Skip to content

chore(deps): bump the npm-dependencies group across 1 directory with 8 updates#59

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-e9740901f4
Open

chore(deps): bump the npm-dependencies group across 1 directory with 8 updates#59
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-e9740901f4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 24, 2026

Bumps the npm-dependencies group with 8 updates in the / directory:

Package From To
@clerk/nextjs 7.3.4 7.4.1
@clerk/ui 1.10.0 1.13.1
@clerk/testing 2.0.28 2.0.33
@types/node 25.8.0 25.9.1
@types/react 19.2.14 19.2.15
lefthook 2.1.6 2.1.8
shadcn 4.7.0 4.8.0
vitest 4.1.6 4.1.7

Updates @clerk/nextjs from 7.3.4 to 7.4.1

Release notes

Sourced from @​clerk/nextjs's releases.

@​clerk/nextjs@​7.4.1

Patch Changes

  • Updated dependencies [a036ce8]:
    • @​clerk/shared@​4.13.1
    • @​clerk/react@​6.7.1
    • @​clerk/backend@​3.4.13

@​clerk/nextjs@​7.4.0

Minor Changes

Patch Changes

@​clerk/nextjs@​7.3.7

Patch Changes

@​clerk/nextjs@​7.3.5

Patch Changes

  • Bump next devDependency to 15.5.18 to pick up the fix for GHSA-26hh-7cqf-hhc6, a high-severity (CVSS 7.5) Middleware/Proxy bypass in App Router applications via segment-prefetch routes (incomplete-fix follow-up). If you use the Next.js App Router, we recommend upgrading to Next.js 15.5.18, 16.2.6, or a later patched release. The 16.0.0 through 16.2.5 versions are still affected. (#8547) by @​jacekradko

  • Updated dependencies [9fa6642, 930047f, b45777c, 5441d86, 5a7225e]:

    • @​clerk/shared@​4.12.0
    • @​clerk/react@​6.6.4
    • @​clerk/backend@​3.4.9
Changelog

Sourced from @​clerk/nextjs's changelog.

7.4.1

Patch Changes

  • Updated dependencies [a036ce8]:
    • @​clerk/shared@​4.13.1
    • @​clerk/react@​6.7.1
    • @​clerk/backend@​3.4.13

7.4.0

Minor Changes

Patch Changes

7.3.7

Patch Changes

7.3.6

Patch Changes

  • Updated dependencies [4fc38a0]:
    • @​clerk/shared@​4.12.1
    • @​clerk/react@​6.6.5
    • @​clerk/backend@​3.4.10

7.3.5

Patch Changes

  • Bump next devDependency to 15.5.18 to pick up the fix for GHSA-26hh-7cqf-hhc6, a high-severity (CVSS 7.5) Middleware/Proxy bypass in App Router applications via segment-prefetch routes (incomplete-fix follow-up). If you use the Next.js App Router, we recommend upgrading to Next.js 15.5.18, 16.2.6, or a later patched release. The 16.0.0 through 16.2.5 versions are still affected. (#8547) by @​jacekradko

  • Updated dependencies [9fa6642, 930047f, b45777c, 5441d86, 5a7225e]:

    • @​clerk/shared@​4.12.0
    • @​clerk/react@​6.6.4
    • @​clerk/backend@​3.4.9
Commits

Updates @clerk/ui from 1.10.0 to 1.13.1

Release notes

Sourced from @​clerk/ui's releases.

@​clerk/ui@​1.13.1

Patch Changes

  • Fix the Manage Subscription button in <UserProfile /> / <OrganizationProfile /> and the Cancel / Re-subscribe actions in <SubscriptionDetails /> so they are shown for paid seat-based plans that have no base fee. A shared isManageableSubscriptionItem helper now drives both places, treating "free / unmanageable" as "the instance's default plan" instead of "the plan has no base fee". (#8375) by @​mauricioabreu

  • Updated dependencies [a036ce8]:

    • @​clerk/shared@​4.13.1
    • @​clerk/localizations@​4.6.8

@​clerk/ui@​1.13.0

Minor Changes

  • Remove <ConfigureSSO /> from experimental path (#8588) by @​LauraBeatris

  • Add elevation appearance option with 'raised' (default) and 'flush' values. When set to flush, card-based components render without border, box-shadow, border-radius, outer padding, and footer background, allowing them to sit flat against their container. Applies to <SignIn />, <SignUp />, <Waitlist />, <CreateOrganization />, <OrganizationList />, <OAuthConsent />, <UserVerification />, and session task components. Profile and popover components always render as raised. Modal components always render as raised regardless of this setting. (#8510) by @​alexcarpenter

    The cardBox element exposes a data-elevation="flush" attribute when flush is active, giving className-based themes a hook to neutralize their card chrome via attribute selectors. The shadcn theme uses this hook to drop its shadow-sm border utilities under flush.

Patch Changes

@​clerk/ui@​1.12.1

Patch Changes

  • Fix attribute statement section in <ConfigureSSO /> with claim name for Custom SAML provider (#8586) by @​LauraBeatris

  • Updated dependencies [95f6c2f]:

    • @​clerk/localizations@​4.6.6
    • @​clerk/shared@​4.12.2

@​clerk/ui@​1.11.0

Minor Changes

  • Add highlightedPlan prop to PricingTable default layout to render a "Popular" badge on the matching plan (#8554) by @​alexcarpenter

  • Add support for inline <bold> markup in localization values, rendered as <strong> elements. Translators can now write 'Agree to <bold>Terms</bold>' in a single key instead of splitting into prefix/bold/suffix fragments. Token values are substituted only into parsed text leaves, so user-controlled data can never become markup. Also hardens applyTokensToString to use Object.prototype.hasOwnProperty.call when filtering token names, preventing prototype-chain names like {{hasOwnProperty}} from crashing rendering. (#8539) by @​alexcarpenter

Patch Changes

  • Add a two-mode segmented control to the SAML config submission sub-step in <__experimental_ConfigureSSO />. Users pick between Add via metadata URL (default) and Configure manually. The metadata URL form is unchanged; the manual entry form ships in a follow-up commit. Locale keys added under configureSSO.configureStep.samlOkta.modes in en-US. (#8553) by @​iagodahlem

... (truncated)

Changelog

Sourced from @​clerk/ui's changelog.

1.13.1

Patch Changes

  • Fix the Manage Subscription button in <UserProfile /> / <OrganizationProfile /> and the Cancel / Re-subscribe actions in <SubscriptionDetails /> so they are shown for paid seat-based plans that have no base fee. A shared isManageableSubscriptionItem helper now drives both places, treating "free / unmanageable" as "the instance's default plan" instead of "the plan has no base fee". (#8375) by @​mauricioabreu

  • Updated dependencies [a036ce8]:

    • @​clerk/shared@​4.13.1
    • @​clerk/localizations@​4.6.8

1.13.0

Minor Changes

  • Remove <ConfigureSSO /> from experimental path (#8588) by @​LauraBeatris

  • Add elevation appearance option with 'raised' (default) and 'flush' values. When set to flush, card-based components render without border, box-shadow, border-radius, outer padding, and footer background, allowing them to sit flat against their container. Applies to <SignIn />, <SignUp />, <Waitlist />, <CreateOrganization />, <OrganizationList />, <OAuthConsent />, <UserVerification />, and session task components. Profile and popover components always render as raised. Modal components always render as raised regardless of this setting. (#8510) by @​alexcarpenter

    The cardBox element exposes a data-elevation="flush" attribute when flush is active, giving className-based themes a hook to neutralize their card chrome via attribute selectors. The shadcn theme uses this hook to drop its shadow-sm border utilities under flush.

Patch Changes

1.12.1

Patch Changes

  • Fix attribute statement section in <ConfigureSSO /> with claim name for Custom SAML provider (#8586) by @​LauraBeatris

  • Updated dependencies [95f6c2f]:

    • @​clerk/localizations@​4.6.6
    • @​clerk/shared@​4.12.2

1.12.0

Minor Changes

Patch Changes

... (truncated)

Commits
  • c43bb3d ci(repo): Version packages (#8615)
  • fc740b2 chore(ui): add tsc-based build:declarations task (#8627)
  • cdde181 feat(ui): show management button for plans without base fee (#8375)
  • 4c4a8fa ci(repo): Version packages (#8590)
  • 4696c51 chore(ui): Add ProfileCard.Page for UserProfile and OrganizationProfile...
  • c2fff36 fix(ui): Update ClipboardInput positioning and change from disabled to read...
  • 75e5d25 feat(ui): Add flush appearance option (#8510)
  • 761ebdd fix(ui): Configure SSO copy button loading state (#8592)
  • 6eaf4d6 feat(ui): Remove \<ConfigureSSO /> from experimental (#8588)
  • c0b1f31 ci(repo): Version packages (#8585)
  • Additional commits viewable in compare view

Updates @clerk/testing from 2.0.28 to 2.0.33

Release notes

Sourced from @​clerk/testing's releases.

@​clerk/testing@​2.0.33

Patch Changes

  • Updated dependencies [a036ce8]:
    • @​clerk/shared@​4.13.1
    • @​clerk/backend@​3.4.13

@​clerk/testing@​2.0.32

Patch Changes

@​clerk/testing@​2.0.31

Patch Changes

@​clerk/testing@​2.0.29

Patch Changes

Changelog

Sourced from @​clerk/testing's changelog.

2.0.33

Patch Changes

  • Updated dependencies [a036ce8]:
    • @​clerk/shared@​4.13.1
    • @​clerk/backend@​3.4.13

2.0.32

Patch Changes

2.0.31

Patch Changes

2.0.30

Patch Changes

  • Updated dependencies [4fc38a0]:
    • @​clerk/shared@​4.12.1
    • @​clerk/backend@​3.4.10

2.0.29

Patch Changes

Commits

Updates @types/node from 25.8.0 to 25.9.1

Commits

Updates @types/react from 19.2.14 to 19.2.15

Commits

Updates lefthook from 2.1.6 to 2.1.8

Release notes

Sourced from lefthook's releases.

v2.1.8

Changelog

  • 488a5f99a5a496e5837f757f8ce3e6c6d1415792 fix: do not warn if local hooks path is equal to default hooks path (#1421)

v2.1.7

Changelog

  • f415a9d3fce1d4f6af62622cf96c72e04ecf7bd3 chore: go mod tidy
  • cf4ab9ea4580f5aeb0d4b61d4dd169533e5bb0c9 fix: always restore unstaged changes (#1416)
  • 4c0e000d6fe9f35f42efefb9263b0b4cb5dfbd49 fix: apply stage_fixed only if it is safe (#1418)
  • 76aa843ef5ceb6970f61cd2ff28d16dd2ec82272 fix: linter, sacrifice optimization for readability
  • 9d53c36ed9a26d3bf66e341a9650a0ecac9b6a37 fix: separate fallback push branch from pathspecs (#1396)
  • 22c9f773cf93b59005bd244c5b00caab2947a755 fix: try to always restore unstaged changes (#1417)
  • 37d83986d8e6d6bf6792f57e22e7cbb1a9e28064 fix: use contrast colors (#1420)
  • eb1064d0b8c6248627960bea1abf6891db5a21b1 refactor: add new logger without a global state (#1385)
Changelog

Sourced from lefthook's changelog.

2.1.8 (2026-05-19)

  • fix: do not warn if local hooks path is equal to default hooks path (#1421) by @​mrexox

2.1.7 (2026-05-19)

Commits
  • 9e75b21 2.1.8: reduce warning for core.hooksPath if it matches the default
  • 488a5f9 fix: do not warn if local hooks path is equal to default hooks path (#1421)
  • b5c8310 2.1.7: restore unstaged changes when possible
  • 37d8398 fix: use contrast colors (#1420)
  • 4c0e000 fix: apply stage_fixed only if it is safe (#1418)
  • 22c9f77 fix: try to always restore unstaged changes (#1417)
  • cf4ab9e fix: always restore unstaged changes (#1416)
  • f415a9d chore: go mod tidy
  • eb1064d refactor: add new logger without a global state (#1385)
  • 76aa843 fix: linter, sacrifice optimization for readability
  • Additional commits viewable in compare view

Updates shadcn from 4.7.0 to 4.8.0

Release notes

Sourced from shadcn's releases.

[email protected]

Minor Changes

Patch Changes

Changelog

Sourced from shadcn's changelog.

4.8.0

Minor Changes

Patch Changes

Commits

Updates vitest from 4.1.6 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the npm-dependencies group across 1 directory with …
2561d0a 
…8 updates

Bumps the npm-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@clerk/nextjs](https://github.com/clerk/javascript/tree/HEAD/packages/nextjs) | `7.3.4` | `7.4.1` |
| [@clerk/ui](https://github.com/clerk/javascript/tree/HEAD/packages/ui) | `1.10.0` | `1.13.1` |
| [@clerk/testing](https://github.com/clerk/javascript/tree/HEAD/packages/testing) | `2.0.28` | `2.0.33` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.8.0` | `25.9.1` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.15` |
| [lefthook](https://github.com/evilmartians/lefthook) | `2.1.6` | `2.1.8` |
| [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `4.7.0` | `4.8.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.6` | `4.1.7` |



Updates `@clerk/nextjs` from 7.3.4 to 7.4.1
- [Release notes](https://github.com/clerk/javascript/releases)
- [Changelog](https://github.com/clerk/javascript/blob/main/packages/nextjs/CHANGELOG.md)
- [Commits](https://github.com/clerk/javascript/commits/@clerk/[email protected]/packages/nextjs)

Updates `@clerk/ui` from 1.10.0 to 1.13.1
- [Release notes](https://github.com/clerk/javascript/releases)
- [Changelog](https://github.com/clerk/javascript/blob/main/packages/ui/CHANGELOG.md)
- [Commits](https://github.com/clerk/javascript/commits/@clerk/[email protected]/packages/ui)

Updates `@clerk/testing` from 2.0.28 to 2.0.33
- [Release notes](https://github.com/clerk/javascript/releases)
- [Changelog](https://github.com/clerk/javascript/blob/main/packages/testing/CHANGELOG.md)
- [Commits](https://github.com/clerk/javascript/commits/@clerk/[email protected]/packages/testing)

Updates `@types/node` from 25.8.0 to 25.9.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/react` from 19.2.14 to 19.2.15
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `lefthook` from 2.1.6 to 2.1.8
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](evilmartians/lefthook@v2.1.6...v2.1.8)

Updates `shadcn` from 4.7.0 to 4.8.0
- [Release notes](https://github.com/shadcn-ui/ui/releases)
- [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md)
- [Commits](https://github.com/shadcn-ui/ui/commits/[email protected]/packages/shadcn)

Updates `vitest` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest)

---
updated-dependencies:
- dependency-name: "@clerk/nextjs"
  dependency-version: 7.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@clerk/ui"
  dependency-version: 1.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@clerk/testing"
  dependency-version: 2.0.33
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/react"
  dependency-version: 19.2.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: lefthook
  dependency-version: 2.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: shadcn
  dependency-version: 4.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: vitest
  dependency-version: 4.1.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 24, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 24, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
devflow Ready Ready Preview, Comment May 24, 2026 6:55pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants