Skip to content

chore(deps): bump the minor-and-patch group with 5 updates#450

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/develop/minor-and-patch-b44b3b1afe
Open

chore(deps): bump the minor-and-patch group with 5 updates#450
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/develop/minor-and-patch-b44b3b1afe

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 5 updates:

Package From To
@sentry/nextjs 10.60.0 10.62.0
better-auth 1.6.20 1.6.22
mermaid 11.15.0 11.16.0
eslint-plugin-jsdoc 63.0.7 63.0.10
prettier 3.8.4 3.9.1

Updates @sentry/nextjs from 10.60.0 to 10.62.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

    The vercelAiIntegration now supports v7 of the ai package. Note that v7 is not yet supported on Cloudflare.

Other Changes

  • fix(node): Avoid failing at runtime if tracingChannel is not available (#21783)
  • fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)

Work in this release was contributed by @​hyunbinseo. Thank you for your contribution!

  • chore(github): Update tracked packages (#21789)
  • feat(core): Add spanKindToName helper for reverse span-kind lookup (#21780)
  • ref(aws-serverless): Streamline AwsLambda instrumentation (#21758)
  • ref(node): Fix server-utils name for VercelAI integration (#21809)
  • ref(node): Streamline amqplib instrumentation (#21753)
  • ref(node): Streamline Firebase instrumentation (#21748)
  • test: Pin webpack to 5.107.0 (#21781)
  • test(e2e): Add no-browser-session lighthouse e2e test mode (#21787)
  • test(e2e): Add more test modes, pre-init and element timing (#21760)

Bundle size 📦

Path Size
@​sentry/browser 26.83 KB
@​sentry/browser - with treeshaking flags 25.3 KB
@​sentry/browser (incl. Tracing) 44.89 KB
@​sentry/browser (incl. Tracing + Span Streaming) 46.6 KB
@​sentry/browser (incl. Tracing, Profiling) 49.57 KB
@​sentry/browser (incl. Tracing, Replay) 83.22 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 73.06 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 87.8 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 100.17 KB
@​sentry/browser (incl. Feedback) 43.61 KB
@​sentry/browser (incl. sendFeedback) 31.5 KB
@​sentry/browser (incl. FeedbackAsync) 36.52 KB
@​sentry/browser (incl. Metrics) 27.87 KB
@​sentry/browser (incl. Logs) 28.11 KB
@​sentry/browser (incl. Metrics & Logs) 28.78 KB
@​sentry/react 28.59 KB
@​sentry/react (incl. Tracing) 47.15 KB

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

    The vercelAiIntegration now supports v7 of the ai package. Note that v7 is not yet supported on Cloudflare.

Other Changes

  • fix(node): Avoid failing at runtime if tracingChannel is not available (#21783)
  • fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)

Work in this release was contributed by @​hyunbinseo. Thank you for your contribution!

  • chore(github): Update tracked packages (#21789)
  • feat(core): Add spanKindToName helper for reverse span-kind lookup (#21780)
  • ref(aws-serverless): Streamline AwsLambda instrumentation (#21758)
  • ref(node): Fix server-utils name for VercelAI integration (#21809)
  • ref(node): Streamline amqplib instrumentation (#21753)
  • ref(node): Streamline Firebase instrumentation (#21748)
  • test: Pin webpack to 5.107.0 (#21781)
  • test(e2e): Add no-browser-session lighthouse e2e test mode (#21787)
  • test(e2e): Add more test modes, pre-init and element timing (#21760)

10.61.0

Important Changes

  • feat(core): Enable streamGenAiSpans by default (#21732)

    The SDK now extracts all gen_ai spans out of a transaction and sends them as v2 envelope items by default. This prevents gen_ai spans from being dropped when the transaction payload exceeds size limits. Because they are no longer constrained by transaction size limits, AI message data is also no longer truncated by default. Set enableTruncation: true on the respective AI integration to re-enable truncation. To keep the previous behavior, set streamGenAiSpans: false.

    Self-hosted Sentry users should opt out with streamGenAiSpans: false, since streamed gen_ai spans may not be ingested by their Sentry instance.

Other Changes

  • feat(cloudflare): Add batch, exec, and withSession D1 instrumentation (#21292)
  • feat(cloudflare): Instrument SQL API in sqlite durable objects (#21656)
  • feat(core): Add db.query.summary functionality (#21670)
  • feat(core): Add top-level Sentry.setAttribute(s) APIs (#21705)
  • fix(hono): Name transactions after the matched route handler (#21700)
  • fix(react-router): Bump peerDependencies for react-router 8 (#21762)
  • fix(replays): Record replay trace_ids with span streaming (#21714)

... (truncated)

Commits
  • 1fc539e release: 10.62.0
  • 5ee7977 Merge pull request #21792 from getsentry/prepare-release/10.62.0
  • f36645c meta(changelog): Update changelog for 10.62.0
  • e562f94 ref(node): Streamline amqplib instrumentation (#21753)
  • e1312df ref(node): Fix server-utils name for VercelAI integration (#21809)
  • fc29e61 ref(node): Streamline Firebase instrumentation (#21748)
  • 2081179 ref(cloudflare): Revert vercelAi change (#21793)
  • 2309fb5 chore(github): Update tracked packages (#21789)
  • 3bfeb64 feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)
  • a15e2a8 fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)
  • Additional commits viewable in compare view

Updates better-auth from 1.6.20 to 1.6.22

Release notes

Sourced from better-auth's releases.

v1.6.22

better-auth

Bug Fixes

  • Fixed unproven credentials not being revoked during magic link and email OTP sign-in (#10239)
  • Fixed server-side OAuth requests to refuse redirect responses instead of following them (#10241)

For detailed changes, see CHANGELOG

@better-auth/scim

Bug Fixes

  • Fixed SCIM write-path operations to be properly scoped and to correctly honor the active attribute (#10242)

For detailed changes, see CHANGELOG

@better-auth/stripe

Bug Fixes

  • Fixed organization subscription actions (cancel, upgrade, restore, and the billing portal) that could act on the wrong organization.

For detailed changes, see CHANGELOG

auth

Bug Fixes

  • Added account-level verification lockout for two-factor authentication (#10240)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​gustavovalverde

Full changelog: v1.6.21...v1.6.22

v1.6.21

better-auth

Bug Fixes

  • Fixed rate limits to be enforced before plugin request handlers run (#10191)
  • Fixed admin permission changes and bans to take effect immediately, even when session cookie cache is enabled (#10187)
  • Fixed deviceAuthorization() throwing a ZodError when called without a schema option under Zod v4 (#9939)

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.22

Patch Changes

  • #10239 c06a56d Thanks @​gustavovalverde! - Magic-link and email-OTP sign-in now reset the credentials on an account whose email had never been confirmed. When verification resolves to such an account, any existing password on it is removed and its sessions are revoked before the user is signed in, so proven control of the mailbox is the source of truth for the account.

    If you signed up with email and password but first signed in through a magic link or email OTP rather than confirming the verification email, your password is cleared and you will need to set a new one through password reset.

  • #10240 3a035e9 Thanks @​gustavovalverde! - Add account-level lockout for two-factor verification. The attempt limit applies per account across sign-in challenges and across factors: TOTP, email-OTP, and backup codes share one counter, and a successful verification resets it.

    Enabled by default: an account locks for 15 minutes after 10 consecutive failed verifications, and locked attempts return 429 with the ACCOUNT_TEMPORARILY_LOCKED error code. Configure it with twoFactor({ accountLockout: { enabled, maxFailedAttempts, durationSeconds } }).

    Run a database migration after upgrading: this adds failedVerificationCount and lockedUntil columns to the twoFactor table.

  • Updated dependencies [8bd43d9]:

    • @​better-auth/core@​1.6.22
    • @​better-auth/drizzle-adapter@​1.6.22
    • @​better-auth/kysely-adapter@​1.6.22
    • @​better-auth/memory-adapter@​1.6.22
    • @​better-auth/mongo-adapter@​1.6.22
    • @​better-auth/prisma-adapter@​1.6.22
    • @​better-auth/telemetry@​1.6.22

1.6.21

Patch Changes

  • #10212 e0762a1 Thanks @​bytaesu! - In root-mounted deployments, requests whose path does not start with the configured basePath now return 404 instead of resolving to an endpoint.

  • #10187 882cf9e Thanks @​ping-maxwell! - Admin permission changes and bans now take effect immediately for admin APIs, even when session cookie cache is enabled. Sensitive session checks also continue to work in stateless apps where signed cookies are the session record.

  • #9939 f52e1ab Thanks @​benpsnyder! - fixes a bug causing deviceAuthorization() throwing a ZodError at construction when called without a schema option

  • #10196 b5bec19 Thanks @​Paola3stefania! - OAuth sign-up and account-link profile sync now ignore provider profile values for user fields marked input: false. Input-allowed additional fields still persist from mapProfileToUser, and schema defaults still apply when OAuth creates a user. Apps that used mapProfileToUser to fill input: false fields should set those fields in server-side provisioning code instead.

  • #10197 816d7f9 Thanks @​Paola3stefania! - Google sign-in now accepts hd: "*" to allow any Google Workspace hosted domain while still rejecting tokens with no hosted-domain claim.

    Google One Tap now applies the configured Google hosted-domain restriction before creating a session.

  • #10192 239bcc8 Thanks @​bytaesu! - Validate PayPal user info against the verified ID token subject during social sign-in.

  • #10228 1bc370a Thanks @​gustavovalverde! - The SIWE plugin no longer binds a provided email that already belongs to another account. With anonymous set to false, /siwe/verify previously created the new account using that email even when it was already in use; it now keeps the wallet-derived address in that case, so one email cannot be attached to two accounts.

  • #10198 570267c Thanks @​rachit367! - Honor disableMigration on plugin schema tables. Tables flagged with disableMigration: true are now skipped by better-auth generate (Drizzle and Prisma output) and by the runtime migrator, instead of being emitted and created anyway. The flag was previously dropped while assembling the table list, so it had no effect.

  • #10182 461ca6f Thanks @​bytaesu! - Only store display username fallbacks as usernames when they pass username validation during email sign-up.

  • #10183 88409b0 Thanks @​bytaesu! - Require OAuth proxy profile callbacks to match an issued OAuth state before creating sessions.

  • #10203 5953157 Thanks @​bytaesu! - Rate limiting no longer trusts multi-hop X-Forwarded-For chains, preventing a client behind an appending proxy from spoofing the leftmost hop to bypass the per-IP rate limit. Single-value IP headers continue to work. To key the real client behind a proxy chain, set advanced.ipAddress.trustedProxies to your reverse-proxy IPs or CIDR ranges (the chain is walked right to left, skipping trusted hops), or point advanced.ipAddress.ipAddressHeaders at a single trusted client-IP header.

... (truncated)

Commits
  • a90d061 chore: release v1.6.22 (#10245)
  • 3a035e9 fix(two-factor): add account-level verification lockout (#10240)
  • c06a56d fix: revoke unproven credentials on magic-link/email-OTP sign-in (#10239)
  • 414169d chore: release v1.6.21 (#10184)
  • f52e1ab fix(device-authorization): make schema option optional under Zod v4 (#9939)
  • 882cf9e fix(admin): use authoritative session reads for authorization (#10187)
  • b5bec19 fix(oauth): apply user input rules to provider profiles (#10196)
  • 471f81c refactor: centralize request IP resolver in core (#10216)
  • 816d7f9 fix(one-tap): apply configured Google hosted domain (hd) on the callback (#10...
  • 1bc370a fix(siwe): reject sign-in when the provided email already belongs to another ...
  • Additional commits viewable in compare view

Updates mermaid from 11.15.0 to 11.16.0

Release notes

Sourced from mermaid's releases.

mermaid@11.16.0

Minor Changes

  • #7535 ea1c48f Thanks @​ragelink! - feat(cynefin): Adds the Cynefin framework as a new diagram type (beta) to Mermaid (available as cynefin-beta). The Cynefin framework, created by Dave Snowden, is a decision-making framework that categorizes problems into five complexity domains, widely used in agile, incident management, strategy, and organizational design.

  • #7721 f45cc2c Thanks @​notionparallax! - feat(treeView): add box-drawing character input support for treeView diagrams

  • #7550 f1f4d45 Thanks @​DominicBurkart! - feat(xychart): add per-point text labels for xychart line plots

  • #7527 b4d0442 Thanks @​notionparallax! - feat(treeView): Extends the existing treeView-beta diagram with features useful for representing file/directory structures.

  • #7793 a6f097d Thanks @​SSDWGG! - feat(er): support optional ER attribute types with a ? suffix

  • #7772 37f2e36 Thanks @​devareddy05! - feat(gantt): support multiple excludes / includes lines so long exclusion lists can be split into commented groups (#6270)

  • #7708 4e63e9d Thanks @​txmxthy! - feat(architecture): add align row|column {ids…} directive to architecture-beta diagrams so authors can declare horizontal or vertical alignment of services explicitly.

  • #7760 05223be Thanks @​ngdaniels! - feat(pie): Enhance Pie Chart - Enable donut chart, Set legend position, and highlight slice

  • #7251 216e4e9 Thanks @​ydah! - feat(railroad): Add support for Railroad Diagrams (Syntax Diagrams) with four input syntaxes: IR (railroad-beta), EBNF (railroad-ebnf-beta), ABNF (railroad-abnf-beta), and PEG (railroad-peg-beta).

  • #7774 e5c75e6 Thanks @​ngdaniels! - feat(xychart): enable rotate label on X-axis

  • #7791 974fa7b Thanks @​knsv-bot! - feat(swimlane): add swimlane as a standalone diagram type with a dedicated layered orthogonal layout algorithm

Patch Changes

... (truncated)

Commits
  • 7c0cafc Version Packages: v11.16.0 (#7916)
  • 26acd1a Merge pull request #7915 from mermaid-js/release/11.16.0
  • 5a8eae7 Merge branch 'master' into release/11.16.0
  • dd5ea77 Merge pull request #7913 from mermaid-js/pebr/fix-changesets
  • 658ee66 docs: fix missing bumps of @mermaid-js/parser
  • 04259a1 docs: fix author and commit on examples changeset
  • c9dcfb1 docs: update changeset diagram scopes
  • a34dab9 docs: remove swimlane/cynefin bugfix changesets
  • e81f31f docs: remove local-editor changeset
  • 7223f03 Minor correction
  • Additional commits viewable in compare view

Updates eslint-plugin-jsdoc from 63.0.7 to 63.0.10

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v63.0.10

63.0.10 (2026-06-27)

Bug Fixes

  • escape-inline-tags: allow scoped packages in declaration references (#1705) (70e0a11)

v63.0.9

63.0.9 (2026-06-26)

Bug Fixes

  • check-template-names, require-template, valid-types: keep commas inside @template default values (0980b71)

v63.0.8

63.0.8 (2026-06-25)

Bug Fixes

  • check-template-names: detect template usage in @augments/@extends/@implements types (208079f)
Commits
  • 70e0a11 fix(escape-inline-tags): allow scoped packages in declaration references (#1705)
  • ba37859 refactor(valid-types): drop obsolete raw-value workaround for @​template names
  • 5a07314 test: cover parseClosureTemplateTag comma splitting
  • 0980b71 fix(check-template-names, require-template, valid-types): keep commas i...
  • 208079f fix(check-template-names): detect template usage in @augments/@extends/...
  • See full diff in compare view

Updates prettier from 3.8.4 to 3.9.1

Release notes

Sourced from prettier's releases.

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.1

diff

CLI: Fix ignored file has been cached incorrectly (#19483 by @​kovsu)

Bug details prettier/prettier#18016

3.9.0

diff

🔗 Release Notes

3.8.5

diff

Flow: Support readonly as a variance annotation (#19022 by @​marcoww6)

Flow now accepts readonly as a property variance annotation, equivalent to + (covariant/read-only).

// Input
type T = {
  readonly foo: string,
};
// Prettier 3.8.4
SyntaxError
// Prettier 3.8.5
type T = {
readonly foo: string,
};

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@sentry/nextjs](https://github.com/getsentry/sentry-javascript) | `10.60.0` | `10.62.0` |
| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.6.20` | `1.6.22` |
| [mermaid](https://github.com/mermaid-js/mermaid) | `11.15.0` | `11.16.0` |
| [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `63.0.7` | `63.0.10` |
| [prettier](https://github.com/prettier/prettier) | `3.8.4` | `3.9.1` |


Updates `@sentry/nextjs` from 10.60.0 to 10.62.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.60.0...10.62.0)

Updates `better-auth` from 1.6.20 to 1.6.22
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.6.22/packages/better-auth)

Updates `mermaid` from 11.15.0 to 11.16.0
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.15.0...mermaid@11.16.0)

Updates `eslint-plugin-jsdoc` from 63.0.7 to 63.0.10
- [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases)
- [Commits](gajus/eslint-plugin-jsdoc@v63.0.7...v63.0.10)

Updates `prettier` from 3.8.4 to 3.9.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.1)

---
updated-dependencies:
- dependency-name: "@sentry/nextjs"
  dependency-version: 10.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: better-auth
  dependency-version: 1.6.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: mermaid
  dependency-version: 11.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: eslint-plugin-jsdoc
  dependency-version: 63.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: prettier
  dependency-version: 3.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Dependency updates npm npm package updates labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates npm npm package updates

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants