chore(deps): bump the npm-major group with 26 updates

[dependabot]

Bumps the npm-major group with 26 updates:

Package	From	To
verdaccio	6.7.2	6.7.4
smol-toml	1.6.1	1.7.0
@supabase/supabase-js	2.108.1	2.108.2
@anthropic-ai/claude-agent-sdk	0.3.177	0.3.185
@anthropic-ai/sdk	0.104.1	0.105.0
@clack/prompts	1.5.1	1.6.0
ink	7.0.6	7.1.0
pg	8.21.0	8.22.0
posthog-node	5.37.0	5.38.2
fumadocs-core	16.10.2	16.10.5
fumadocs-ui	16.10.2	16.10.5
@types/node	25.9.3	26.0.0
@effect/atom-react	4.0.0-beta.83	4.0.0-beta.85
@effect/platform-bun	4.0.0-beta.83	4.0.0-beta.85
@effect/platform-node	4.0.0-beta.83	4.0.0-beta.85
@effect/sql-pg	4.0.0-beta.83	4.0.0-beta.85
@effect/vitest	4.0.0-beta.84	4.0.0-beta.85
@nx/devkit	22.7.5	23.0.0
@typescript/native-preview	7.0.0-dev.20260614.1	7.0.0-dev.20260621.1
@vitest/coverage-istanbul	4.1.8	4.1.9
effect	4.0.0-beta.83	4.0.0-beta.85
knip	6.16.1	6.17.1
oxfmt	0.54.0	0.55.0
oxlint	1.69.0	1.70.0
tldts	6.1.86	7.4.3
vitest	4.1.8	4.1.9

Updates verdaccio from 6.7.2 to 6.7.4

Release notes

Sourced from verdaccio's releases.

v6.7.4

Patch Changes

• 0205c78: fix: run jwt middleware before middleware plugins

  Register the JWT middleware before middleware plugins are loaded so that req.remote_user (anonymous by default) is available inside a plugin's register_middlewares. The API router keeps its own JWT middleware behind a guard so it is not executed twice.

  Backport of verdaccio/verdaccio#5697

  Closes #5167

v6.7.3

Patch Changes

• f8fdfc2: fix: enforce generated npm token metadata

  Generated npm tokens (POST /-/npm/v1/tokens) stored their readonly and cidr_whitelist restrictions but never enforced them, and deleting a token did not revoke it for the package APIs. A token marked read-only or pinned to a CIDR range could still publish packages and change dist-tags, and a deleted token remained usable.

  Generated tokens now embed a server-issued key (in the JWT claim, or in the encrypted legacy AES payload) and a new enforceGeneratedTokenMetadata middleware looks that key up on each request, rejecting the token when it is missing/revoked, used outside its CIDR whitelist, or used for a write while read-only. Enforcement applies to both AES and JWT API-token modes.

  Note: tokens issued before upgrading carry no key and are not retroactively constrained — regenerate them to apply the restrictions.

• be80623: fix: allow npm token create without readonly/cidr_whitelist

  npm token create in npm >= 11 (and the npm 12 prereleases) rewrote the request body: it no longer sends readonly and only sends cidr_whitelist when --cidr is passed. The POST /-/npm/v1/tokens endpoint required both, so modern npm clients failed with 422 the parameters are not valid.

  The endpoint now defaults readonly to false and cidr_whitelist to [] when they are absent, while still rejecting values of the wrong type.

• 75c85d5: Update verdaccio dependencies to the latest npm dist-tag (@verdaccio/ui-theme tracks next-9):

  • @verdaccio/ui-theme: 9.0.0-next-9.19 → 9.0.0-next-9.20

• d5e5332: chore: update dependencies

  Updates runtime dependencies @verdaccio/ui-theme (9.0.0-next-9.19) and

... (truncated)

Changelog

Sourced from verdaccio's changelog.

6.7.4

Patch Changes

• 0205c78: fix: run jwt middleware before middleware plugins

  Register the JWT middleware before middleware plugins are loaded so that req.remote_user (anonymous by default) is available inside a plugin's register_middlewares. The API router keeps its own JWT middleware behind a guard so it is not executed twice.

  Backport of verdaccio/verdaccio#5697

  Closes #5167

6.7.3

Patch Changes

• f8fdfc2: fix: enforce generated npm token metadata

  Generated npm tokens (POST /-/npm/v1/tokens) stored their readonly and cidr_whitelist restrictions but never enforced them, and deleting a token did not revoke it for the package APIs. A token marked read-only or pinned to a CIDR range could still publish packages and change dist-tags, and a deleted token remained usable.

  Generated tokens now embed a server-issued key (in the JWT claim, or in the encrypted legacy AES payload) and a new enforceGeneratedTokenMetadata middleware looks that key up on each request, rejecting the token when it is missing/revoked, used outside its CIDR whitelist, or used for a write while read-only. Enforcement applies to both AES and JWT API-token modes.

  Note: tokens issued before upgrading carry no key and are not retroactively constrained — regenerate them to apply the restrictions.

• be80623: fix: allow npm token create without readonly/cidr_whitelist

  npm token create in npm >= 11 (and the npm 12 prereleases) rewrote the request body: it no longer sends readonly and only sends cidr_whitelist when --cidr is passed. The POST /-/npm/v1/tokens endpoint required both, so modern npm clients failed with 422 the parameters are not valid.

  The endpoint now defaults readonly to false and cidr_whitelist to [] when they are absent, while still rejecting values of the wrong type.

• 75c85d5: Update verdaccio dependencies to the latest npm dist-tag (@verdaccio/ui-theme tracks next-9):

  • @verdaccio/ui-theme: 9.0.0-next-9.19 → 9.0.0-next-9.20

• d5e5332: chore: update dependencies

... (truncated)

Commits

• 9570db1 chore: release 6.x (#5963)
• 0205c78 fix: run jwt middleware before middleware plugins (#5962)
• 9d924e7 chore: release 6.x (#5950)
• 75c85d5 chore: update verdaccio 6.x dependencies (#5961)
• d5e5332 fix: update core dependencies (#5952)
• be80623 fix: allow npm token create without readonly/cidr_whitelist (#5951)
• f8fdfc2 fix: enforce generated npm token metadata (#5945)
• b491e84 chore: update ci settings
• 3a6c393 chore: update ci settings
• b319f7e fix(deps): update dependency express to v4.22.2 (#5902)
• See full diff in compare view

Updates smol-toml from 1.6.1 to 1.7.0

Release notes

Sourced from smol-toml's releases.

v1.7.0

This version slightly changes the behaviour of stringify: integers beyond the safe range are always emitted as float numbers.

String decode logic has been rewritten, it is a bit faster now and uses a single-pass approach instead of a dual-pass approach as it did previously. The code should be a bit smaller too, though I didn't actually measure that.

The package is now published with source-maps, declaration-maps, and a copy of the original TypeScript source files. This will improve your DX if you're like me and like Ctrl+Click'ing things a lot. ;)

What's Changed

• improve performance of the string decode logic by @​cyyynthia
• fix(stringify): emit integer-valued numbers beyond the safe-integer range as floats by @​spokodev in squirrelchat/smol-toml#56
• publish source-maps, declaration-maps, and original source files by @​cyyynthia
• miscellaneous repository maintenance tasks by @​cyyynthia

New Contributors

• @​spokodev made their first contribution in squirrelchat/smol-toml#56

Full Changelog: squirrelchat/smol-toml@v1.6.1...v1.7.0

Commits

• a62f06f revert: keep using vite 7
• 89aa9a3 chore: remove prepare script
• 17c7974 chore: make devEngine more lax w/ node version
• e5280a3 ci: checkout repo first
• 241c256 chore: version bump
• 0bfe7f4 chore: build cjs with rolldown instead of esbuild
• e0620ab chore: fmt
• 96114cb test: add tests for large integers
• f4537b6 fix: handle missed edge-cases in string parse
• 7b39aed chore: include source files in published package
• Additional commits viewable in compare view

Updates @supabase/supabase-js from 2.108.1 to 2.108.2

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.108.2

2.108.2 (2026-06-15)

🩹 Fixes

• auth: preserve valid session on refresh failure and cooldown repeat failures (#2436)
• realtime: clarify httpSend() 404 error and server migration note (#2444)
• release: pin Deno and bound JSR publish to survive stranded-task hangs (#2439)
• release: restore JSR publish flags and enable for beta (#2440)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.5

2.108.2-canary.5 (2026-06-15)

This was a version bump only, there were no code changes.

v2.108.2-canary.4

2.108.2-canary.4 (2026-06-12)

🩹 Fixes

• realtime: clarify httpSend() 404 error and server migration note (#2444)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.3

2.108.2-canary.3 (2026-06-11)

This was a version bump only, there were no code changes.

v2.108.2-canary.2

2.108.2-canary.2 (2026-06-11)

🩹 Fixes

• release: restore JSR publish flags and enable for beta (#2440)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.1

2.108.2-canary.1 (2026-06-11)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.108.2 (2026-06-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.108.0 (2026-06-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.107.0 (2026-06-02)

🚀 Features

• auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
• supabase: update X-Client-Info to structured metadata format (#2359)
• realtime: allow httpSend to send binary payload (#2400)

❤️ Thank You

• Claude Sonnet 4.6
• Eduardo Gurgel
• Guilherme Souza
• Katerina Skroumpelou @​mandarini
• Omar Al Matar @​Bewinxed

2.106.2 (2026-05-25)

🩹 Fixes

• misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

• Myroslav Hryhschenko @​BLOCKMATERIAL

2.106.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.106.0 (2026-05-18)

🚀 Features

• supabase: W3C/OpenTelemetry trace context propagation (#2163)

... (truncated)

Commits

• 76f3f02 test(auth): add passkey unit and e2e coverage (#2442)
• See full diff in compare view

Updates @anthropic-ai/claude-agent-sdk from 0.3.177 to 0.3.185

Release notes

Sourced from @​anthropic-ai/claude-agent-sdk's releases.

v0.3.185

What's changed

• Updated to parity with Claude Code v2.1.185

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.185
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.185
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.185
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.185

v0.3.183

What's changed

• Updated to parity with Claude Code v2.1.183

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.183
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.183
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.183
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.183

v0.3.181

What's changed

• Added errorCode, canUserPurchaseCredits, and hasChargeableSavedPaymentMethod fields to SDKRateLimitInfo for detecting credits-required rate limits
• Added tool_use_meta.icon_url to assistant messages, populated from MCP server directory metadata
• Fixed SDK-hosted Remote Control sessions dropping file_attachments from inbound user messages

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.181
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.181
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.181
# or
</tr></table> 

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-agent-sdk's changelog.

0.3.185

• Updated to parity with Claude Code v2.1.185

0.3.184

• Updated to parity with Claude Code v2.1.184

0.3.183

• Updated to parity with Claude Code v2.1.183

0.3.182

• Updated to parity with Claude Code v2.1.182

0.3.181

• Added errorCode, canUserPurchaseCredits, and hasChargeableSavedPaymentMethod fields to SDKRateLimitInfo for detecting credits-required rate limits
• Added tool_use_meta.icon_url to assistant messages, populated from MCP server directory metadata
• Fixed SDK-hosted Remote Control sessions dropping file_attachments from inbound user messages

0.3.180

• Updated to parity with Claude Code v2.1.180

0.3.179

• Added optional tool_use_meta sidecar to assistant messages with display-friendly names for tool calls, so SDK consumers can render human-readable labels instead of raw wire names
• Fixed -p mode exiting before a completed background agent's notification was delivered, causing interim text to ship as the final result
• Fixed remote (stream-json) sessions appearing busy for the entire duration of a background workflow — the turn result is now emitted at the turn boundary and the session reports idle while background tasks continue

0.3.178

• Spawn failures on an existing native binary now explain the likely libc mismatch (musl binary on a glibc host) and suggest options.pathToClaudeCodeExecutable
• Permission-denied advisory messages now carry typed denial reasons (safetyCheck, asyncAgent), enabling SDK consumers to programmatically match denial causes
• Fixed UserPromptSubmit hook block feedback not being emitted to the SDK event stream — consumers can now see why a prompt was blocked by a hook instead of a silent hang
• Remote Control workers now send a worker_shutting_down system message on graceful exit so remote clients can show why the session ended
• Fixed MCP server-level specs (mcp__server, mcp__server__*) in disallowedTools being silently ignored — they now correctly remove all tools from the named server

Commits

• 810e709 chore: Update CHANGELOG.md
• fc84d93 chore: Update CHANGELOG.md
• 4d3840c chore: Update CHANGELOG.md
• 32753ee chore: Update CHANGELOG.md
• 38722be chore: Update CHANGELOG.md
• See full diff in compare view

Updates @anthropic-ai/sdk from 0.104.1 to 0.105.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.105.0

0.105.0 (2026-06-18)

Full Changelog: sdk-v0.104.2...sdk-v0.105.0

Features

• api: add support for new code_execution_20260120 tool (8dc2b54)
• stream: lazily parse partial tool json input (#99) (e55ceee)

Chores

• internal/deps: bump swc to 1.15.40 (#97) (a1d4d75)
• internal: use are the types wrong directly (#94) (3d362af)
• tests: stop using deprecated models (#98) (65ae1af)

sdk: v0.104.2

0.104.2 (2026-06-15)

Full Changelog: sdk-v0.104.1...sdk-v0.104.2

Chores

• api: remove retired models from API and SDKs (a942876)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.105.0 (2026-06-18)

Full Changelog: sdk-v0.104.2...sdk-v0.105.0

Features

• api: add support for new code_execution_20260120 tool (8dc2b54)
• stream: lazily parse partial tool json input (#99) (e55ceee)

Chores

• internal/deps: bump swc to 1.15.40 (#97) (a1d4d75)
• internal: use are the types wrong directly (#94) (3d362af)
• tests: stop using deprecated models (#98) (65ae1af)

0.104.2 (2026-06-15)

Full Changelog: sdk-v0.104.1...sdk-v0.104.2

Chores

• api: remove retired models from API and SDKs (a942876)

Commits

• ab700dc chore: release main
• a322517 feat(api): add support for new code_execution_20260120 tool
• 65a0106 feat(stream): lazily parse partial tool json input (#99)
• 384ab51 chore(tests): stop using deprecated models (#98)
• a49a191 chore(internal/deps): bump swc to 1.15.40 (#97)
• 7ac63f3 chore(internal): use are the types wrong directly (#94)
• fbee0d1 chore: release main
• e984ba4 chore(api): remove retired models from API and SDKs
• See full diff in compare view

Updates @clack/prompts from 1.5.1 to 1.6.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.6.0

Minor Changes

• #568 f87933f Thanks @​florian-lefebvre! - Updates default formatter of note() to note dim lines anymore

  If you want the old behavior, provide a format() function:

  import { note } from '@clack/prompts';
  +import { styleText } from 'node:util';
  note(
  'You can edit the file src/index.jsx',
  'Next steps.'
  
  { format: (text) => styleText('dim', text) }
  );

#567 cc6aab5 Thanks @​dreyfus92! - Add keyboard instruction footers to select, multiselect, and groupMultiselect in the active state, matching autocomplete. No option — always shown.

Patch Changes

• Updated dependencies [2f2b52f, e1b6ee7]:
  • @​clack/core@​1.4.2

Changelog

Sourced from @​clack/prompts's changelog.

1.6.0

Minor Changes

• #568 f87933f Thanks @​florian-lefebvre! - Updates default formatter of note() to note dim lines anymore

  If you want the old behavior, provide a format() function:

  import { note } from '@clack/prompts';
  +import { styleText } from 'node:util';
  note(
  'You can edit the file src/index.jsx',
  'Next steps.'
  
  { format: (text) => styleText('dim', text) }
  );

#567 cc6aab5 Thanks @​dreyfus92! - Add keyboard instruction footers to select, multiselect, and groupMultiselect in the active state, matching autocomplete. No option — always shown.

Patch Changes

• Updated dependencies [2f2b52f, e1b6ee7]:
  • @​clack/core@​1.4.2

Commits

• 0e70056 [ci] release (#562)
• f87933f fix(prompts): do not dim note contents (#568)
• cc6aab5 feat(prompts): add instructions footer for select, multi-select & `group-...
• See full diff in compare view

Updates ink from 7.0.6 to 7.1.0

Release notes

Sourced from ink's releases.

v7.1.0

• Add suspendTerminal() to hand the terminal to a child process (#972) 9e8ed1f

---

vadimdemedes/ink@v7.0.6...v7.1.0

Commits

• 25766ae 7.1.0
• 9e8ed1f Add suspendTerminal() to hand the terminal to a child process (#972)
• See full diff in compare view

Updates pg from 8.21.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

• Add support for sslnegotiation=direct for PostgreSQL 17+.

Commits

• b617619 Publish
• d80b261 Update docs & changelog
• 835fb83 Fix error handling for exceptions on values parsing. (#3574)
• f49ab4a fix: correct spelling mistakes across codebase (#3692)
• d7175a4 Expand CI matrix of PG versions and add direct SSL test (#3693)
• 882fc30 Add support for sslnegotiation=direct (PostgreSQL 17) (#3688)
• See full diff in compare view

Updates posthog-node from 5.37.0 to 5.38.2

Release notes

Sourced from posthog-node's releases.

posthog-node@5.38.2

5.38.2

Patch Changes

• #3903 6b21f77 Thanks @​marandaneto! - Validate custom event UUID overrides and generate new UUIDs when invalid. (2026-06-19)
• Updated dependencies [6b21f77]:
  • @​posthog/core@​1.35.3

posthog-node@5.38.1

5.38.1

Patch Changes

• #3886 e6d7fe2 Thanks @​marandaneto! - Stop sending deprecated no-op top-level type, library, and library_version fields in event batch payloads. Use properties.$lib and properties.$lib_version for SDK metadata; legacy queued library and library_version values are used as fallbacks when the official $ properties are missing. (2026-06-18)
• Updated dependencies [e6d7fe2]:
  • @​posthog/core@​1.35.2

posthog-node@5.38.0

5.38.0

Minor Changes

• #3845 a0553b3 Thanks @​marandaneto! - Add setPersonProperties() and unsetPersonProperties() helpers to manage person properties from the Node.js SDK. (2026-06-16)

Patch Changes

• Updated dependencies [b3ec845, c6c163a]:
  • @​posthog/core@​1.33.0

posthog-node@5.37.1

5.37.1

Patch Changes

• #3837 29bf8e3 Thanks @​marandaneto! - Add missing bugs metadata to package manifests. (2026-06-15)
• Updated dependencies [29bf8e3]:
  • @​posthog/core@​1.32.4

Changelog

Sourced from posthog-node's changelog.

5.38.2

Patch Changes

• #3903 6b21f77 Thanks @​marandaneto! - Validate custom event UUID overrides and generate new UUIDs when invalid. (2026-06-19)
• Updated dependencies [6b21f77]:
  • @​posthog/core@​1.35.3

5.38.1

Patch Changes

• #3886 e6d7fe2 Thanks @​marandaneto! - Stop sending deprecated no-op top-level type, library, and library_version fields in event batch payloads. Use properties.$lib and properties.$lib_version for SDK metadata; legacy queued library and library_version values are used as fallbacks when the official $ properties are missing. (2026-06-18)
• Updated dependencies [e6d7fe2]:
  • @​posthog/core@​1.35.2

5.38.0

Minor Changes

• #3845 a0553b3 Thanks @​marandaneto! - Add setPersonProperties() and unsetPersonProperties() helpers to manage person properties from the Node.js SDK. (2026-06-16)

Patch Changes

• Updated dependencies [b3ec845, c6c163a]:
  • @​posthog/core@​1.33.0

5.37.1

Patch Changes

• #3837 29bf8e3 Thanks @​marandaneto! - Add missing bugs metadata to package manifests. (2026-06-15)
• Updated dependencies [29bf8e3]:
  • @​posthog/core@​1.32.4

Commits

• b0bd00f chore: update versions and lockfile [version bump]
• 6b21f77 fix: validate custom event UUIDs (#3903)
• 229efff chore: update versions and lockfile [version bump]
• e6d7fe2 fix: remove ignored batch metadata fields (#3886)
• f495510 chore: update versions and lockfile [version bump]
• bd07ec4 feat(flags): add disableRemoteFeatureFlags option and runtime updateFlags (#3...
• 4ff3bb3 chore: update versions and lockfile [version bump]
• a0553b3 feat(node): add person property helpers (#3845)
• 70d3dde chore: Generate versioned references only on release (#3858)
• 47aea13 chore: update versions and lockfile [version bump]
• Additional commits viewable in compare view

Updates fumadocs-core from 16.10.2 to 16.10.5

Commits

• 7365d63 Version Packages (#3366)
• 23c00f2 fix(openapi): fix typescript definitions name
• 4fe2821 fix(openapi): fix usage tabs
• 58c2574 fix custom script
• 1a323a6 dedupe deps
• 19955f3 fix(ui): use prompt query param for "Open in ChatGPT" page action (#3365)
• c903a68 Version Packages (#3363)
• ae50848 feat(core): support react router v8
• bd9a9d0 update tegami
• 88ce9d9 refactor: use Tegami
• Additional commits viewable in compare view

Updates fumadocs-ui from 16.10.2 to 16.10.5

Release notes

Sourced from fumadocs-ui's releases.

fumadocs-ui@16.10.3

Patch Changes

• 5499f59: type-safe provider props
  • fumadocs-core@16.10.3

Commits

• 7365d63 Version Packages (#3366)
• 23c00f2 fix(openapi): fix typescript definitions name
• 4fe2821 fix(openapi): fix usage tabs
• 58c2574 fix custom script
• 1a323a6 dedupe deps
• 19955f3 fix(ui): use prompt query param for "Open in ChatGPT" page action (#3365)
• c903a68 Version Packages (#3363)
• ae50848 feat(core): support react router v8
• bd9a9d0 update tegami
• 88ce9d9 refactor: use Tegami
• Additional commits viewable in compare view

Updates @types/node from 25.9.3 to 26.0.0

Commits

• See full diff in compare view

Updates @effect/atom-react from 4.0.0-beta.83 to 4.0.0-beta.85

Changelog

Sourced from @​effect/atom-react's changelog.

4.0.0-beta.85

Patch Changes

• Updated dependencies [328d97c, 8441836, 074e436, c1dfd60, 2ba316b, 7ce7344]:
  • effect@4.0.0-beta.85

4.0.0-beta.84

Patch Changes

• Updated dependencies [87f52ba, b8ee07f, 867c0d7, b93bc6c, 57d387f, bacca41, 0f8ac79, 25b4482, 9cf3a25, 8def767]:
  • effect@4.0.0-beta.84

Commits

• a2fd7ef Version Packages (beta) (#2426)
• d11b2b5 Version Packages (beta) (#2408)
• See full diff in compare view

Updates @effect/platform-bun from 4.0.0-beta.83 to 4.0.0-beta.85

Commits

• See full diff in compare view

Updates @effect/platform-node from 4.0.0-beta.83 to 4.0.0-beta.85

Commits

• See full diff in compare view

Updates @effect/sql-pg from 4.0.0-beta.83 to 4.0.0-beta.85

Commits

• See full diff in compare view

Updates @effect/vitest from 4.0.0-beta.84 to 4.0.0-beta.85

Commits

• See full diff in compare view

Updates @nx/devkit from 22.7.5 to 23.0.0

Release notes

Sourced from @​nx/devkit's releases.

23.0.0 (2026-06-16)

🚀 Features

• ⚠️ angular: remove deprecated @​nx/angular/module-federation entry point (#35512)
• ⚠️ angular: remove deprecated move generator (#35513)
• ⚠️ angular: remove deprecated ngrx generator (#35567)
• angular: deprecate convert-to-with-mf generator (#35862)
• angular: deprecate SCAM generators (#35887)
• ⚠️ bundling: drop legacy typescript plugin and align rollup buildLibsFromSource default (#35516)
• ⚠️ bundling: remove SVGR option and provide withSvgr migration (#35611)
• bundling: add Vite 7 -> 8 migrations (#35614)
• core: add support for '...' as a spread token when merging target config (#34285)
• core: show target uses task graph + filter broken dependsOn during normalization (#35367)
• core: add --mode and --multi-major-mode flags to nx migrate (#35497)
• core: support prompt field in migration entries (#35638)
• core: rename nx watch --includeDependentProjects to --includeDependencies (#35699)
• core: support filtered array-shape targetDefaults with projects and source (#35340)
• core: enable native Node.js TypeScript stripping by default (#35608)
• core: add shell tab-completion (bash, zsh, fish, powershell) (#34951)
• core: add agentic mode to nx migrate --run-migrations (#35718)
• core: add a migrate configuration section to nx.json (#35831)
• core: feed migration docs to agents in nx migrate (#35835)
• core: avoid redundant rematch in findMatchingConfigFiles (#35793, #35792)
• ⚠️ core: rename CreateNodes V2 types to canonical OG names (#35386, #32951)
• core: support prompt-only and hybrid migrations in Nx Console UI (#35822, #35718, #3153)
• core: add JSON schema for migrations.json files (#35888)
• core: add migrations for createNodesV2 -> createNodes rename (#35893, #35386)
• core: extend nx migrate --include to any package that supports optional updates (#35905)
• core: report analytics events for the nx migrate flow (#35937)
• core: revert array-shape targetDefaults support pending redesign and reapplication (#36005, #35340, #35711, #35752, #35991)
• ⚠️ detox: deprecate the @​nx/detox build and test executors (#35529)
• devkit: migrate @nx/devkit/src/... deep imports (#35541, #34946)
• ⚠️ devkit: deprecate the standalone parameter of addProjectConfiguration (#35883)
• gradle: stream batch task results to nx as they finish (#35487)
• js: support pnpm 11.2.2 (#35772)
• linter: allow prompt-only entries in migration nx-plugin-checks (#35700, #35638)<...

  Description has been truncated

[github-actions]

Supabase CLI preview

npx --yes https://pkg.pr.new/supabase/cli/supabase@01f358d65eb4da6d784bcdd0b7657a1e4eb53216

Preview package for commit 01f358d.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 01f358d65e

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Pin Effect test helpers to the same beta

This catalog entry still allows newer prereleases, and the generated lockfile now resolves @effect/vitest to 4.0.0-beta.91 while effect is pinned to 4.0.0-beta.85; that package declares a peer on effect: ^4.0.0-beta.91. Any workspace using @effect/vitest will run tests with an unsupported Effect/test-helper pairing, which is especially risky for beta APIs. Pin this to 4.0.0-beta.85 or bump all Effect packages together.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Pin platform-node-shared to the matching Effect beta

The lockfile now pulls @effect/platform-node-shared@4.0.0-beta.91, whose peer requires effect: ^4.0.0-beta.91, while the catalog still pins effect and the direct platform packages to 4.0.0-beta.85. Any CLI/API/config/stack code path using @effect/platform-bun or @effect/platform-node will run a beta shared platform package against an unsupported older Effect runtime, so pin the transitive shared package back to .85 or bump the whole Effect set together.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Align Node types with the configured runtime

This upgrades the docs workspace to @types/node@26 even though the repository pins Node 24 in .nvmrc and CI installs from that file. When docs code is type-checked or built, Node 26 declarations can make APIs compile that are unavailable in the actual Node 24 runtime, so keep these types on the Node 24 line unless the runtime is upgraded too.

Useful? React with 👍 / 👎.