
• 💄 When the underlined property is enabled for the Input component, the border color changes on mouse hover. #55609 @​ustcfury
• 🌐 Add missing TimePicker translations for locales: ar_EG, en_GB, gl_ES, bg_BG, ca_ES, cs_CZ, el_GR, es_ES, eu_ES, fi_FI, he_IL, hu_HU, is_IS, kn_IN, kmr_IQ, lv_LV, mk_MK, mn_MN, ms_MY, pl_PL, pt_BR, pt_PT, ro_RO, sk_SK, sl_SI, sv_SE, ta_IN, th_TH, zh_TW, et_EE. #55656 @​li-jia-nan
• TypeScript
  • 🤖 Improve Flex component gap prop typing, for better IDE autocomplete and type inference. #55591 @​ayangweb

5.28.0

2025-11-01

• 🆕 Drawer supports closable.placement prop to specify the position of the close button. #54067 @​davidhsing
• 🆕 Image component supports fallback global configuration. #54702 @​Jiyur

... (truncated)

Commits

• 14f3977 chore: bump version to 5.29.3 and update changelogs (#56267)
• d36e662 fix(Breadcrumb): custom itemRender style for 5.x (#56251)
• 6dd5a23 chore: add 5.x-stable branch to github workflows (#56222)
• 2a6d0b8 chore: update branch references from master to 5.x-stable in scripts (#56218)
• 081e9a6 fix(V5): Splitter ptg not fully cover (#56217)
• a811b7a docs: bump version to 5.29.2 and update changelogs (#56190)
• 34b32bb fix: notification wrong background color when cssVar is false (#56133)
• 2a823ea fix(Breadcrumb): lift link style priority for v5 (#56139)
• 6339b66 chore: cherry-pick changelog route fix from PR #56038 to 5.x-stable docs (#56...
• 2e77131 docs: Add the link corresponding to the next major version of the cur… (#55946)
• Additional commits viewable in compare view

Updates bcryptjs from 3.0.2 to 3.0.3

Release notes

Sourced from bcryptjs's releases.

v3.0.3

Bug fixes

• Always yield to event loop before nextTick for async versions (#164) (1211e9a2213e0b3ee232a204b3ce899beebce31a)

Commits

• 1211e9a fix: Always yield to event loop before nextTick for async versions (#164)
• See full diff in compare view

Updates dompurify from 3.2.7 to 3.3.1

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.1

• Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
• Updated the ESM import syntax to be more correct, thanks @​binhpv

DOMPurify 3.3.0

• Added the SVG mask-type attribute to default allow-list, thanks @​prasadrajandran
• Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @​nelstrom
• Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @​Wim-Valgaeren

Commits

• 6fc446a Merge pull request #1175 from cure53/main
• 3b3bf91 Merge branch 'main' of github.com:cure53/DOMPurify
• 9863f41 chore: Preparing 3.3.1 release
• b4e0295 chore: Preparing 3.3.0 release
• 077746b build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1170)
• 4de68bb build(deps): bump actions/checkout from 5 to 6 (#1171)
• 4c76b6f Use correct ESM import syntax (#1173)
• 27e8496 Merge pull request #1168 from MariusRumpf/add-forbid-contents
• a920096 Add ADD_FORBID_CONTENTS setting to extend default list
• ac64660 Merge pull request #1163 from cure53/dependabot/github_actions/actions/setup-...
• Additional commits viewable in compare view

Updates focus-trap-react from 11.0.4 to 11.0.6

Release notes

Sourced from focus-trap-react's releases.

v11.0.6

Patch Changes

• c0bd275: Bump focus-trap to 7.8.0 for new aria-hidden support in isolateSubtrees option and bug fix related to trapStack option

v11.0.5

Patch Changes

• 01712b0: Update focus-trap dependency to 7.6.6 and tabbable to 6.3.0 to get a new displayCheck option in tabbable.
• 0f8db7c: Bump tabbable to 6.4.0 and focus-trap to 7.7.1 for improved inert handling

Changelog

Sourced from focus-trap-react's changelog.

11.0.6

Patch Changes

• c0bd275: Bump focus-trap to 7.8.0 for new aria-hidden support in isolateSubtrees option and bug fix related to trapStack option

11.0.5

Patch Changes

• 01712b0: Update focus-trap dependency to 7.6.6 and tabbable to 6.3.0 to get a new displayCheck option in tabbable.
• 0f8db7c: Bump tabbable to 6.4.0 and focus-trap to 7.7.1 for improved inert handling

Commits

• 42f0bd5 Version Packages (#1781)
• c0bd275 Bump focus-trap to 7.8.0 (#1780)
• a5e0fb1 [DEPENDABOT]: Bump eslint-plugin-testing-library from 7.15.3 to 7.15.4 (#1776)
• 01eb1ac [DEPENDABOT]: Bump @​typescript-eslint/eslint-plugin from 8.51.0 to 8.52.0 (#1...
• dc14dca Version Packages (#1762)
• 09e16f9 [DEPENDABOT]: Bump eslint-plugin-cypress from 5.2.0 to 5.2.1 (#1773)

[dependabot]

Assignees

The following users could not be added as assignees: your-team-name. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
cockpit	Ready	Preview, Comment	Jan 26, 2026 2:37am