chore(deps): bump the all-other-non-major-dependencies group with 5 updates

[dependabot]

Bumps the all-other-non-major-dependencies group with 5 updates:

Package	From	To
@supabase/supabase-js	2.105.1	2.105.4
tailwind-merge	3.5.0	3.6.0
zod	4.4.2	4.4.3
@types/node	25.6.0	25.6.2
typescript-eslint	8.59.1	8.59.2

Updates @supabase/supabase-js from 2.105.1 to 2.105.4

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.105.4

2.105.4 (2026-05-08)

🩹 Fixes

• auth: return null from getItemAsync on JSON parse failure (#2336)
• postgrest: restore non-Error abort detection in fetch catch (#2335)
• realtime: guard sessionStorage access in restricted-storage browsers (#2339)

v2.105.4-canary.2

2.105.4-canary.2 (2026-05-08)

This was a version bump only, there were no code changes.

v2.105.4-canary.1

2.105.4-canary.1 (2026-05-08)

🩹 Fixes

• realtime: guard sessionStorage access in restricted-storage browsers (#2339)

v2.105.4-canary.0

2.105.4-canary.0 (2026-05-08)

🩹 Fixes

• auth: return null from getItemAsync on JSON parse failure (#2336)
• postgrest: restore non-Error abort detection in fetch catch (#2335)

v2.105.3

2.105.3 (2026-05-04)

🩹 Fixes

• auth: narrow OAuth/CustomProvider types to fix downstream consumer typecheck (#2326)

v2.105.2

2.105.2 (2026-05-04)

🩹 Fixes

• auth: forward lockAcquireTimeout to SupabaseAuthClient (#2309)
• auth: add toJSON to WebAuthnError for correct JSON serialization (#2317)
• misc: widen enum-like unions with (string & {}) for forward compat (#2303)
• misc: reduce any usage across packages (#2314)
• postgrest: unify insert/upsert signatures (#2315)

❤️ Thank You

• Muzzaiyyan Hussain @​MuzzaiyyanHussain

... (truncated)

Commits

• db53b0f chore(release): version 2.105.2 changelogs (#2323)
• 5223888 [patchback] docs(repo): @​category and @​subcategory tags across all packages (...
• 0412d0d fix(auth): forward lockAcquireTimeout to SupabaseAuthClient (#2309)
• 42c9cbb [patchback] fix(misc): widen enum-like unions with (string & {}) for forward ...
• 7e1773c chore(release): version 2.105.1 changelogs (#2302)
• See full diff in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Updates zod from 4.4.2 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

• 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
• 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
• 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
• 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
• 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
• b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
• f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
• 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

Commits

• 1fb56a5 docs: document release procedure in AGENTS.md
• f3c9ec0 4.4.3
• c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
• 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 9195250 docs: remove Mintlify from bronze sponsors (churned)
• 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
• 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
• 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
• 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
• See full diff in compare view

Updates @types/node from 25.6.0 to 25.6.2

Commits

• See full diff in compare view

Updates typescript-eslint from 8.59.1 to 8.59.2

Release notes

Sourced from typescript-eslint's releases.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.59.2 (2026-05-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 2ec35f1 chore(release): publish 8.59.2
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Update five non‑major dependencies to pick up stability fixes and Tailwind v4.3 compatibility. Supabase patches improve auth and realtime robustness and reduce the dependency tree.

• Dependencies
  • @supabase/supabase-js 2.105.4: fixes auth JSON parse fallback and abort detection; guards sessionStorage in restricted browsers; drops ws/@types/ws from the tree.
  • tailwind-merge 3.6.0: adds Tailwind CSS v4.3 support, including the postfixLookupClassGroups option.
  • zod 4.4.3: restores catch/preprocess behavior for absent object keys.
  • @types/node 25.6.2 and typescript-eslint 8.59.2: patch updates to improve tooling stability.

^{Written for commit da6a0c2. Summary will update on new commits.}

[dependabot]

Labels

The following labels could not be found: contributor. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
sytcolabs	Ready	Preview, Comment	May 11, 2026 7:18am

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​supabase/​supabase-js@​2.105.1 ⏵ 2.105.4	+1
	typescript-eslint@​8.59.1 ⏵ 8.59.2
	@​types/​node@​25.6.0 ⏵ 25.6.2	+1		+1
	tailwind-merge@​3.5.0 ⏵ 3.6.0	+1		+1
	zod@​4.4.2 ⏵ 4.4.3	+1		+1

View full report

[cubic-dev-ai]

No issues found across 2 files