Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 9 updates#54

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-4fcfdb44e4
Open

chore(deps): bump the production-dependencies group across 1 directory with 9 updates#54
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-4fcfdb44e4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026

Bumps the production-dependencies group with 9 updates in the / directory:

Package From To
canvas 3.2.0 3.2.1
cron-parser 5.4.0 5.5.0
diff 8.0.2 8.0.3
lucide-react 0.562.0 0.576.0
next 16.1.1 16.1.6
react 19.2.3 19.2.4
react-dom 19.2.3 19.2.4
react-window 2.2.4 2.2.7
tailwind-merge 3.4.0 3.5.0

Updates canvas from 3.2.0 to 3.2.1

Release notes

Sourced from canvas's releases.

v3.2.1

3.2.1

  • Fix error message HTTP response status code in image src setter
  • roundRect() shape incorrect when radii were large relative to rectangle size (#2400)
  • Reject loadImage when src is null or invalid (#2304)
  • Fix compilation on GCC 15 by including (#2545)
Changelog

Sourced from canvas's changelog.

3.2.1

  • Fix error message HTTP response status code in image src setter
  • roundRect() shape incorrect when radii were large relative to rectangle size (#2400)
  • Reject loadImage when src is null or invalid (#2304)
  • Fix compilation on GCC 15 by including (#2545)
Commits

Updates cron-parser from 5.4.0 to 5.5.0

Release notes

Sourced from cron-parser's releases.

v5.5.0

What's Changed

New Contributors

Full Changelog: harrisiirak/cron-parser@v5.4.0...v5.5.0

Commits
  • 25ffdad speed up CronExpression iteration (#394)
  • 62bc4bd docs: add base pull request and issue templates
  • 3cb070c docs: add CONTRIBUTING.md with additional contributing details
  • 74ca06d feat: include op/s in benchmarking tool
  • See full diff in compare view

Updates diff from 8.0.2 to 8.0.3

Changelog

Sourced from diff's changelog.

8.0.3

  • #631 - fix support for using an Intl.Segmenter with diffWords. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).
  • #635 - small tweaks to tokenization behaviour of diffWords when used without an Intl.Segmenter. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (× and ÷) are now treated as punctuation instead of as letters / word characters.
  • #641 - the format of file headers in createPatch etc. patches can now be customised somewhat. It now takes a headerOptions option that can be used to disable the file headers entirely, or omit the Index: line and/or the underline. In particular, this was motivated by a request to make jsdiff patches compatible with react-diff-view, which they now are if produced with headerOptions: FILE_HEADERS_ONLY.
  • #647 and #649 - fix denial-of-service vulnerabilities in parsePatch whereby adversarial input could cause a memory-leaking infinite loop, typically crashing the calling process. Also fixed ReDOS vulnerabilities whereby adversarially-crafted patch headers could take cubic time to parse. Now, parsePatch should reliably take linear time. (Handling of headers that include the line break characters \r, \u2028, or \u2029 in non-trailing positions is also now more reasonable as side effect of the fix.)
Commits
  • 13576bf 8.0.3 release (#652)
  • 1179ccb Ignore .zed (#651)
  • 949d6e2 Add test for the vuln I just fixed (#650)
  • 15a1585 Fix the second denial-of-service vulnerability in parsePatch (#649)
  • de95cca Fix potentially cubic-time regex in parsePatch (#647)
  • b9aeede Allow more customisation of file headers in patches (#641)
  • 43c716c Merge pull request #636 from kpdecker/dependabot/npm_and_yarn/node-forge-1.3.2
  • b8162c7 Bump node-forge from 1.3.1 to 1.3.2
  • ad6dc17 Fix some bugs in the diffWords regex (and errors & ambiguities in the comment...
  • 3e1774a Fix a comment typo (#633)
  • Additional commits viewable in compare view

Updates lucide-react from 0.562.0 to 0.576.0

Release notes

Sourced from lucide-react's releases.

Version 0.576.0

What's Changed

Full Changelog: lucide-icons/lucide@0.575.0...0.576.0

Version 0.575.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.573.0...0.575.0

Version 0.574.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.572.0...0.574.0

Version 0.573.0

What's Changed

... (truncated)

Commits
  • 67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
  • b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
  • See full diff in compare view

Updates next from 16.1.1 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Upgrade to swc 54 (#88207)
  • implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
  • tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Fix linked list bug in LRU deleteFromLru (#88652)
  • Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

Commits

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

Commits

Updates react-window from 2.2.4 to 2.2.7

Release notes

Sourced from react-window's releases.

2.2.7

  • Fixed a problem with project logo not displaying correctly in the README for the Firefox browser.

2.2.6

  • useDynamicRowHeight should not instantiate ResizeObserver when server-rendering

2.2.5

  • Use defaultHeight/defaultWidth prop to server render initial set of rows/cells
  • Adjust TypeScript return type for rowComponent/cellComponent to work around a ReactNode vs ReactElement mismatch caused by #875
Changelog

Sourced from react-window's changelog.

2.2.7

  • Fixed a problem with project logo not displaying correctly in the README for the Firefox browser.

2.2.6

  • useDynamicRowHeight should not instantiate ResizeObserver when server-rendering

2.2.5

  • Use defaultHeight/defaultWidth prop to server render initial set of rows/cells
  • Adjust TypeScript return type for rowComponent/cellComponent to work around a ReactNode vs ReactElement mismatch caused by #875
Commits
  • b7e8457 2.2.6 -> 2.2.7
  • dc23245 Fixed a problem with project logo not displaying correctly in the README for ...
  • 0138b13 Tweaked how-it-works graphic style
  • 2b98251 2.2.5 -> 2.2.6
  • 6222edc useDynamicRowHeight: Don't instantiate ResizeObserver when server-rendering (...
  • 69330f4 Fix example
  • 8433914 Update docs to clarify that Grid cells can't be auto-sized
  • 7969e5a Fix docs typo
  • dff578f 2.2.4 -> 2.2.5
  • b26f7da 2.2.5 (#896)
  • Additional commits viewable in compare view

Updates tailwind-merge from 3.4.0 to 3.5.0

Release notes

Sourced from tailwind-merge's releases.

v3.5.0

New Features

Full Changelog: dcastil/tailwind-merge@v3.4.1...v3.5.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

v3.4.1

Bug Fixes

Full Changelog: dcastil/tailwind-merge@v3.4.0...v3.4.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits
  • 270ac79 v3.5.0
  • 86f772e add changelog for 3.5.0
  • 6c1f77c Merge pull request #651 from dcastil/feature/add-support-for-tailwind-css-v4.2
  • 7a4cacf Add support for decimal fraction values
  • 9ef0f79 fix incorrectly escaped characters
  • f4938b0 update README with v4.2 support
  • b02a572 Add Tailwind v4.2 font-features utilities support
  • 5bd25ec Add Tailwind v4.2 logical sizing utilities
  • 697c920 Add Tailwind v4.2 logical border block utilities
  • 6656a47 Improve JSDoc comments for logical insets
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the production-dependencies group across 1 director…
7c8d281 
…y with 9 updates

Bumps the production-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [canvas](https://github.com/Automattic/node-canvas) | `3.2.0` | `3.2.1` |
| [cron-parser](https://github.com/harrisiirak/cron-parser) | `5.4.0` | `5.5.0` |
| [diff](https://github.com/kpdecker/jsdiff) | `8.0.2` | `8.0.3` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.562.0` | `0.576.0` |
| [next](https://github.com/vercel/next.js) | `16.1.1` | `16.1.6` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.3` | `19.2.4` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.3` | `19.2.4` |
| [react-window](https://github.com/bvaughn/react-window) | `2.2.4` | `2.2.7` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.4.0` | `3.5.0` |



Updates `canvas` from 3.2.0 to 3.2.1
- [Release notes](https://github.com/Automattic/node-canvas/releases)
- [Changelog](https://github.com/Automattic/node-canvas/blob/master/CHANGELOG.md)
- [Commits](Automattic/node-canvas@v3.2.0...v3.2.1)

Updates `cron-parser` from 5.4.0 to 5.5.0
- [Release notes](https://github.com/harrisiirak/cron-parser/releases)
- [Commits](harrisiirak/cron-parser@v5.4.0...v5.5.0)

Updates `diff` from 8.0.2 to 8.0.3
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v8.0.2...v8.0.3)

Updates `lucide-react` from 0.562.0 to 0.576.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.576.0/packages/lucide-react)

Updates `next` from 16.1.1 to 16.1.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.1.1...v16.1.6)

Updates `react` from 19.2.3 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react)

Updates `react-dom` from 19.2.3 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom)

Updates `react-window` from 2.2.4 to 2.2.7
- [Release notes](https://github.com/bvaughn/react-window/releases)
- [Changelog](https://github.com/bvaughn/react-window/blob/main/CHANGELOG.md)
- [Commits](bvaughn/react-window@2.2.4...2.2.7)

Updates `tailwind-merge` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](dcastil/tailwind-merge@v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: canvas
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: cron-parser
  dependency-version: 5.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: diff
  dependency-version: 8.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: lucide-react
  dependency-version: 0.576.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: next
  dependency-version: 16.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-window
  dependency-version: 2.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: tailwind-merge
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 2, 2026

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants