deps(deps): bump the minor-and-patch group with 11 updates

[dependabot]

Bumps the minor-and-patch group with 11 updates:

Package	From	To
@supabase/supabase-js	2.99.2	2.100.0
framer-motion	12.37.0	12.38.0
ioredis	5.10.0	5.10.1
isomorphic-dompurify	3.3.0	3.6.0
next	16.1.6	16.2.1
openai	6.29.0	6.32.0
puppeteer	24.39.1	24.40.0
resend	6.9.3	6.9.4
sax	1.5.0	1.6.0
undici	7.24.4	7.24.5
eslint-config-next	16.1.6	16.2.1

Updates @supabase/supabase-js from 2.99.2 to 2.100.0

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.100.0

2.100.0 (2026-03-23)

🚀 Features

• realtime: use phoenix's js lib inside realtime-js (#2119)

🩹 Fixes

• auth: guard navigator lock steal against cascade when lock is stolen by another request (#2178)
• realtime: revert vsn type to string (#2170)
• storage: structural detection on json() to detect Response-like errors (#2179)

❤️ Thank You

• Alan Guzek @​GuzekAlan
• Dominik Pilipczuk @​snickerdoodle2
• Katerina Skroumpelou @​mandarini

v2.100.0-rc.0

2.100.0-rc.0 (2026-03-16)

This was a version bump only, there were no code changes.

v2.100.0-canary.4

2.100.0-canary.4 (2026-03-23)

🩹 Fixes

• postgrest: add type safety for eq() and neq() column names (#2175)

❤️ Thank You

• Ayush Baluni @​aayushbaluni

v2.100.0-canary.3

2.100.0-canary.3 (2026-03-20)

This was a version bump only, there were no code changes.

v2.100.0-canary.2

2.100.0-canary.2 (2026-03-19)

This was a version bump only, there were no code changes.

v2.100.0-canary.1

2.100.0-canary.1 (2026-03-19)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.100.0 (2026-03-23)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

Commits

• bc435b3 chore(release): version 2.99.2 changelogs (#2168)
• See full diff in compare view

Updates framer-motion from 12.37.0 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates ioredis from 5.10.0 to 5.10.1

Release notes

Sourced from ioredis's releases.

v5.10.1

5.10.1 (2026-03-19)

Bug Fixes

• cluster: lazily start sharded subscribers (#2090) (4f167bb)

Changelog

Sourced from ioredis's changelog.

5.10.1 (2026-03-19)

Bug Fixes

• cluster: lazily start sharded subscribers (#2090) (4f167bb)

Commits

• 9e26f8b chore(release): 5.10.1 [skip ci]
• 4f167bb fix(cluster): lazily start sharded subscribers (#2090)
• See full diff in compare view

Updates isomorphic-dompurify from 3.3.0 to 3.6.0

Release notes

Sourced from isomorphic-dompurify's releases.

3.6.0: Updated dependencies

Dependency updates:

• bump jsdom from 29.0.0 to 29.0.1
• bump @​types/jsdom from 28.0.0 to 28.0.1
• bump @​biomejs/biome from 2.4.7 to 2.4.8

3.5.1

Fix outdated build artifacts published in 3.5.0.

3.5.0: Add factory function support

What's new

Features

• The default export is now callable as a factory function, matching the dompurify API — DOMPurify(window) now returns a new DOMPurify instance bound to the given window (#405)

Bug fixes

• Fixed isEqualNode returning false when comparing RETURN_DOM + FORCE_BODY output against nodes from a separate JSDOM context (#405)

Thanks to @​probablykasper for helping with this release.

3.4.0: jsdom update, performance improvement and node 22 requirement update

What's Changed

• Upgraded jsdom from 28 to 29, which fixes performance degradation in long-running processes; note that heap memory still grows over time without calling clearWindow()
• Bumped minimum Node.js 22 requirement from 22.12.0 to 22.13.0 (LTS)
• Added format script (biome format --write) and pre-commit hook
• Updated dev dependencies (biome, vitest)

Commits

• 009574a chore: Updated deps. Incremented project version.
• 21b362d chore(deps): bump jsdom from 29.0.0 to 29.0.1
• 149808d chore(deps-dev): bump @​types/jsdom from 28.0.0 to 28.0.1
• 0e86991 chore(deps-dev): bump @​biomejs/biome from 2.4.7 to 2.4.8
• 4d1e30b 3.5.1
• 349d0c3 chore: configure npm tag version prefix to omit 'v'
• 657da4e chore: add prepublishOnly script to build before publishing
• e83dc35 docs: document factory function usage in README
• bcf7d58 chore: bump version to 3.5.0
• c02319b chore: scope format hook to staged files only
• Additional commits viewable in compare view

Updates next from 16.1.6 to 16.2.1

Release notes

Sourced from next's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.5

Misc Changes

• docs: use ErrorInfo type consistently in catchError docs: #91744

Credits

Huge thanks to @​devjiwonchoi for helping!

v16.2.1-canary.4

Core Changes

• Fix adapter outputs for dynamic metadata routes: #91680

Misc Changes

• Turbopack: fix webpack loader runner layer: #91727
• [turbopack] Remove incorrect debug_assert in try_read_task_cell: #91699
• Add module count field to module graph tracing spans: #91697
• turbopack-cli: add --persistent-caching flag for filesystem-backed cache: #91657
• Turbopack: pull in updated vercel/nft tests: #91651
• Update Rspack development test manifest: #91695
• [test] Unflake use-node-streams-env-precedence test: #91733
• Update Rspack production test manifest: #91694
• [turbopack] Improve regressed build speed on cross-compiled MUSL: #91477

Credits

Huge thanks to @​ijjk, @​mischnic, @​sokra, @​vercel-release-bot, @​unstubbable, and @​mmastrac for helping!

v16.2.1-canary.3

... (truncated)

Commits

• ed7d2ce v16.2.1
• 3e37bb4 docs: post release amends (#91715)
• a15ec6e docs: fix broken Activity Patterns demo link in preserving UI state guide (#9...
• 600cd2f Fix adapter outputs for dynamic metadata routes (#91680)
• 27886d3 Turbopack: fix webpack loader runner layer (#91727)
• 88fc430 Fix server actions in standalone mode with cacheComponents (#91711)
• 37aed86 turbo-persistence: remove Unmergeable mmap advice (#91713)
• d6195ec Fix layout segment optimization: move app-page imports to server-utility tran...
• 6cb97d6 Turbopack: lazy require metadata and handle TLA (#91705)
• e6b101a [turbopack] Respect {eval:true} in worker_threads constructors (#91666)
• Additional commits viewable in compare view

Updates openai from 6.29.0 to 6.32.0

Release notes

Sourced from openai's releases.

v6.32.0

6.32.0 (2026-03-17)

Full Changelog: v6.31.0...v6.32.0

Features

• api: 5.4 nano and mini model slugs (068df6d)

v6.31.0

6.31.0 (2026-03-16)

Full Changelog: v6.30.1...v6.31.0

Features

• api: add in/nin filter types to ComparisonFilter (b2eda27)

v6.30.1

6.30.1 (2026-03-16)

Full Changelog: v6.30.0...v6.30.1

Chores

• internal: tweak CI branches (25f5d74)

v6.30.0

6.30.0 (2026-03-16)

Full Changelog: v6.29.0...v6.30.0

Features

• api: add /v1/videos endpoint option to batches (271d879)
• api: add defer_loading field to NamespaceTool (7cc8f0a)

Bug Fixes

• api: oidc publishing for npm (fa50066)

Changelog

Sourced from openai's changelog.

6.32.0 (2026-03-17)

Full Changelog: v6.31.0...v6.32.0

Features

• api: 5.4 nano and mini model slugs (068df6d)

6.31.0 (2026-03-16)

Full Changelog: v6.30.1...v6.31.0

Features

• api: add in/nin filter types to ComparisonFilter (b2eda27)

6.30.1 (2026-03-16)

Full Changelog: v6.30.0...v6.30.1

Chores

• internal: tweak CI branches (25f5d74)

6.30.0 (2026-03-16)

Full Changelog: v6.29.0...v6.30.0

Features

• api: add /v1/videos endpoint option to batches (271d879)
• api: add defer_loading field to NamespaceTool (7cc8f0a)

Bug Fixes

• api: oidc publishing for npm (fa50066)

Commits

• d95158f release: 6.32.0
• b6f0f44 feat(api): 5.4 nano and mini model slugs
• c1c713e release: 6.31.0
• 96166da feat(api): add in/nin filter types to ComparisonFilter
• 00ef21d ignore the oidc dir
• f3c92c7 release: 6.30.1
• 6359334 chore(internal): tweak CI branches
• ce33e4c codegen metadata
• 3d195aa release: 6.30.0
• ba14ec8 fix(api): oidc publishing for npm
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openai since your current version.

Updates puppeteer from 24.39.1 to 24.40.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.40.0

24.40.0 (2026-03-19)

🎉 Features

• support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756) (2a8276e)

🛠️ Fixes

• roll to Chrome 146.0.7680.153 (#14787) (443e87f)
• roll to Chrome 146.0.7680.80 (#14778) (14685a0)

puppeteer: v24.40.0

24.40.0 (2026-03-19)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.39.1 to 24.40.0

Changelog

Sourced from puppeteer's changelog.

24.40.0 (2026-03-19)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.39.1 to 24.40.0

🎉 Features

• support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756) (2a8276e)

🛠️ Fixes

• roll to Chrome 146.0.7680.153 (#14787) (443e87f)
• roll to Chrome 146.0.7680.80 (#14778) (14685a0)

Commits

• 2f17622 chore: release main (#14783)
• 443e87f fix: roll to Chrome 146.0.7680.153 (#14787)
• 2a8276e feat: support PUPPETEER_DANGEROUS_NO_SANDBOX environment variable (#14756)
• 14685a0 fix: roll to Chrome 146.0.7680.80 (#14778)
• 7a8b8e6 chore(deps): bump the all group with 2 updates (#14780)
• See full diff in compare view

Updates resend from 6.9.3 to 6.9.4

Release notes

Sourced from resend's releases.

v6.9.4

What's Changed

• chore(deps): update dependency tsdown to v0.21.0 by @​renovate[bot] in resend/resend-node#868
• chore(deps): update pnpm to v10.30.3 by @​renovate[bot] in resend/resend-node#846
• chore(deps): update tj-actions/changed-files digest to c23d52b by @​renovate[bot] in resend/resend-node#851
• chore(deps): update pnpm/action-setup digest to 9b5745c by @​renovate[bot] in resend/resend-node#852
• chore(deps): update dependency rimraf to v6.1.3 by @​renovate[bot] in resend/resend-node#850
• chore(deps): update dependency @​types/react to v19.2.14 by @​renovate[bot] in resend/resend-node#845
• chore(deps): update dependency dotenv to v17.3.1 by @​renovate[bot] in resend/resend-node#848
• fix(deps): update dependency svix to v1.86.0 by @​renovate[bot] in resend/resend-node#849
• chore(deps): update dependency @​types/node to v24.11.0 by @​renovate[bot] in resend/resend-node#856
• chore(deps): update dependency @​biomejs/biome to v2.4.6 by @​renovate[bot] in resend/resend-node#847
• feat(api-keys): add last_used_at field to API key response by @​joaopcm in resend/resend-node#877
• chore(deps): update dependency @​biomejs/biome to v2.4.7 by @​renovate[bot] in resend/resend-node#879
• chore: bump package version to 6.9.4 by @​joaopcm in resend/resend-node#878

Full Changelog: resend/resend-node@v6.9.3...v6.9.4

Commits

• 95e4630 chore: bump package version to 6.9.4 (#878)
• 3413387 chore(deps): update dependency @​biomejs/biome to v2.4.7 (#879)
• 0987940 feat(api-keys): add last_used_at field to API key response (#877)
• 02ee43c chore(deps): update dependency @​biomejs/biome to v2.4.6 (#847)
• 35cd31a chore(deps): update dependency @​types/node to v24.11.0 (#856)
• cfd8a08 fix(deps): update dependency svix to v1.86.0 (#849)
• 0acc12d chore(deps): update dependency dotenv to v17.3.1 (#848)
• d16e477 chore(deps): update dependency @​types/react to v19.2.14 (#845)
• f0297fd chore(deps): update dependency rimraf to v6.1.3 (#850)
• 222395a chore(deps): update pnpm/action-setup digest to 9b5745c (#852)
• Additional commits viewable in compare view

Updates sax from 1.5.0 to 1.6.0

Commits

• be26f54 1.6.0
• 888182e feat: Add UTF-16 stream decoding and strict XML encoding validation
• 10108ee fix pkg
• See full diff in compare view

Updates undici from 7.24.4 to 7.24.5

Release notes

Sourced from undici's releases.

v7.24.5

What's Changed

• Formdata tests by @​KhafraDev in nodejs/undici#4902
• test: add unexpected disconnect guards to more client test files by @​samayer12 in nodejs/undici#4844
• fix(cache): only apply 1-year deleteAt for immutable responses by @​metalix2 in nodejs/undici#4913

New Contributors

• @​metalix2 made their first contribution in nodejs/undici#4913

Full Changelog: nodejs/undici@v7.24.4...v7.24.5

Commits

• 51fd661 Bumped v7.24.5 (#4915)
• 9077500 fix(cache): only apply 1-year deleteAt for immutable responses (#4913)
• 1c5dc1a test: add unexpected disconnect guards to more client test files (#4844)
• 2885361 Formdata tests (#4902)
• See full diff in compare view

Updates eslint-config-next from 16.1.6 to 16.2.1

Release notes

Sourced from eslint-config-next's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.5

Misc Changes

• docs: use ErrorInfo type consistently in catchError docs: #91744

Credits

Huge thanks to @​devjiwonchoi for helping!

v16.2.1-canary.4

Core Changes

• Fix adapter outputs for dynamic metadata routes: #91680

Misc Changes

• Turbopack: fix webpack loader runner layer: #91727
• [turbopack] Remove incorrect debug_assert in try_read_task_cell: #91699
• Add module count field to module graph tracing spans: #91697
• turbopack-cli: add --persistent-caching flag for filesystem-backed cache: #91657
• Turbopack: pull in updated vercel/nft tests: #91651
• Update Rspack development test manifest: #91695
• [test] Unflake use-node-streams-env-precedence test: #91733
• Update Rspack production test manifest: #91694
• [turbopack] Improve regressed build speed on cross-compiled MUSL: #91477

Credits

Huge thanks to @​ijjk, @​mischnic, @​sokra, @​vercel-release-bot, @​unstubbable, and @​mmastrac for helping!

v16.2.1-canary.3

... (truncated)

Commits

• ed7d2ce v16.2.1
• c5c94df v16.2.0
• 3683192 v16.2.0-canary.104
• 6689814 v16.2.0-canary.103
• ad66dbc v16.2.0-canary.102
• b856498 v16.2.0-canary.101
• 136b77e v16.2.0-canary.100
• 0f59973 v16.2.0-canary.99
• 792522d v16.2.0-canary.98
• 2769b55 v16.2.0-canary.97
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​16.1.6 ⏵ 16.2.1		+6	+1
	eslint-config-next@​16.1.6 ⏵ 16.2.1
	openai@​6.29.0 ⏵ 6.33.0	+1		+1
	sax@​1.5.0 ⏵ 1.6.0	+1		+1
	puppeteer@​24.39.1 ⏵ 24.40.0				-1
	ioredis@​5.10.0 ⏵ 5.10.1	+1		+1
	isomorphic-dompurify@​3.3.0 ⏵ 3.7.1	+1			+1
	framer-motion@​12.37.0 ⏵ 12.38.0	+1		+1	-1
	resend@​6.9.3 ⏵ 6.9.4				+1
	@​supabase/​supabase-js@​2.99.2 ⏵ 2.101.0	+26			+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Low adoption: npm node-exports-info Location: Package overview From: pnpm-lock.yaml → npm/eslint-config-next@16.2.1 → npm/node-exports-info@1.6.0 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-exports-info@1.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report