Skip to content

chore(deps)(deps): bump the bun-minor-and-patch group with 12 updates#1193

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/bun/bun-minor-and-patch-45ae447e10
Open

chore(deps)(deps): bump the bun-minor-and-patch group with 12 updates#1193
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/bun/bun-minor-and-patch-45ae447e10

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the bun-minor-and-patch group with 12 updates:

Package From To
eslint 10.2.0 10.6.0
typescript-eslint 8.62.0 8.62.1
posthog-node 5.38.6 5.39.4
framer-motion 12.42.0 12.42.2
i18next 26.3.3 26.3.4
posthog-js 1.395.0 1.396.6
react-hook-form 7.80.0 7.81.0
react-router-dom 7.18.0 7.18.1
recharts 3.9.0 3.9.2
@tailwindcss/vite 4.3.1 4.3.2
tailwindcss 4.3.1 4.3.2
vite 8.1.0 8.1.3

Updates eslint from 10.2.0 to 10.6.0

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)

v10.5.0

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

... (truncated)

Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

Updates typescript-eslint from 8.62.0 to 8.62.1

Release notes

Sourced from typescript-eslint's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.62.1 (2026-06-29)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates posthog-node from 5.38.6 to 5.39.4

Release notes

Sourced from posthog-node's releases.

posthog-node@5.39.4

5.39.4

Patch Changes

posthog-node@5.39.3

5.39.3

Patch Changes

  • #4055 64e04ba Thanks @​marandaneto! - Retry /flags requests that receive HTTP 502 or 504 responses across SDKs that use the shared core flags client. (2026-07-02)
  • Updated dependencies [64e04ba]:
    • @​posthog/core@​1.39.4

posthog-node@5.39.2

5.39.2

Patch Changes

  • #4028 a664b81 Thanks @​marandaneto! - Make Node flush() wait for pending asynchronous SDK work before draining the event queue, so events produced by helpers like captureException() are not missed. Pending work rejections no longer prevent queued events from flushing. (2026-07-01)
  • Updated dependencies [a664b81]:
    • @​posthog/core@​1.39.3

posthog-node@5.39.1

5.39.1

Patch Changes

  • #4029 b36b1cc Thanks @​marandaneto! - Call before_send for identify, group identify, and alias events. (2026-06-30)

  • #4027 ab118d2 Thanks @​marandaneto! - Safely serialize event batches with circular property references instead of crashing during flush. (2026-06-30)

  • Updated dependencies [ab118d2]:

    • @​posthog/core@​1.39.2

posthog-node@5.39.0

5.39.0

Minor Changes

  • #4006 0063128 Thanks @​github-actions! - Add groupIdentifyImmediate() to await the network request when identifying a group, mirroring captureImmediate/identifyImmediate/aliasImmediate. Useful in edge/serverless environments where the background queue may not flush. The Convex integration now uses it directly instead of routing $groupidentify through captureImmediate. (2026-06-30)

... (truncated)

Changelog

Sourced from posthog-node's changelog.

5.39.4

Patch Changes

5.39.3

Patch Changes

  • #4055 64e04ba Thanks @​marandaneto! - Retry /flags requests that receive HTTP 502 or 504 responses across SDKs that use the shared core flags client. (2026-07-02)
  • Updated dependencies [64e04ba]:
    • @​posthog/core@​1.39.4

5.39.2

Patch Changes

  • #4028 a664b81 Thanks @​marandaneto! - Make Node flush() wait for pending asynchronous SDK work before draining the event queue, so events produced by helpers like captureException() are not missed. Pending work rejections no longer prevent queued events from flushing. (2026-07-01)
  • Updated dependencies [a664b81]:
    • @​posthog/core@​1.39.3

5.39.1

Patch Changes

  • #4029 b36b1cc Thanks @​marandaneto! - Call before_send for identify, group identify, and alias events. (2026-06-30)

  • #4027 ab118d2 Thanks @​marandaneto! - Safely serialize event batches with circular property references instead of crashing during flush. (2026-06-30)

  • Updated dependencies [ab118d2]:

    • @​posthog/core@​1.39.2

5.39.0

Minor Changes

  • #4006 0063128 Thanks @​github-actions! - Add groupIdentifyImmediate() to await the network request when identifying a group, mirroring captureImmediate/identifyImmediate/aliasImmediate. Useful in edge/serverless environments where the background queue may not flush. The Convex integration now uses it directly instead of routing $groupidentify through captureImmediate. (2026-06-30)

Patch Changes

  • Updated dependencies [0063128]:
    • @​posthog/core@​1.39.0

... (truncated)

Commits
  • 0ba87cb chore: update versions and lockfile [version bump]
  • 0c11747 fix: stop duplicating distinct_id in flags person properties (#4047)
  • 4eb8b21 chore: update versions and lockfile [version bump]
  • dd90e55 test(node): make local polling tests deterministic (#4043)
  • d1e6df8 chore: update versions and lockfile [version bump]
  • a664b81 fix: make flush wait for pending async work (#4028)
  • a5181ba chore: update versions and lockfile [version bump]
  • b36b1cc fix(node): run before_send for all captured events (#4029)
  • ab118d2 fix(node): handle circular event properties during flush (#4027)
  • 0c95bce fix: satisfy SDK compliance harness 0.8.0 (#3998)
  • Additional commits viewable in compare view

Updates framer-motion from 12.42.0 to 12.42.2

Changelog

Sourced from framer-motion's changelog.

[12.42.2] 2026-07-01

Fixed

  • animateView: Cropped group layers now animate border-radius from the old to new radius.

[12.42.1] 2026-06-30

Fixed

  • animateView: Old layer fade out now cancelled when defining .new().
Commits
  • 40e8756 v12.42.2
  • 718ccc7 Merge pull request #3768 from motiondivision/view-cropped-corner-radius
  • 19195a4 Dedupe corner-radius longhands; merge crop box/radii measurements
  • 5299aa6 Resolve cropped-clip radius timing once; fix transition-option leak
  • 937cdf3 Animate cropped view-transition group corner radius
  • fd2d6f6 v12.42.1
  • 2223d87 Hold the old layer when only a non-opacity .new() is set
  • See full diff in compare view

Updates i18next from 26.3.3 to 26.3.4

Release notes

Sourced from i18next's releases.

v26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). Thanks to zx (Jace) for the responsible disclosure.
Changelog

Sourced from i18next's changelog.

26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). See advisory GHSA-6jcc-5g8w-32mx, CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). Thanks to zx (Jace) @​manus-use for the responsible disclosure.
Commits

Updates posthog-js from 1.395.0 to 1.396.6

Release notes

Sourced from posthog-js's releases.

posthog-js@1.396.6

1.396.6

Patch Changes

  • #4053 45d1b36 Thanks @​posthog! - feat(web): add a graceful shutdown() to the browser client for parity with posthog-node, so isomorphic teardown code (e.g. the Nuxt module) that calls posthog.shutdown() on the client no longer throws TypeError: shutdown is not a function. It best-effort flushes the queued events and always resolves. (2026-07-03)

  • #4054 f0657eb Thanks @​posthog! - fix(web): detect our own feature-flag request timeouts via a timedOut flag instead of the abort reason, so they are logged at warn (not error) on browsers that don't propagate controller.abort(reason) — keeping benign timeouts out of error tracking's console-error capture (2026-07-03)

  • #4031 94a0530 Thanks @​posthog! - Improve survey display reliability:

    • posthog-js: refresh the cached $surveys definitions after a short TTL (stale-while-revalidate) so server-side changes such as switching a survey from popover to API propagate to long-lived tabs without a page reload.
    • posthog-js: add posthog.surveys.markSurveyAsSeen(surveyId, { iteration }) so custom integrators that render surveys through their own backend can honour the "already seen" and wait-period checks.
    • posthog-react-native: guarantee the survey Modal notifies its parent on close even when iOS Modal.onDismiss fails to fire, so the transparent full-screen modal can no longer stay mounted intercepting touches and freezing the app. (2026-07-03)
  • Updated dependencies [45d1b36]:

    • @​posthog/types@​1.392.1

posthog-js@1.396.5

1.396.5

Patch Changes

  • #4050 d7cf13b Thanks @​turnipdabeets! - Prevent uncaught getComputedStyle crashes in heatmaps and autocapture when the event target is a cross-realm element (e.g. from an iframe or synthetic event) (2026-07-02)
  • Updated dependencies [5e7e132]:
    • @​posthog/core@​1.39.5

posthog-js@1.396.4

1.396.4

Patch Changes

  • #4035 18e543b Thanks @​posthog! - fix(web): isolate onFeatureFlags callbacks so a throwing user handler no longer breaks the remaining callback chain or gets misattributed as an SDK error (2026-07-01)

  • #4039 15bcb42 Thanks @​github-actions! - fix(replay): measure $snapshot_bytes as UTF-8 byte length instead of UTF-16 string length, so non-ASCII session replay payloads are counted accurately against the message size limit (2026-07-01)

posthog-js@1.396.3

1.396.3

Patch Changes

  • #4020 e0ad8ef Thanks @​posthog! - Fix TypeError: ....at is not a function thrown by the bundled web-vitals dependency on browsers that predate Array.prototype.at() (Chrome <92, iOS Safari <15.4). The web-vitals entrypoints now install a tiny Array.prototype.at polyfill before web-vitals runs, so web vitals capture works again on older browsers instead of crashing with an unhandled error. (2026-06-30)

posthog-js@1.396.2

1.396.2

... (truncated)

Commits
  • e480a3e chore: update versions and lockfile [version bump]
  • cc01eea fix(convex): gate feature-flag refresh loop on local-eval being enabled (#4061)
  • 93bbc4b feat(mcp): add $mcp_error_type / $mcp_error_message to tool-call events (#4032)
  • 45d1b36 feat(web): add graceful shutdown() to the browser client for posthog-node par...
  • f0657eb fix(web): reliably detect our own flag request timeouts across browsers (#4054)
  • 94a0530 fix(surveys): improve display reliability across web and react-native (#4031)
  • 4eea7ed chore: update versions and lockfile [version bump]
  • 532f2c3 fix: support suppressing React Native feature flag events (#4059)
  • 0ba87cb chore: update versions and lockfile [version bump]
  • a9f5c09 fix(posthog-js): use SPDX expression for license field (#4011)
  • Additional commits viewable in compare view

Updates react-hook-form from 7.80.0 to 7.81.0

Release notes

Sourced from react-hook-form's releases.

Version 7.81.0

⚜️ feat: FieldArray component (#13394)

<FieldArray
  control={control}
  name="test"
  render={({ fields }) => null}
/>

🐞 fix #13538 useFieldArray min 1 item validation error changes its location in the errors object (#13539) 🐞 fix #13569 calling reset triggers subscribe with latest name instead of undefined (#13574) 🐞 fix(useController): reflect cleared parent object in controlled fields (#13550) (#13553) 🐞 fix(flatten): preserve Date values as leaf nodes (#13566) 🐛 fix(unset): guard against prototype keyword path traversal (#13559) (#13560) 🏸 improve setValue api with shrink value (#13576) 👝 close #13577 improve re-render with useFieldArray reset (#13578) 🐞 fix #13575 issue: clearErrors changes the name value from form.subscribe (#13579)

thanks to @​DakshSinghDhami, @​JSap0914, @​tran-simon & @​EduardF1

Changelog

Sourced from react-hook-form's changelog.

[7.81.0] - 2026-07-05

Added

  • FieldArray component built on useFieldArray for controlled field-array rendering

Fixed

  • clearErrors changing the name value from form.subscribe
  • reset triggering subscribe with the latest name instead of undefined
  • setValues leaving stale elements behind when shrinking a field array
  • flatten preserving Date values as leaf nodes
  • useFieldArray min length validation error changing location in the errors object
  • useController not reflecting a cleared parent object in controlled fields

Security

  • Harden unset() against prototype-path traversal (__proto__ / constructor / prototype), matching the existing set() guard

Performance

  • Improve re-render with useFieldArray reset
Commits

Updates react-router-dom from 7.18.0 to 7.18.1

Changelog

Sourced from react-router-dom's changelog.

v7.18.1

Patch Changes

Commits

Updates recharts from 3.9.0 to 3.9.2

Release notes

Sourced from recharts's releases.

v3.9.2

What's Changed

New Contributors

Full Changelog: recharts/recharts@v3.9.1...v3.9.2

v3.9.1

What's Changed

New Contributors

Full Changelog: recharts/recharts@v3.9.0...v3.9.1

Commits
  • b345105 3.9.2
  • f27779c npm i
  • 85f9369 chore(deps-dev): bump prettier from 3.8.4 to 3.9.4 (#7520)
  • 52a2a89 fix(Sankey): avoid exponential depth traversal on dense graphs (#7479)
  • 8a056c1 chore(deps-dev): bump rollup from 4.61.1 to 4.62.2 (#7527)
  • 2af6ec6 chore(deps): bump immer from 11.1.8 to 11.1.9 (#7526)
  • 6f10d53 docs: clarify custom labels and ticks need SVG elements (#7524)
  • c04f1a7 chore(deps-dev): bump lint-staged from 17.0.7 to 17.0.8 (#7521)
  • 69c7a96 chore(deps-dev): bump glob from 11.1.0 to 13.0.6 (#7522)
  • 6efaf16 chore(deps): bump es-toolkit from 1.47.0 to 1.49.0 (#7515)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for recharts since your current version.


Updates @tailwindcss/vite from 4.3.1 to 4.3.2

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.3.2

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)
Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.3.2] - 2026-06-26

Fixed

  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#20289)
Commits

Bumps the bun-minor-and-patch group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [eslint](https://github.com/eslint/eslint) | `10.2.0` | `10.6.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.62.0` | `8.62.1` |
| [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.38.6` | `5.39.4` |
| [framer-motion](https://github.com/motiondivision/motion) | `12.42.0` | `12.42.2` |
| [i18next](https://github.com/i18next/i18next) | `26.3.3` | `26.3.4` |
| [posthog-js](https://github.com/PostHog/posthog-js) | `1.395.0` | `1.396.6` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.80.0` | `7.81.0` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.18.0` | `7.18.1` |
| [recharts](https://github.com/recharts/recharts) | `3.9.0` | `3.9.2` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.3.1` | `4.3.2` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.1` | `4.3.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.1.0` | `8.1.3` |


Updates `eslint` from 10.2.0 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.2.0...v10.6.0)

Updates `typescript-eslint` from 8.62.0 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint)

Updates `posthog-node` from 5.38.6 to 5.39.4
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/commits/posthog-node@5.39.4/packages/node)

Updates `framer-motion` from 12.42.0 to 12.42.2
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](motiondivision/motion@v12.42.0...v12.42.2)

Updates `i18next` from 26.3.3 to 26.3.4
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v26.3.3...v26.3.4)

Updates `posthog-js` from 1.395.0 to 1.396.6
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/compare/posthog-js@1.395.0...posthog-js@1.396.6)

Updates `react-hook-form` from 7.80.0 to 7.81.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.80.0...v7.81.0)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

Updates `recharts` from 3.9.0 to 3.9.2
- [Release notes](https://github.com/recharts/recharts/releases)
- [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md)
- [Commits](recharts/recharts@v3.9.0...v3.9.2)

Updates `@tailwindcss/vite` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-vite)

Updates `tailwindcss` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

Updates `vite` from 8.1.0 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bun-minor-and-patch
- dependency-name: typescript-eslint
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: posthog-node
  dependency-version: 5.39.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bun-minor-and-patch
- dependency-name: framer-motion
  dependency-version: 12.42.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: i18next
  dependency-version: 26.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: posthog-js
  dependency-version: 1.396.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bun-minor-and-patch
- dependency-name: react-hook-form
  dependency-version: 7.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bun-minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: recharts
  dependency-version: 3.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the infra Infrastructure & deployment label Jul 6, 2026
@dependabot dependabot Bot requested a review from chronoai-shining as a code owner July 6, 2026 00:12
@dependabot dependabot Bot added the infra Infrastructure & deployment label Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

infra Infrastructure & deployment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants