chore(deps): bump the npm-dependencies group across 1 directory with 17 updates by dependabot[bot] · Pull Request #52 · michellepace/devflow

dependabot · 2026-04-26T18:56:12Z

Bumps the npm-dependencies group with 16 updates in the / directory:

Package	From	To
@clerk/nextjs	`7.0.12`	`7.2.7`
@clerk/ui	`1.5.0`	`1.6.7`
lucide-react	`1.7.0`	`1.11.0`
next	`16.2.3`	`16.2.4`
@biomejs/biome	`2.4.10`	`2.4.13`
@clerk/testing	`2.0.12`	`2.0.21`
@rolldown/plugin-babel	`0.2.2`	`0.2.3`
@tailwindcss/postcss	`4.2.2`	`4.2.4`
@types/node	`25.5.2`	`25.6.0`
baseline-browser-mapping	`2.10.16`	`2.10.23`
dotenv	`17.4.1`	`17.4.2`
lefthook	`2.1.5`	`2.1.6`
markdownlint-cli2	`0.22.0`	`0.22.1`
shadcn	`4.2.0`	`4.5.0`
typescript	`6.0.2`	`6.0.3`
vitest	`4.1.3`	`4.1.5`

Updates @clerk/nextjs from 7.0.12 to 7.2.7

Release notes

Sourced from @clerk/nextjs's releases.

@clerk/nextjs@7.2.7

Patch Changes

Updated dependencies [da76490]:

@clerk/shared@4.8.5

@clerk/backend@3.4.1

@clerk/react@6.4.5

@clerk/nextjs@7.2.6

Patch Changes

Updated dependencies [083c4c5, dcaf694, d9011b4]:

@clerk/shared@4.8.4

@clerk/react@6.4.4

@clerk/backend@3.4.0

@clerk/nextjs@7.2.3

Patch Changes

Updated dependencies [fcc6c0c]:

@clerk/backend@3.2.13

@clerk/react@6.4.2

@clerk/nextjs@7.2.2

Patch Changes

Updated dependencies [f800b4f, 8ee6a32, c7b0f47, 34762e8]:

@clerk/backend@3.2.12

@clerk/shared@4.8.2

@clerk/react@6.4.2

@clerk/nextjs@7.2.1

Patch Changes

Normalize URL paths in createPathMatcher to prevent route protection bypass (#8311) by @nikosdouvlis

Updated dependencies [b0b6675]:

@clerk/shared@4.8.1

@clerk/backend@3.2.11

@clerk/react@6.4.1

Changelog

Sourced from @clerk/nextjs's changelog.

7.2.7

Patch Changes

Updated dependencies [da76490]:

@clerk/shared@4.8.5

@clerk/backend@3.4.1

@clerk/react@6.4.5

7.2.6

Patch Changes

Updated dependencies [083c4c5, dcaf694, d9011b4]:

@clerk/shared@4.8.4

@clerk/react@6.4.4

@clerk/backend@3.4.0

7.2.5

Patch Changes

Refactor clerkMiddleware internals to factor the post-authentication pipeline (handler invocation, CSP, redirects, response decoration) into a private runHandlerWithRequestState helper. Pure refactor — no behavioral change. (#8368) by @jacekradko

Updated dependencies [93855c2]:

@clerk/backend@3.3.0

7.2.4

Patch Changes

Add helpful TypeScript error for incorrect auth import path (#8358) by @jacekradko

Fix an authorization bypass in has(), auth.protect(), and related predicates when a single call combined conditions from more than one dimension (for example, { permission, reverification } or { feature, permission }). A dimension that should have denied the request was treated as indeterminate and ignored by the combining logic, allowing other passing dimensions to carry the result and authorize the call when it should have failed closed. (#8372) by @nikosdouvlis

Behavior is now:

When a requested dimension cannot be satisfied because the underlying session data is missing, malformed, or invalid, the call denies. Previously these cases were treated as indeterminate and ignored, which could let another passing dimension carry the call.

Fixed a minor bug where session.checkAuthorization() was building authorization options from the membership row id instead of the organization id.

Single-condition role, permission, feature, and plan checks (has({ permission }), etc.) are unchanged. Single-condition reverification checks are unchanged on well-formed session data; calls with a missing or malformed factorVerificationAge payload now deny where they previously returned indeterminate. Callback-form auth.protect(has => ...) is unaffected unless the callback itself invokes the affected shapes.

Separately, auth.protect() in @clerk/nextjs previously discarded authorization params (role, permission, feature, plan, reverification) whenever the same argument object also contained unauthenticatedUrl, unauthorizedUrl, or token. TypeScript's excess-property check caught this for inline object literals but did not apply once the argument was assigned to a variable, spread, or used from JavaScript. Mixed-shape calls like auth.protect({ role: 'org:admin', unauthorizedUrl: '/denied' }) or auth.protect({ permission: 'org:X', token: 'session_token' }) now correctly enforce the authorization check instead of silently letting every authenticated caller through.

Updated dependencies [d52b311, abaa339]:

@clerk/shared@4.8.3

@clerk/backend@3.2.14

@clerk/react@6.4.3

7.2.3

... (truncated)

Commits

2f48ea8 ci(repo): Version packages (#8401)
6be2ea9 ci(repo): Version packages (#8389)
8a25c6a ci(repo): Version packages (#8377)
93855c2 refactor(nextjs): factor runHandlerWithRequestState out of baseNextMiddleware...
57bca7b ci(repo): Version packages (#8363)
d52b311 fix(shared,clerk-js,nextjs): authorization bypass in combined-condition has()...
683399a feat(nextjs): add helpful error for incorrect auth import (#8358)
7994b5f ci(repo): Version packages (#8340)
cc8fed5 ci(repo): Version packages (#8322)
6399251 ci(repo): Version packages (#8315)
Additional commits viewable in compare view

Updates @clerk/ui from 1.5.0 to 1.6.7

Release notes

Sourced from @clerk/ui's releases.

@clerk/ui@1.6.7

Patch Changes

Updated dependencies [da76490]:

@clerk/shared@4.8.5

@clerk/localizations@4.5.5

@clerk/ui@1.6.5

Patch Changes

Fixed OAuth redirect_url for openSignIn modal. (#8385) by @wobsoriano

@clerk/ui@1.6.3

Patch Changes

Fix EnableOrganizationsPrompt in keyless mode: show "Claim your application" CTA instead of broken "Sign in to continue" when organizations are enabled on an unclaimed keyless app with no signed-in user. (#8341) by @mwickett

Use user.organizationMemberships from the already-loaded user object to populate the org select in the OAuth consent screen, avoiding a redundant memberships fetch. (#8350) by @wobsoriano

Correctly display IP redirect URIs in OAuth consent. (#8342) by @wobsoriano

Add scroll-driven fade overlays to ListGroupContent in the OAuthConsent component so overflowing scope lists visually indicate more content above and below. (#8339) by @alexcarpenter

@clerk/ui@1.6.2

Patch Changes

Add infinite loading to organization selection in <OAuthConsent />. (#8309) by @wobsoriano

Fix OAuthConsent always redirecting to sign-in by adopting the AuthenticatedRoutes pattern used by other full-page components (#8327) by @alexcarpenter

Updated dependencies [c7b0f47, 34762e8]:

@clerk/shared@4.8.2

@clerk/localizations@4.5.2

@clerk/ui@1.6.1

Patch Changes

Updated dependencies [b0b6675]:

@clerk/shared@4.8.1

@clerk/localizations@4.5.1

Changelog

Sourced from @clerk/ui's changelog.

1.6.7

Patch Changes

Updated dependencies [da76490]:

@clerk/shared@4.8.5

@clerk/localizations@4.5.5

1.6.6

Patch Changes

Display web3wallet in UserProfile when added by administrator (#7981) by @dmoerner

Updated dependencies [083c4c5, dcaf694, 4b62ce8]:

@clerk/shared@4.8.4

@clerk/localizations@4.5.4

1.6.5

Patch Changes

Fixed OAuth redirect_url for openSignIn modal. (#8385) by @wobsoriano

1.6.4

Patch Changes

Default the organization selection in <OAuthConsent /> to the user's last active organization, falling back to the first membership when it is not set or no longer available. (#8362) by @kylemac

Updated dependencies [d52b311]:

@clerk/shared@4.8.3

@clerk/localizations@4.5.3

1.6.3

Patch Changes

Fix EnableOrganizationsPrompt in keyless mode: show "Claim your application" CTA instead of broken "Sign in to continue" when organizations are enabled on an unclaimed keyless app with no signed-in user. (#8341) by @mwickett

Use user.organizationMemberships from the already-loaded user object to populate the org select in the OAuth consent screen, avoiding a redundant memberships fetch. (#8350) by @wobsoriano

Correctly display IP redirect URIs in OAuth consent. (#8342) by @wobsoriano

Add scroll-driven fade overlays to ListGroupContent in the OAuthConsent component so overflowing scope lists visually indicate more content above and below. (#8339) by @alexcarpenter

1.6.2

Patch Changes

... (truncated)

Commits

2f48ea8 ci(repo): Version packages (#8401)
6be2ea9 ci(repo): Version packages (#8389)
e73d266 fix(ui): Display admin-created Web3 wallet in UserProfile (#7981)
2c838fa ci(repo): Version packages (#8387)
26847fe fix(ui): correct OAuth redirect_url for openSignIn modal (#8385)
7a423d6 fix(clerk-js,ui): Pin rspack to 1.7.x and disable lazy compilation (#8378)
57bca7b ci(repo): Version packages (#8363)
0744a0b fix(ui): Default OAuthConsent org selection to last active organization (#8362)
d7758e3 chore(ui): Update [DEV] minor & patch dependencies (#8356)
7994b5f ci(repo): Version packages (#8340)
Additional commits viewable in compare view

Updates lucide-react from 1.7.0 to 1.11.0

Release notes

Sourced from lucide-react's releases.

Version 1.11.0

What's Changed

docs: add missing period to TypeScript Support description by @jglu in lucide-icons/lucide#4309

fix(@lucide/svelte): proper doc comments for svelte components by @blt-r in lucide-icons/lucide#4267

chore(deps): bump svgo from 3.3.2 to 3.3.3 by @dependabot[bot] in lucide-icons/lucide#4119

chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @dependabot[bot] in lucide-icons/lucide#4310

feat(icons): add power and quick tags to zap and zap-off by @swastik7805 in lucide-icons/lucide#4268

test(build-font): added comprehensive unit tests on build-font tool by @karsa-mistmere in lucide-icons/lucide#4315

feat(docs): blur background of framework-select by @Spleefies in lucide-icons/lucide#4238

feat(icon): add heart-x icon by @swastik7805 in lucide-icons/lucide#4264

fix(icons): optimised rotate-3d icon by @jamiemlaw in lucide-icons/lucide#4299

feat(icons): added layers-minus icon by @Spleefies in lucide-icons/lucide#4005

feat(icons): added bell-check icon by @pettelau in lucide-icons/lucide#4152

New Contributors

@jglu made their first contribution in lucide-icons/lucide#4309

@pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

Version 1.10.0

What's Changed

docs: add missing period to TypeScript Support description by @jglu in lucide-icons/lucide#4309

fix(@lucide/svelte): proper doc comments for svelte components by @blt-r in lucide-icons/lucide#4267

chore(deps): bump svgo from 3.3.2 to 3.3.3 by @dependabot[bot] in lucide-icons/lucide#4119

chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @dependabot[bot] in lucide-icons/lucide#4310

feat(icons): add power and quick tags to zap and zap-off by @swastik7805 in lucide-icons/lucide#4268

test(build-font): added comprehensive unit tests on build-font tool by @karsa-mistmere in lucide-icons/lucide#4315

feat(docs): blur background of framework-select by @Spleefies in lucide-icons/lucide#4238

feat(icon): add heart-x icon by @swastik7805 in lucide-icons/lucide#4264

fix(icons): optimised rotate-3d icon by @jamiemlaw in lucide-icons/lucide#4299

feat(icons): added layers-minus icon by @Spleefies in lucide-icons/lucide#4005

feat(icons): added bell-check icon by @pettelau in lucide-icons/lucide#4152

New Contributors

@jglu made their first contribution in lucide-icons/lucide#4309

@pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.10.0

Version 1.9.0

What's Changed

fix(packages/angular): allow string inputs for size by @swastik7805 in lucide-icons/lucide#4253

fix(gh-icon): update colors for ColoredPath component by @jguddas in lucide-icons/lucide#4233

feat(packages): use .mjs for ESM bundles by @karsa-mistmere in lucide-icons/lucide#4285

fix(build-font): add collision detection to font codepoints by @karsa-mistmere in lucide-icons/lucide#4300

feat(icons): added timeline icon by @jguddas in lucide-icons/lucide#4270

New Contributors

@swastik7805 made their first contribution in lucide-icons/lucide#4253

... (truncated)

Commits

653e44b feat(packages): use .mjs for ESM bundles (#4285)
7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
See full diff in compare view

Updates next from 16.2.3 to 16.2.4

Release notes

Sourced from next's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)

Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)

Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)

Compiler: Support boolean and number primtives in next.config defines (#92731)

turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)

Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)

Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)

Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @Badbird5907, @lukesandberg, @andrewimm, @sokra, and @mischnic for helping!

Commits

2275bd8 v16.2.4
e073983 Adding more system info to the 'initialize project' trace (#92427)
8a540b5 Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92...
2f5343f Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
2ad9d3f turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...
6f3808e Compiler: Support boolean and number primtives in next.config defines (#92731)
fbc7684 Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
805d758 Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...
1056fae chore: Bump reqwest to 0.13.2 (#92713)
See full diff in compare view

Updates @biomejs/biome from 2.4.10 to 2.4.13

Release notes

Sourced from @biomejs/biome's releases.

Biome CLI v2.4.13

2.4.13

Patch Changes
#9969 c5eb92b Thanks @officialasishkumar! - Added the nursery rule noUnnecessaryTemplateExpression, which disallows template literals that only contain string literal expressions. These can be replaced with a simpler string literal.

For example, the following code triggers the rule:
const a = `${"hello"}`; // can be 'hello'
const b = `${"prefix"}_suffix`; // can be 'prefix_suffix'
const c = `${"a"}${"b"}`; // can be 'ab'
#10037 f785e8c Thanks @minseong0324! - Fixed #9810: noMisleadingReturnType no longer reports false positives on a getter with a matching setter in the same namespace.
class Store {
  get status(): string {
    if (Math.random() > 0.5) return "loading";
    return "idle";
  }
  set status(v: string) {}
}
#10084 5e2f90c Thanks @jiwon79! - Fixed #10034: noUselessEscapeInRegex no longer flags escapes of ClassSetReservedPunctuator characters (&, !, #, %, ,, :, ;, <, =, >, @, `, ~) inside v-flag character classes as useless. These characters are reserved as individual code points in v-mode, so the escape is required.

The following pattern is now considered valid:
/[a-z\&]/v;
#10063 c9ffa16 Thanks @Netail! - Added extra rule sources from ESLint CSS. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

#10035 946b50e Thanks @Netail! - Fixed #10032: useIframeSandbox now flags if there's no initializer value.
#9865 68fb8d4 Thanks @dyc3! - Added the new nursery rule useDomNodeTextContent, which prefers textContent over innerText for DOM node text access and destructuring.

For example, the following snippet triggers the rule:
const foo = node.innerText;
#10023 bd1e74f Thanks @ematipico! - Added a new nursery rule noReactNativeDeepImports that disallows deep imports from the react-native package. Internal paths like react-native/Libraries/... are not part of the public API and may change between versions.

... (truncated)

Changelog

Sourced from @biomejs/biome's changelog.

2.4.13

Patch Changes
#9969 c5eb92b Thanks @officialasishkumar! - Added the nursery rule noUnnecessaryTemplateExpression, which disallows template literals that only contain string literal expressions. These can be replaced with a simpler string literal.

For example, the following code triggers the rule:
const a = `${"hello"}`; // can be 'hello'
const b = `${"prefix"}_suffix`; // can be 'prefix_suffix'
const c = `${"a"}${"b"}`; // can be 'ab'
#10037 f785e8c Thanks @minseong0324! - Fixed #9810: noMisleadingReturnType no longer reports false positives on a getter with a matching setter in the same namespace.
class Store {
  get status(): string {
    if (Math.random() > 0.5) return "loading";
    return "idle";
  }
  set status(v: string) {}
}
#10084 5e2f90c Thanks @jiwon79! - Fixed #10034: noUselessEscapeInRegex no longer flags escapes of ClassSetReservedPunctuator characters (&, !, #, %, ,, :, ;, <, =, >, @, `, ~) inside v-flag character classes as useless. These characters are reserved as individual code points in v-mode, so the escape is required.

The following pattern is now considered valid:
/[a-z\&]/v;
#10063 c9ffa16 Thanks @Netail! - Added extra rule sources from ESLint CSS. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

#10035 946b50e Thanks @Netail! - Fixed #10032: useIframeSandbox now flags if there's no initializer value.
#9865 68fb8d4 Thanks @dyc3! - Added the new nursery rule useDomNodeTextContent, which prefers textContent over innerText for DOM node text access and destructuring.

For example, the following snippet triggers the rule:
const foo = node.innerText;
#10023 bd1e74f Thanks @ematipico! - Added a new nursery rule noReactNativeDeepImports that disallows deep imports from the react-native package. Internal paths like react-native/Libraries/... are not part of the public API and may change between versions.

For example, the following code triggers the rule:

... (truncated)

Commits

e316150 ci: release (#9991)
11ddc05 feat(lint): add useReactNativePlatformComponents rule and options (#10033)
1603f78 feat(js_analyze): implement noJsxLeakedDollar (#9911)
c5eb92b feat(linter): add nursery rule noUnnecessaryTemplateExpression (#9969)
5cc83b1 feat(lint/js): add noLoopFunc (#9815)
bd1e74f feat(lint): add react native deep import rule (#10023)
68fb8d4 feat(lint/js): add useDomNodeTextContent (#9865)
94ccca9 feat(lint): add noReactNativeLiteralColors (#10012)
3dce737 feat(lint/js): add useDomQuerySelector (#9885)
131019e feat(lint): add noReactNativeRawText (#10005)
Additional commits viewable in compare view

Updates @clerk/testing from 2.0.12 to 2.0.21

Release notes

Sourced from @clerk/testing's releases.

@clerk/testing@2.0.21

Patch Changes

Updated dependencies [da76490]:

@clerk/shared@4.8.5

@clerk/backend@3.4.1

@clerk/testing@2.0.17

Patch Changes

Updated dependencies [fcc6c0c]:

@clerk/backend@3.2.13

@clerk/testing@2.0.16

Patch Changes

Updated dependencies [f800b4f, 8ee6a32, c7b0f47, 34762e8]:

@clerk/backend@3.2.12

@clerk/shared@4.8.2

@clerk/testing@2.0.15

Patch Changes

Updated dependencies [b0b6675]:

@clerk/shared@4.8.1

@clerk/backend@3.2.11

Changelog

Sourced from @clerk/testing's changelog.

2.0.21

Patch Changes

Updated dependencies [da76490]:

@clerk/shared@4.8.5

@clerk/backend@3.4.1

2.0.20

Patch Changes

Updated dependencies [083c4c5, dcaf694, d9011b4]:

@clerk/shared@4.8.4

@clerk/backend@3.4.0

2.0.19

Patch Changes

Updated dependencies [93855c2]:

@clerk/backend@3.3.0

2.0.18

Patch Changes

Updated dependencies [d52b311, abaa339]:

@clerk/shared@4.8.3

@clerk/backend@3.2.14

2.0.17

Patch Changes

Updated dependencies [fcc6c0c]:

@clerk/backend@3.2.13

2.0.16

Patch Changes

Updated dependencies [f800b4f, 8ee6a32, c7b0f47, 34762e8]:

@clerk/backend@3.2.12

@clerk/shared@4.8.2

2.0.15

Patch Changes

... (truncated)

Commits

2f48ea8 ci(repo): Version packages (#8401)
6be2ea9 ci(repo): Version packages (#8389)
8a25c6a ci(repo): Version packages (#8377)
57bca7b ci(repo): Version packages (#8363)
7994b5f ci(repo): Version packages (#8340)
cc8fed5 ci(repo): Version packages (#8322)
6399251 ci(repo): Version packages (#8315)
b1f9bbe ci(repo): Version packages (#8307)
4657d64 ci(repo): Version packages (#8277)
See full diff in compare view

Updates @rolldown/plugin-babel from 0.2.2 to 0.2.3

Release notes

Sourced from @rolldown/plugin-babel's releases.

plugin-babel@0.2.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from @rolldown/plugin-babel's changelog.

0.2.3 (2026-04-13)

Bug Fixes

babel: exclude rolldown runtime module by default (#57) (d42ec45)

deps: update all non-major dependencies (#35) (f359c39)

deps: update all non-major dependencies (#40) (1963ed1)

deps: update all non-major dependencies (#49) (8047e05)

deps: update rolldown-related dependencies (#36) (b2bf24b)

deps: update rolldown-related dependencies (#46) (6b7fcfc)

deps: update rolldown-related dependencies (#50) (232515f)

deps: update rolldown-related dependencies (#55) (c432590)

Miscellaneous Chores

deps: update dependency @types/node to v24 (#38) (d6b8baa)

Commits

015e64a release: plugin-babel@0.2.3
d42ec45 fix(babel): exclude rolldown runtime module by default (#57)
c432590 fix(deps): update rolldown-related dependencies (#55)
232515f fix(deps): update rolldown-related dependencies (#50)
8047e05 fix(deps): update all non-major dependencies (#49)
1963ed1 fix(deps): update all non-major dependencies (#40)
6b7fcfc fix(deps): update rolldown-related dependencies (#46)
d6b8baa chore(deps): update dependency @types/node to v24 (#38)
b2bf24b fix(deps): update rolldown-related dependencies (#36)
f359c39 fix(deps): updat...
Description has been truncated

…17 updates Bumps the npm-dependencies group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@clerk/nextjs](https://github.com/clerk/javascript/tree/HEAD/packages/nextjs) | `7.0.12` | `7.2.7` | | [@clerk/ui](https://github.com/clerk/javascript/tree/HEAD/packages/ui) | `1.5.0` | `1.6.7` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.7.0` | `1.11.0` | | [next](https://github.com/vercel/next.js) | `16.2.3` | `16.2.4` | | [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.10` | `2.4.13` | | [@clerk/testing](https://github.com/clerk/javascript/tree/HEAD/packages/testing) | `2.0.12` | `2.0.21` | | [@rolldown/plugin-babel](https://github.com/rolldown/plugins/tree/HEAD/packages/babel) | `0.2.2` | `0.2.3` | | [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.2` | `4.2.4` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.2` | `25.6.0` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.16` | `2.10.23` | | [dotenv](https://github.com/motdotla/dotenv) | `17.4.1` | `17.4.2` | | [lefthook](https://github.com/evilmartians/lefthook) | `2.1.5` | `2.1.6` | | [markdownlint-cli2](https://github.com/DavidAnson/markdownlint-cli2) | `0.22.0` | `0.22.1` | | [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `4.2.0` | `4.5.0` | | [typescript](https://github.com/microsoft/TypeScript) | `6.0.2` | `6.0.3` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.3` | `4.1.5` | Updates `@clerk/nextjs` from 7.0.12 to 7.2.7 - [Release notes](https://github.com/clerk/javascript/releases) - [Changelog](https://github.com/clerk/javascript/blob/main/packages/nextjs/CHANGELOG.md) - [Commits](https://github.com/clerk/javascript/commits/@clerk/nextjs@7.2.7/packages/nextjs) Updates `@clerk/ui` from 1.5.0 to 1.6.7 - [Release notes](https://github.com/clerk/javascript/releases) - [Changelog](https://github.com/clerk/javascript/blob/main/packages/ui/CHANGELOG.md) - [Commits](https://github.com/clerk/javascript/commits/@clerk/ui@1.6.7/packages/ui) Updates `lucide-react` from 1.7.0 to 1.11.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.11.0/packages/lucide-react) Updates `next` from 16.2.3 to 16.2.4 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.2.3...v16.2.4) Updates `@biomejs/biome` from 2.4.10 to 2.4.13 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.13/packages/@biomejs/biome) Updates `@clerk/testing` from 2.0.12 to 2.0.21 - [Release notes](https://github.com/clerk/javascript/releases) - [Changelog](https://github.com/clerk/javascript/blob/main/packages/testing/CHANGELOG.md) - [Commits](https://github.com/clerk/javascript/commits/@clerk/testing@2.0.21/packages/testing) Updates `@rolldown/plugin-babel` from 0.2.2 to 0.2.3 - [Release notes](https://github.com/rolldown/plugins/releases) - [Changelog](https://github.com/rolldown/plugins/blob/main/packages/babel/CHANGELOG.md) - [Commits](https://github.com/rolldown/plugins/commits/plugin-babel@0.2.3/packages/babel) Updates `@tailwindcss/postcss` from 4.2.2 to 4.2.4 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/@tailwindcss-postcss) Updates `@types/node` from 25.5.2 to 25.6.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `baseline-browser-mapping` from 2.10.16 to 2.10.23 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.10.16...v2.10.23) Updates `dotenv` from 17.4.1 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.4.1...v17.4.2) Updates `lefthook` from 2.1.5 to 2.1.6 - [Release notes](https://github.com/evilmartians/lefthook/releases) - [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md) - [Commits](evilmartians/lefthook@v2.1.5...v2.1.6) Updates `markdownlint-cli2` from 0.22.0 to 0.22.1 - [Changelog](https://github.com/DavidAnson/markdownlint-cli2/blob/main/CHANGELOG.md) - [Commits](DavidAnson/markdownlint-cli2@v0.22.0...v0.22.1) Updates `shadcn` from 4.2.0 to 4.5.0 - [Release notes](https://github.com/shadcn-ui/ui/releases) - [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md) - [Commits](https://github.com/shadcn-ui/ui/commits/shadcn@4.5.0/packages/shadcn) Updates `tailwindcss` from 4.2.2 to 4.2.4 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/tailwindcss) Updates `typescript` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v6.0.2...v6.0.3) Updates `vitest` from 4.1.3 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: "@clerk/nextjs" dependency-version: 7.2.7 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: "@clerk/ui" dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: lucide-react dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: next dependency-version: 16.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@biomejs/biome" dependency-version: 2.4.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@clerk/testing" dependency-version: 2.0.21 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@rolldown/plugin-babel" dependency-version: 0.2.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@tailwindcss/postcss" dependency-version: 4.2.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: baseline-browser-mapping dependency-version: 2.10.23 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: lefthook dependency-version: 2.1.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: markdownlint-cli2 dependency-version: 0.22.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: shadcn dependency-version: 4.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: tailwindcss dependency-version: 4.2.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-04-26T18:56:15Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
devflow	Ready	Preview, Comment	Apr 26, 2026 6:57pm

dependabot · 2026-05-03T18:54:32Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 26, 2026

vercel Bot deployed to Preview April 26, 2026 18:57 View deployment

dependabot Bot closed this May 3, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/npm-dependencies-eb069d5bf4 branch May 3, 2026 18:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm-dependencies group across 1 directory with 17 updates#52

chore(deps): bump the npm-dependencies group across 1 directory with 17 updates#52
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-eb069d5bf4

dependabot Bot commented on behalf of github Apr 26, 2026 •

edited

Loading

Uh oh!

vercel Bot commented Apr 26, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

@​clerk/nextjs@​7.2.7

Patch Changes

@​clerk/nextjs@​7.2.6

Patch Changes

@​clerk/nextjs@​7.2.3

Patch Changes

@​clerk/nextjs@​7.2.2

Patch Changes

@​clerk/nextjs@​7.2.1

Patch Changes

7.2.7

Patch Changes

7.2.6

Patch Changes

7.2.5

Patch Changes

7.2.4

Patch Changes

7.2.3

@​clerk/ui@​1.6.7

Patch Changes

@​clerk/ui@​1.6.5

Patch Changes

@​clerk/ui@​1.6.3

Patch Changes

@​clerk/ui@​1.6.2

Patch Changes

@​clerk/ui@​1.6.1

Patch Changes

1.6.7

Patch Changes

1.6.6

Patch Changes

1.6.5

Patch Changes

1.6.4

Patch Changes

1.6.3

Patch Changes

1.6.2

Patch Changes

Version 1.11.0

What's Changed

New Contributors

Version 1.10.0

What's Changed

New Contributors

Version 1.9.0

What's Changed

New Contributors

v16.2.4

Core Changes

Credits

Biome CLI v2.4.13

2.4.13

Patch Changes

2.4.13

Patch Changes

@​clerk/testing@​2.0.21

Patch Changes

@​clerk/testing@​2.0.17

Patch Changes

@​clerk/testing@​2.0.16

Patch Changes

@​clerk/testing@​2.0.15

Patch Changes

2.0.21

Patch Changes

2.0.20

Patch Changes

2.0.19

Patch Changes

2.0.18

Patch Changes

2.0.17

Patch Changes

2.0.16

dependabot Bot commented on behalf of github Apr 26, 2026 •

edited

Loading

`@clerk/nextjs@7`.2.7

`@clerk/nextjs@7`.2.6

`@clerk/nextjs@7`.2.3

`@clerk/nextjs@7`.2.2

`@clerk/nextjs@7`.2.1

`@clerk/ui@1`.6.7

`@clerk/ui@1`.6.5

`@clerk/ui@1`.6.3

`@clerk/ui@1`.6.2

`@clerk/ui@1`.6.1

`@clerk/testing@2`.0.21

`@clerk/testing@2`.0.17

`@clerk/testing@2`.0.16

`@clerk/testing@2`.0.15

vercel Bot commented Apr 26, 2026 •

edited

Loading