Skip to content

fix(deps): update bun minor and patch dependencies#991

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/bun-minor-and-patch-dependencies
Open

fix(deps): update bun minor and patch dependencies#991
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/bun-minor-and-patch-dependencies

Conversation

@renovate

@renovate renovate Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@base-ui/react (source) ^1.5.0^1.6.0 age confidence
@better-auth/api-key (source) 1.6.181.6.22 age confidence
@better-auth/passkey (source) ^1.6.18^1.6.22 age confidence
@better-auth/sso (source) ^1.6.18^1.6.22 age confidence
@better-auth/utils 0.4.10.4.2 age confidence
@cloudflare/vite-plugin (source) ^1.40.2^1.42.3 age confidence
@faker-js/faker (source) ^10.4.0^10.5.0 age confidence
@hey-api/openapi-ts (source) ^0.98.2^0.99.0 age confidence
@libsql/client (source) ^0.17.3^0.17.4 age confidence
@playwright/test (source) ^1.60.0^1.61.1 age confidence
@radix-ui/react-alert-dialog (source) ^1.1.16^1.1.17 age confidence
@radix-ui/react-checkbox (source) ^1.3.4^1.3.5 age confidence
@radix-ui/react-dialog (source) ^1.1.16^1.1.17 age confidence
@radix-ui/react-dropdown-menu (source) ^2.1.17^2.1.18 age confidence
@radix-ui/react-hover-card (source) ^1.1.16^1.1.17 age confidence
@radix-ui/react-label (source) ^2.1.9^2.1.10 age confidence
@radix-ui/react-progress (source) ^1.1.9^1.1.10 age confidence
@radix-ui/react-scroll-area (source) ^1.2.11^1.2.12 age confidence
@radix-ui/react-select (source) ^2.3.0^2.3.1 age confidence
@radix-ui/react-separator (source) ^1.1.9^1.1.10 age confidence
@radix-ui/react-slot (source) ^1.2.5^1.3.0 age confidence
@radix-ui/react-switch (source) ^1.3.0^1.3.1 age confidence
@radix-ui/react-tabs (source) ^1.1.14^1.1.15 age confidence
@radix-ui/react-tooltip (source) ^1.2.9^1.2.10 age confidence
@scalar/hono-api-reference (source) ^0.11.3^0.11.6 age confidence
@tanstack/devtools-vite (source) ^0.7.0^0.8.1 age confidence
@tanstack/react-devtools (source) ^0.10.5^0.10.8 age confidence
@tanstack/react-query (source) ^5.101.0^5.101.2 age confidence
@tanstack/react-query-devtools (source) ^5.101.0^5.101.2 age confidence
@tanstack/react-router (source) ^1.170.15^1.170.16 age confidence
@tanstack/react-start (source) ^1.168.25^1.168.26 age confidence
@types/node (source) ^25.9.3^25.9.4 age confidence
@vitejs/plugin-react (source) ^6.0.2^6.0.3 age confidence
better-auth (source) ^1.6.18^1.6.22 age confidence
cron-parser ^5.5.0^5.6.1 age confidence
effect (source) ^3.21.3^3.21.4 age confidence
electron ^39.2.7^39.8.10 age confidence
es-toolkit (source) ^1.47.1^1.49.0 age confidence
fumadocs-core ^16.10.2^16.10.6 age confidence
fumadocs-mdx ^15.0.12^15.0.13 age confidence
fumadocs-ui ^16.10.2^16.10.6 age confidence
happy-dom ^20.10.3^20.10.6 age confidence
hono (source) ^4.12.25^4.12.27 age confidence
lucide-react (source) ^1.18.0^1.21.0 age confidence
oxfmt (source) 0.54.00.56.0 age confidence
react-hook-form (source) ^7.78.0^7.80.0 age confidence
recharts 3.8.13.9.0 age confidence
semver ^7.8.4^7.8.5 age confidence
shadcn (source) ^4.11.0^4.12.0 age confidence
vite (source) ^8.0.16^8.1.0 age confidence
vite-plus (source) ^0.1.24^0.2.1 age confidence
vitest (source) ^4.1.8^4.1.9 age confidence
wrangler (source) ^4.100.0^4.105.0 age confidence

Release Notes

mui/base-ui (@​base-ui/react)

v1.6.0

Compare Source

Jun 18, 2026

General changes
Accordion
Alert Dialog
Autocomplete
Avatar
Checkbox
Checkbox Group
Collapsible
Combobox
Dialog
Drawer
Field
Fieldset
Form
Menu
Menubar
Meter
Navigation Menu
Number Field
OTP Field
  • 🚨 Breaking change: Unmark preview

    the namespace export is renamed OTPFieldPreviewOTPField and should be imported as: { OTPField } from '@​base-ui/react/otp-field' (#​5029) by @​atomiks
  • Avoid password manager bubbles after first input (#​4868) by @​atomiks
Popover
Preview Card
Radio Group
Scroll Area
Select
Slider
Switch
Tabs
Toast
Toggle
Toggle Group
Toolbar
Tooltip

All contributors of this release in alphabetical order: @​aarongarciah, @​atomiks, @​chuganzy, @​flaviendelangle, @​lyzno1, @​mattrothenberg, @​michaldudak, @​mj12albert, @​sernstberger, @​spokodev

better-auth/better-auth (@​better-auth/api-key)

v1.6.22

Compare Source

Patch Changes

v1.6.21

Compare Source

Patch Changes
  • #​10203 5953157 Thanks @​bytaesu! - Rate limiting no longer trusts multi-hop X-Forwarded-For chains, preventing a client behind an appending proxy from spoofing the leftmost hop to bypass the per-IP rate limit. Single-value IP headers continue to work. To key the real client behind a proxy chain, set advanced.ipAddress.trustedProxies to your reverse-proxy IPs or CIDR ranges (the chain is walked right to left, skipping trusted hops), or point advanced.ipAddress.ipAddressHeaders at a single trusted client-IP header.

  • Updated dependencies [e0762a1, 882cf9e, f52e1ab, 90d509e, b5bec19, 816d7f9, 239bcc8, 1bc370a, 570267c, 461ca6f, 88409b0, 5953157, b046f9e, ae647b4]:

v1.6.20

Compare Source

Patch Changes

v1.6.19

Compare Source

Patch Changes
better-auth/better-auth (@​better-auth/passkey)

v1.6.22

Compare Source

Patch Changes

v1.6.21

Compare Source

Patch Changes

v1.6.20

Compare Source

Patch Changes

v1.6.19

Compare Source

Patch Changes
better-auth/better-auth (@​better-auth/sso)

v1.6.22

Compare Source

Patch Changes

v1.6.21

Compare Source

Patch Changes
  • #​10224 7a7a7b3 Thanks @​Bekacru! - Deleting an SSO provider no longer leaves linked accounts that a later provider with the same provider ID can reuse.

    SSO and SCIM provider setup now rejects provider IDs already used by another account provider.

    SSO provider updates now reject identity-defining changes, such as issuer, login endpoints, client ID, SAML metadata, or user ID mappings, after accounts are linked. Secret rotation and same-value updates still work.

  • #​10226 fa1e036 Thanks @​Bekacru! - SAML SSO now rejects responses whose audience, bearer recipient, or response destination does not match the configured Service Provider before creating a session.

  • #​10225 1a8b7cc Thanks @​Bekacru! - SAML single logout now rejects IdP SLO POST URLs that use non-http(s) schemes, such as javascript: or data:.

  • #​10227 fcabaaf Thanks @​Bekacru! - SSO domain verification now requires proof for every domain a provider lists. When a provider's domain has multiple comma-separated domains, each listed domain must publish the verification TXT record before the provider is marked verified. The verifier accepts TXT records that exactly match the raw verification token, matching the documented setup flow, or the existing identifier=value format.

  • Updated dependencies [e0762a1, 882cf9e, f52e1ab, 90d509e, b5bec19, 816d7f9, 239bcc8, 1bc370a, 570267c, 461ca6f, 88409b0, 5953157, b046f9e, ae647b4]:

v1.6.20

Compare Source

Patch Changes

v1.6.19

Compare Source

Patch Changes

Note

PR body was truncated to here.

@socket-security

socket-security Bot commented Jun 16, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatednpm/​happy-dom@​20.10.3 ⏵ 20.10.66610088 +195100
Updatednpm/​@​radix-ui/​react-label@​2.1.9 ⏵ 2.1.101001006698100
Updatednpm/​@​radix-ui/​react-separator@​1.1.9 ⏵ 1.1.101001006798100
Updatednpm/​@​radix-ui/​react-progress@​1.1.9 ⏵ 1.1.101001006998100
Updatednpm/​oxfmt@​0.52.0 ⏵ 0.56.069 -2410089 +196100
Updatednpm/​@​radix-ui/​react-slot@​1.2.5 ⏵ 1.3.0100 +110069 +198100
Updatednpm/​@​radix-ui/​react-tabs@​1.1.14 ⏵ 1.1.15991007098100
Updatednpm/​@​tanstack/​react-query-devtools@​5.101.0 ⏵ 5.101.2991007197100
Updatednpm/​@​radix-ui/​react-switch@​1.3.0 ⏵ 1.3.1991007198100
Updatednpm/​@​radix-ui/​react-hover-card@​1.1.16 ⏵ 1.1.17991007199 +2100
Updatednpm/​@​radix-ui/​react-checkbox@​1.3.4 ⏵ 1.3.5991007198100
Updatednpm/​@​radix-ui/​react-alert-dialog@​1.1.16 ⏵ 1.1.17100 +11007199 +2100
Updatednpm/​@​radix-ui/​react-dialog@​1.1.16 ⏵ 1.1.1799 +11007199 +2100
Updatednpm/​@​radix-ui/​react-dropdown-menu@​2.1.17 ⏵ 2.1.18991007199 +2100
Updatednpm/​@​base-ui/​react@​1.5.0 ⏵ 1.6.072 -21008994100
Updatednpm/​@​radix-ui/​react-tooltip@​1.2.9 ⏵ 1.2.10991007299 +2100
Updatednpm/​fumadocs-mdx@​15.0.12 ⏵ 15.0.1398 +110072 +196 +2100
Updatednpm/​@​radix-ui/​react-scroll-area@​1.2.11 ⏵ 1.2.1299 +110073 +199 +2100
Updatednpm/​@​radix-ui/​react-select@​2.3.0 ⏵ 2.3.1991007499 +2100
Updatednpm/​recharts@​3.8.1 ⏵ 3.9.074 -5100100 +295100
Updatednpm/​@​tanstack/​react-router@​1.170.15 ⏵ 1.170.16751008497 +1100
Updatednpm/​@​better-auth/​api-key@​1.6.18 ⏵ 1.6.22771007897 +1100
Updatednpm/​fumadocs-ui@​16.10.2 ⏵ 16.10.698 +110077 +196 +1100
Updatednpm/​fumadocs-core@​16.10.2 ⏵ 16.10.698 +110077 +196100
Updatednpm/​@​scalar/​hono-api-reference@​0.11.3 ⏵ 0.11.610010078100100
Updatednpm/​@​better-auth/​sso@​1.6.18 ⏵ 1.6.2299 +110078 +198 +1100
Updatednpm/​vitest@​4.1.8 ⏵ 4.1.998 +110079 +198100
Updatednpm/​@​tanstack/​devtools-vite@​0.7.0 ⏵ 0.8.19910080 +197 +1100
Updatednpm/​vite-plus@​0.1.24 ⏵ 0.2.180100100 +199100
Updatednpm/​@​faker-js/​faker@​10.4.0 ⏵ 10.5.01001001009180
Updatednpm/​lucide-react@​1.18.0 ⏵ 1.21.0100 +110098 +19680
Addednpm/​@​types/​node@​25.9.41001008196100
See 20 more rows in the dashboard

View full report

@renovate renovate Bot force-pushed the renovate/bun-minor-and-patch-dependencies branch 6 times, most recently from a92c278 to 9b201cc Compare June 18, 2026 12:07
@renovate renovate Bot changed the title fix(deps): update bun minor and patch dependencies to ^7.79.0 fix(deps): update bun minor and patch dependencies Jun 18, 2026
@renovate renovate Bot force-pushed the renovate/bun-minor-and-patch-dependencies branch 2 times, most recently from 414237a to e7832db Compare June 19, 2026 04:47
@socket-security

socket-security Bot commented Jun 19, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/vite@8.1.0npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm effect is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: apps/agent/package.jsonnpm/effect@3.21.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/effect@3.21.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm happy-dom is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/happy-dom@20.10.6

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/happy-dom@20.10.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm oxfmt is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/oxfmt@0.56.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/oxfmt@0.56.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm oxfmt is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/oxfmt@0.56.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/oxfmt@0.56.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm recharts is 62.0% likely obfuscated

Confidence: 0.62

Location: Package overview

From: package.jsonnpm/recharts@3.9.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/recharts@3.9.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/bun-minor-and-patch-dependencies branch 19 times, most recently from fb3f09d to afe32b3 Compare June 22, 2026 19:18
@renovate renovate Bot force-pushed the renovate/bun-minor-and-patch-dependencies branch 19 times, most recently from a62b631 to 75f9136 Compare June 29, 2026 20:56
@renovate renovate Bot force-pushed the renovate/bun-minor-and-patch-dependencies branch 4 times, most recently from 5a13816 to 961737a Compare June 30, 2026 17:23
@renovate renovate Bot force-pushed the renovate/bun-minor-and-patch-dependencies branch from 961737a to 854bcfa Compare June 30, 2026 21:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants