Skip to content

deps: bump the dependencies-minor group across 1 directory with 5 updates #321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 7, 2025
Merged

deps: bump the dependencies-minor group across 1 directory with 5 updates #321

merged 1 commit into from
Jul 7, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 4, 2025
edited
Loading

Bumps the dependencies-minor group with 5 updates in the / directory:

Package From To
lucide-react 0.517.0 0.525.0
next 15.3.4 15.3.5
react-hook-form 7.58.1 7.59.0
zod 3.25.67 3.25.72
@playwright/test 1.53.1 1.53.2

Updates lucide-react from 0.517.0 to 0.525.0

Release notes

Sourced from lucide-react's releases.

Version 0.525.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.524.0...0.525.0

Version 0.524.0

What's Changed

Full Changelog: lucide-icons/lucide@0.523.0...0.524.0

Version 0.523.0

What's Changed

Full Changelog: lucide-icons/lucide@0.522.0...0.523.0

Version 0.522.0

What's Changed

Full Changelog: lucide-icons/lucide@0.521.0...0.522.0

Version 0.521.0

What's Changed

New Contributors

... (truncated)

Commits

Updates next from 15.3.4 to 15.3.5

Release notes

Sourced from next's releases.

v15.3.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Turbopack: list assert/strict as external (#80884)
  • omit searchParam data from FlightRouterState before transport (#80734)
  • bugfix: propagate staleTime to seeded prefetch entry (#81263)

Misc Changes

  • document turbopack trace viewer (#78184)

Credits

Huge thanks to @​ztanner, @​mischnic, and @​bgw for helping!

Commits

Updates react-hook-form from 7.58.1 to 7.59.0

Release notes

Sourced from react-hook-form's releases.

Version 7.59.0

🪱 feat: support deep equality checking with circular references (#12914) 🐞 fix #12900 issue with formData reference clone (#12906) 🐞 fix #12873 issue with undefined value for submit data (#12905) 🐞 fix case when useWatch accept object variable param (#12897) 🐞 fix: typo in UseFormSubscribe and missing event type for callback data in subscribe (#12904) Revert "⌨️ rename to UseFormResetFieldOptions for type consistency" (#12907)

thanks to @​aspirisen @​n8pjl @​SKOLZ @​pushys & @​candymask0712

Commits
  • 6116a68 7.59.0
  • 9fdbe26 🪱 feat: support deep equality checking with circular references (#12914)
  • e84a9dd Revert "⌨️ rename to UseFormResetFieldOptions for type consistency" (#12907)
  • 5b74123 🐞 fix #12900 issue with formData reference clone (#12906)
  • e297014 🐞 fix #12873 issue with undefined value for submit data (#12905)
  • 6befe89 ❤️ chore: updated GraphCMS sponsor url to match the current brand name 'Hygra...
  • bbd92eb 📝 chore: update readme and remove funding.yml
  • c4e2d7c 🐞 fix: typo in UseFormSubscribe and missing event type for callback data in...
  • c9d3156 🐞 fix case when useWatch accept object variable param (#12897)
  • See full diff in compare view

Updates zod from 3.25.67 to 3.25.72

Release notes

Sourced from zod's releases.

v3.25.72

Commits:

  • 4a4dac7cfb787162eeb79165d39bbb4830d4a6de Warn about id uniqueness check on Metadata page (#4782)
  • 7a5838dc0da967e15a217bf5abdd81f725da46c4 feat(locale): Add Esperanto (eo) locale (#4743)
  • 36fe14e1472f2a7cd71415841be8832fc4e9acc5 Fix optionality of schemas (#4769)
  • 20c8c4b67b508d653012808f69c43c7cfe5b39e3 Fix re-export bug
  • 8b0df10c8757a5fbd75bd65128ae183d764b3304 3.25.72

v3.25.71

Commits:

  • 66a0f34bfc746acddbfb68426b8b1b3f1d3d1727 Move source to /src (#4808)
  • 2a15f44606fd66335c6ebc1f91d702bb6bc95693 3.25.71

v3.25.70

Commits:

  • bd81c7cfaa03f61365d1c708c7e0f1cac54ea9ca Add ecosystem listing to homepage
  • 1ddb9719564e644722852193930a09d54f720443 Add Mobb to sponsors
  • 30ba440859f5b9184817f578626ff85d484aec27 Clean up ecosystem.mdx
  • 0ef1b85b5923a1a06a2afab47dbad249d105a997 Add svelte-jsonschema-form to form integrations (#4784)
  • 14715f147363e88e73190bb6ddbdf008914f0b19 docs: fix Lambda spelling (#4804)
  • f6da030188ea30defc025bbc672e5a81fbe93078 Add back src (#4806)
  • 364200a67c9f74ef252dbfa65ea93aab8fb15c06 Revert "Add back src (#4806)"
  • 16e1b67e15d794afbbc3208a0d1153ce9637f26a v3.25.70 (#4807)

v3.25.69

Commits:

  • f46946ca3b3e28122fcf8433af36c4827e9b2a97 Improve release workflow
  • b6fe831e7a2cd5d26b45fafa7c303e980ac472b5 Do not clobber defaults in
  • 7f986d021d28441acfc1fda6c25b3842fe4b26e7 Skip attw test if Zod isn't built
  • 5576182a9b8bda42bf8ddb98b370b938765831b1 Add exact to too_big/too_small issue formats (#4802)
  • 8fd2fc3f91a061935cfb3d92d8e0684caec92634 3.25.69

v3.25.68

Commits:

  • d3e0f867d6ce8e310a1c6b546798561f0f501eaa feat: add zod-xlsx back to the ecosystem.tsx (#4718)
  • 86112d96c22a555f6d0789ec5f66f639fd6883c4 chore: update lint-staged from v12 to v16 (#4703)
  • 218a26784b0618b6c2dfd9eced8888d330427435 chore: remove unused octokit (#4708)
  • a7cb6ed52e507a267d25e6eeca7dc1c82d7d5c06 fix(v4): add exact to length check issue (#4617)
  • b888170c8c6cb45513e853810b7cba0e6295423b Close #4035
  • 5879baf3c118c15ddd428bc59a00169c8d864792 Fix fmt
  • bd1bddad9340c540dc699683c2ac02d568dae57b Fix build
  • ddadfb8334c2da88bc3c5cada81b35971eeb816e Simplify basics, document reportInput
  • d5e23683cab94dfd89be8a57193e33187a09ee2d Add z.stringFormat() (#4737)
  • ee5615d76b93aac15d7428a17b834a062235f6a1 Drop example and examples entirely
  • 4080fd9f210a4100746a470799b7d9fe00aedbca Add treeshaking discussion to docs

... (truncated)

Commits

Updates @playwright/test from 1.53.1 to 1.53.2

Release notes

Sourced from @​playwright/test's releases.

v1.53.2

Highlights

microsoft/playwright#36317 - [Regression]: Merging pre-1.53 blob reports loses attachments microsoft/playwright#36357 - [Regression (Chromium)]: CDP missing trailing slash microsoft/playwright#36292 - [Bug (MSEdge)]: Edge fails to launch when using msRelaunchNoCompatLayer

Browser Versions

  • Chromium 138.0.7204.23
  • Mozilla Firefox 139.0
  • WebKit 18.5

This version was also tested against the following stable channels:

  • Google Chrome 137
  • Microsoft Edge 137
Commits
  • 8c38de4 chore: mark v1.53.2 (#36502)
  • 50d76d7 (#36462): fix(chromium): fix compatibility with Edge msRelaunchNoCompatLayer ...
  • 48be646 cherry-pick(#36443): fix(blob): correctly type pre-1.53 onTestEnd event for a...
  • dc15556 cherry-pick(#36377): chore: follow-up to connectOverCDP fetch logic
  • 4d0938c cherry-pick(#36357): fix: adding trialing slash detection logic back in urlTo...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the dependencies-minor group across 1 directory with 5 upd…
9eb7de8 
…ates

Bumps the dependencies-minor group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.517.0` | `0.525.0` |
| [next](https://github.com/vercel/next.js) | `15.3.4` | `15.3.5` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.58.1` | `7.59.0` |
| [zod](https://github.com/colinhacks/zod) | `3.25.67` | `3.25.72` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.53.1` | `1.53.2` |



Updates `lucide-react` from 0.517.0 to 0.525.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.525.0/packages/lucide-react)

Updates `next` from 15.3.4 to 15.3.5
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.3.4...v15.3.5)

Updates `react-hook-form` from 7.58.1 to 7.59.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.58.1...v7.59.0)

Updates `zod` from 3.25.67 to 3.25.72
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.67...v3.25.72)

Updates `@playwright/test` from 1.53.1 to 1.53.2
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.53.1...v1.53.2)

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 0.525.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies-minor
- dependency-name: next
  dependency-version: 15.3.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies-minor
- dependency-name: react-hook-form
  dependency-version: 7.59.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies-minor
- dependency-name: zod
  dependency-version: 3.25.72
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies-minor
- dependency-name: "@playwright/test"
  dependency-version: 1.53.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 4, 2025
@dependabot dependabot bot requested a review from a team as a code owner July 4, 2025 03:31
@dependabot dependabot bot added the javascript Pull requests that update javascript code label Jul 4, 2025
@vercel
Copy link

vercel bot commented Jul 4, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
arcjet-js-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 4, 2025 3:32am

@socket-security
Copy link

socket-security bot commented Jul 4, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednext@​15.3.4 ⏵ 15.3.593 +1210090 +198 +170
Updated@​playwright/​test@​1.53.1 ⏵ 1.53.21001001009980
Updatedlucide-react@​0.517.0 ⏵ 0.525.0100 +110095 +196 +1100
Updatedreact-hook-form@​7.58.1 ⏵ 7.59.0100 +1100100 +195 +2100
Updatedzod@​3.25.67 ⏵ 3.25.7210010010096100

View full report

@socket-security
Copy link

socket-security bot commented Jul 4, 2025

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Warn High
next@15.3.5 has a License Policy Violation.

License: CC-BY-SA-4.0 (package/dist/compiled/glob/LICENSE)

From: package-lock.jsonnpm/next@15.3.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@15.3.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
playwright@1.53.2 has a License Policy Violation.

License: CC-BY-4.0 (package/ThirdPartyNotices.txt)

License: CC-BY-4.0 (package/ThirdPartyNotices.txt)

License: CC-BY-4.0 (package/ThirdPartyNotices.txt)

License: CC-BY-4.0 (package/ThirdPartyNotices.txt)

License: CC-BY-4.0 (package/ThirdPartyNotices.txt)

From: package-lock.jsonnpm/@playwright/test@1.53.2npm/playwright@1.53.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/playwright@1.53.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@qw-in qw-in merged commit ce779c9 into main Jul 7, 2025
5 checks passed
@qw-in qw-in deleted the dependabot/npm_and_yarn/dependencies-minor-3df344b2bd branch July 7, 2025 23:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@qw-in