chore(deps): bump the npm-deps group across 2 directories with 18 updates

[dependabot]

Bumps the npm-deps group with 15 updates in the /frontend/app directory:

Package	From	To
@sentry/react	10.49.0	10.52.0
@tanstack/react-query	5.99.0	5.100.9
@tanstack/react-query-devtools	5.99.0	5.100.9
@tanstack/react-router	1.141.0	1.169.2
@tanstack/react-router-devtools	1.141.0	1.166.12
axios	1.16.0	1.16.1
dompurify	3.4.0	3.4.3
jotai	2.19.1	2.20.0
lucide-react	1.8.0	1.14.0
posthog-js	1.369.2	1.372.10
react-day-picker	8.10.1	8.10.2
react-hook-form	7.72.1	7.75.0
react-resizable-panels	4.10.0	4.11.0
react-syntax-highlighter	15.6.1	15.6.6
tailwind-merge	3.5.0	3.6.0

Bumps the npm-deps group with 6 updates in the /frontend/docs directory:

Package	From	To
lucide-react	1.8.0	1.14.0
posthog-js	1.369.2	1.372.10
tailwind-merge	3.5.0	3.6.0
zod	4.3.6	4.4.3
posthog-node	5.29.2	5.33.4
swagger-ui-react	5.32.4	5.32.6

Updates @sentry/react from 10.49.0 to 10.52.0

Release notes

Sourced from @​sentry/react's releases.

10.52.0

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the Sentry Hono SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#20523)
• feat(cloudflare): Support tracing for queue producer (#20529)
• feat(core): Apply request data to segment spans in span streaming (#20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#20613)
• feat(http): Portable node:http client instrumentation (#20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#20615)
• feat(node-core): Add processSegmentSpan to node context integration (#20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#20573)
• feat(node): Vendor ioredis, redis instrumentations (#20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• fix: Bump fast-xml-parser to fix vulnerability (#20644)
• fix: Bump vite versions to fix vulnerability (#20646)
• fix(core): Drain buffers in flush() when there is no transport (#20207)
• fix(core): Guard against undefined chained in copyProps (#20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)
• fix(deps): Bump transitive deps for medium security fixes (#20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#20640)
• fix(nextjs): Skip build modification when SRI is enabled (#20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#20509)

• chore: Remove bundle-analyzer-scenarios dev packages (#20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#20696)
• chore(deps): Bump vulnerable testem version (#20634)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.52.0

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the Sentry Hono SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#20523)
• feat(cloudflare): Support tracing for queue producer (#20529)
• feat(core): Apply request data to segment spans in span streaming (#20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#20613)
• feat(http): Portable node:http client instrumentation (#20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#20615)
• feat(node-core): Add processSegmentSpan to node context integration (#20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#20573)
• feat(node): Vendor ioredis, redis instrumentations (#20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• fix: Bump fast-xml-parser to fix vulnerability (#20644)
• fix: Bump vite versions to fix vulnerability (#20646)
• fix(core): Drain buffers in flush() when there is no transport (#20207)
• fix(core): Guard against undefined chained in copyProps (#20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)
• fix(deps): Bump transitive deps for medium security fixes (#20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#20640)
• fix(nextjs): Skip build modification when SRI is enabled (#20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#20509)

• chore: Remove bundle-analyzer-scenarios dev packages (#20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#20696)

... (truncated)

Commits

• 4b911e0 release: 10.52.0
• 781f31c Merge pull request #20707 from getsentry/prepare-release/10.52.0
• 11a64f6 meta(changelog): Update changelog for 10.52.0
• e185818 feat(node-core): Add processSegmentSpan to node context integration (#20678)
• 7e49571 feat(node): use diagnostics_channel for redis >= 5.12.0 (#20573)
• a8ab715 feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• 7efc03f feat(core): Apply request data to segment spans in span streaming (#20654)
• 01d0a70 feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• 12cd3e5 fix(nextjs): Skip build modification when SRI is enabled (#20694)
• f1f534c fix(deps): Bump transitive deps for medium security fixes (#20683)
• Additional commits viewable in compare view

Updates @tanstack/react-query from 5.99.0 to 5.100.9

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.9

Patch Changes

• Updated dependencies [3d21cac]:
  • @​tanstack/query-devtools@​5.100.9
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query-next-experimental@​5.100.9

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query-persist-client@​5.100.9

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.9
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query@​5.100.9

Patch Changes

• Updated dependencies [fcee7bd]:
  • @​tanstack/query-core@​5.100.9

@​tanstack/react-query-devtools@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.8
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query-next-experimental@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query-persist-client@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.8
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query@​5.100.8

Patch Changes

• Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.9

Patch Changes

• Updated dependencies [fcee7bd]:
  • @​tanstack/query-core@​5.100.9

5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.8

5.100.7

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.7

5.100.6

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.6

5.100.5

Patch Changes

• Updated dependencies [a53ef97]:
  • @​tanstack/query-core@​5.100.5

5.100.4

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.4

5.100.3

Patch Changes

• fix(suspense): skip calling combine when queries would suspend (#10576)

• Updated dependencies [f85d825]:

  • @​tanstack/query-core@​5.100.3

... (truncated)

Commits

• 8c3d523 ci: Version Packages (#10630)
• 9800c8f ci: Version Packages (#10623)
• 3ae4261 ci: Version Packages (#10620)
• 87f7ccf ci: Version Packages (#10604)
• 441204b ci: Version Packages (#10582)
• 55afb3e ci: Version Packages (#10581)
• fe287cc ci: Version Packages (#10579)
• f85d825 Feature/use suspense queries combine (#10576)
• 93b2845 ci: Version Packages (#10575)
• ea4497e fix(query-core): stop wrapping persister generics in NoInfer (#10510)
• Additional commits viewable in compare view

Updates @tanstack/react-query-devtools from 5.99.0 to 5.100.9

Release notes

Sourced from @​tanstack/react-query-devtools's releases.

@​tanstack/react-query-devtools@​5.100.9

Patch Changes

• Updated dependencies [3d21cac]:
  • @​tanstack/query-devtools@​5.100.9
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query-devtools@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.8
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query-devtools@​5.100.7

Patch Changes

• docs(devtools): align logo, panel, and 'buttonPosition' union descriptions across docs and JSDoc (#10617)

• Updated dependencies []:

  • @​tanstack/query-devtools@​5.100.7
  • @​tanstack/react-query@​5.100.7

@​tanstack/react-query-devtools@​5.100.6

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.6
  • @​tanstack/react-query@​5.100.6

Changelog

Sourced from @​tanstack/react-query-devtools's changelog.

5.100.9

Patch Changes

• Updated dependencies [3d21cac]:
  • @​tanstack/query-devtools@​5.100.9
  • @​tanstack/react-query@​5.100.9

5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.8
  • @​tanstack/react-query@​5.100.8

5.100.7

Patch Changes

• docs(devtools): align logo, panel, and 'buttonPosition' union descriptions across docs and JSDoc (#10617)

• Updated dependencies []:

  • @​tanstack/query-devtools@​5.100.7
  • @​tanstack/react-query@​5.100.7

5.100.6

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.6
  • @​tanstack/react-query@​5.100.6

5.100.5

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.5
  • @​tanstack/react-query@​5.100.5

5.100.4

Patch Changes

• fix(devtools): change onClose callback type from () => unknown to () => void (#10118)

• Updated dependencies [3d1a62e]:

  • @​tanstack/query-devtools@​5.100.4

... (truncated)

Commits

• 8c3d523 ci: Version Packages (#10630)
• 03eba38 test(react-query-devtools): add tests for missing 'QueryClient', context prov...
• 9800c8f ci: Version Packages (#10623)
• 3ae4261 ci: Version Packages (#10620)
• 868577d docs(devtools): align logo, panel, and option union descriptions across docs ...
• 87f7ccf ci: Version Packages (#10604)
• 441204b ci: Version Packages (#10582)
• 55afb3e ci: Version Packages (#10581)
• 3d1a62e fix(devtools): change onClose callback type from () => unknown to () … (#10118)
• fe287cc ci: Version Packages (#10579)
• Additional commits viewable in compare view

Updates @tanstack/react-router from 1.141.0 to 1.169.2

Changelog

Sourced from @​tanstack/react-router's changelog.

1.169.2

Patch Changes

• Updated dependencies [35e88f0]:
  • @​tanstack/router-core@​1.169.2

1.169.1

Patch Changes

• Updated dependencies [4a1e63f]:
  • @​tanstack/router-core@​1.169.1

1.169.0

Minor Changes

• Allow params.parse to experimentally return false to skip an incoming route candidate during path matching. Thrown parse errors still surface on the selected match instead of falling through, and outgoing typed route-template links continue to use exact route lookup followed by params.stringify for URL generation. (#7263)

Patch Changes

• Updated dependencies [c992495]:
  • @​tanstack/router-core@​1.169.0

1.168.26

Patch Changes

• Updated dependencies [b5c4183]:
  • @​tanstack/router-core@​1.168.18

1.168.25

Patch Changes

• Updated dependencies [493148b]:
  • @​tanstack/router-core@​1.168.17

1.168.24

Patch Changes

• Add TanStack Start inline CSS manifest support for SSR so route styles can be embedded in the HTML response and hydrated without duplicate stylesheet links. (#7253)

• Updated dependencies [4d864ee]:

  • @​tanstack/router-core@​1.168.16

1.168.23

... (truncated)

Commits

• ee96e25 ci: changeset release
• ed3152a test: reproducer for #2547 (#7337)
• 19f496b test: add reproducer for #2514 (#7336)
• 9902eb4 remove old intent artifacts (#7333)
• f08ef9d chore: fix duplicate "the" typo across router packages (#7323)
• 2c9f5c0 ci: changeset release
• 4a1e63f fix: parse params union inference (#7306)
• dad0ec8 ci: changeset release
• c992495 feat: match params (#7263)
• a730094 ci: changeset release
• Additional commits viewable in compare view

Updates @tanstack/react-router-devtools from 1.141.0 to 1.166.12

Changelog

Sourced from @​tanstack/react-router-devtools's changelog.

1.166.12

Patch Changes

• Updated dependencies [459057c]:
  • @​tanstack/router-devtools-core@​1.167.2
  • @​tanstack/react-router@​1.168.14
  • @​tanstack/router-core@​1.168.10

1.166.11

Patch Changes

• Updated dependencies [c9e1855]:
  • @​tanstack/router-devtools-core@​1.167.1
  • @​tanstack/react-router@​1.168.2
  • @​tanstack/router-core@​1.168.2

1.166.10

Patch Changes

• Updated dependencies [0545239]:
  • @​tanstack/router-devtools-core@​1.167.0
  • @​tanstack/react-router@​1.168.0
  • @​tanstack/router-core@​1.168.0

1.166.9

Patch Changes

• build: update to vite-config 5.x (rolldown) (#6926)

• Updated dependencies [838b0eb]:

  • @​tanstack/router-devtools-core@​1.166.9
  • @​tanstack/react-router@​1.167.2
  • @​tanstack/router-core@​1.167.2

1.166.8

Patch Changes

• fix: build with @​tanstack/vite-config 0.4.3 (#6923)

• Updated dependencies [ef9b241]:

  • @​tanstack/router-devtools-core@​1.166.8
  • @​tanstack/react-router@​1.167.1
  • @​tanstack/router-core@​1.167.1

Commits

• 27890af ci: changeset release
• b1c0f46 chore: upgrade tooling to typescript 6 (#7024)
• 67d9e69 ci: changeset release
• 423be8a ci: changeset release
• a0a6aa8 ci: changeset release
• 91d1085 ci: changeset release
• ef9b241 build: update to @​tanstack/vite-config v0.4.3 (#6923)
• 7706e3f release: v1.166.7
• 964cae0 release: v1.166.6
• 6438c03 release: v1.166.4
• Additional commits viewable in compare view

Updates axios from 1.16.0 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

Changelog

Sourced from axios's changelog.

Changelog

Commits

• 1337d6b chore(release): prepare release 1.16.1 (#10877)
• 858a790 fix: remove all caches (#10882)
• 34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
• 847d89b fix: support URL object as config.url input (#10866)
• 4094886 fix(progress): guard malformed XHR upload events (#10868)
• 44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
• 64e1095 chore: update PR and issue template to use h2 (#10865)
• 3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
• c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
• caa00a9 fix: https data in cleartext to proxy (#10858)
• Additional commits viewable in compare view

Updates dompurify from 3.4.0 to 3.4.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.3

• Fixed an issue with handling of nested Shadow DOM trees, thanks @​fishjojo1
• Fixed the template regexes to be more robust against ReDoS attacks, thanks @​aleung27
• Updated the node iteration code to catch more Shadow DOM related issues
• Updated Playwright and added Node 26 to test matrix
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

DOMPurify 3.4.2

• Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
• Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

DOMPurify 3.4.1

• Fixed an issue with on-handler stripping for HTML-spec-reserved custom element names (font-face, color-profile, missing-glyph, font-face-src, font-face-uri, font-face-format, font-face-name) under permissive CUSTOM_ELEMENT_HANDLING
• Fixed a case-sensitivity gap in the annotation-xml check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode
• Fixed SANITIZE_NAMED_PROPS repeatedly prefixing already-prefixed id and name values on subsequent sanitization
• Fixed the IN_PLACE root-node check to explicitly guard against non-string nodeName (DOM-clobbering robustness)
• Removed a duplicate slot entry from the default HTML attribute allow-list
• Strengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for SANITIZE_NAMED_PROPS, and a negative-control assertion ensuring the invariants actually fire
• Added regression and pinning tests covering the above fixes and two accepted-behavior contracts (SAFE_FOR_TEMPLATES greedy scrub, hook-added attribute handling)
• Extended CodeQL analysis to run on 3.x and 2.x maintenance branches

Commits

• 520edb0 release: 3.4.3 (#1352)
• 6f67fd3 Sync/3.4.2 (#1322)
• 5b0cdbb chore: merge main into 3.x for 3.4.1 release (#1301)
• 09f5911 test: added three more browsers to test setup (OSX, mobile)
• See full diff in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates jotai from 2.19.1 to 2.20.0

Release notes

Sourced from jotai's releases.

v2.20.0

This release improves performance in high-throughput scenarios. Huge kudos to @​dmaskasky!

What's Changed

• breaking(internals): avoid getInternalBuildingBlock function by @​dai-shi in pmndrs/jotai#3293
• refactor(internals): Rev3 type narrowing for onMount hooks by @​dmaskasky in pmndrs/jotai#3311
• fix(internals): guard atomOnInit hook with hasOnInit by @​dmaskasky in pmndrs/jotai#3312
• refactor(internals): lazy hooks in ensureAtomState for new atom state by @​dmaskasky in pmndrs/jotai#3313

Full Changelog: pmndrs/jotai@v2.19.1...v2.20.0

Commits

• bdbc766 2.20.0
• 64181cc chore(deps): update dev dependencies (#3317)
• e2aa859 refactor(internals): lazy hooks in ensureAtomState for new atom state (#3313)
• 26f3e9c fix(internals): guard atomOnInit hook with hasOnInit (#3312)
• e923843 refactor(internals): Rev3 type narrowing for onMount hooks (#3311)
• 4b63111 breaking(internals): avoid getInternalBuildingBlock function (#3293)
• See full diff in compare view

Updates lucide-react from 1.8.0 to 1.14.0

Release notes

Sourced from lucide-react's releases.

Version 1.14.0

What's Changed

• feat(icons): added repeat-off icon by @​jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

• fix(docs): sync URL params with UI state on categories page by @​taimar in lucide-icons/lucide#4111
• feat(icons): add waves-vertical icon by @​jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

• feat(icon): add folder-bookmark icon by @​swastik7805 in lucide-icons/lucide#4262
• docs(readme): Update readme files by @​ericfennis in lucide-icons/lucide#4320
• feat(icons): added astroid icon by @​whoisBugsbunny in lucide-icons/lucide#4217

Full Changelog: lucide-icons/lucide@1.10.0...1.12.0

Version 1.11.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in lucide-icons/lucide#4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in lucide-icons/lucide#4315
• feat(docs): blur background of framework-select by @​Spleefies in lucide-icons/lucide#4238
• feat(icon): add heart-x icon by

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hatchet-docs	Ready	Preview, Comment	May 18, 2026 6:04am

[gregfurman]

Closing until we can figure out why these cypress tests keep failing.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml