Skip to content

chore(deps): bump the prod-dependencies group across 1 directory with 8 updates#1695

Merged
steilerDev merged 2 commits into
betafrom
dependabot/npm_and_yarn/beta/prod-dependencies-da8a227ebe
Jun 15, 2026
Merged

chore(deps): bump the prod-dependencies group across 1 directory with 8 updates#1695
steilerDev merged 2 commits into
betafrom
dependabot/npm_and_yarn/beta/prod-dependencies-da8a227ebe

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the prod-dependencies group with 8 updates in the / directory:

Package From To
ical-generator 10.2.0 11.0.0
sharp 0.34.5 0.35.1
tar 7.5.15 7.5.16
i18next 26.2.0 26.3.1
react 19.2.6 19.2.7
react-dom 19.2.6 19.2.7
react-konva 19.2.4 19.2.5
react-router-dom 7.15.1 7.17.0

Updates ical-generator from 10.2.0 to 11.0.0

Release notes

Sourced from ical-generator's releases.

v11.0.0

11.0.0 (2026-06-02)

Bug Fixes

  • nest types per-condition in exports map (2063944), closes #746
  • Strip quotes in string if already in quotes (4d715ab), closes #753
  • types: declare types entry for ESM consumers (78be10d)

Features

  • Drop support for node.js v20 and v23 (d949a08)

BREAKING CHANGES

  • Drop node.js v20 / v23 Support

This node.js version is no longer supported. For more information see https://nodejs.dev/en/about/releases/

v11.0.0-develop.1

11.0.0-develop.1 (2026-06-02)

Features

  • Drop support for node.js v20 and v23 (d949a08)

BREAKING CHANGES

  • Drop node.js v20 / v23 Support

This node.js version is no longer supported. For more information see https://nodejs.dev/en/about/releases/

v10.2.1-develop.7

10.2.1-develop.7 (2026-06-02)

v10.2.1-develop.6

10.2.1-develop.6 (2026-06-02)

Bug Fixes

  • Strip quotes in string if already in quotes (4d715ab), closes #753

v10.2.1-develop.5

10.2.1-develop.5 (2026-05-26)

... (truncated)

Changelog

Sourced from ical-generator's changelog.

11.0.0 (2026-06-02)

Bug Fixes

  • nest types per-condition in exports map (2063944), closes #746
  • Strip quotes in string if already in quotes (4d715ab), closes #753
  • types: declare types entry for ESM consumers (78be10d)

Features

  • Drop support for node.js v20 and v23 (d949a08)

BREAKING CHANGES

  • Drop node.js v20 / v23 Support

This node.js version is no longer supported. For more information see https://nodejs.dev/en/about/releases/

Commits
  • 5bebd74 chore(release): 🔖 11.0.0 [skip ci]
  • e52e375 Merge pull request #750 from sebbo2002/develop
  • 1f69f8f chore(release): 🔖 11.0.0-develop.1 [skip ci]
  • 077db57 Merge pull request #751 from sebbo2002/template-updater/update
  • c63510d build(deps): Update typescript, typescript-eslint and typedoc
  • 684cc35 chore: Merge branch 'develop' into template-updater/update
  • fdf2693 chore(release): 🔖 10.2.1-develop.7 [skip ci]
  • bc78438 Merge pull request #752 from sebbo2002/depfu/batch_dev/npm/2026-06-02
  • d78b20b chore(release): 🔖 10.2.1-develop.6 [skip ci]
  • 4d715ab fix: Strip quotes in string if already in quotes
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates sharp from 0.34.5 to 0.35.1

Release notes

Sourced from sharp's releases.

v0.35.1

  • TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.1

  • TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.0

  • TypeScript: Ensure type definitions are published #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.0

  • Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

  • Breaking: Remove install script from package.json file. Compiling from source is now opt-in via the build script.

  • Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

  • Breaking: Add limitInputChannels with a default value of 5.

  • Breaking: Remove deprecated failOnError constructor property.

  • Breaking: Remove deprecated paletteBitDepth from metadata response.

  • Breaking: Remove deprecated properties from sharpen operation.

  • Breaking: Rename format.jp2k as format.jp2 for API consistency.

  • Upgrade to libvips v8.18.3 for upstream bug fixes.

  • Remove experimental status from WebAssembly binaries.

  • Add prebuilt binaries for FreeBSD (WebAssembly).

  • Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

  • Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

  • Add AVIF/HEIF tune option for control over quality metrics.

... (truncated)

Commits
  • d781a2d Release v0.35.1
  • 84fa853 Prerelease v0.35.1-rc.1
  • 21263c3 TypeScript: Switch type defs to ESM, convert back to CJS #4537
  • 8deceb4 Docs: fix link in changelog (#4541)
  • c9f08eb Revert "Docs: Highlight that Windows ARM64 support is experimental" (#4540)
  • 3ec892f Prerelease v0.35.1-rc.0
  • fbdeac5 CI: Run packaging linter on sub-packages
  • 1da92b3 WebAssembly: Ensure wrapper file is published #4538
  • 32c029e Add packaging linter to help prevent regression e.g. #4537
  • 98dc1df TypeScript: Ensure type definitions are published #4537
  • Additional commits viewable in compare view

Updates tar from 7.5.15 to 7.5.16

Commits

Updates i18next from 26.2.0 to 26.3.1

Release notes

Sourced from i18next's releases.

v26.3.1

  • fix(types): t() with a keyPrefix no longer pollutes its return type with sibling keys' values. A regression in 26.3.0 — the [Res] extends [never] guards added to KeysBuilderWithReturnObjects / KeysBuilderWithoutReturnObjects turned the builders into deferred conditional types, so KeyPrefix<Ns> stopped resolving to a literal union and keyPrefix inference widened to the whole namespace. Symptom: useTranslation(ns, { keyPrefix: 'a.b' }) then t('title') would resolve to '<a.b>.title' | '<other.path>.title' | ... instead of just the scoped value. Affected every react-i18next user using keyPrefix. Restored to the eager 26.2.0 form. The same-namespace conflict handling from #2434 still works via _DropConflictKeys at the merge layer (in options.d.ts). Thanks @​aaronrosenthal (#2436).

v26.3.0

  • feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.
Changelog

Sourced from i18next's changelog.

26.3.1

  • fix(types): t() with a keyPrefix no longer pollutes its return type with sibling keys' values. A regression in 26.3.0 — the [Res] extends [never] guards added to KeysBuilderWithReturnObjects / KeysBuilderWithoutReturnObjects turned the builders into deferred conditional types, so KeyPrefix<Ns> stopped resolving to a literal union and keyPrefix inference widened to the whole namespace. Symptom: useTranslation(ns, { keyPrefix: 'a.b' }) then t('title') would resolve to '<a.b>.title' | '<other.path>.title' | ... instead of just the scoped value. Affected every react-i18next user using keyPrefix. Restored to the eager 26.2.0 form. The same-namespace conflict handling from #2434 still works via _DropConflictKeys at the merge layer (in options.d.ts). Thanks @​aaronrosenthal (#2436).

26.3.0

  • feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.
Commits
  • 7bdb5d7 26.3.1
  • a655e32 changelog: 26.3.1 entry for #2436
  • 57ed812 fix(types): keyPrefix no longer pollutes t() return type with sibling keys (#...
  • bdf651c 26.3.0
  • 988a362 changelog: 26.3.0 entry for #2434
  • 159506c feat(types): introduce ResourceNamespaceMap for monorepo namespace augmentati...
  • df68b1f ci: restore JSR publishing via GitHub Actions OIDC
  • See full diff in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates react-konva from 19.2.4 to 19.2.5

Commits

Updates react-router-dom from 7.15.1 to 7.17.0

Changelog

Sourced from react-router-dom's changelog.

v7.17.0

Patch Changes

v7.16.0

Patch Changes

  • Remove stale/invalid unpkg field from package.json. This was removed from other packages with the release of v7 but missed in the react-router-dom re-export package (#15075)
  • Updated dependencies:
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@dependabot
chore(deps): bump the prod-dependencies group with 8 updates
fd078c9 
Bumps the prod-dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [ical-generator](https://github.com/sebbo2002/ical-generator) | `10.2.0` | `11.0.0` |
| [sharp](https://github.com/lovell/sharp) | `0.34.5` | `0.35.1` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.15` | `7.5.16` |
| [i18next](https://github.com/i18next/i18next) | `26.2.0` | `26.3.1` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |
| [react-konva](https://github.com/konvajs/react-konva) | `19.2.4` | `19.2.5` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.15.1` | `7.17.0` |


Updates `ical-generator` from 10.2.0 to 11.0.0
- [Release notes](https://github.com/sebbo2002/ical-generator/releases)
- [Changelog](https://github.com/sebbo2002/ical-generator/blob/develop/CHANGELOG.md)
- [Commits](sebbo2002/ical-generator@v10.2.0...v11.0.0)

Updates `sharp` from 0.34.5 to 0.35.1
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.1)

Updates `tar` from 7.5.15 to 7.5.16
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.15...v7.5.16)

Updates `i18next` from 26.2.0 to 26.3.1
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v26.2.0...v26.3.1)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `react-konva` from 19.2.4 to 19.2.5
- [Release notes](https://github.com/konvajs/react-konva/releases)
- [Commits](https://github.com/konvajs/react-konva/commits)

Updates `react-router-dom` from 7.15.1 to 7.17.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/[email protected]/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: ical-generator
  dependency-version: 11.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-dependencies
- dependency-name: sharp
  dependency-version: 0.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: tar
  dependency-version: 7.5.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: i18next
  dependency-version: 26.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: react-konva
  dependency-version: 19.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: react-router-dom
  dependency-version: 7.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot changed the title chore(deps): bump the prod-dependencies group with 8 updates chore(deps): bump the prod-dependencies group across 1 directory with 8 updates Jun 15, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/beta/prod-dependencies-da8a227ebe branch from 344e08c to 5fccade Compare June 15, 2026 17:24
@claude
fix(deps): repair react override mismatch in prod-dependencies bump
ceb9443 
Dependabot's prod-dependencies bump updated the react/react-dom edges in
client/ and docs/ to 19.2.7 but left the root package.json `overrides`
pinned at 19.2.6. The override forced the top-level react node to 19.2.6
while workspaces requested 19.2.7, leaving duplicate React copies in the
tree. This crashed the client bundle at runtime ("Cannot read properties
of null (reading 'useRef')") and failed all E2E, and corrupted the tree
such that `npm audit signatures` mis-resolved the @docusaurus/react-loadable
alias (ETARGET [email protected]) — failing Static Analysis.

Bump the overrides to 19.2.7 to match the workspace edges and regenerate
the lockfile with a clean `npm install`. react and react-dom now dedupe to
a single 19.2.7 across all workspaces.

Co-Authored-By: Claude backend-developer (Haiku 4.5) <[email protected]>
@steilerDev steilerDev force-pushed the dependabot/npm_and_yarn/beta/prod-dependencies-da8a227ebe branch from 5fccade to ceb9443 Compare June 15, 2026 17:26
@steilerDev

steilerDev commented Jun 15, 2026

Copy link
Copy Markdown
Owner

[backend-developer] Repaired the lockfile corruption that was failing CI on this group bump.

Root cause: the root `package.json` `overrides` block pins `react`/`react-dom` (kept aligned for react-konva). Dependabot bumped the workspace edges to `19.2.7` but does not update `overrides`, which stayed at `19.2.6`. The override forced the top-level `react` node to 19.2.6 while workspaces requested 19.2.7, leaving two React copies in the tree. That crashed the client bundle at runtime (`Cannot read properties of null (reading 'useRef')`) — failing all 16 E2E shards + smoke — and corrupted the tree such that `npm audit signatures` mis-resolved the `@docusaurus/react-loadable` alias (`ETARGET [email protected]`), failing Static Analysis.

Fix: bumped the `overrides` to `19.2.7` to match the workspace edges and regenerated `package-lock.json` with a clean `npm install` (no `--package-lock-only`). `react`/`react-dom` now dedupe to a single 19.2.7. Branch rebased onto latest `beta`.

Security (CLEAR) and changelog (no breaking changes; ical-generator 10→11 major is Node-drop only, repo runs Node 24) reviews are on record. Re-running CI.

steilerDev
steilerDev approved these changes Jun 15, 2026
View reviewed changes

@steilerDev steilerDev left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security review (security-engineer)

CLEAR — no new vulnerable transitives; sharp's 3 new transitive entries are optional platform-specific binaries not installed in the prod Alpine image. No downgrades, no CVEs.

Changelog review (product-architect)

  • Breaking: none. ical-generator 10→11 major verified safe — its only breaking change is dropping Node 20/23; the repo runs Node 24. sharp 0.35's breaking changes (failOnError, paletteBitDepth, jp2kjp2, limitInputChannels) all avoid our actual call sites. i18next keyPrefix change moot (unused). react/react-dom/react-router-dom/react-konva/tar all neutral.
  • Bugfix-relevant: tar PAX-meta-entry fix
  • Adoption opportunities: none blocking
  • Neutral: remainder

CI fix applied

Dependabot's bump left the root `package.json` `overrides` for react/react-dom at 19.2.6 while the workspace edges moved to 19.2.7 → duplicate React → `useRef` runtime crash (all E2E) + `npm audit signatures` alias ETARGET (Static Analysis). Bumped overrides to 19.2.7 and regenerated the lockfile. Quality Gates, Static Analysis, E2E Smoke, and E2E shards now all pass.

Approved by the `/dependabot` skill.

@steilerDev steilerDev merged commit bb92bcb into beta Jun 15, 2026
29 of 30 checks passed
@steilerDev steilerDev deleted the dependabot/npm_and_yarn/beta/prod-dependencies-da8a227ebe branch June 15, 2026 17:36
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 2.8.0-beta.15 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

This was referenced Jun 15, 2026
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steilerDev steilerDev steilerDev approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code released on @beta

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@steilerDev