chore(deps): bump the npm-dependencies group across 1 directory with 21 updates by dependabot[bot] · Pull Request #54 · michellepace/devflow

dependabot · 2026-05-10T18:57:06Z

Bumps the npm-dependencies group with 20 updates in the / directory:

Package	From	To
@clerk/nextjs	`7.0.12`	`7.3.3`
@clerk/ui	`1.5.0`	`1.9.1`
lucide-react	`1.7.0`	`1.14.0`
next	`16.2.3`	`16.2.6`
react	`19.2.5`	`19.2.6`
react-dom	`19.2.5`	`19.2.6`
tailwind-merge	`3.5.0`	`3.6.0`
@biomejs/biome	`2.4.10`	`2.4.15`
@clerk/testing	`2.0.12`	`2.0.27`
@rolldown/plugin-babel	`0.2.2`	`0.2.3`
@tailwindcss/postcss	`4.2.2`	`4.3.0`
@types/node	`25.5.2`	`25.6.2`
baseline-browser-mapping	`2.10.16`	`2.10.29`
dotenv	`17.4.1`	`17.4.2`
jsdom	`29.0.2`	`29.1.1`
lefthook	`2.1.5`	`2.1.6`
markdownlint-cli2	`0.22.0`	`0.22.1`
shadcn	`4.2.0`	`4.7.0`
typescript	`6.0.2`	`6.0.3`
vitest	`4.1.3`	`4.1.5`

Updates @clerk/nextjs from 7.0.12 to 7.3.3

Release notes

Sourced from @clerk/nextjs's releases.

@clerk/nextjs@7.3.3

Patch Changes

Updated dependencies [0ab09a8, 6408ab6, 5cda3ee]:

@clerk/backend@3.4.7

@clerk/shared@4.10.2

@clerk/react@6.6.2

@clerk/nextjs@7.3.2

Patch Changes

Improved auth() error message when clerkMiddleware() is not detected to mention that infrastructure issues (e.g. edge runtime errors or platform outages) can also cause this error. (#8007) by @jacekradko

Updated dependencies [7a5892f]:

@clerk/backend@3.4.6

@clerk/shared@4.10.1

@clerk/react@6.6.1

@clerk/nextjs@7.3.1

Patch Changes

Enforce middleware authorization during the keyless bootstrap window. auth.protect() and custom authorization checks now fail closed instead of being bypassed while the publishable key is being provisioned. (#8369) by @jacekradko

Updated dependencies [9e9230c, 68d32df, 1c27d4d, 1001193]:

@clerk/shared@4.10.0

@clerk/react@6.6.0

@clerk/backend@3.4.5

@clerk/nextjs@7.3.0

Minor Changes
Expose OAuthConsent as a public component export across React-based SDKs. (#8381) by @wobsoriano

Example:
import { OAuthConsent } from '@clerk/react';
export default function Page() {
return <OAuthConsent />;
}
Patch Changes

Updated dependencies [785f057, 90beaeb, 244920d]:

@clerk/shared@4.9.0

@clerk/react@6.5.0

@clerk/backend@3.4.4

... (truncated)

Changelog

Sourced from @clerk/nextjs's changelog.

7.3.3

Patch Changes

Updated dependencies [0ab09a8, 6408ab6, 5cda3ee]:

@clerk/backend@3.4.7

@clerk/shared@4.10.2

@clerk/react@6.6.2

7.3.2

Patch Changes

Improved auth() error message when clerkMiddleware() is not detected to mention that infrastructure issues (e.g. edge runtime errors or platform outages) can also cause this error. (#8007) by @jacekradko

Updated dependencies [7a5892f]:

@clerk/backend@3.4.6

@clerk/shared@4.10.1

@clerk/react@6.6.1

7.3.1

Patch Changes

Enforce middleware authorization during the keyless bootstrap window. auth.protect() and custom authorization checks now fail closed instead of being bypassed while the publishable key is being provisioned. (#8369) by @jacekradko

Updated dependencies [9e9230c, 68d32df, 1c27d4d, 1001193]:

@clerk/shared@4.10.0

@clerk/react@6.6.0

@clerk/backend@3.4.5

7.3.0

Minor Changes
Expose OAuthConsent as a public component export across React-based SDKs. (#8381) by @wobsoriano

Example:
import { OAuthConsent } from '@clerk/react';
export default function Page() {
return <OAuthConsent />;
}
Patch Changes

Updated dependencies [785f057, 90beaeb, 244920d]:

... (truncated)

Commits

ba158ac ci(repo): Version packages (#8501)
4c44aa6 ci(repo): Version packages (#8484)
30ec271 fix(nextjs): improve auth() error message to mention infrastructure failures ...
cd6c4b7 ci(repo): Version packages (#8440)
f1d257d fix(nextjs): enforce middleware authorization during keyless bootstrap (#8369)
b2e702e ci(repo): Version packages (#8438)
244920d chore(clerk-js,ui): Make OAuthConsent component public (#8381)
7680859 ci(repo): Version packages (#8433)
e85de19 ci(repo): Version packages (#8413)
9b57986 feat(*): auto-proxy for eligible hosts (#8035)
Additional commits viewable in compare view

Updates @clerk/ui from 1.5.0 to 1.9.1

Release notes

Sourced from @clerk/ui's releases.

@clerk/ui@1.9.1

Patch Changes

Fixed unhandled TypeError when unsafeMetadata is passed to <SignUp /> (#8500) by @wobsoriano

Updated dependencies [5cda3ee]:

@clerk/shared@4.10.2

@clerk/localizations@4.6.2

@clerk/ui@1.9.0

Minor Changes

Removed unused internal OAuthConsent prop. (#8492) by @wobsoriano

Patch Changes

Add wizard steps for the <__experimental_ConfigureSSO /> component (#8468) by @LauraBeatris

Remove back button on the sign-in password compromised/pwned error screen. (#8280) by @Ephem

These errors are not recoverable by re-entering the password, so the back button led to a confusing dead end that would always take you back to the same error.

Updated dependencies [7a5892f]:

@clerk/shared@4.10.1

@clerk/localizations@4.6.1

@clerk/ui@1.8.0

Minor Changes

Add experimental <ConfigureSSO /> component. Not ready for usage yet. (#8427) by @LauraBeatris

Patch Changes

Localize API keys table headers (#8462) by @jebibot

Surface initialization errors and stalled mounts in the component renderer. The internal ensureMounted pipeline now logs a [Clerk UI] error to the console when the lazy module import rejects, and emits a diagnostic warning if the renderer has not mounted within 10 seconds. Makes silent failures (e.g. failed dev-server chunk loads, unresolved lazy-compilation proxies) surface with an actionable message instead of hanging without feedback. (#8379) by @jacekradko

Updated dependencies [9e9230c, 68d32df, 1c27d4d, 1001193]:

@clerk/localizations@4.6.0

@clerk/shared@4.10.0

@clerk/ui@1.7.0

Minor Changes

Render OAuthConsent organization selector from user:org:read scope. (#8415) by @wobsoriano

Expose OAuthConsent as a public component export across React-based SDKs. (#8381) by @wobsoriano

Example:

... (truncated)

Changelog

Sourced from @clerk/ui's changelog.

1.9.1

Patch Changes

Fixed unhandled TypeError when unsafeMetadata is passed to <SignUp /> (#8500) by @wobsoriano

Updated dependencies [5cda3ee]:

@clerk/shared@4.10.2

@clerk/localizations@4.6.2

1.9.0

Minor Changes

Removed unused internal OAuthConsent prop. (#8492) by @wobsoriano

Patch Changes

Add wizard steps for the <__experimental_ConfigureSSO /> component (#8468) by @LauraBeatris

Remove back button on the sign-in password compromised/pwned error screen. (#8280) by @Ephem

These errors are not recoverable by re-entering the password, so the back button led to a confusing dead end that would always take you back to the same error.

Updated dependencies [7a5892f]:

@clerk/shared@4.10.1

@clerk/localizations@4.6.1

1.8.0

Minor Changes

Add experimental <ConfigureSSO /> component. Not ready for usage yet. (#8427) by @LauraBeatris

Patch Changes

Localize API keys table headers (#8462) by @jebibot

Surface initialization errors and stalled mounts in the component renderer. The internal ensureMounted pipeline now logs a [Clerk UI] error to the console when the lazy module import rejects, and emits a diagnostic warning if the renderer has not mounted within 10 seconds. Makes silent failures (e.g. failed dev-server chunk loads, unresolved lazy-compilation proxies) surface with an actionable message instead of hanging without feedback. (#8379) by @jacekradko

Updated dependencies [9e9230c, 68d32df, 1c27d4d, 1001193]:

@clerk/localizations@4.6.0

@clerk/shared@4.10.0

1.7.0

Minor Changes

Render OAuthConsent organization selector from user:org:read scope. (#8415) by @wobsoriano

... (truncated)

Commits

ba158ac ci(repo): Version packages (#8501)
ee17b74 test(ui): bump timeout on SignUpStart unsafeMetadata test (#8504)
db3f1a9 fix(ui): Add missing noop methods to unsafeMetadata field in SignUpStart (#8500)
4c44aa6 ci(repo): Version packages (#8484)
a1635f0 chore(clerk-js,ui): Remove unused internal OAuthConsent prop (#8492)
763808b chore(ui): Add wizard steps to \<ConfigureSSO /> (#8468)
3ffbe1f fix(ui): remove back button from sign-in password compromised/pwned error scr...
cd6c4b7 ci(repo): Version packages (#8440)
9e9230c fix(ui,localizations): Localize API keys component table headers (#8462)
1001193 feat(ui,clerk-js,shared): Add \<experimental_ConfigureSSO /> (#8427)
Additional commits viewable in compare view

Updates lucide-react from 1.7.0 to 1.14.0

Release notes

Sourced from lucide-react's releases.

Version 1.14.0

What's Changed

feat(icons): added repeat-off icon by @jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

fix(docs): sync URL params with UI state on categories page by @taimar in lucide-icons/lucide#4111

feat(icons): add waves-vertical icon by @jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

feat(icon): add folder-bookmark icon by @swastik7805 in lucide-icons/lucide#4262

docs(readme): Update readme files by @ericfennis in lucide-icons/lucide#4320

feat(icons): added astroid icon by @whoisBugsbunny in lucide-icons/lucide#4217

Full Changelog: lucide-icons/lucide@1.10.0...1.12.0

Version 1.11.0

What's Changed

docs: add missing period to TypeScript Support description by @jglu in lucide-icons/lucide#4309

fix(@lucide/svelte): proper doc comments for svelte components by @blt-r in lucide-icons/lucide#4267

chore(deps): bump svgo from 3.3.2 to 3.3.3 by @dependabot[bot] in lucide-icons/lucide#4119

chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @dependabot[bot] in lucide-icons/lucide#4310

feat(icons): add power and quick tags to zap and zap-off by @swastik7805 in lucide-icons/lucide#4268

test(build-font): added comprehensive unit tests on build-font tool by @karsa-mistmere in lucide-icons/lucide#4315

feat(docs): blur background of framework-select by @Spleefies in lucide-icons/lucide#4238

feat(icon): add heart-x icon by @swastik7805 in lucide-icons/lucide#4264

fix(icons): optimised rotate-3d icon by @jamiemlaw in lucide-icons/lucide#4299

feat(icons): added layers-minus icon by @Spleefies in lucide-icons/lucide#4005

feat(icons): added bell-check icon by @pettelau in lucide-icons/lucide#4152

New Contributors

@jglu made their first contribution in lucide-icons/lucide#4309

@pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

Version 1.10.0

What's Changed

docs: add missing period to TypeScript Support description by @jglu in lucide-icons/lucide#4309

fix(@lucide/svelte): proper doc comments for svelte components by @blt-r in lucide-icons/lucide#4267

chore(deps): bump svgo from 3.3.2 to 3.3.3 by @dependabot[bot] in lucide-icons/lucide#4119

chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @dependabot[bot] in lucide-icons/lucide#4310

... (truncated)

Commits

50d8af5 docs(readme): Update readme files (#4320)
653e44b feat(packages): use .mjs for ESM bundles (#4285)
7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
See full diff in compare view

Updates next from 16.2.3 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

This release contains security fixes for the following advisories:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.5

This release contains security fixes for the following advisories:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

Type hardening and performance improvements (#36425 by @eps1lon and @unstubbable)

Commits

eaf3e95 Version 19.2.6
See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

Type hardening and performance improvements (#36425 by @eps1lon and @unstubbable)

Commits

eaf3e95 Version 19.2.6
See full diff in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

Add support for Tailwind CSS v4.3 by @dcastil in dcastil/tailwind-merge#677

Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries

Add support for readonly array values by @unional in dcastil/tailwind-merge#652

Documentation

Fix broken links in README by @maurer2 in dcastil/tailwind-merge#662

Other

Harden internal CI pipeline security by omitting git checkout by @dcastil, suggested by @kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @brandonmcconnell, @manavm1990, @langy, @roboflow, @syntaxfm, @getsentry, @codecov, a private sponsor, @block, @openclaw, @sourcegraph, @mike-healy and more via @thnxdev for sponsoring tailwind-merge! ❤️

Commits

d54f7e5 v3.6.0
638871a Update README to add info about Tailwind CSS v4.3 support
39fc7b5 Revert "v3.6.0"
bd8390f v3.6.0
802877c add v3.6.0 changelog
a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
005af6d pin to specific version
5816ced implement breaking changes
17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.10 to 2.4.15

Release notes

Sourced from @biomejs/biome's releases.

Biome CLI v2.4.15

2.4.15

Patch Changes
#9394 ba3480e Thanks @dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.
#10254 e0a54cc Thanks @dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

For example, the following snippet triggers the rule:
import { nextTick } from "vue";
nextTick(() => {
updateDom();
});
#10219 64aee45 Thanks @dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

For example, the following snippet triggers the rule:
<input @keyup.13="submit" />
#10195 7b8d4e1 Thanks @dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

#10238 1110256 Thanks @dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

#10201 1a08f89 Thanks @realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

#9574 3bd2b6a Thanks @Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.
#10205 a704a6c Thanks @Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.
{
  "assist": {
    "actions": {
      "source": {
        "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
      }
    }
  }
}

... (truncated)

Changelog

Sourced from @biomejs/biome's changelog.

2.4.15

Patch Changes
#9394 ba3480e Thanks @dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.
#10254 e0a54cc Thanks @dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

For example, the following snippet triggers the rule:
import { nextTick } from "vue";
nextTick(() => {
updateDom();
});
#10219 64aee45 Thanks @dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

For example, the following snippet triggers the rule:
<input @keyup.13="submit" />
#10195 7b8d4e1 Thanks @dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

#10238 1110256 Thanks @dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

#10201 1a08f89 Thanks @realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

#9574 3bd2b6a Thanks @Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.
#10205 a704a6c Thanks @Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.
{
  "assist": {
    "actions": {
      "source": {
        "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
      }
    }
  }
}

... (truncated)

Commits

9dd3271 ci: release (#10210)
7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
e0a54cc feat(lint/js/vue): add useVueNextTickPromise (#10254)
1110256 feat(lint/vue): add noVueImportCompilerMacros (#10238)
7f7419c fix: grammar in extends docstring (#10263)
0ae5840 feat(lint/js): add useThisForClassMethods (#9807)
83f7385 feat(lint/js): add noBaseToString (#9838)
64aee45 feat(lint/html/vue): add noVueVOnNumberValues (#10219)
46393e0 ci: release (#10100)
Additional commits viewable in compare view

Updates @clerk/testing from 2.0.12 to 2.0.27

Release notes

Sourced from @clerk/testing's releases.

@clerk/testing@2.0.27

Patch Changes

Updated dependencies [0ab09a8, 6408ab6, 5cda3ee]:

@clerk/backend@3.4.7

@clerk/shared@4.10.2

@clerk/testing@2.0.26

Patch Changes

Updated dependencies [7a5892f]:

@clerk/backend@3.4.6

@clerk/shared@4.10.1

@clerk/testing@2.0.25

Patch Changes

Updated dependencies [9e9230c, 68d32df, 1c27d4d, 1001193]:

@clerk/shared@4.10.0

@clerk/backend@3.4.5

@clerk/testing@2.0.24

Patch Changes

Updated dependencies [785f057, 90beaeb, 244920d]:

@clerk/shared@4.9.0

@clerk/backend@3.4.4

@clerk/testing@2.0.23

Patch Changes

Updated dependencies [1bfd8ab]:

Description has been truncated

…21 updates Bumps the npm-dependencies group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@clerk/nextjs](https://github.com/clerk/javascript/tree/HEAD/packages/nextjs) | `7.0.12` | `7.3.3` | | [@clerk/ui](https://github.com/clerk/javascript/tree/HEAD/packages/ui) | `1.5.0` | `1.9.1` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.7.0` | `1.14.0` | | [next](https://github.com/vercel/next.js) | `16.2.3` | `16.2.6` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.6` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.6` | | [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` | | [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.10` | `2.4.15` | | [@clerk/testing](https://github.com/clerk/javascript/tree/HEAD/packages/testing) | `2.0.12` | `2.0.27` | | [@rolldown/plugin-babel](https://github.com/rolldown/plugins/tree/HEAD/packages/babel) | `0.2.2` | `0.2.3` | | [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.2` | `4.3.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.2` | `25.6.2` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.16` | `2.10.29` | | [dotenv](https://github.com/motdotla/dotenv) | `17.4.1` | `17.4.2` | | [jsdom](https://github.com/jsdom/jsdom) | `29.0.2` | `29.1.1` | | [lefthook](https://github.com/evilmartians/lefthook) | `2.1.5` | `2.1.6` | | [markdownlint-cli2](https://github.com/DavidAnson/markdownlint-cli2) | `0.22.0` | `0.22.1` | | [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `4.2.0` | `4.7.0` | | [typescript](https://github.com/microsoft/TypeScript) | `6.0.2` | `6.0.3` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.3` | `4.1.5` | Updates `@clerk/nextjs` from 7.0.12 to 7.3.3 - [Release notes](https://github.com/clerk/javascript/releases) - [Changelog](https://github.com/clerk/javascript/blob/main/packages/nextjs/CHANGELOG.md) - [Commits](https://github.com/clerk/javascript/commits/@clerk/nextjs@7.3.3/packages/nextjs) Updates `@clerk/ui` from 1.5.0 to 1.9.1 - [Release notes](https://github.com/clerk/javascript/releases) - [Changelog](https://github.com/clerk/javascript/blob/main/packages/ui/CHANGELOG.md) - [Commits](https://github.com/clerk/javascript/commits/@clerk/ui@1.9.1/packages/ui) Updates `lucide-react` from 1.7.0 to 1.14.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.14.0/packages/lucide-react) Updates `next` from 16.2.3 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.2.3...v16.2.6) Updates `react` from 19.2.5 to 19.2.6 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react) Updates `react-dom` from 19.2.5 to 19.2.6 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom) Updates `tailwind-merge` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0) Updates `@biomejs/biome` from 2.4.10 to 2.4.15 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.15/packages/@biomejs/biome) Updates `@clerk/testing` from 2.0.12 to 2.0.27 - [Release notes](https://github.com/clerk/javascript/releases) - [Changelog](https://github.com/clerk/javascript/blob/main/packages/testing/CHANGELOG.md) - [Commits](https://github.com/clerk/javascript/commits/@clerk/testing@2.0.27/packages/testing) Updates `@rolldown/plugin-babel` from 0.2.2 to 0.2.3 - [Release notes](https://github.com/rolldown/plugins/releases) - [Changelog](https://github.com/rolldown/plugins/blob/main/packages/babel/CHANGELOG.md) - [Commits](https://github.com/rolldown/plugins/commits/plugin-babel@0.2.3/packages/babel) Updates `@tailwindcss/postcss` from 4.2.2 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-postcss) Updates `@types/node` from 25.5.2 to 25.6.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `baseline-browser-mapping` from 2.10.16 to 2.10.29 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.10.16...v2.10.29) Updates `dotenv` from 17.4.1 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.4.1...v17.4.2) Updates `jsdom` from 29.0.2 to 29.1.1 - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v29.0.2...v29.1.1) Updates `lefthook` from 2.1.5 to 2.1.6 - [Release notes](https://github.com/evilmartians/lefthook/releases) - [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md) - [Commits](evilmartians/lefthook@v2.1.5...v2.1.6) Updates `markdownlint-cli2` from 0.22.0 to 0.22.1 - [Changelog](https://github.com/DavidAnson/markdownlint-cli2/blob/main/CHANGELOG.md) - [Commits](DavidAnson/markdownlint-cli2@v0.22.0...v0.22.1) Updates `shadcn` from 4.2.0 to 4.7.0 - [Release notes](https://github.com/shadcn-ui/ui/releases) - [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md) - [Commits](https://github.com/shadcn-ui/ui/commits/shadcn@4.7.0/packages/shadcn) Updates `tailwindcss` from 4.2.2 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/tailwindcss) Updates `typescript` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v6.0.2...v6.0.3) Updates `vitest` from 4.1.3 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: "@clerk/nextjs" dependency-version: 7.3.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: "@clerk/ui" dependency-version: 1.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: lucide-react dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: react dependency-version: 19.2.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: react-dom dependency-version: 19.2.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: tailwind-merge dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: "@biomejs/biome" dependency-version: 2.4.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@clerk/testing" dependency-version: 2.0.27 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@rolldown/plugin-babel" dependency-version: 0.2.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@tailwindcss/postcss" dependency-version: 4.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: "@types/node" dependency-version: 25.6.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: baseline-browser-mapping dependency-version: 2.10.29 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: jsdom dependency-version: 29.1.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: lefthook dependency-version: 2.1.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: markdownlint-cli2 dependency-version: 0.22.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: shadcn dependency-version: 4.7.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: tailwindcss dependency-version: 4.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-05-10T18:57:08Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
devflow	Ready	Preview, Comment	May 10, 2026 6:57pm

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 10, 2026

vercel Bot deployed to Preview May 10, 2026 18:57 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm-dependencies group across 1 directory with 21 updates#54

chore(deps): bump the npm-dependencies group across 1 directory with 21 updates#54
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-76ff98fb53

dependabot Bot commented on behalf of github May 10, 2026

Uh oh!

vercel Bot commented May 10, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 10, 2026

@​clerk/nextjs@​7.3.3

Patch Changes

@​clerk/nextjs@​7.3.2

Patch Changes

@​clerk/nextjs@​7.3.1

Patch Changes

@​clerk/nextjs@​7.3.0

Minor Changes

Patch Changes

7.3.3

Patch Changes

7.3.2

Patch Changes

7.3.1

Patch Changes

7.3.0

Minor Changes

Patch Changes

@​clerk/ui@​1.9.1

Patch Changes

@​clerk/ui@​1.9.0

Minor Changes

Patch Changes

@​clerk/ui@​1.8.0

Minor Changes

Patch Changes

@​clerk/ui@​1.7.0

Minor Changes

1.9.1

Patch Changes

1.9.0

Minor Changes

Patch Changes

1.8.0

Minor Changes

Patch Changes

1.7.0

Minor Changes

Version 1.14.0

What's Changed

Version 1.13.0

What's Changed

Version 1.12.0

What's Changed

Version 1.11.0

What's Changed

New Contributors

Version 1.10.0

What's Changed

v16.2.6

v16.2.5

v16.2.4

Core Changes

19.2.6 (May 6th, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

v3.6.0

New Features

Documentation

Other

Biome CLI v2.4.15

2.4.15

Patch Changes

2.4.15

Patch Changes

@​clerk/testing@​2.0.27

Patch Changes

@​clerk/testing@​2.0.26

Patch Changes

@​clerk/testing@​2.0.25

Patch Changes

@​clerk/testing@​2.0.24

Patch Changes

@​clerk/testing@​2.0.23

Patch Changes

Uh oh!

vercel Bot commented May 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

`@clerk/nextjs@7`.3.3

`@clerk/nextjs@7`.3.2

`@clerk/nextjs@7`.3.1

`@clerk/nextjs@7`.3.0

`@clerk/ui@1`.9.1

`@clerk/ui@1`.9.0

`@clerk/ui@1`.8.0

`@clerk/ui@1`.7.0

`@clerk/testing@2`.0.27

`@clerk/testing@2`.0.26

`@clerk/testing@2`.0.25

`@clerk/testing@2`.0.24

`@clerk/testing@2`.0.23

vercel Bot commented May 10, 2026 •

edited

Loading