deps(deps): bump the minor-and-patch group with 16 updates

[dependabot]

Bumps the minor-and-patch group with 16 updates:

Package	From	To
@supabase/supabase-js	2.93.1	2.95.3
framer-motion	12.29.2	12.34.0
isomorphic-dompurify	2.35.0	2.36.0
next	16.1.5	16.1.6
node-datachannel	0.32.0	0.32.1
openai	6.16.0	6.18.0
puppeteer	24.36.0	24.37.2
resend	6.8.0	6.9.1
undici	7.19.1	7.21.0
video.js	8.23.4	8.23.6
@types/node	25.0.10	25.2.2
@types/react	19.2.9	19.2.13
@vitejs/plugin-react	5.1.2	5.1.3
autoprefixer	10.4.23	10.4.24
dotenv	17.2.3	17.2.4
eslint-config-next	16.1.5	16.1.6

Updates @supabase/supabase-js from 2.93.1 to 2.95.3

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.95.3

2.95.3 (2026-02-06)

🚀 Features

• supabase: add canonical CORS headers export for edge functions (#2071)

🩹 Fixes

• realtime: removeChannel when unsubscribe successfully (#2091)
• storage: expose fetch parameters in download method (#2090)

❤️ Thank You

• Eduardo Gurgel
• Katerina Skroumpelou @​mandarini

v2.95.2

2.95.2 (2026-02-05)

🩹 Fixes

• supabase: add module to tsdoc (1fac0c45)

❤️ Thank You

• Katerina Skroumpelou

v2.95.2-canary.2

2.95.2-canary.2 (2026-02-05)

🩹 Fixes

• repo: test old working version on esm (dbb1e6d0)
• supabase: small addition (95e8938f)

❤️ Thank You

• Katerina Skroumpelou

v2.95.2-canary.1

2.95.2-canary.1 (2026-02-05)

🩹 Fixes

• repo: remove subpath to see if fixed (d156c991)

❤️ Thank You

• Katerina Skroumpelou

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.95.3 (2026-02-06)

🚀 Features

• supabase: add canonical CORS headers export for edge functions (#2071)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.95.0 (2026-02-05)

🚀 Features

• supabase: add canonical CORS headers export for edge functions (#2071)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.94.1 (2026-02-04)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.94.0 (2026-02-03)

🚀 Features

• postgrest: add URL length validation and timeout protection (#2078)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.93.3 (2026-01-29)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.93.2 (2026-01-27)

🩹 Fixes

• supabase: revert client platform and runtime detection headers (#2067)

❤️ Thank You

• Guilherme Souza

Commits

• c74bde1 docs(supabase): include cors module in TypeDoc generation (#2095)
• acd85d4 chore(release): version 2.95.0 changelogs (#2094)
• c4a8a43 feat(supabase): add canonical CORS headers export for edge functions (#2071)
• a867430 chore(release): version 2.94.1 changelogs (#2089)
• edb3009 chore(release): version 2.94.0 changelogs (#2085)
• 7ec2df9 feat(postgrest): add URL length validation and timeout protection (#2078)
• 366b665 chore(release): version 2.93.3 changelogs (#2076)
• de20d50 chore(release): version 2.93.2 changelogs (#2068)
• 91b36d7 fix(supabase): revert client platform and runtime detection headers (#2067)
• 6004430 chore(release): version 2.93.1 changelogs (#2061)
• See full diff in compare view

Updates framer-motion from 12.29.2 to 12.34.0

Changelog

Sourced from framer-motion's changelog.

[12.34.0] 2026-02-09

Fixed

• useScroll: Hardware accelerated animations.

[12.33.2] 2026-02-06

Fixed

• Improve detection of detached elements with vanilla layout animations.

[12.33.1] 2026-02-06

Fixed

• AnimatePresence: Ensure exiting nodes are correctly removed when rapidly switching children.

[12.33.0] 2026-02-05

Added

• <motion />: New propagate.tap prop prevents tap gestures from propagating to parents.

[12.32.0] 2026-02-05

Added

• transition.inherit: When true, inherit transition values from less-specific transitions.

[12.31.3] 2026-02-05

Fixed

• <motion />: Ensure animation state is reset after being re-suspended.
• Prevent stale values when mixing transitionEnd and transition.type: false.
• Drag: Fix "sticky" throw velocity on initial interaciton.
• Drag: Ensure catching a thrown element kills its velocity.

[12.31.2] 2026-02-05

Fixed

• onHoverStart and onHoverEnd first argument now correctly typed as PointerEvent.
• whileHover: No longer persists after drag end.
• AnimatePresence: Allow changing mode prop.

[12.31.1] 2026-02-04

Added

... (truncated)

Commits

• 5adbf49 v12.34.0
• 5f57695 Updating changelog
• deb5717 Merge pull request #3549 from motiondivision/use-spring-waapi
• b24d9ff latest
• ec0446a Scroll acceleration
• 365b0ad v12.33.2
• 9ebe1cf Updating changelog
• 836da23 Fixing
• 76d0775 Fixing
• 6e4c224 Fix scroll-accelerate Cypress tests to check getAnimations() directly
• Additional commits viewable in compare view

Updates isomorphic-dompurify from 2.35.0 to 2.36.0

Commits

• 77d1437 chore: Incremented project version.
• 227f862 Merge pull request #386 from kkomelin/dependabot/npm_and_yarn/jsdom-28.0.0
• 1f80b7c chore(deps): bump jsdom from 27.4.0 to 28.0.0
• cdfc27b Merge pull request #385 from kkomelin/dependabot/npm_and_yarn/vitest-4.0.18
• 2b8b07d chore(deps-dev): bump vitest from 4.0.17 to 4.0.18
• 4951404 Merge pull request #384 from kkomelin/dependabot/npm_and_yarn/terser-5.46.0
• 9e2b51c chore(deps-dev): bump terser from 5.44.1 to 5.46.0
• d0a98c2 Merge pull request #383 from kkomelin/dependabot/npm_and_yarn/vitest-4.0.17
• 00deefd chore(deps-dev): bump vitest from 4.0.16 to 4.0.17
• See full diff in compare view

Updates next from 16.1.5 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• See full diff in compare view

Updates node-datachannel from 0.32.0 to 0.32.1

Release notes

Sourced from node-datachannel's releases.

v0.32.1

What's Changed

• Hide all symbols to prevent leakage by @​longnguyen2004 in murat-dogan/node-datachannel#395

Full Changelog: murat-dogan/node-datachannel@v0.32.0...v0.32.1

Commits

• 1dc8bf4 v0.32.1
• 25239eb Merge pull request #395 from Discord-RE/no-symbol-leak
• 5809aae Ignore macOS
• fc70c19 Hide all symbols to prevent leakage
• See full diff in compare view

Updates openai from 6.16.0 to 6.18.0

Release notes

Sourced from openai's releases.

v6.18.0

6.18.0 (2026-02-05)

Full Changelog: v6.17.0...v6.18.0

Features

• api: image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (d373c32)

Bug Fixes

• client: avoid memory leak with abort signals (b449f36)
• client: avoid removing abort listener too early (1c045f7)
• client: undo change to web search Find action (8259b45)
• client: update type for find_in_page action (9aa8d98)

Chores

• client: do not parse responses with empty content-length (4a118fa)
• client: restructure abort controller binding (a4d7151)
• internal: fix pagination internals not accepting option promises (6677905)

v6.17.0

6.17.0 (2026-01-28)

Full Changelog: v6.16.0...v6.17.0

Features

• api: add shell_call_output status field (edf9590)
• api: api update (6a2eb80)
• api: api updates (19ca100)

Bug Fixes

• api: mark assistants as deprecated (3ae2a14)

Chores

• ci: upgrade actions/github-script (4ea73d3)
• internal: update actions/checkout version (f163b77)
• internal: upgrade babel, qs, js-yaml (2e2f3c6)

Changelog

Sourced from openai's changelog.

6.18.0 (2026-02-05)

Full Changelog: v6.17.0...v6.18.0

Features

• api: image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (d373c32)

Bug Fixes

• client: avoid memory leak with abort signals (b449f36)
• client: avoid removing abort listener too early (1c045f7)
• client: undo change to web search Find action (8259b45)
• client: update type for find_in_page action (9aa8d98)

Chores

• client: do not parse responses with empty content-length (4a118fa)
• client: restructure abort controller binding (a4d7151)
• internal: fix pagination internals not accepting option promises (6677905)

6.17.0 (2026-01-28)

Full Changelog: v6.16.0...v6.17.0

Features

• api: add shell_call_output status field (edf9590)
• api: api update (6a2eb80)
• api: api updates (19ca100)

Bug Fixes

• api: mark assistants as deprecated (3ae2a14)

Chores

• ci: upgrade actions/github-script (4ea73d3)
• internal: update actions/checkout version (f163b77)
• internal: upgrade babel, qs, js-yaml (2e2f3c6)

Commits

• 69d2b01 release: 6.18.0
• bf5a096 chore(internal): fix pagination internals not accepting option promises
• aa24028 fix(client): avoid removing abort listener too early
• 6ae89c6 chore(client): restructure abort controller binding
• e70fa06 fix(client): undo change to web search Find action
• 3fd4d03 codegen metadata
• f4e6a09 codegen metadata
• 4391e45 fix(client): update type for find_in_page action
• a05e900 chore(client): do not parse responses with empty content-length
• 243f44d fix(client): avoid memory leak with abort signals
• Additional commits viewable in compare view

Updates puppeteer from 24.36.0 to 24.37.2

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.37.2

24.37.2 (2026-02-06)

🛠️ Fixes

• improve ConsoleMessage text() results (#14662) (0bb4703)

📄 Documentation

• document signal option in Page waitFor methods (#14648) (771b885)

puppeteer: v24.37.2

24.37.2 (2026-02-06)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.37.1 to 24.37.2

puppeteer-core: v24.37.1

24.37.1 (2026-02-05)

🛠️ Fixes

• roll to Chrome 145.0.7632.46 (#14653) (d2a5591)
• roll to Firefox 147.0.3 (#14658) (ad5cee0)

puppeteer: v24.37.1

24.37.1 (2026-02-05)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies

... (truncated)

Changelog

Sourced from puppeteer's changelog.

24.37.2 (2026-02-06)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.37.1 to 24.37.2

🛠️ Fixes

• improve ConsoleMessage text() results (#14662) (0bb4703)

📄 Documentation

• document signal option in Page waitFor methods (#14648) (771b885)

24.37.1 (2026-02-05)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.37.0 to 24.37.1

🛠️ Fixes

• roll to Chrome 145.0.7632.46 (#14653) (d2a5591)
• roll to Firefox 147.0.3 (#14658) (ad5cee0)

24.37.0 (2026-02-04)

🎉 Features

... (truncated)

Commits

• b163ce4 chore: release main (#14663)
• dea54fe test: increase protocol timeout in waittask test (#14649)
• 771b885 docs: document signal option in Page waitFor methods (#14648)
• 0bb4703 fix: improve ConsoleMessage text() results (#14662)
• af557b4 chore(deps): bump webpack from 5.98.0 to 5.105.0 in /website (#14661)
• edeca35 chore: Increase timeout values for Windows and other platforms (#14659)
• f0e14f0 chore: release main (#14656)
• ad5cee0 fix: roll to Firefox 147.0.3 (#14658)
• d2a5591 fix: roll to Chrome 145.0.7632.46 (#14653)
• f59d642 chore(deps): update chromium-bidi (#14655)
• Additional commits viewable in compare view

Updates resend from 6.8.0 to 6.9.1

Release notes

Sourced from resend's releases.

v6.9.1

What's Changed

• fix(deps): update dependency mailparser to v3.9.1 by @​renovate[bot] in resend/resend-node#809
• chore(deps): update pnpm to v10.28.2 by @​renovate[bot] in resend/resend-node#807
• chore(deps): update dependency @​biomejs/biome to v2.3.13 by @​renovate[bot] in resend/resend-node#806
• fix(deps): update react monorepo by @​renovate[bot] in resend/resend-node#811
• chore: add react and react-dom as devDependencies by @​gabrielmfern in resend/resend-node#814
• fix(deps): update dependency next to v16.1.5 by @​renovate[bot] in resend/resend-node#810
• chore: bump to 6.9.1 by @​gabrielmfern in resend/resend-node#816

Full Changelog: resend/resend-node@v6.9.0...v6.9.1

v6.9.0

What's Changed

• chore(deps): update pnpm to v10.28.1 by @​renovate[bot] in resend/resend-node#796
• feat(contacts): create contact with segments and topics by @​Cisneiros in resend/resend-node#800
• chore(deps): update dependency @​biomejs/biome to v2.3.12 by @​renovate[bot] in resend/resend-node#805
• chore(deps): update dependency tsdown to v0.20.1 by @​renovate[bot] in resend/resend-node#804
• chore(deps): update dependency vitest to v4.0.18 by @​renovate[bot] in resend/resend-node#803
• chore(deps): update dependency @​types/react to v19.2.9 by @​renovate[bot] in resend/resend-node#799
• chore(deps): update tj-actions/changed-files digest to 7d5bbf4 - autoclosed by @​renovate[bot] in resend/resend-node#798
• fix(deps): update dependency next to v16.1.4 by @​renovate[bot] in resend/resend-node#794
• chore(deps): update dependency @​types/node to v24.10.9 by @​renovate[bot] in resend/resend-node#786
• feat: export all interfaces from main index by @​xiaoyu2er in resend/resend-node#802
• feat: add method to help with forwarding inbound emails by @​lucasfcosta in resend/resend-node#797

New Contributors

• @​xiaoyu2er made their first contribution in resend/resend-node#802

Full Changelog: resend/resend-node@v6.8.0...v6.9.0

Commits

• e015620 chore: bump to 6.9.1 (#816)
• 6f0195a fix(deps): update dependency next to v16.1.5 (#810)
• aec5a72 chore: add react and react-dom as devDependencies (#814)
• e97db88 fix(deps): update react monorepo (#811)
• fe07bd1 chore(deps): update dependency @​biomejs/biome to v2.3.13 (#806)
• f1baaec chore(deps): update pnpm to v10.28.2 (#807)
• 8a8ebcc fix(deps): update dependency mailparser to v3.9.1 (#809)
• 2a48341 chore: bump to 6.9.0 (#808)
• 0d97792 feat: add method to help with forwarding inbound emails (#797)
• f0dfcb0 feat: export all interfaces from main index (#802)
• Additional commits viewable in compare view

Updates undici from 7.19.1 to 7.21.0

Release notes

Sourced from undici's releases.

v7.21.0

What's Changed

• build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @​dependabot[bot] in nodejs/undici#4796
• test: restore global dispatcher after fetch tests by @​mcollina in nodejs/undici#4790
• Add missing close method to WebSocketStream interface by @​piotr-cz in nodejs/undici#4802
• fix: error stream instead of canceling by @​KhafraDev in nodejs/undici#4804
• Fix clientTtl cleanup race in Agent by @​mcollina in nodejs/undici#4807
• feat(#4230): Implement pingInterval for dispatching PING frames by @​metcoder95 in nodejs/undici#4296
• fix: handle undefined __filename in bundled environments by @​mcollina in nodejs/undici#4812
• fix: set finalizer only for fetch responses by @​tsctx in nodejs/undici#4803

New Contributors

• @​piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

v7.20.0

What's Changed

• fix: preserve fetch stack traces by @​mcollina in nodejs/undici#4778
• Fix error handling in MockPool example by @​dave-kennedy in nodejs/undici#4781
• feat: expose statusText in request() ResponseData by @​domenic in nodejs/undici#4784
• test: reduce retry-after invalid date flake by @​mcollina in nodejs/undici#4788
• extractBody fixes by @​KhafraDev in nodejs/undici#4791
• fix: MockAgent delayed response with AbortSignal (#4693) by @​mcollina in nodejs/undici#4772
• fix: onParserTimeout potentially accessing undefined by @​vbfox in nodejs/undici#4758

New Contributors

• @​dave-kennedy made their first contribution in nodejs/undici#4781
• @​vbfox made their first contribution in nodejs/undici#4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

v7.19.2

What's Changed

• Minor code cleanups to decompress interceptor by @​domenic in nodejs/undici#4754
• fix(h2): fix flaky stream end handling on macOS by @​mcollina in nodejs/undici#4762
• return response when receiving 401 instead of network error by @​KhafraDev in nodejs/undici#4769
• fix: properly close idle connections in test server cleanup by @​mcollina in nodejs/undici#4764
• fix: decode HTTP headers as latin1 instead of utf8 by @​mcollina in nodejs/undici#4768
• fix: submodule update by @​Uzlopak in nodejs/undici#4648
• build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 by @​dependabot[bot] in nodejs/undici#4720

New Contributors

• @​domenic made their first contribution in nodejs/undici#4754

Full Changelog: nodejs/undici@v7.19.1...v7.19.2

Commits

• 393c0da Bumped v7.21.0 (#4813)
• 47f9b96 fix: set finalizer only for fetch responses (#4803)
• 92e38fc fix: handle undefined __filename in bundled environments (#4812)
• 283f2aa feat(#4230): Implement pingInterval for dispatching PING frames (#4296)
• 9cc025b Fix clientTtl cleanup race (#4807)
• fc8bb75 fix: error stream instead of canceling (#4804)
• ff6bc5a Add close method to WebSocketStream interface (#4802)
• dae4d91 test: restore global dispatcher after fetch tests (#4790)
• 072c17a build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 (#4796)
• 6cc668d Bumped v7.20.0 (#4792)
• Additional commits viewable in compare view

Updates video.js from 8.23.4 to 8.23.6

Release notes

Sourced from video.js's releases.

v8.23.6

8.23.6 (2025-11-14)

Bug Fixes

• revert minor change to test trusted publishing workflow e2e sans npm token in release.yml (f3de5f3)

netlify preview for this version

v8.23.5

8.23.5 (2025-11-14)

Bug Fixes

• minor change to test trusted publishing workflow e2e (836d8cb)

Documentation

• Clarify copyright and project stewardship (#9104) (20f8d76)

netlify preview for this version

Changelog

Sourced from video.js's changelog.

8.23.6 (2025-11-14)

Bug Fixes

• revert minor change to test trusted publishing workflow e2e sans npm token in release.yml (f3de5f3)

8.23.5 (2025-11-14)

Bug Fixes

• minor change to test trusted publishing workflow e2e (836d8cb)

Documentation

• Clarify copyright and project stewardship (#9104) (20f8d76)

Commits

• e5b3905 8.23.6
• f3de5f3 fix: revert minor change to test trusted publishing workflow e2e sans npm tok...
• d24abca 8.23.5
• 836d8cb fix: minor change to test trusted publishing workflow e2e
• 20f8d76 docs: Clarify copyright and project stewardship (#9104)
• See full diff in compare view

Updates @types/node from 25.0.10 to 25.2.2

Commits

• See full diff in compare view

Updates @types/react from 19.2.9 to 19.2.13

Commits

• See full diff in compare view

Updates @vitejs/plugin-react from 5.1.2 to 5.1.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.3 (2026-02-02)

Commits

• cf0cb8a release: [email protected]
• 99e480c fix(deps): update all non-major dependencies (#1090)
• 77f5e42 fix(deps): update react 19.2.4 (#1084)
• e327da4 fix(deps): update all non-major dependencies (#1083)
• 3d3dbc2 chore: add metadata for vite-plugin-registry (#1078)
• 58dfb9d fix(deps): update all non-major dependencies (#1066)
• fefad3d fix(deps): update all non-major dependencies (#1048)
• 36704df chore: setup oxfmt for formatting (#997)
• 54231d9 docs(plugin-react): add docs for exclude option (#1046)
• 6d203af fix(deps): update all non-major dependencies (#1030)
• Additional commits viewable in compare view

Updates autoprefixer from 10.4.23 to 10.4.24

Release notes

Sourced from autoprefixer's releases.

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

Changelog

Sourced from autoprefixer's changelog.

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

Commits

• 36692c2 Release 10.4.24 version
• 67df014 Update dependencies
• 032440e perf: reduce array allocations (#1542)
• See full diff in compare view

Updates dotenv from 17.2.3 to 17.2.4

Changelog

Sourced from dotenv's changelog.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• See full diff in compare view

Updates eslint-config-next from 16.1.5 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• adf8c61 v16.1.6
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the...

Description has been truncated

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​16.1.5 ⏵ 16.1.6			+1
	eslint-config-next@​16.1.5 ⏵ 16.1.6
	isomorphic-dompurify@​2.35.0 ⏵ 2.36.0
	@​types/​react@​19.2.9 ⏵ 19.2.13	+1		+1	+2
	@​types/​node@​25.0.10 ⏵ 25.2.2	+1		+1
	node-datachannel@​0.32.0 ⏵ 0.32.1	+7
	autoprefixer@​10.4.23 ⏵ 10.4.24			+1
	puppeteer@​24.36.0 ⏵ 24.37.2				+1
	dotenv@​17.2.3 ⏵ 17.2.4
	@​vitejs/​plugin-react@​5.1.2 ⏵ 5.1.3	+1			+2
	framer-motion@​12.29.2 ⏵ 12.34.0	+1		+1	+1
	openai@​6.16.0 ⏵ 6.18.0				+2
	resend@​6.8.0 ⏵ 6.9.1				+1
	@​supabase/​supabase-js@​2.93.1 ⏵ 2.95.3	+1			+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm @zone-eu/mailsplit under EUPL-1.2 License: EUPL-1.2 - the applicable license policy does not allow this license (4) (package/LICENSE.EUPL-1.2) From: pnpm-lock.yaml → npm/[email protected] → npm/@zone-eu/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@zone-eu/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report