chore(deps): bump the production-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the production-dependencies group with 8 updates in the / directory:

Package	From	To
@react-email/components	1.0.6	1.0.12
@sentry/nextjs	10.38.0	10.49.0
@tanstack/react-virtual	3.13.18	3.13.24
next	16.1.6	16.2.4
pino	10.3.0	10.3.1
react	19.2.4	19.2.5
react-aria-components	1.14.0	1.17.0
react-dom	19.2.4	19.2.5

Updates @react-email/components from 1.0.6 to 1.0.12

Release notes

Sourced from @​react-email/components's releases.

@​react-email/components@​1.0.12

Patch Changes

• Updated dependencies [f6cfef0]
  • @​react-email/render@​2.0.6
  • @​react-email/body@​0.3.0
  • @​react-email/button@​0.2.1
  • @​react-email/code-block@​0.2.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/column@​0.0.14
  • @​react-email/container@​0.0.16
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/heading@​0.0.16
  • @​react-email/hr@​0.0.12
  • @​react-email/html@​0.0.12
  • @​react-email/img@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/markdown@​0.0.18
  • @​react-email/preview@​0.0.14
  • @​react-email/row@​0.0.13
  • @​react-email/section@​0.0.17
  • @​react-email/tailwind@​2.0.7
  • @​react-email/text@​0.1.6

@​react-email/components@​1.0.11

Patch Changes

• Updated dependencies [5a23505]
• Updated dependencies [ecfc141]
  • @​react-email/tailwind@​2.0.7
  • @​react-email/render@​2.0.5
  • @​react-email/body@​0.3.0
  • @​react-email/button@​0.2.1
  • @​react-email/code-block@​0.2.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/column@​0.0.14
  • @​react-email/container@​0.0.16
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/heading@​0.0.16
  • @​react-email/hr@​0.0.12
  • @​react-email/html@​0.0.12
  • @​react-email/img@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/markdown@​0.0.18
  • @​react-email/preview@​0.0.14
  • @​react-email/row@​0.0.13
  • @​react-email/section@​0.0.17
  • @​react-email/text@​0.1.6

... (truncated)

Changelog

Sourced from @​react-email/components's changelog.

1.0.12

Patch Changes

• Updated dependencies [f6cfef0]
  • @​react-email/render@​2.0.6
  • @​react-email/body@​0.3.0
  • @​react-email/button@​0.2.1
  • @​react-email/code-block@​0.2.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/column@​0.0.14
  • @​react-email/container@​0.0.16
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/heading@​0.0.16
  • @​react-email/hr@​0.0.12
  • @​react-email/html@​0.0.12
  • @​react-email/img@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/markdown@​0.0.18
  • @​react-email/preview@​0.0.14
  • @​react-email/row@​0.0.13
  • @​react-email/section@​0.0.17
  • @​react-email/tailwind@​2.0.7
  • @​react-email/text@​0.1.6

1.0.11

Patch Changes

• Updated dependencies [5a23505]
• Updated dependencies [ecfc141]
  • @​react-email/tailwind@​2.0.7
  • @​react-email/render@​2.0.5
  • @​react-email/body@​0.3.0
  • @​react-email/button@​0.2.1
  • @​react-email/code-block@​0.2.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/column@​0.0.14
  • @​react-email/container@​0.0.16
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/heading@​0.0.16
  • @​react-email/hr@​0.0.12
  • @​react-email/html@​0.0.12
  • @​react-email/img@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/markdown@​0.0.18
  • @​react-email/preview@​0.0.14
  • @​react-email/row@​0.0.13

... (truncated)

Commits

• 291aea4 chore(root): version packages (#3117)
• 1191b35 chore(root): version packages (#3084)
• 32b0eba chore(root): version packages (#3073)
• 197d094 chore: version packages (#3035)
• 1f27dcd feat: pnpm catalogs (#3014)
• 11aa935 chore(deps): update dependency tsdown to v0.19.0 (#2857)
• ea53ed8 chore(root): version packages (#2953)
• 047ba86 chore(root): version packages (#2911)
• 8ec4d26 chore(root): version packages (canary) (#2878)
• See full diff in compare view

Updates @sentry/nextjs from 10.38.0 to 10.49.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.49.0

Important Changes

• feat(browser): Add View Hierarchy integration (#14981)

  A new viewHierarchyIntegration captures the DOM structure when an error occurs, providing a snapshot of the page state for debugging. Enable it in your Sentry configuration:

  import * as Sentry from '@sentry/browser';
  Sentry.init({
  dsn: 'DSN',
  integrations: [Sentry.viewHierarchyIntegration()],
  });

• feat(cloudflare): Split alarms into multiple traces and link them (#19373)

  Durable Object alarms now create separate traces for each alarm invocation, with proper linking between related alarms for better observability.

• feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation (#19991, #20345)

  A new enableRpcTracePropagation option enables automatic trace propagation for Cloudflare RPC calls via .fetch(), ensuring distributed traces flow correctly across service bindings.

• feat(core): Add enableTruncation option to AI integrations (#20167, #20181, #20182, #20183, #20184)

  All AI integrations (OpenAI, Anthropic, Google GenAI, LangChain, LangGraph) now support an enableTruncation option to control whether large AI inputs/outputs are truncated.

• feat(opentelemetry): Vendor AsyncLocalStorageContextManager (#20243)

  The OpenTelemetry context manager is now vendored internally, reducing external dependencies and ensuring consistent behavior across environments.

Other Changes

• feat(core): Export a reusable function to add tracing headers (#20076)
• feat(core): Expose rewriteSources top level option (#20142)
• feat(deps): bump defu from 6.1.4 to 6.1.6 (#20104)
• feat(node-native): Add support for V8 v14 (Node v25+) (#20125)
• feat(node): Include global scope for eventLoopBlockIntegration (#20108)
• fix(core, node): Support loading Express options lazily (#20211)
• fix(core): Set conversation_id only on gen_ai spans (#20274)
• fix(core): Use ai.operationId for Vercel AI V6 operation name mapping (#20285)
• fix(deno): Avoid inferring invalid span op from Deno tracer (#20128)
• fix(deno): Handle reader.closed rejection from releaseLock() in streaming (#20187)
• fix(nextjs): Preserve directive prologues in turbopack loaders (#20103)
• fix(nextjs): Skip custom browser tracing setup for bot user agents (#20263)
• fix(opentelemetry): Use WeakRef for context stored on scope to prevent memory leak (#20328)
• fix(replay): Use live click attributes in breadcrumbs (#20262)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.49.0

Important Changes

• feat(browser): Add View Hierarchy integration (#14981)

  A new viewHierarchyIntegration captures the DOM structure when an error occurs, providing a snapshot of the page state for debugging. Enable it in your Sentry configuration:

  import * as Sentry from '@sentry/browser';
  Sentry.init({
  dsn: 'DSN',
  integrations: [Sentry.viewHierarchyIntegration()],
  });

• feat(cloudflare): Split alarms into multiple traces and link them (#19373)

  Durable Object alarms now create separate traces for each alarm invocation, with proper linking between related alarms for better observability.

• feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation (#19991, #20345)

  A new enableRpcTracePropagation option enables automatic trace propagation for Cloudflare RPC calls via .fetch(), ensuring distributed traces flow correctly across service bindings.

• feat(core): Add enableTruncation option to AI integrations (#20167, #20181, #20182, #20183, #20184)

  All AI integrations (OpenAI, Anthropic, Google GenAI, LangChain, LangGraph) now support an enableTruncation option to control whether large AI inputs/outputs are truncated.

• feat(opentelemetry): Vendor AsyncLocalStorageContextManager (#20243)

  The OpenTelemetry context manager is now vendored internally, reducing external dependencies and ensuring consistent behavior across environments.

Other Changes

• feat(core): Export a reusable function to add tracing headers (#20076)
• feat(core): Expose rewriteSources top level option (#20142)
• feat(deps): bump defu from 6.1.4 to 6.1.6 (#20104)
• feat(node-native): Add support for V8 v14 (Node v25+) (#20125)
• feat(node): Include global scope for eventLoopBlockIntegration (#20108)
• fix(core, node): Support loading Express options lazily (#20211)
• fix(core): Set conversation_id only on gen_ai spans (#20274)
• fix(core): Use ai.operationId for Vercel AI V6 operation name mapping (#20285)
• fix(deno): Avoid inferring invalid span op from Deno tracer (#20128)
• fix(deno): Handle reader.closed rejection from releaseLock() in streaming (#20187)
• fix(nextjs): Preserve directive prologues in turbopack loaders (#20103)
• fix(nextjs): Skip custom browser tracing setup for bot user agents (#20263)
• fix(opentelemetry): Use WeakRef for context stored on scope to prevent memory leak (#20328)
• fix(replay): Use live click attributes in breadcrumbs (#20262)

... (truncated)

Commits

• 745af79 release: 10.49.0
• 46dcef1 Merge pull request #20348 from getsentry/prepare-release/10.49.0
• bf4e188 meta(changelog): Update changelog for 10.49.0
• 5f72df5 feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation...
• 50438f9 feat(browser): Emit web vitals as streamed spans (#19827)
• 3332fec fix(opentelemetry): Use WeakRef for context stored on scope to prevent memory...
• 684a41f ref(opentelemetry): Replace @opentelemetry/resources with inline `getSentry...
• 8b2a9dc ci: Remove Docker container for Verdaccio package publishing (#20329)
• 0007c7b ci: Extract test names for flaky test issues (#20298)
• 9b9d65c chore(ci): Bump actions/cache to v5 and actions/download-artifact to v7 (#20249)
• Additional commits viewable in compare view

Updates @tanstack/react-virtual from 3.13.18 to 3.13.24

Release notes

Sourced from @​tanstack/react-virtual's releases.

@​tanstack/react-virtual@​3.13.24

Patch Changes

• Updated dependencies [97a204d]:
  • @​tanstack/virtual-core@​3.14.0

@​tanstack/react-virtual@​3.13.23

Patch Changes

• Updated dependencies [7ece2d5]:
  • @​tanstack/virtual-core@​3.13.23

@​tanstack/react-virtual@​3.13.22

Patch Changes

• Updated dependencies [54d771a, d3416c3]:
  • @​tanstack/virtual-core@​3.13.22

@​tanstack/react-virtual@​3.13.21

Patch Changes

• Updated dependencies [be89e29]:
  • @​tanstack/virtual-core@​3.13.21

@​tanstack/react-virtual@​3.13.20

Patch Changes

• Updated dependencies [ff83e94]:
  • @​tanstack/virtual-core@​3.13.20

@​tanstack/react-virtual@​3.13.19

Patch Changes

• Updated dependencies [843109c]:
  • @​tanstack/virtual-core@​3.13.19

Changelog

Sourced from @​tanstack/react-virtual's changelog.

3.13.24

Patch Changes

• Updated dependencies [97a204d]:
  • @​tanstack/virtual-core@​3.14.0

3.13.23

Patch Changes

• Updated dependencies [7ece2d5]:
  • @​tanstack/virtual-core@​3.13.23

3.13.22

Patch Changes

• Updated dependencies [54d771a, d3416c3]:
  • @​tanstack/virtual-core@​3.13.22

3.13.21

Patch Changes

• Updated dependencies [be89e29]:
  • @​tanstack/virtual-core@​3.13.21

3.13.20

Patch Changes

• Updated dependencies [ff83e94]:
  • @​tanstack/virtual-core@​3.13.20

3.13.19

Patch Changes

• Updated dependencies [843109c]:
  • @​tanstack/virtual-core@​3.13.19

Commits

• c3d4cd4 ci: Version Packages (#1157)
• 9394e13 ci: Version Packages (#1149)
• 7ece2d5 fix(virtual-core): remove incorrect elementsCache cleanup using getItemKey (#...
• c2f1c39 ci: Version Packages (#1139)
• fc3c733 perf(virtual-core): skip sync DOM reads during normal scrolling (#1144)
• c4da5cb ci: Version Packages (#1137)
• be89e29 fix(virtual-core): smooth scrolling for dynamic item sizes (#1108)
• d2a9995 ci: Version Packages (#1136)
• ff83e94 fix(virtual-core): early return in _measureElement for disconnected nodes (#1...
• e0e4dcd ci: Version Packages (#1131)
• See full diff in compare view

Updates next from 16.1.6 to 16.2.4

Release notes

Sourced from next's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
• Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
• Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• Compiler: Support boolean and number primtives in next.config defines (#92731)
• turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
• Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
• Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

... (truncated)

Commits

• 2275bd8 v16.2.4
• e073983 Adding more system info to the 'initialize project' trace (#92427)
• 8a540b5 Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92...
• 2f5343f Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• 2ad9d3f turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...
• 6f3808e Compiler: Support boolean and number primtives in next.config defines (#92731)
• fbc7684 Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• 805d758 Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...
• 1056fae chore: Bump reqwest to 0.13.2 (#92713)
• d5f649b v16.2.3
• Additional commits viewable in compare view

Updates pino from 10.3.0 to 10.3.1

Release notes

Sourced from pino's releases.

v10.3.1

What's Changed

• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in pinojs/pino#2385
• build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 by @​dependabot[bot] in pinojs/pino#2386
• docs: clarify transport level filtering behavior by @​mcollina in pinojs/pino#2390
• fix(transport): sanitize invalid NODE_OPTIONS preloads for workers by @​mcollina in pinojs/pino#2391

Full Changelog: pinojs/pino@v10.3.0...v10.3.1

Commits

• 6b34498 Bumped v10.3.1
• f1203e6 fix(transport): sanitize invalid NODE_OPTIONS preloads for workers (#2391)
• 6a8e598 docs: clarify transport level filtering behavior (#2390)
• 49a4807 Merge branch 'main' of github.com:pinojs/pino
• 960bbbb build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 (#2386)
• e2a5b4a build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2385)
• 04859e2 chore: update gitignore for ai assistant files
• See full diff in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-aria-components from 1.14.0 to 1.17.0

Release notes

Sourced from react-aria-components's releases.

React Aria Components v1.17.0

This release brings support for several long-awaited features, including support for expandable rows in Table, and window scrolling in Virtualizer. Expandable rows enable macOS Finder-like file trees by designating a treeColumn and rendering a chevron button within its cells. Window scrolling in Virtualizer enables virtualized collections to automatically scroll with the rest of the page. We've also added support for horizontally virtualized GridLists and ListBoxes! Finally, we significantly improved how we manage our dependencies – see the full release notes for details.

Full release notes

React Aria Components v1.16.0

In today’s release, we are excited to announce support for multi-select ComboBox, one of our most requested features! You can now use selectionMode="multiple" to select multiple options and customize how to display the selected items via ComboBoxValue, e.g. using a TagGroup. We’ve also added section support in Tree: simply use TreeSection and TreeHeader to group tree items into labeled sections. This release also includes improvements to overlay positioning, scroll into view behavior, and fixes to address various crashes.

This release contains one of the highest number of contributions to date. A big thank you to our contributors for all your feedback, features and fixes!

Full release notes

React Aria Components v1.15.0

New year, new release, and the shine hasn’t worn off from our new documentation website: we’ve already added new Agent Skills and improved the search experience 😍. This month’s release includes a big update to our compatibility, with DOM customization options via a new render prop for React Aria Components. This feature will help with cases such as rendering Router Link components, or for use with animation libraries. We have also fixed our most upvoted issue: we now constrain dates on blur instead of as you type, allowing more input flexibility and greatly improving the user experience of our date fields.

Thank you to all of our contributors for your bug fixes, features, and feedback. We look forward to another great year ahead!

Full Release Notes

Commits

• ca74817 Publish
• 2d2cc15 fix: prevent items from getting continually loaded in S2 TreeView (#9921)
• beda778 fix: broken compound selector exposed by browserslist bump (Table virtualizer...
• c7c4c67 fix: v3 docs build (#9919)
• efc581c fix: nightly packing too many files (#9917)
• 5c5bda5 docs: improve S2 agent skill (#9908)
• 988c120 docs: Update RangeCalendar for api consitency, add docs for nonce, and TagGro...
• 21c4dfb chore: Revert 9875 and move disabledBehavior example in TableView docs (#9914)
• 9e18b4a chore: fix S2 datepicker errorMessage type (#9909)
• b65a4aa Revert "fix: make aria test utils helpers work with vitest-browser-react (#97...
• Additional commits viewable in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.