Bump the minor-and-patch group across 1 directory with 18 updates

[dependabot]

Bumps the minor-and-patch group with 17 updates in the /src/frontend directory:

Package	From	To
@azure/monitor-opentelemetry	1.16.0	1.17.0
@base-ui/react	1.3.0	1.4.1
@microsoft/applicationinsights-react-js	19.3.8	19.4.0
@tanstack/react-query	5.96.2	5.100.9
lucide-react	1.7.0	1.14.0
next	16.2.2	16.2.6
next-auth	4.24.13	4.24.14
react	19.2.4	19.2.6
react-dom	19.2.4	19.2.6
shadcn	4.2.0	4.7.0
tailwind-merge	3.5.0	3.6.0
@tailwindcss/postcss	4.2.2	4.3.0
@types/node	25.5.2	25.6.2
eslint-config-next	16.2.2	16.2.6
jest	30.3.0	30.4.2
jest-environment-jsdom	30.3.0	30.4.1
typescript	6.0.2	6.0.3

Updates @azure/monitor-opentelemetry from 1.16.0 to 1.17.0

Changelog

Sourced from @​azure/monitor-opentelemetry's changelog.

1.17.0 (2026-05-07)

Features Added

• Added GenAI main agent attribution: AzureMonitorSpanProcessor and AzureLogRecordProcessor now propagate microsoft.gen_ai.main_agent.* attributes (with fallback to gen_ai.agent.* / gen_ai.conversation.id) from parent spans to child spans, derive them on invoke_agent spans, and copy them from the active span onto emitted log records.
• Added support for the AKS resource detector from @opentelemetry/resource-detector-azure.
• Added AKS_RESOURCE_DETECTOR_POPULATION statsbeat feature signal to track when the AKS resource detector successfully populates resource attributes.

Bugs Fixed

• Fixed Available Memory performance counter on Linux to report MemAvailable from /proc/meminfo instead of MemFree (via os.freemem()). MemAvailable accounts for reclaimable memory (page cache, buffers), providing a more accurate measure of memory available to processes.
• Fixed standard metrics and performance counters recording 0ms duration for all sub-second requests. span.duration is an HrTime tuple [seconds, nanoseconds] but was incorrectly read as span.duration[0] (seconds only). Converted to milliseconds using hrTimeToMilliseconds() from @opentelemetry/core.

Other Changes

• Restructured samples-dev to use the standard Azure SDK dev-tool format with @summary tags.
• Updated to using exporter version 1.0.0-beta.40.

Commits

• 1cc3584 [Monitor OpenTelemetry] Remove azure functions instrumentation (#38461)
• 19734e9 [monitor] Update @​azure/opentelemetry-instrumentation-azure-sdk dependencies ...
• ac224e2 [Monitor OpenTelemetry][Monitor OpenTelemetry Exporter] Release Distro 1.17.0...
• 9be3be3 feat(monitor-opentelemetry): implement GenAI main agent attribution (#38445)
• 3de1abe Add imports field to all warp-built packages (#38391)
• e8f0055 chore: Update registry for all package.json and adjust check rules (#38281)
• 7b834ea Add missing polyfillSuffix entries to warp.config.yml for .cts polyfill packa...
• 65c0ccc feat(warp): explicit CJS via moduleType, esbuild ESM→CJS transform (#37893)
• 0f1cd87 [Monitor OpenTelemetry] Linux Perf Counter Update (#37835)
• 2467920 [Monitor OpenTelemetry] Fix monitor-opentelemetry samples-dev to use standard...
• Additional commits viewable in compare view

Updates @base-ui/react from 1.3.0 to 1.4.1

Release notes

Sourced from @​base-ui/react's releases.

v1.4.1

General changes

• Clear highlight on pointer leave when item is clipped by scroll container (#4604) by @​atomiks
• Fix display: contents tabbability (#4642) by @​atomiks
• Fix multi-argument event handler forwarding in mergeProps (#4598) by @​atomiks
• Mark date-fns peer dependencies as optional (#4639) by @​LukasTy

Navigation Menu

• Fix stale popup size on rapid trigger hover (#4646) by @​atomiks

All contributors of this release in alphabetical order: @​atomiks, @​LukasTy

v1.4.0

General changes

• Improve render prop warning accuracy (#4324, #4363) by @​atomiks
• Fix preventBaseUIHandler runtime wrapping (#4330) by @​atomiks
• Fix Uncaught TypeError: Converting circular structure to JSON (#4452) by @​Profesor08
• Expose form prop on hidden inputs (#4352) by @​atomiks
• Add suppressHydrationWarning to hidden inputs (#4482) by @​devxoul
• Fix outside-press dismissal in a shared shadow root (#4333) by @​atomiks
• Fix Positioner not repositioning to a different trigger when reopened with keepMounted (#4407) by @​mdm317
• Lock scroll of full-width anchored modal popups with touch input (#3100) by @​atomiks

Alert Dialog

• Fix detached trigger HMR with recreated handles (#4472) by @​atomiks

Autocomplete

• Fix initial live region announcements (#4286) by @​atomiks

Avatar

• Fix flash when image is cached (#4469) by @​mj12albert

Checkbox

• Fix uncontrolled default initialization (#4535) by @​atomiks
• Prevent input state changes in readOnly mode (#4551) by @​tsbehlman

Collapsible

• Fix open state when keepMounted has no transitions (#4555) by @​mj12albert

Combobox

• Fix clicks in Chips/InputGroup areas not focusing the input or opening the popup (#4296) by @​CiscoFran10

... (truncated)

Changelog

Sourced from @​base-ui/react's changelog.

v1.4.1

Apr 20, 2026

General changes

• Clear highlight on pointer leave when item is clipped by scroll container (#4604) by @​atomiks
• Fix display: contents tabbability (#4642) by @​atomiks
• Fix multi-argument event handler forwarding in mergeProps (#4598) by @​atomiks
• Mark date-fns peer dependencies as optional (#4639) by @​LukasTy

Navigation Menu

• Fix stale popup size on rapid trigger hover (#4646) by @​atomiks

All contributors of this release in alphabetical order: @​atomiks, @​LukasTy

v1.4.0

Apr 13, 2026

General changes

• Improve render prop warning accuracy (#4324, #4363) by @​atomiks
• Fix preventBaseUIHandler runtime wrapping (#4330) by @​atomiks
• Fix Uncaught TypeError: Converting circular structure to JSON (#4452) by @​Profesor08
• Expose form prop on hidden inputs (#4352) by @​atomiks
• Add suppressHydrationWarning to hidden inputs (#4482) by @​devxoul
• Fix outside-press dismissal in a shared shadow root (#4333) by @​atomiks
• Fix Positioner not repositioning to a different trigger when reopened with keepMounted (#4407) by @​mdm317
• Lock scroll of full-width anchored modal popups with touch input (#3100) by @​atomiks

Alert Dialog

• Fix detached trigger HMR with recreated handles (#4472) by @​atomiks

Autocomplete

• Fix initial live region announcements (#4286) by @​atomiks

Avatar

• Fix flash when image is cached (#4469) by @​mj12albert

Checkbox

• Fix uncontrolled default initialization (#4535) by @​atomiks
• Prevent input state changes in readOnly mode (#4551) by @​tsbehlman

Collapsible

... (truncated)

Commits

• be88b61 [release] v1.4.1 (#4650)
• fc7f4f9 [navigation menu] Fix stale popup size on rapid trigger hover (#4646)
• 783e530 [mergeProps] Fix multi-argument event handler forwarding (#4598)
• 2622ddf [all components] Fix display: contents tabbability (#4642)
• c0b4937 [core] Mark date-fns peer dependencies as optional (#4639)
• c8fd3a0 [dialog][popover][tooltip][menu][preview] Remove dead create*EventDetails w...
• 099541a [select] Remove unused itemToStringLabel and itemToStringValue from context (...
• 7158d7b [otp] Refactor OTPFieldRoot and OTPFieldHiddenInput (#4609)
• af33404 [temporal adapter date-fns] Fix date-only string parsing and setTimezone duck...
• 41da0c1 [docs] Fix Field validity API descriptions (#4592)
• Additional commits viewable in compare view

Updates @microsoft/applicationinsights-react-js from 19.3.8 to 19.4.0

Release notes

Sourced from @​microsoft/applicationinsights-react-js's releases.

19.4.0

Breaking Changes

TThis release bumps the Application Insights dependency from ^3.3.10 to ^3.4.1., which contains potential breaking changes:

The 3.4.x release of Application Insights includes significant changes that may affect your application. Please review the following before upgrading.

This version is NOT supported on any eariler versions of Application Insights.

Type Signature Compatibility

• Fixed: ReactPlugin.initialize method signature now properly matches ITelemetryPlugin interface requirements
  • Changed from IConfiguration & IConfig to IConfiguration to follow TypeScript contravariance rules
  • Impact: Should resolve "Type 'ReactPlugin' is not assignable to type 'ITelemetryPlugin'" errors that users encountered in previous releases
  • Fixes parameter type compatibility issues when passing ReactPlugin instance to SDK initialization

Application Insights 3.4.1 Breaking Changes

• Distributed Tracing Refactoring (Details):

  • The TelemetryTrace class has been removed; functionality integrated into W3C trace state implementation
  • appInsights.context.telemetryTrace is now deprecated (adapter to core.getTraceCtx())
  • Core instance now always has a valid traceId (either generated or inherited from parent trace context)

• Flush Method Signature: Parameter renamed from async to isAsync in IChannelControls interface

  • Only affects code using named parameters

Package Deprecation Notice

@microsoft/applicationinsights-common is now DEPRECATED and will be removed in Application Insights 4.0.0:

• All exports from applicationinsights-common have been merged into @microsoft/applicationinsights-core-js
• The common package continues to work as a compatibility shim (re-exports from Core)
• Action Required: Update imports from @microsoft/applicationinsights-common to @microsoft/applicationinsights-core-js
• See the Migration Guide for details
• This version of the plugin now only uses @microsoft/applicationinsights-core-js and therefore will no longer work with older releases.

Significant Changes

• Update to Application Insights 3.4.1 (from 3.3.10):
  • Enhanced W3C trace state support and distributed tracing improvements
  • Enhanced cookie management with memory caching when cookies are disabled
  • OsPlugin reliability improvements with proactive OS retrieval
  • URL redaction enhancements for improved flexibility
  • Better handling of dependency tracking with W3C trace state

Security Updates

• #169: Upgrade React and react-dom to 19.1.2 to address CVE-2025-55182 (CVSS 10.0)
  • Critical security vulnerability: unauthenticated remote code execution in React Server Components
  • Action Required: All users should update immediately

... (truncated)

Changelog

Sourced from @​microsoft/applicationinsights-react-js's changelog.

19.4.0 (April 8th, 2026)

Breaking Changes

TThis release bumps the Application Insights dependency from ^3.3.10 to ^3.4.1., which contains potential breaking changes:

The 3.4.x release of Application Insights includes significant changes that may affect your application. Please review the following before upgrading.

This version is NOT supported on any eariler versions of Application Insights.

Type Signature Compatibility

• Fixed: ReactPlugin.initialize method signature now properly matches ITelemetryPlugin interface requirements
  • Changed from IConfiguration & IConfig to IConfiguration to follow TypeScript contravariance rules
  • Impact: Should resolve "Type 'ReactPlugin' is not assignable to type 'ITelemetryPlugin'" errors that users encountered in previous releases
  • Fixes parameter type compatibility issues when passing ReactPlugin instance to SDK initialization

Application Insights 3.4.1 Breaking Changes

• Distributed Tracing Refactoring (Details):

  • The TelemetryTrace class has been removed; functionality integrated into W3C trace state implementation
  • appInsights.context.telemetryTrace is now deprecated (adapter to core.getTraceCtx())
  • Core instance now always has a valid traceId (either generated or inherited from parent trace context)

• Flush Method Signature: Parameter renamed from async to isAsync in IChannelControls interface

  • Only affects code using named parameters

Package Deprecation Notice

@microsoft/applicationinsights-common is now DEPRECATED and will be removed in Application Insights 4.0.0:

• All exports from applicationinsights-common have been merged into @microsoft/applicationinsights-core-js
• The common package continues to work as a compatibility shim (re-exports from Core)
• Action Required: Update imports from @microsoft/applicationinsights-common to @microsoft/applicationinsights-core-js
• See the Migration Guide for details
• This version of the plugin now only uses @microsoft/applicationinsights-core-js and therefore will no longer work with older releases.

Significant Changes

• Update to Application Insights 3.4.1 (from 3.3.10):
  • Enhanced W3C trace state support and distributed tracing improvements
  • Enhanced cookie management with memory caching when cookies are disabled
  • OsPlugin reliability improvements with proactive OS retrieval
  • URL redaction enhancements for improved flexibility
  • Better handling of dependency tracking with W3C trace state

Security Updates

• #169: Upgrade React and react-dom to 19.1.2 to address CVE-2025-55182 (CVSS 10.0)
  • Critical security vulnerability: unauthenticated remote code execution in React Server Components

... (truncated)

Commits

• fafc408 [Release] Increase version to 19.4.0 (#172)
• 4919e72 refactor(errorBoundary): return error and errorInfo object with the onError c...
• 0b183b7 fix: use React.ReactNode for children prop (#156)
• fb3080f Fix vulnerable dependencies (#171)
• ce42e0e fix(security): upgrade react and react-dom to 19.1.2 for CVE-2025-55182 (#169)
• See full diff in compare view

Updates @tanstack/react-query from 5.96.2 to 5.100.9

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.9

Patch Changes

• Updated dependencies [3d21cac]:
  • @​tanstack/query-devtools@​5.100.9
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query-next-experimental@​5.100.9

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query-persist-client@​5.100.9

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.9
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query@​5.100.9

Patch Changes

• Updated dependencies [fcee7bd]:
  • @​tanstack/query-core@​5.100.9

@​tanstack/react-query-devtools@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.8
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query-next-experimental@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query-persist-client@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.8
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query@​5.100.8

Patch Changes

• Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.9

Patch Changes

• Updated dependencies [fcee7bd]:
  • @​tanstack/query-core@​5.100.9

5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.8

5.100.7

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.7

5.100.6

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.6

5.100.5

Patch Changes

• Updated dependencies [a53ef97]:
  • @​tanstack/query-core@​5.100.5

5.100.4

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.4

5.100.3

Patch Changes

• fix(suspense): skip calling combine when queries would suspend (#10576)

• Updated dependencies [f85d825]:

  • @​tanstack/query-core@​5.100.3

... (truncated)

Commits

• 8c3d523 ci: Version Packages (#10630)
• 9800c8f ci: Version Packages (#10623)
• 3ae4261 ci: Version Packages (#10620)
• 87f7ccf ci: Version Packages (#10604)
• 441204b ci: Version Packages (#10582)
• 55afb3e ci: Version Packages (#10581)
• fe287cc ci: Version Packages (#10579)
• f85d825 Feature/use suspense queries combine (#10576)
• 93b2845 ci: Version Packages (#10575)
• ea4497e fix(query-core): stop wrapping persister generics in NoInfer (#10510)
• Additional commits viewable in compare view

Updates lucide-react from 1.7.0 to 1.14.0

Release notes

Sourced from lucide-react's releases.

Version 1.14.0

What's Changed

• feat(icons): added repeat-off icon by @​jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

• fix(docs): sync URL params with UI state on categories page by @​taimar in lucide-icons/lucide#4111
• feat(icons): add waves-vertical icon by @​jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

• feat(icon): add folder-bookmark icon by @​swastik7805 in lucide-icons/lucide#4262
• docs(readme): Update readme files by @​ericfennis in lucide-icons/lucide#4320
• feat(icons): added astroid icon by @​whoisBugsbunny in lucide-icons/lucide#4217

Full Changelog: lucide-icons/lucide@1.10.0...1.12.0

Version 1.11.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in lucide-icons/lucide#4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in lucide-icons/lucide#4315
• feat(docs): blur background of framework-select by @​Spleefies in lucide-icons/lucide#4238
• feat(icon): add heart-x icon by @​swastik7805 in lucide-icons/lucide#4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in lucide-icons/lucide#4299
• feat(icons): added layers-minus icon by @​Spleefies in lucide-icons/lucide#4005
• feat(icons): added bell-check icon by @​pettelau in lucide-icons/lucide#4152

New Contributors

• @​jglu made their first contribution in lucide-icons/lucide#4309
• @​pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

Version 1.10.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310

... (truncated)

Commits

• 50d8af5 docs(readme): Update readme files (#4320)
• 653e44b feat(packages): use .mjs for ESM bundles (#4285)
• 7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
• See full diff in compare view

Updates next from 16.2.2 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.5

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)

... (truncated)

Commits

• ee6e79b v16.2.6
• afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
• 97a154e Turbopack: Fix middleware matcher suffix (#93590)
• 83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
• 7b222b9 [backport][test] Pin package manager to patch versions (#93595)
• a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
• 766148f v16.2.5
• 0dd9483 fix: add explicit checks for RSC header (#83) (#98)
• d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
• 9d50c0b Strip next-resume header from incoming requests (#92)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next-auth from 4.24.13 to 4.24.14

Release notes

Sourced from next-auth's releases.

next-auth@4.24.14

Bugfixes

• providers: add issuer to GitHub provider for RFC 9207 compliance (#13412)

GitHub now returns an iss parameter in OAuth callbacks. openid-client validates it unconditionally, which was breaking authentication for apps that didn't configure an issuer. This sets the default GitHub provider issuer to https://github.com/login/oauth.

Commits

• e9a892a chore(release): bump version [skip ci]
• 0497da4 fix(providers): add issuer to github (#13412)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for next-auth since your current version.

Updates react from 19.2.4 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Updates shadcn from 4.2.0 to 4.7.0

Release notes

Sourced from shadcn's releases.

shadcn@4.7.0

Minor Changes

• #10519 eb42ae25fda81e90e621f1e334e5126b1f22371d Thanks @​shadcn! - add support for package imports

• #10528 309d95017fce3936548c15d2ef827c84560cc45a Thanks @​shadcn! - allow alias placeholders in target for registry items

Patch Changes

• #10559 28b3e5f36086677b0533583817407d8f936a567b Thanks @​shadcn! - add previous version error suggestion

shadcn@4.6.0

Minor Changes

• #10530 ea6086cbcc33b359bb876651374e26f643ea85b1 Thanks @​shadcn! - add shadcn preset commands

• #10516 c236d0c009b4ff87c77a04c618d2b348cac7cdcb Thanks @​shadcn! - add preset info to npx shadcn info

Patch Changes

• #10526 55fd4dc71be9e6410a528d6ce6bc7287ffba262c Thanks @​shadcn! - update docs and info urls

• #10524 6dea65ebcbbdb8773b3072ca74c9cee4e386988b Thanks @​shadcn! - fix apply in monorepo

shadcn@4.5.0

Minor Changes

• #10488 eb6e783fb3861aba3b35289a473954080e6f1607 Thanks @​shadcn! - add --pointer option to cli.

  npx shadcn init --pointer will enable cursor: pointer on buttons.

shadcn@4.4.0

Minor Changes

• #10451 e456fed9d3f0b7aacf7084aecc02a75e8fde622d Thanks @​shadcn! - add apply --only

Patch Changes

• 9c572ab778b5a0ab42693eb07bc4a75d0c24603e Thanks @​shadcn! - fix chartColor in presets

shadcn@4.3.1

Patch Changes

• #10436 b7cfc364aca36bc90f8efa86773bc81011502036 Thanks @​shadcn! - Ensure init only runs template post-init hooks for newly created projects.

• #10179 d00605c5fb5fe3cfbcb68cea65398430cdd819f8 Thanks @​EthanThatOneKid! - Send Accept: application/vnd.shadcn.v1+json, application/json;q=0.9 and User-Agent: shadcn on registry fetches so servers using HTTP content negotiation can reliably serve JSON to the CLI. Fixes #10164.

shadcn@4.3.0

Minor Changes

... (truncated)

Changelog

Sourced from shadcn's changelog.

4.7.0

Minor Changes

• #10519 eb42ae25fda81e90e621f1e334e5126b1f22371d Thanks @​shadcn! - add support for package imports

• #10528 309d95017fce3936548c15d2ef827c84560cc45a Thanks @​shadcn! - allow alias placeholders in target for registry items

Patch Changes

• #10559 28b3e5f36086677b0533583817407d8f936a567b Thanks @​shadcn! - add previous version error suggestion

4.6.0

Minor Changes

• #10530 ea6086cbcc33b359bb876651374e26f643ea85b1 Thanks @​shadcn! - add shadcn preset commands

• #10516 c236d0c009b4ff87c77a04c618d2b348cac7cdcb Thanks @​shadcn! - add preset info to npx shadcn info

Patch Changes

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.