Skip to content

deps(deps): bump the minor-and-patch group with 7 updates#167

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/minor-and-patch-28a1ce4173
Open

deps(deps): bump the minor-and-patch group with 7 updates#167
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/minor-and-patch-28a1ce4173

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 7 updates:

Package From To
@lucide/svelte 1.18.0 1.22.0
better-auth 1.6.18 1.6.22
nanoid 5.1.11 5.1.16
@electric-sql/pglite 0.5.2 0.5.3
@types/node 26.0.0 26.0.1
knip 6.16.1 6.23.0
vite-plus 0.1.24 0.2.1

Updates @lucide/svelte from 1.18.0 to 1.22.0

Release notes

Sourced from @​lucide/svelte's releases.

Version 1.22.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.21.0...1.22.0

Version 1.21.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

Version 1.20.0

What's Changed

... (truncated)

Commits
  • 5ff536e ci(release.yml): Fix workflow and remove version scripts in package scripts...
  • See full diff in compare view

Updates better-auth from 1.6.18 to 1.6.22

Release notes

Sourced from better-auth's releases.

v1.6.22

better-auth

Bug Fixes

  • Fixed unproven credentials not being revoked during magic link and email OTP sign-in (#10239)
  • Fixed server-side OAuth requests to refuse redirect responses instead of following them (#10241)

For detailed changes, see CHANGELOG

@better-auth/scim

Bug Fixes

  • Fixed SCIM write-path operations to be properly scoped and to correctly honor the active attribute (#10242)

For detailed changes, see CHANGELOG

@better-auth/stripe

Bug Fixes

  • Fixed organization subscription actions (cancel, upgrade, restore, and the billing portal) that could act on the wrong organization.

For detailed changes, see CHANGELOG

auth

Bug Fixes

  • Added account-level verification lockout for two-factor authentication (#10240)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​gustavovalverde

Full changelog: v1.6.21...v1.6.22

v1.6.21

better-auth

Bug Fixes

  • Fixed rate limits to be enforced before plugin request handlers run (#10191)
  • Fixed admin permission changes and bans to take effect immediately, even when session cookie cache is enabled (#10187)
  • Fixed deviceAuthorization() throwing a ZodError when called without a schema option under Zod v4 (#9939)

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.22

Patch Changes

  • #10239 c06a56d Thanks @​gustavovalverde! - Magic-link and email-OTP sign-in now reset the credentials on an account whose email had never been confirmed. When verification resolves to such an account, any existing password on it is removed and its sessions are revoked before the user is signed in, so proven control of the mailbox is the source of truth for the account.

    If you signed up with email and password but first signed in through a magic link or email OTP rather than confirming the verification email, your password is cleared and you will need to set a new one through password reset.

  • #10240 3a035e9 Thanks @​gustavovalverde! - Add account-level lockout for two-factor verification. The attempt limit applies per account across sign-in challenges and across factors: TOTP, email-OTP, and backup codes share one counter, and a successful verification resets it.

    Enabled by default: an account locks for 15 minutes after 10 consecutive failed verifications, and locked attempts return 429 with the ACCOUNT_TEMPORARILY_LOCKED error code. Configure it with twoFactor({ accountLockout: { enabled, maxFailedAttempts, durationSeconds } }).

    Run a database migration after upgrading: this adds failedVerificationCount and lockedUntil columns to the twoFactor table.

  • Updated dependencies [8bd43d9]:

    • @​better-auth/core@​1.6.22
    • @​better-auth/drizzle-adapter@​1.6.22
    • @​better-auth/kysely-adapter@​1.6.22
    • @​better-auth/memory-adapter@​1.6.22
    • @​better-auth/mongo-adapter@​1.6.22
    • @​better-auth/prisma-adapter@​1.6.22
    • @​better-auth/telemetry@​1.6.22

1.6.21

Patch Changes

  • #10212 e0762a1 Thanks @​bytaesu! - In root-mounted deployments, requests whose path does not start with the configured basePath now return 404 instead of resolving to an endpoint.

  • #10187 882cf9e Thanks @​ping-maxwell! - Admin permission changes and bans now take effect immediately for admin APIs, even when session cookie cache is enabled. Sensitive session checks also continue to work in stateless apps where signed cookies are the session record.

  • #9939 f52e1ab Thanks @​benpsnyder! - fixes a bug causing deviceAuthorization() throwing a ZodError at construction when called without a schema option

  • #10196 b5bec19 Thanks @​Paola3stefania! - OAuth sign-up and account-link profile sync now ignore provider profile values for user fields marked input: false. Input-allowed additional fields still persist from mapProfileToUser, and schema defaults still apply when OAuth creates a user. Apps that used mapProfileToUser to fill input: false fields should set those fields in server-side provisioning code instead.

  • #10197 816d7f9 Thanks @​Paola3stefania! - Google sign-in now accepts hd: "*" to allow any Google Workspace hosted domain while still rejecting tokens with no hosted-domain claim.

    Google One Tap now applies the configured Google hosted-domain restriction before creating a session.

  • #10192 239bcc8 Thanks @​bytaesu! - Validate PayPal user info against the verified ID token subject during social sign-in.

  • #10228 1bc370a Thanks @​gustavovalverde! - The SIWE plugin no longer binds a provided email that already belongs to another account. With anonymous set to false, /siwe/verify previously created the new account using that email even when it was already in use; it now keeps the wallet-derived address in that case, so one email cannot be attached to two accounts.

  • #10198 570267c Thanks @​rachit367! - Honor disableMigration on plugin schema tables. Tables flagged with disableMigration: true are now skipped by better-auth generate (Drizzle and Prisma output) and by the runtime migrator, instead of being emitted and created anyway. The flag was previously dropped while assembling the table list, so it had no effect.

  • #10182 461ca6f Thanks @​bytaesu! - Only store display username fallbacks as usernames when they pass username validation during email sign-up.

  • #10183 88409b0 Thanks @​bytaesu! - Require OAuth proxy profile callbacks to match an issued OAuth state before creating sessions.

  • #10203 5953157 Thanks @​bytaesu! - Rate limiting no longer trusts multi-hop X-Forwarded-For chains, preventing a client behind an appending proxy from spoofing the leftmost hop to bypass the per-IP rate limit. Single-value IP headers continue to work. To key the real client behind a proxy chain, set advanced.ipAddress.trustedProxies to your reverse-proxy IPs or CIDR ranges (the chain is walked right to left, skipping trusted hops), or point advanced.ipAddress.ipAddressHeaders at a single trusted client-IP header.

... (truncated)

Commits
  • a90d061 chore: release v1.6.22 (#10245)
  • 3a035e9 fix(two-factor): add account-level verification lockout (#10240)
  • c06a56d fix: revoke unproven credentials on magic-link/email-OTP sign-in (#10239)
  • 414169d chore: release v1.6.21 (#10184)
  • f52e1ab fix(device-authorization): make schema option optional under Zod v4 (#9939)
  • 882cf9e fix(admin): use authoritative session reads for authorization (#10187)
  • b5bec19 fix(oauth): apply user input rules to provider profiles (#10196)
  • 471f81c refactor: centralize request IP resolver in core (#10216)
  • 816d7f9 fix(one-tap): apply configured Google hosted domain (hd) on the callback (#10...
  • 1bc370a fix(siwe): reject sign-in when the provided email already belongs to another ...
  • Additional commits viewable in compare view

Updates nanoid from 5.1.11 to 5.1.16

Release notes

Sourced from nanoid's releases.

5.1.16

5.1.15

  • Fixed random pool corruption on big ID sizes.

5.1.14

  • Fixed npm package size regression.

5.1.13

  • Fixed npm package size regression.

5.1.12

  • Moved to npm Provenance and Staged Publishing.
Changelog

Sourced from nanoid's changelog.

5.1.16

5.1.15

  • Fixed random pool corruption on big ID sizes.

5.1.14

  • Fixed npm package size regression.

5.1.13

  • Fixed npm package size regression.

5.1.12

  • Moved to npm Provenance and Staged Publishing.
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for nanoid since your current version.


Updates @electric-sql/pglite from 0.5.2 to 0.5.3

Release notes

Sourced from @​electric-sql/pglite's releases.

@​electric-sql/pglite@​0.5.3

Patch Changes

  • 2ccbb4c: Improve parsing/raw results handling

@​electric-sql/pglite-prepopulatedfs@​0.5.3

Patch Changes

  • Updated dependencies [2ccbb4c]
    • @​electric-sql/pglite@​0.5.3
Changelog

Sourced from @​electric-sql/pglite's changelog.

0.5.3

Patch Changes

  • 2ccbb4c: Improve parsing/raw results handling
Commits

Updates @types/node from 26.0.0 to 26.0.1

Commits

Updates knip from 6.16.1 to 6.23.0

Release notes

Sourced from knip's releases.

Release 6.23.0

  • feat: add customCss to Starlight plugin (#1828) (f85d96f84a47f10c34df95a5246ee1ddefd95db5) - thanks @​trueberryless!
  • fix: enable vite and vitest plugins when vite-plus is found (#1830) (62e97538fca8dff3d152326b114ffc4b7241a0d2) - thanks @​ghostdevv!
  • feat: add support for @​astrojs/markdoc (#1829) (94e2863308947f19f5e759cc12666952c8f683d7) - thanks @​trueberryless!
  • Support nub (resolve #1831) (8a6050e6a92da81d4875f730f852fb7d9252a018)
  • Don't report optimizeDeps and dedupe deps as unlisted (resolve #1832) (849b5ac230e7a8c103b6e1b1e2ddb333d2da3ca0)

Release 6.22.0

  • Support XO v1+ (#1819) (1dffe368b5c336d190e358ab4c2e2240e3d50e26) - thanks @​patrik-csak!
  • feat: detect execaNode scripts in execa visitor (#1824) (5095ae1ccd0ceb083d4434e827443f03ba19a1ff) - thanks @​gwagjiug!
  • Skip optional peerDeps referenced only via a host (resolve #1823) (7759a9894f2ac1d9425cf682e1e3c400f0976080)
  • docs: update npmjs.com links to npmx.dev (#1826) (11fe8bd248c839c6eeb95b06c8204c25294e0adb) - thanks @​serhalp!
  • docs: fix semi-broken link to DEVELOPMENT.md in CONTRIBUTING.md (#1827) (a5302b2466be1294633b1f40e86ca81a00605293) - thanks @​serhalp!
  • feat: add support for Lunaria (#1825) (3e1b8212086dfae26fa7f368f245285ec82af14d) - thanks @​trueberryless!
  • Fix lint issues (76c92e2328a94257afead6ae497a747a9e2944ea)

Release 6.21.0

  • Detect Vite config dependencies (resolve #1721) (8754c43368112922c6f80d1f8d1d8ddb6cb29f25)
  • fix: Update timerifyMethods to include resolveFromAST (#1814) (3c8deac3b856def31c16372f85525bf867105132) - thanks @​gwagjiug!
  • Fix crash on null root export in package.json (resolve #1815) (9b8af2b343e1aacae46fedcb155252f56f9bae61)
  • Fix unresolved subpath imports with a colon prefix (resolve #1816) (f89db4192ff7ff6c873828ed19fe40d379566b49)
  • Detect Next.js entry files in subdirectory (resolve #1817) (f32c6ea215dde54a59af7b91fd8bdd2177cc2881)

Release 6.20.0

  • Add raw transfer opt-out (resolve #1813) (6f08c680ac4acd6edf0806ba3c1c5c8f7bca24cd)
  • Fix cached plugin config cycles (resolve #1811) (2bc2f2420ca71db1ae70846626c6152896d270ee)

Release 6.19.0

  • feat: support new optional sveltekit config pattern via vite config (#1810) (3fee8bf608e0862d7bcdd1377cfb859a9185f17d) - thanks @​fubits1!
  • Optimize hot path string scanning (e30cfe796423e3ecd9adff42291f3c4de6604d2b)
  • Update astro snapshot (71e71a71b888a1b8034d4438635e94831d62b330)

Release 6.18.0

  • Update dependencies (pin oxc-resolver) (7dda4eccc65c6d61ef2546442eb752b2a73edab9)
  • Resolve tsconfig paths for non-TS importers independent of oxc ownership (3b71565e72107d43cbd6d2ddec7ab2fbbf65c001)
  • Format (64865f8247b8956def52f1a387234562fbddd667)
  • Fix false positive for Vitest mocks (#1802) (ec93e2013deb53902b406463b30fa6386445f9c9) - thanks @​remcohaszing!
  • Mark npx-run binaries optional unless --no-install (resolve #1803) (203c31e1b2bd77eb9c94f82121f353fbf0671c67)
  • Ignore pnpm [WARN] lines in ecosystem snapshots (392835a39b9429a3d85d712025da4c6531b8ece6)
  • Update slonik snapshot (62d802bf8d53d7790f6322f481a290e09812cbcc)
  • Update Jest entry patterns for Jest 30 (#1808) (d2caeddf32ba99ca12e5c26e891b7974392f981a) - thanks @​gwagjiug!
  • Report stale workspaces configuration keys as configuration hints (#1807) (9083c16b3313fbebf5cb3cd11cadf45ac773bc3d) - thanks @​WooWan!

Release 6.17.2

  • Fix up jest plugin (63dbd653b6e1be08a36401f5f728b351ab69e81b)
  • Detect coverage provider from bare vitest --coverage flag (#1800) (dc11d9fc5458e6e1f734013eb82403eab07af2c1) - thanks @​WooWan!
  • Don't disable configuration hints in workspace-scoped runs (#1791) (8ce1ec8160a786dad90903e43c3ef646ffba9464) - thanks @​WooWan!
  • Detect react-email v6 packages from non-numeric version ranges (resolve #1798) (27a1caeb1bff6abcccd7140c7e92e4a57197ad47)
  • Discover workspaces included after a negated pattern (resolve #1797) (630e152f6f687d9404cc25ffa01f0d49737d9229)

... (truncated)

Commits

Updates vite-plus from 0.1.24 to 0.2.1

Release notes

Sourced from vite-plus's releases.

vite-plus v0.2.1

Restores support for older Node.js (back to 20.19.0) and makes vp exec --fail-if-no-match fail correctly on unmatched filters.

Fixes & Enhancements

  • Stop blocking older Node.js versions: v0.2.0 blocked commands when the resolved Node.js version fell outside the declared range. This reverts that enforcement and widens engines.node to ^20.19.0 || ^22.18.0 || >=24.11.0, matching Vite's own ^20.19.0 floor, so older Node that works in practice (e.g. Node 20 in rolldown CI) is no longer rejected (#1865), by @​fengmk2
  • vp exec --fail-if-no-match: exit non-zero when one or more --filter expressions match no workspace packages. Strict mode previously only warned and returned success, so typoed filters looked successful in CI even though no package command ran (#1859), by @​jong-kyung

Bundled Versions

Tool Version Source
vite 8.0.16 f94df87
rolldown 1.1.1 d7f919c
tsdown 0.22.3 npm
vitest 4.1.9 npm
oxlint 1.70.0 npm
oxlint-tsgolint 0.23.0 npm
oxfmt 0.55.0 npm

Upgrade

vp upgrade

Upgrading from 0.1.x to 0.2.1 Prompt

You are upgrading a project that uses Vite+ (the `vp` CLI) from v0.1.x to v0.2.1.
v0.2.1 has one breaking change vs v0.1.x: it consumes upstream Vitest directly. The @voidzero-dev/vite-plus-test wrapper package is removed. vitest and the base browser runtime (@vitest/browser, @vitest/browser-preview) now come in transitively through vite-plus. The opt-in browser providers (@vitest/browser-playwright, @vitest/browser-webdriverio) are NOT shipped by vite-plus: any project that runs browser-mode tests must install the provider it uses itself.
Do not run vp migrate for this upgrade; it is not reliable enough yet. Make the changes yourself by editing the project's files, then verify by running the tools.
How to run vp: if a global vp is available, use it. Otherwise this project only ships the local CLI from the vite-plus package, so run vp as the project-local binary (for example via the package manager's exec: pnpm exec, npx, yarn, or bunx). After any install, re-resolve vp so you always run the version currently in the project.
Do the following:


Set the vite-plus dependency to the exact version 0.2.1 and reinstall, so the new toolchain is installed and the lockfile moves off 0.1.x. In a monorepo, do this for every workspace package that depends on vite-plus (a shared catalog: entry covers them all at once). Changing the spec to 0.2.1 is what moves the lockfile off the old resolution; a reinstall that leaves the spec unchanged would keep the old version.


Remove the @voidzero-dev/vite-plus-test wrapper from the project. Search everywhere it could appear: package.json, the lockfile, any workspace or catalog config (such as pnpm-workspace.yaml or .yarnrc.yml), and the source files. Then classify the project and apply the matching case. Note these are not exclusive: a browser-mode project is also handled by case C in addition to removing the wrapper config.
First, determine the project's Vitest usage:

BROWSER MODE: the project runs Vitest in the browser. It does if a config or test file imports a real browser provider (vite-plus/test/browser-playwright or vite-plus/test/browser-webdriverio, or the pre-upgrade raw forms @vitest/browser-playwright / @vitest/browser-webdriverio), or sets test.browser.enabled. This needs extra deps regardless of anything below; see case C.
DIRECT vitest usage: a source or test file imports directly from vitest or @vitest/..., or a @vitest/* package is listed in its dependencies (for example a coverage provider). Plain imports from vite-plus/test and vite-plus/test/* do NOT count as direct usage; a vite-plus/test/browser-* provider import is a browser-mode signal (case C), not direct usage.

Case A - node-mode only (no direct vitest usage, no browser mode; the common case): remove the vitest configuration entirely. In package.json, delete the vitest entry from dependencies / devDependencies in whatever form it takes (a @voidzero-dev/vite-plus-test alias, a catalog: reference, or a plain version). Also remove the vitest entry from every dependency-resolution mechanism in the project: both overrides and resolutions, pnpm overrides/catalog (in package.json or pnpm-workspace.yaml), and any catalog entry. If vitest appears in more than one of these, remove all of them. Do not add a pinned vitest; it arrives transitively through vite-plus and the node-mode test command works without it.
Case B - direct vitest usage: pin upstream vitest to the version bundled with vite-plus (4.1.9 for v0.2.1), and upgrade every vitest ecosystem package the project depends on so the whole tree resolves to a single vitest. Set each @vitest/* package the project lists (for example @vitest/coverage-v8, @vitest/ui, @vitest/browser) to that same version (4.1.9), since those are pinned to an exact vitest version. Also update any other vitest integration package (such as vitest-browser-*) to a release compatible with that vitest version. Leaving an ecosystem package on an older version pulls in a second copy of vitest, which Vitest rejects at runtime.
</tr></table>

... (truncated)

Commits
  • a0ed270 release: v0.2.1 (#1874)
  • bf5a938 revert: stop blocking older Node.js versions (#1865)
  • aeea7b9 fix(exec): exit non-zero for unmatched filters with --fail-if-no-match (#1859)
  • 6f97f09 release: v0.2.0 (#1856)
  • 6b036e8 feat: allow vp config opt-outs (#1842)
  • 740319f docs: sync command lists with help output (#1850)
  • 9b1ade6 fix(create): preserve shorthand fmt/lint config keys (#1843)
  • 342fd2f refactor!: replace @​voidzero-dev/vite-plus-test with upstream vitest (#1588)
  • d764e09 feat(deps): upgrade upstream dependencies (#1834)
  • b8b73de feat(create): approve dependency build scripts blocked by the package manager...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the minor-and-patch group with 7 updates
adeee93 
Bumps the minor-and-patch group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@lucide/svelte](https://github.com/lucide-icons/lucide/tree/HEAD/packages/svelte) | `1.18.0` | `1.22.0` |
| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.6.18` | `1.6.22` |
| [nanoid](https://github.com/ai/nanoid) | `5.1.11` | `5.1.16` |
| [@electric-sql/pglite](https://github.com/electric-sql/pglite/tree/HEAD/packages/pglite) | `0.5.2` | `0.5.3` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `26.0.0` | `26.0.1` |
| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `6.16.1` | `6.23.0` |
| [vite-plus](https://github.com/voidzero-dev/vite-plus/tree/HEAD/packages/cli) | `0.1.24` | `0.2.1` |


Updates `@lucide/svelte` from 1.18.0 to 1.22.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.22.0/packages/svelte)

Updates `better-auth` from 1.6.18 to 1.6.22
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.6.22/packages/better-auth)

Updates `nanoid` from 5.1.11 to 5.1.16
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@5.1.11...5.1.16)

Updates `@electric-sql/pglite` from 0.5.2 to 0.5.3
- [Release notes](https://github.com/electric-sql/pglite/releases)
- [Changelog](https://github.com/electric-sql/pglite/blob/main/packages/pglite/CHANGELOG.md)
- [Commits](https://github.com/electric-sql/pglite/commits/@electric-sql/pglite@0.5.3/packages/pglite)

Updates `@types/node` from 26.0.0 to 26.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `knip` from 6.16.1 to 6.23.0
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.23.0/packages/knip)

Updates `vite-plus` from 0.1.24 to 0.2.1
- [Release notes](https://github.com/voidzero-dev/vite-plus/releases)
- [Commits](https://github.com/voidzero-dev/vite-plus/commits/v0.2.1/packages/cli)

---
updated-dependencies:
- dependency-name: "@lucide/svelte"
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: better-auth
  dependency-version: 1.6.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: nanoid
  dependency-version: 5.1.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@electric-sql/pglite"
  dependency-version: 0.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/node"
  dependency-version: 26.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: knip
  dependency-version: 6.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vite-plus
  dependency-version: 0.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: bun. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants