build(deps): bump the production-dependencies group with 31 updates by dependabot[bot] · Pull Request #172 · hackclub/lapse

dependabot · 2026-03-17T15:48:57Z

Bumps the production-dependencies group with 31 updates:

Package	From	To
@orpc/contract	`1.13.5`	`1.13.7`
zod	`4.2.1`	`4.3.6`
@hackclub/icons	`0.0.15`	`0.1.0`
@orpc/client	`1.13.6`	`1.13.7`
@orpc/openapi	`1.13.5`	`1.13.7`
@orpc/openapi-client	`1.13.5`	`1.13.7`
@posthog/nextjs-config	`1.8.19`	`1.8.21`
mediabunny	`1.38.0`	`1.39.2`
next	`16.1.6`	`16.1.7`
posthog-js	`1.360.0`	`1.360.2`
posthog-node	`5.28.0`	`5.28.2`
react	`19.2.3`	`19.2.4`
react-dom	`19.2.3`	`19.2.4`
valibot	`1.2.0`	`1.3.0`
webpack	`5.105.2`	`5.105.4`
@inquirer/prompts	`8.2.1`	`8.3.2`
@aws-sdk/client-s3	`3.994.0`	`3.1010.0`
@aws-sdk/s3-request-presigner	`3.994.0`	`3.1010.0`
@orpc/server	`1.13.5`	`1.13.7`
@orpc/zod	`1.13.5`	`1.13.7`
@prisma/adapter-pg	`7.2.0`	`7.5.0`
@sentry/node	`10.39.0`	`10.43.0`
@trpc/server	`11.8.0`	`11.13.4`
bullmq	`5.69.3`	`5.71.0`
dedent	`1.7.1`	`1.7.2`
dotenv	`17.2.3`	`17.3.1`
fastify	`5.8.1`	`5.8.2`
ioredis	`5.9.2`	`5.10.0`
nanoid	`5.1.6`	`5.1.7`
prisma	`7.2.0`	`7.5.0`
@aws-sdk/lib-storage	`3.995.0`	`3.1010.0`

Updates @orpc/contract from 1.13.5 to 1.13.7

Release notes

Sourced from @orpc/contract's releases.

v1.13.7

   🐞 Bug Fixes

server: Prevent duplicate request id attack on peer adapter - by @dinwwwh in middleapi/orpc#1474 (5ebcc)

    View changes on GitHub

[!TIP] If you find oRPC valuable and would like to support its development, you can do so here.

v1.13.6

   🐞 Bug Fixes

client, server: Prototype Pollution via StandardRPCJsonSerializer Deserialization (GHSA-m272-9rp6-32mc)

    View changes on GitHub

Commits

b608026 chore: release v1.13.7
2b2e8a0 chore: unnoq to dinwwwh (#1461)
a16ca72 chore(deps-dev): bump the dev-dependencies-minor-patch group across 1 directo...
a370d28 chore: release v1.13.6
ee7e30f chore: release v1.35.6
See full diff in compare view

Updates zod from 4.2.1 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors

f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)

251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call

edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)

85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)

cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)

dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)

762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling

ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)

e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking

0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests

e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)

089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs

decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint

9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema

66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType

b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)

f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)

0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

ca3c862 v4.3.6
762e911 Generalize numeric key handling
dfbbf1c Avoid re-exported star modules (#5656)
cbf77bb Avoid non null assertion (#5638)
85db85e fix: typo in codec.test.ts file (#5628)
edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
251d716 Clean up workflow_call
f4b7bae Update pullfrog.yml (#5634)
9977fb0 Add brand.dev to sponsors
0cdc0b8 4.3.5
Additional commits viewable in compare view

Updates @hackclub/icons from 0.0.15 to 0.1.0

Release notes

Sourced from @hackclub/icons's releases.

Updates!

Published to npm: https://www.npmjs.com/package/@hackclub/icons/v/0.1.0

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by 3kh0, a new releaser for @hackclub/icons since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates @orpc/client from 1.13.6 to 1.13.7

Release notes

Sourced from @orpc/client's releases.

v1.13.7

🐞 Bug Fixes

server: Prevent duplicate request id attack on peer adapter - by @dinwwwh in middleapi/orpc#1474 (5ebcc)

View changes on GitHub

[!TIP] If you find oRPC valuable and would like to support its development, you can do so here.

Commits

b608026 chore: release v1.13.7
2b2e8a0 chore: unnoq to dinwwwh (#1461)
See full diff in compare view

Updates @orpc/openapi from 1.13.5 to 1.13.7

Release notes

Sourced from @orpc/openapi's releases.

v1.13.7

   🐞 Bug Fixes

server: Prevent duplicate request id attack on peer adapter - by @dinwwwh in middleapi/orpc#1474 (5ebcc)

    View changes on GitHub

[!TIP] If you find oRPC valuable and would like to support its development, you can do so here.

v1.13.6

   🐞 Bug Fixes

client, server: Prototype Pollution via StandardRPCJsonSerializer Deserialization (GHSA-m272-9rp6-32mc)

    View changes on GitHub

Commits

b608026 chore: release v1.13.7
91fd305 chore(deps-dev): bump the dev-dependencies-minor-patch group across 1 directo...
f4868a1 chore(deps-dev): bump fastify from 5.7.4 to 5.8.1 (#1460)
2b2e8a0 chore: unnoq to dinwwwh (#1461)
a370d28 chore: release v1.13.6
ee7e30f chore: release v1.35.6
88bc377 chore(deps-dev): bump the eslint group with 3 updates (#1416)
See full diff in compare view

Updates @orpc/openapi-client from 1.13.5 to 1.13.7

Release notes

Sourced from @orpc/openapi-client's releases.

v1.13.7

   🐞 Bug Fixes

server: Prevent duplicate request id attack on peer adapter - by @dinwwwh in middleapi/orpc#1474 (5ebcc)

    View changes on GitHub

[!TIP] If you find oRPC valuable and would like to support its development, you can do so here.

v1.13.6

   🐞 Bug Fixes

client, server: Prototype Pollution via StandardRPCJsonSerializer Deserialization (GHSA-m272-9rp6-32mc)

    View changes on GitHub

Commits

b608026 chore: release v1.13.7
2b2e8a0 chore: unnoq to dinwwwh (#1461)
32bf331 test(openapi): bracket notion prototype pollution (#1455)
a370d28 chore: release v1.13.6
ee7e30f chore: release v1.35.6
See full diff in compare view

Maintainer changes

This version was pushed to npm by dinwwwh, a new releaser for @orpc/openapi-client since your current version.

Updates @posthog/nextjs-config from 1.8.19 to 1.8.21

Release notes

Sourced from @posthog/nextjs-config's releases.

@posthog/nextjs-config@1.8.21

1.8.21

Patch Changes

Updated dependencies [bc30c2d, bc30c2d]:

@posthog/core@1.23.4

@posthog/webpack-plugin@1.2.27

@posthog/nextjs-config@1.8.20

1.8.20

Patch Changes

Updated dependencies [4009c15]:

@posthog/core@1.23.3

@posthog/webpack-plugin@1.2.26

Changelog

Sourced from @posthog/nextjs-config's changelog.

1.8.21

Patch Changes

Updated dependencies [bc30c2d, bc30c2d]:

@posthog/core@1.23.4

@posthog/webpack-plugin@1.2.27

1.8.20

Patch Changes

Updated dependencies [4009c15]:

@posthog/core@1.23.3

@posthog/webpack-plugin@1.2.26

Commits

8d421b5 chore: update versions and lockfile [version bump]
bc30c2d revert: failed version bump (#3236)
9933b1e chore: update versions and lockfile [version bump]
5aa2ec6 chore: update versions and lockfile [version bump]
92c030b chore: update versions and lockfile [version bump]
See full diff in compare view

Updates mediabunny from 1.38.0 to 1.39.2

Release notes

Sourced from mediabunny's releases.

v1.39.2

Fixed faulty MPEG-2 Transport Stream detection (#322)

Fixed incorrect GOP timestamp verification logic for first GOP (#321)

v1.39.1

Small docs refinement

v1.39.0

Added EncodedPacketSink.getFirstKeyPacket() for getting the first key packet of a track (which usually is the first overall packet but not necessarily) (#314)

v1.38.1

Fixed CTS offset not being properly included in fMP4 muxing in some cases (#317)

Added a fallback path to MediaStreamVideoTrackSource using a hidden <video> element, enabling Firefox support

Commits

92ea645 Bump patch
35e16ca Fix incorrect GOP timestamp verification logic for first GOP (fixes #321)
87ed3a1 Fix faulty MPEG-2 detection (fixes #322)
0bfba89 Bump patch
93e9c25 Maybe this helps a little
c4bce00 Bump minor
05ae21e Add EncodedPacketSink.getFirstKeyPacket() (used to fix #314)
31594f1 Bump patch
397c464 Change comment
2087658 Add <video> element fallback case for MediaStreamVideoTrackSource, adding Fir...
Additional commits viewable in compare view

Updates next from 16.1.6 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates posthog-js from 1.360.0 to 1.360.2

Release notes

Sourced from posthog-js's releases.

posthog-js@1.360.2

1.360.2

Patch Changes

#3236 bc30c2d Thanks @dustinbyrne! - fix: Calling reset() now automatically reloads feature flags (2026-03-13)

Updated dependencies [bc30c2d, bc30c2d]:

@posthog/core@1.23.4

@posthog/types@1.360.2

posthog-js@1.360.1

1.360.1

Patch Changes

Updated dependencies [4009c15]:

@posthog/core@1.23.3

@posthog/types@1.360.1

Commits

8d421b5 chore: update versions and lockfile [version bump]
bc30c2d revert: failed version bump (#3236)
1366b6e chore: upgrade GitHub Actions from node20 to node24-compatible versions (#3235)
9933b1e chore: update versions and lockfile [version bump]
84c58b6 fix(node): Await feature flags poller shutdown + flaky test (#3234)
8484087 fix: add --no-git-checks to pnpm publish in release workflow (#3230)
22f3271 feat(convex): add LLM analytics examples with manual capture, @posthog/ai, an...
843ac18 fix(node): Stop sending config=true on server-side /flags requests (#3222)
5aa2ec6 chore: update versions and lockfile [version bump]
1f99bc4 fix(browser): reset() reloads feature flags automatically (#3200)
Additional commits viewable in compare view

Updates posthog-node from 5.28.0 to 5.28.2

Release notes

Sourced from posthog-node's releases.

posthog-node@5.28.2

5.28.2

Patch Changes

#3236 bc30c2d Thanks @dustinbyrne! - Omit the config query parameter by default to request only the necessary data (2026-03-13)

#3236 bc30c2d Thanks @dustinbyrne! - fix: Client shutdown awaits the feature flags poller to stop (2026-03-13)

Updated dependencies [bc30c2d, bc30c2d]:

@posthog/core@1.23.4

posthog-node@5.28.1

5.28.1

Patch Changes

Updated dependencies [4009c15]:

@posthog/core@1.23.3

Changelog

Sourced from posthog-node's changelog.

5.28.2

Patch Changes

#3236 bc30c2d Thanks @dustinbyrne! - Omit the config query parameter by default to request only the necessary data (2026-03-13)

#3236 bc30c2d Thanks @dustinbyrne! - fix: Client shutdown awaits the feature flags poller to stop (2026-03-13)

Updated dependencies [bc30c2d, bc30c2d]:

@posthog/core@1.23.4

5.28.1

Patch Changes

Updated dependencies [4009c15]:

@posthog/core@1.23.3

Commits

8d421b5 chore: update versions and lockfile [version bump]
bc30c2d revert: failed version bump (#3236)
9933b1e chore: update versions and lockfile [version bump]
84c58b6 fix(node): Await feature flags poller shutdown + flaky test (#3234)
843ac18 fix(node): Stop sending config=true on server-side /flags requests (#3222)
5aa2ec6 chore: update versions and lockfile [version bump]
fa63093 chore(node): Add edge runtime test coverage (#3229)
92c030b chore: update versions and lockfile [version bump]
See full diff in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @gnoff, @lubieowoce, @sebmarkbage, @unstubbable)

Commits

90ab3f8 Version 19.2.4
See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @gnoff, @lubieowoce, @sebmarkbage, @unstubbable)

Commits

90ab3f8 Version 19.2.4
See full diff in compare view

Updates valibot from 1.2.0 to 1.3.0

Release notes

Sourced from valibot's releases.

v1.3.0 (to-json-schema)

Many thanks to @Xiot for contributing to this release.

Add ignoreActions configuration to be able to ignore specific actions during conversion

Add typeMode configuration to be able to control whether to convert input or output type of schema

Add ConversionContext, OverrideSchemaContext, OverrideActionContext and OverrideRefContext to exports

Change JSDoc comments to improve documentation

Change build step to tsdown and Rolldown

Commits

3215908 Change npm publishing to new Trusted Publisher auth
80d5a18 Merge pull request #1424 from open-circle/valibot-v1.3
711f676 Bump version to 1.3.0 and update changelog for release
d794895 Merge pull request #1306 from yslpn/fix-i18n-ko-migration-deprecate-kr
e7d2260 Merge pull request #1348 from yslpn/feat-jwt-action
d18bee8 Update changelog of i18n to our compact format
dd39fc1 Update Korean translations to use .mjs and .mts extensions
660ca1c Merge branch 'main' into feat-jwt-action
d541786 Streamline website docs for new jwtCompact action
66be243 Enhance docs for new jwtCompact action
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for valibot since your current version.

Updates webpack from 5.105.2 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @xiaoxiaojx in #20546)

Handle createRequire in expressions. (by @alexander-akait in #20549)

Fixed types for multi stats. (by @alexander-akait in #20556)

Remove empty needless js output for normal css module. (by @JSerFeng in #20162)

Update enhanced-resolve to support new features for tsconfig.json. (by @alexander-akait in #20555)

Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @hai-x in #20561)

v5.105.3

Patch Changes

Context modules now handle rejections correctly. (by @alexander-akait in #20455)

Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @hai-x in #20535)

Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @hai-x in #20463)

Fixed HMR failure for CSS modules with @import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @import CSS to work correctly during hot module replacement. (by @xiaoxiaojx in #20514)

Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @xiaoxiaojx in #20454)

Do not crash when a referenced chunk is not a runtime chunk. (by @alexander-akait in #20461)

Fix some types. (by @alexander-akait in #20412)

Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @hai-x in #20510)

Added createRequire support for ECMA modules. (by @stefanbinoj in #20497)

Added category for CJS reexport dependency to fix issues with ECMA modules. (by @hai-x in #20444)

Implement immutable bytes for bytes import attribute to match tc39 spec. (by @alexander-akait in #20481)

Fixed deterministic search for graph roots regardless of edge order. (by @veeceey in #20452)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @xiaoxiaojx in #20546)

Handle createRequire in expressions. (by @alexander-akait in #20549)

Fixed types for multi stats. (by @alexander-akait in #20556)

Remove empty needless js output for normal css module. (by @JSerFeng in #20162)

Update enhanced-resolve to support new features for tsconfig.json. (by @alexander-akait in #20555)

Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @hai-x in #20561)

5.105.3

Patch Changes

Context modules now handle rejections correctly. (by @alexander-akait in #20455)

Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @hai-x in #20535)

Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @hai-x in #20463)

Fixed HMR failure for CSS modules with @import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @import CSS to work correctly during hot module replacement. (by @xiaoxiaojx in #20514)

Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @xiaoxiaojx in #20454)

Do not crash when a referenced chunk is not a runtime chunk. (by @alexander-akait in #20461)

Fix some types. (by @alexander-akait in #20412)

Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @hai-x in #20510)

Added createRequire support for ECMA modules. (by @stefanbinoj in #20497)

Added category for CJS reexport dependency to fix issues with ECMA modules. (by @hai-x in #20444)

Implement immutable bytes for bytes import attribute to match tc39 spec. (by @alexander-akait in #20481)

Fixed deterministic search for graph roots regardless of edge order. (by @veeceey in #20452)

Commits

27c13b4 chore(release): new release (#20550)
9b2f41e chore: bump terser plugin (#20569)
eafe060 fix: narrow the export presence guard detection (#20561)
75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
afa607d refactor: remove unused code (#20562)
4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
a3d7839 fix: types for multi stats (#20556)
b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
Additional commits viewable in compare view

Updates @inquirer/prompts from 8.2.1 to 8.3.2

Release notes

Sourced from @inquirer/prompts's releases.

@inquirer/prompts@8.3.2

Fix broken 8.3.1 release process.

@inquirer/prompts@8.3.1

Bump dependencies

@inquirer/prompts@8.3.0

Fix: Keypresses happening before a prompt is rendered are now ignored.

Fix (checkbox): Element who're both checked and disabled are now always included in the returned array.

Feat (select/checkbox): Cursor will now hover disabled options of the list; but they still cannot be interacted with. This prevents the cursor jumping ahead in ways that can be confusing.

Feat: various new theme options to make all prompts content localizable.

Finally, see our new @inquirer/i18n package!

Commits

b218fcc chore: Publish new release
b6aabed fix: set prepublish script
1ce0319 chore: Publish new release
62a1b2d Merge pull request #2031 from SBoudrias/sboudrias/debug-xterm-80g
09fcc6c chore(@inquirer/testing): fix formatting
56bdf30 fix(@inquirer/testing): resolve xterm CJS named export error under native Nod...
58d3bf0 chore(deps): Bump brace-expansion from 1.1.11 to 1.1.12 (#2029)
f9a3adb Merge pull request #2026 from SBoudrias/emdash/semver-315
264f5da chore(setup-packages): simplify coerce using tryParseRange
feab678 chore(setup-packages): replace semver with std-semver
Additional commits viewable in compare view

Updates @aws-sdk/client-s3 from 3.994.0 to 3.1010.0

Release notes

Sourced from @aws-sdk/client-s3's releases.

v3.1010.0

3.1010.0(2026-03-16)

New Features

clients: update client endpoints as of 2026-03-16 (6ae1dd8a)

client-ecs: Amazon ECS now supports configuring whether tags are propagated to the EC2 Instance Metadata Service (IMDS) for instances launched by the Managed Instances capacity provider. This gives customers control over tag visibility in IMDS when using ECS Managed Instances. (f165f183)

client-bedrock-agentcore-control: Supporting hosting of public ECR Container Images in AgentCore Runtime (a3ca4b6e)

client-bedrock: You can now generate policy scenarios on demand using the new GENERATE POLICY SCENARIOS build workflow type. Scenarios will no longer be automatically generated during INGEST CONTENT, REFINE POLICY, and IMPORT POLICY workflows, resulting in faster completion times for these operations. (e9c8b9ce)

client-bedrock-agentcore: Provide support to perform deterministic operations on agent runtime through shell command executions via the new InvokeAgentRuntimeCommand API (14fb5577)

middleware-flexible-checksums: allow custom checksums to be used in responses (#7849) (

Bumps the production-dependencies group with 31 updates: | Package | From | To | | --- | --- | --- | | [@orpc/contract](https://github.com/middleapi/orpc/tree/HEAD/packages/contract) | `1.13.5` | `1.13.7` | | [zod](https://github.com/colinhacks/zod) | `4.2.1` | `4.3.6` | | [@hackclub/icons](https://github.com/hackclub/icons) | `0.0.15` | `0.1.0` | | [@orpc/client](https://github.com/middleapi/orpc/tree/HEAD/packages/client) | `1.13.6` | `1.13.7` | | [@orpc/openapi](https://github.com/middleapi/orpc/tree/HEAD/packages/openapi) | `1.13.5` | `1.13.7` | | [@orpc/openapi-client](https://github.com/middleapi/orpc/tree/HEAD/packages/openapi-client) | `1.13.5` | `1.13.7` | | [@posthog/nextjs-config](https://github.com/PostHog/posthog-js/tree/HEAD/packages/nextjs-config) | `1.8.19` | `1.8.21` | | [mediabunny](https://github.com/Vanilagy/mediabunny) | `1.38.0` | `1.39.2` | | [next](https://github.com/vercel/next.js) | `16.1.6` | `16.1.7` | | [posthog-js](https://github.com/PostHog/posthog-js) | `1.360.0` | `1.360.2` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.28.0` | `5.28.2` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.3` | `19.2.4` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.3` | `19.2.4` | | [valibot](https://github.com/open-circle/valibot) | `1.2.0` | `1.3.0` | | [webpack](https://github.com/webpack/webpack) | `5.105.2` | `5.105.4` | | [@inquirer/prompts](https://github.com/SBoudrias/Inquirer.js) | `8.2.1` | `8.3.2` | | [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.994.0` | `3.1010.0` | | [@aws-sdk/s3-request-presigner](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/s3-request-presigner) | `3.994.0` | `3.1010.0` | | [@orpc/server](https://github.com/middleapi/orpc/tree/HEAD/packages/server) | `1.13.5` | `1.13.7` | | [@orpc/zod](https://github.com/middleapi/orpc/tree/HEAD/packages/zod) | `1.13.5` | `1.13.7` | | [@prisma/adapter-pg](https://github.com/prisma/prisma/tree/HEAD/packages/adapter-pg) | `7.2.0` | `7.5.0` | | [@sentry/node](https://github.com/getsentry/sentry-javascript) | `10.39.0` | `10.43.0` | | [@trpc/server](https://github.com/trpc/trpc/tree/HEAD/packages/server) | `11.8.0` | `11.13.4` | | [bullmq](https://github.com/taskforcesh/bullmq) | `5.69.3` | `5.71.0` | | [dedent](https://github.com/dmnd/dedent) | `1.7.1` | `1.7.2` | | [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.3.1` | | [fastify](https://github.com/fastify/fastify) | `5.8.1` | `5.8.2` | | [ioredis](https://github.com/luin/ioredis) | `5.9.2` | `5.10.0` | | [nanoid](https://github.com/ai/nanoid) | `5.1.6` | `5.1.7` | | [prisma](https://github.com/prisma/prisma/tree/HEAD/packages/cli) | `7.2.0` | `7.5.0` | | [@aws-sdk/lib-storage](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/lib/lib-storage) | `3.995.0` | `3.1010.0` | Updates `@orpc/contract` from 1.13.5 to 1.13.7 - [Release notes](https://github.com/middleapi/orpc/releases) - [Commits](https://github.com/middleapi/orpc/commits/v1.13.7/packages/contract) Updates `zod` from 4.2.1 to 4.3.6 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v4.2.1...v4.3.6) Updates `@hackclub/icons` from 0.0.15 to 0.1.0 - [Release notes](https://github.com/hackclub/icons/releases) - [Commits](https://github.com/hackclub/icons/commits/v0.1.0) Updates `@orpc/client` from 1.13.6 to 1.13.7 - [Release notes](https://github.com/middleapi/orpc/releases) - [Commits](https://github.com/middleapi/orpc/commits/v1.13.7/packages/client) Updates `@orpc/openapi` from 1.13.5 to 1.13.7 - [Release notes](https://github.com/middleapi/orpc/releases) - [Commits](https://github.com/middleapi/orpc/commits/v1.13.7/packages/openapi) Updates `@orpc/openapi-client` from 1.13.5 to 1.13.7 - [Release notes](https://github.com/middleapi/orpc/releases) - [Commits](https://github.com/middleapi/orpc/commits/v1.13.7/packages/openapi-client) Updates `@posthog/nextjs-config` from 1.8.19 to 1.8.21 - [Release notes](https://github.com/PostHog/posthog-js/releases) - [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/nextjs-config/CHANGELOG.md) - [Commits](https://github.com/PostHog/posthog-js/commits/@posthog/nextjs-config@1.8.21/packages/nextjs-config) Updates `mediabunny` from 1.38.0 to 1.39.2 - [Release notes](https://github.com/Vanilagy/mediabunny/releases) - [Commits](Vanilagy/mediabunny@v1.38.0...v1.39.2) Updates `next` from 16.1.6 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.1.6...v16.1.7) Updates `posthog-js` from 1.360.0 to 1.360.2 - [Release notes](https://github.com/PostHog/posthog-js/releases) - [Changelog](https://github.com/PostHog/posthog-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/PostHog/posthog-js/compare/posthog-js@1.360.0...posthog-js@1.360.2) Updates `posthog-node` from 5.28.0 to 5.28.2 - [Release notes](https://github.com/PostHog/posthog-js/releases) - [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md) - [Commits](https://github.com/PostHog/posthog-js/commits/posthog-node@5.28.2/packages/node) Updates `react` from 19.2.3 to 19.2.4 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react) Updates `react-dom` from 19.2.3 to 19.2.4 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom) Updates `valibot` from 1.2.0 to 1.3.0 - [Release notes](https://github.com/open-circle/valibot/releases) - [Commits](open-circle/valibot@v1.2.0...v1.3.0) Updates `webpack` from 5.105.2 to 5.105.4 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.105.2...v5.105.4) Updates `@inquirer/prompts` from 8.2.1 to 8.3.2 - [Release notes](https://github.com/SBoudrias/Inquirer.js/releases) - [Commits](https://github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.2.1...@inquirer/prompts@8.3.2) Updates `@aws-sdk/client-s3` from 3.994.0 to 3.1010.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1010.0/clients/client-s3) Updates `@aws-sdk/s3-request-presigner` from 3.994.0 to 3.1010.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/s3-request-presigner/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1010.0/packages/s3-request-presigner) Updates `@orpc/server` from 1.13.5 to 1.13.7 - [Release notes](https://github.com/middleapi/orpc/releases) - [Commits](https://github.com/middleapi/orpc/commits/v1.13.7/packages/server) Updates `@orpc/zod` from 1.13.5 to 1.13.7 - [Release notes](https://github.com/middleapi/orpc/releases) - [Commits](https://github.com/middleapi/orpc/commits/v1.13.7/packages/zod) Updates `@prisma/adapter-pg` from 7.2.0 to 7.5.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.5.0/packages/adapter-pg) Updates `@sentry/node` from 10.39.0 to 10.43.0 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@10.39.0...10.43.0) Updates `@trpc/server` from 11.8.0 to 11.13.4 - [Release notes](https://github.com/trpc/trpc/releases) - [Commits](https://github.com/trpc/trpc/commits/v11.13.4/packages/server) Updates `bullmq` from 5.69.3 to 5.71.0 - [Release notes](https://github.com/taskforcesh/bullmq/releases) - [Commits](taskforcesh/bullmq@v5.69.3...v5.71.0) Updates `dedent` from 1.7.1 to 1.7.2 - [Release notes](https://github.com/dmnd/dedent/releases) - [Changelog](https://github.com/dmnd/dedent/blob/main/CHANGELOG.md) - [Commits](dmnd/dedent@v1.7.1...v1.7.2) Updates `dotenv` from 17.2.3 to 17.3.1 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.2.3...v17.3.1) Updates `fastify` from 5.8.1 to 5.8.2 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.8.1...v5.8.2) Updates `ioredis` from 5.9.2 to 5.10.0 - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md) - [Commits](redis/ioredis@v5.9.2...v5.10.0) Updates `nanoid` from 5.1.6 to 5.1.7 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@5.1.6...5.1.7) Updates `prisma` from 7.2.0 to 7.5.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.5.0/packages/cli) Updates `@aws-sdk/lib-storage` from 3.995.0 to 3.1010.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/lib/lib-storage/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1010.0/lib/lib-storage) --- updated-dependencies: - dependency-name: "@orpc/contract" dependency-version: 1.13.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: zod dependency-version: 4.3.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@hackclub/icons" dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@orpc/client" dependency-version: 1.13.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@orpc/openapi" dependency-version: 1.13.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@orpc/openapi-client" dependency-version: 1.13.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@posthog/nextjs-config" dependency-version: 1.8.21 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: mediabunny dependency-version: 1.39.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: posthog-js dependency-version: 1.360.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: posthog-node dependency-version: 5.28.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: react dependency-version: 19.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: react-dom dependency-version: 19.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: valibot dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: webpack dependency-version: 5.105.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@inquirer/prompts" dependency-version: 8.3.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@aws-sdk/client-s3" dependency-version: 3.1010.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@aws-sdk/s3-request-presigner" dependency-version: 3.1010.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@orpc/server" dependency-version: 1.13.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@orpc/zod" dependency-version: 1.13.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@prisma/adapter-pg" dependency-version: 7.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@sentry/node" dependency-version: 10.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@trpc/server" dependency-version: 11.13.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: bullmq dependency-version: 5.71.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: dedent dependency-version: 1.7.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: dotenv dependency-version: 17.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: fastify dependency-version: 5.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: ioredis dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: nanoid dependency-version: 5.1.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: prisma dependency-version: 7.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@aws-sdk/lib-storage" dependency-version: 3.1010.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 17, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/production-dependencies-908c88eebb branch 3 times, most recently from a3bc174 to 3c94c71 Compare March 19, 2026 19:47

dependabot bot force-pushed the dependabot/npm_and_yarn/production-dependencies-908c88eebb branch from 3c94c71 to d2b8a2c Compare March 24, 2026 10:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the production-dependencies group with 31 updates#172

build(deps): bump the production-dependencies group with 31 updates#172
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-908c88eebb

dependabot bot commented on behalf of github Mar 17, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.13.7

🐞 Bug Fixes

View changes on GitHub

v1.13.6

🐞 Bug Fixes

View changes on GitHub

v4.3.6

Commits:

v4.3.5

Commits:

v4.3.4

Commits:

v4.3.3

Commits:

v4.3.2

Commits:

v4.3.1

Commits:

v4.3.0

Updates!

v1.13.7

🐞 Bug Fixes

View changes on GitHub

v1.13.7

🐞 Bug Fixes

View changes on GitHub

v1.13.6

🐞 Bug Fixes

View changes on GitHub

v1.13.7

🐞 Bug Fixes

View changes on GitHub

v1.13.6

🐞 Bug Fixes

View changes on GitHub

@​posthog/nextjs-config@​1.8.21

1.8.21

Patch Changes

@​posthog/nextjs-config@​1.8.20

1.8.20

Patch Changes

1.8.21

Patch Changes

1.8.20

Patch Changes

v1.39.2

v1.39.1

v1.39.0

v1.38.1

v16.1.7

Core Changes

Credits

posthog-js@1.360.2

1.360.2

Patch Changes

posthog-js@1.360.1

1.360.1

Patch Changes

posthog-node@5.28.2

5.28.2

Patch Changes

posthog-node@5.28.1

5.28.1

Patch Changes

5.28.2

Patch Changes

5.28.1

Patch Changes

19.2.4 (January 26th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

v1.3.0 (to-json-schema)

v5.105.4

Patch Changes

v5.105.3

Patch Changes

dependabot bot commented on behalf of github Mar 17, 2026 •

edited

Loading

`@posthog/nextjs-config@1`.8.21

`@posthog/nextjs-config@1`.8.20

`@inquirer/prompts@8`.3.2

`@inquirer/prompts@8`.3.1

`@inquirer/prompts@8`.3.0