chore(deps): bump the frontend-dependencies group with 10 updates

[dependabot]

Bumps the frontend-dependencies group with 10 updates:

Package	From	To
vercel	50.32.5	50.33.0
@polar-sh/sdk	0.46.2	0.46.4
framer-motion	12.34.3	12.38.0
@commitlint/cli	20.4.2	20.5.0
@commitlint/config-conventional	20.4.2	20.5.0
@iconify-json/lucide	1.2.96	1.2.98
rollup-plugin-visualizer	6.0.8	6.0.11
mongoose	9.2.2	9.3.1
resend	6.9.3	6.9.4
svix	1.86.0	1.88.0

Updates vercel from 50.32.5 to 50.33.0

Release notes

Sourced from vercel's releases.

vercel@50.33.0

Minor Changes

• [services] add support for background workers to vc dev (#15434)

• Add stdin_is_tty telemetry tracking to measure interactive vs non-interactive CLI usage (#15574)

• [services] add support for cron services to vc dev (#15433)

Patch Changes

• Auto-run login flow when AI agent is detected without credentials, instead of printing an error and exiting. The device code flow prints an auth URL, opens the browser when possible, and polls for completion. (#15581)

• Improved vercel activity command output formatting: added scope headers showing the team/project being queried, aligned event detail fields in expanded view, and included scope information in JSON output. (#15520)

• Preserve --environment selection when integration add falls back to the browser (#15493)

• Show availability error instead of price check error when domain unavailable (#15563)

• Fixed --project flag not being respected when a repo.json exists. Previously, running vercel link --yes --project=example would still prompt for project selection in monorepo setups with repo.json. Now the --project flag correctly auto-selects the matching project without interactive prompts. (#14790)

• Non-interactive for redirects (#15450)

• Adding in best practices for non-interactive mode (#15496)

• Adding in non-interactive mode for teams (#15478)

• Adding in non-interactive mode for DNS (#15494)

• [cli] Add client-side validation for --skip-domain flag to require --prod or --target=production (#14650)

• Updated dependencies [89f9c77b167bcbcd725c7f963d91f30a22127f2a, 1d01a1006715435b145ba3db22421d7365bc0397, 8c84d5915e5aa6e773de313b3ecb5f6685e8c077, 5badb77cae9c1ed8d1fc32a52788b8af2c36c7fa, e9a791d0fa04ef58695535fa508554415137fb58, 283df58cf4b75bf9cfe13958ad379149ffeb7464]:

  • @​vercel/python@​6.24.0
  • @​vercel/static-build@​2.9.1
  • @​vercel/build-utils@​13.8.1
  • @​vercel/backends@​0.0.46
  • @​vercel/elysia@​0.1.49
  • @​vercel/express@​0.1.58
  • @​vercel/fastify@​0.1.52
  • @​vercel/go@​3.4.5
  • @​vercel/h3@​0.1.58
  • @​vercel/hono@​0.2.52
  • @​vercel/hydrogen@​1.3.6
  • @​vercel/koa@​0.1.32
  • @​vercel/nestjs@​0.2.53
  • @​vercel/next@​4.16.1
  • @​vercel/node@​5.6.16
  • @​vercel/redwood@​2.4.10
  • @​vercel/remix-builder@​5.7.0
  • @​vercel/ruby@​2.3.2

... (truncated)

Changelog

Sourced from vercel's changelog.

50.33.0

Minor Changes

• [services] add support for background workers to vc dev (#15434)

• Add stdin_is_tty telemetry tracking to measure interactive vs non-interactive CLI usage (#15574)

• [services] add support for cron services to vc dev (#15433)

Patch Changes

• Auto-run login flow when AI agent is detected without credentials, instead of printing an error and exiting. The device code flow prints an auth URL, opens the browser when possible, and polls for completion. (#15581)

• Improved vercel activity command output formatting: added scope headers showing the team/project being queried, aligned event detail fields in expanded view, and included scope information in JSON output. (#15520)

• Preserve --environment selection when integration add falls back to the browser (#15493)

• Show availability error instead of price check error when domain unavailable (#15563)

• Fixed --project flag not being respected when a repo.json exists. Previously, running vercel link --yes --project=example would still prompt for project selection in monorepo setups with repo.json. Now the --project flag correctly auto-selects the matching project without interactive prompts. (#14790)

• Non-interactive for redirects (#15450)

• Adding in best practices for non-interactive mode (#15496)

• Adding in non-interactive mode for teams (#15478)

• Adding in non-interactive mode for DNS (#15494)

• [cli] Add client-side validation for --skip-domain flag to require --prod or --target=production (#14650)

• Updated dependencies [89f9c77b167bcbcd725c7f963d91f30a22127f2a, 1d01a1006715435b145ba3db22421d7365bc0397, 8c84d5915e5aa6e773de313b3ecb5f6685e8c077, 5badb77cae9c1ed8d1fc32a52788b8af2c36c7fa, e9a791d0fa04ef58695535fa508554415137fb58, 283df58cf4b75bf9cfe13958ad379149ffeb7464]:

  • @​vercel/python@​6.24.0
  • @​vercel/static-build@​2.9.1
  • @​vercel/build-utils@​13.8.1
  • @​vercel/backends@​0.0.46
  • @​vercel/elysia@​0.1.49
  • @​vercel/express@​0.1.58
  • @​vercel/fastify@​0.1.52
  • @​vercel/go@​3.4.5
  • @​vercel/h3@​0.1.58
  • @​vercel/hono@​0.2.52
  • @​vercel/hydrogen@​1.3.6
  • @​vercel/koa@​0.1.32
  • @​vercel/nestjs@​0.2.53
  • @​vercel/next@​4.16.1
  • @​vercel/node@​5.6.16
  • @​vercel/redwood@​2.4.10
  • @​vercel/remix-builder@​5.7.0

... (truncated)

Commits

• a0e6e10 Version Packages (#15507)
• d49ddd2 [python tests] resolve python wheel urls in tests to fix broken CI (#15606)
• 9dbc976 feat(cli): Add query param for cli source for post-buy (#15599)
• 2d65f45 [Vercel CLI] Agent fix for Vercel Login (#15581)
• a244f2b feat(cli): track tty in telemetry (#15574)
• b073975 [domains] show unavailable error instead of price check error on domain purch...
• 89f9c77 [services] add support for background workers to vc dev (#15434)
• 8ee6645 [cli] Preserve --environment in web UI fallback URLs (#15493)
• d8c186e [CLI] feat: non-interactive mode for redirects (#15450)
• e2cce32 noninteractive mode readme (#15496)
• Additional commits viewable in compare view

Updates @polar-sh/sdk from 0.46.2 to 0.46.4

Release notes

Sourced from @​polar-sh/sdk's releases.

typescript - v0.46.4 - 2026-03-13 07:47:12

Generated by Speakeasy CLI

@​polar-sh/sdk 0.46.4

Typescript SDK Changes:

• polar.events.list(): response.union(ListResource_Event_).items[].union(SystemEvent).union(subscription.updated) Added (Breaking ⚠️)
• polar.organizations.create():
  • request Changed (Breaking ⚠️)
  • response Changed
• polar.events.get(): response.union(SystemEvent).union(subscription.updated) Added (Breaking ⚠️)
• polar.organizations.update():
  • request.organizationUpdate Changed (Breaking ⚠️)
  • response Changed
• polar.checkoutLinks.create(): response.discount Changed
• polar.discounts.list(): response.items[] Changed
• polar.subscriptions.get(): response Changed
• polar.subscriptions.revoke(): response Changed
• polar.subscriptions.update():
  • request.subscriptionUpdate.union(SubscriptionUpdateProduct).prorationBehavior.enum(nextPeriod) Added
  • response Changed
  • error.status[402] Added
• polar.discounts.create():
  • request Changed
  • response Changed
• polar.orders.get(): response.discount Changed
• polar.orders.update(): response.discount Changed
• polar.checkouts.list(): response.items[].discount Changed
• polar.checkouts.create(): response.discount Changed
• polar.checkouts.get(): response.discount Changed
• polar.checkouts.update(): response.discount Changed
• polar.checkouts.clientGet(): response Changed
• polar.checkouts.clientUpdate(): response Changed
• polar.checkouts.clientConfirm(): response Changed
• polar.checkoutLinks.list(): response.items[].discount Changed
• polar.organizations.list(): response.items[] Changed
• polar.checkoutLinks.get(): response.discount Changed
• polar.subscriptions.create(): response Changed
• polar.checkoutLinks.update(): response.discount Changed
• polar.orders.list(): response.items[].discount Changed
• polar.discounts.get(): response Changed
• polar.discounts.update():
  • request.discountUpdate.amounts Added
  • response Changed
• polar.customerPortal.benefitGrants.list(): response.items[].union(CustomerBenefitGrantDiscord).benefit.organization.prorationBehavior.enum(nextPeriod) Added
• polar.customerPortal.benefitGrants.get(): response.union(CustomerBenefitGrantGitHubRepository).benefit.organization.prorationBehavior.enum(nextPeriod) Added
• polar.customerPortal.benefitGrants.update(): response.union(CustomerBenefitGrantLicenseKeys).benefit.organization.prorationBehavior.enum(nextPeriod) Added
• polar.customerPortal.seats.listClaimedSubscriptions(): response.items[] Changed
• polar.customerPortal.orders.list(): response.items[].product.organization.prorationBehavior.enum(nextPeriod) Added
• polar.customerPortal.orders.get(): response.product.organization.prorationBehavior.enum(nextPeriod) Added
• polar.customerPortal.orders.update(): response.product.organization.prorationBehavior.enum(nextPeriod) Added
• polar.customerPortal.organizations.get(): response.organization.prorationBehavior.enum(nextPeriod) Added

... (truncated)

Changelog

Sourced from @​polar-sh/sdk's changelog.

2024-09-02 09:49:03

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.385.0 (2.407.2) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v0.6.1] .

Releases

• [NPM v0.6.1] https://www.npmjs.com/package/@​polar-sh/sdk/v/0.6.1 - .

2024-09-04 00:24:19

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.390.1 (2.409.0) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v0.7.0] .

Releases

• [NPM v0.7.0] https://www.npmjs.com/package/@​polar-sh/sdk/v/0.7.0 - .

2024-09-05 00:24:10

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.390.5 (2.409.3) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v0.7.1] .

Releases

• [NPM v0.7.1] https://www.npmjs.com/package/@​polar-sh/sdk/v/0.7.1 - .

2024-09-13 00:24:28

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.396.6 (2.415.6) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v0.8.0] .

Releases

• [NPM v0.8.0] https://www.npmjs.com/package/@​polar-sh/sdk/v/0.8.0 - .

2024-09-16 00:26:12

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.396.9 (2.415.7) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v0.8.1] .

Releases

... (truncated)

Commits

• dd61fd3 Merge pull request #164 from polarsource/speakeasy-sdk-regen-1773103093
• 8bc8ac5 empty commit to trigger [run-tests] workflow
• 52631a8 ## Typescript SDK Changes:
• 6fa8eb1 Merge pull request #165 from polarsource/fix/add-missing-webhook-event-types
• 915fa3e fix: add missing webhook event types to parseEvent
• ec38712 ## Typescript SDK Changes:
• See full diff in compare view

Updates framer-motion from 12.34.3 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

[12.37.0] 2026-03-16

Added

• Support for hardware accelerating "start" and "end" offsets in scroll and useScroll.
• Support for oklch, oklab, lab, lch, color, color-mix, light-dark color types.

Fixed

• Fix whileInView with client-side navigation.
• Fix draggable elements when layout updates due to surrounding element re-renders.
• Improved memory pressure of layout animations.
• Ensure motion value returned from useSpring reports correct isAnimating().

[12.36.0] 2026-03-09

Added

• Allow dragSnapToOrigin to accept "x" or "y" for per-axis snapping.
• Added axis-locked layout animations with layout="x" and layout="y".
• Added skipInitialAnimation to useSpring.

Fixed

• Fixed height and width: auto animations with box-sizing: border-box.
• Reset component values when exit animation finishes.
• Ensure anticipate easing returns 1 at p === 1.
• Fix @emotion/is-prop-valid resolve error in Storybook.
• Remove data-pop-layout-id from exiting elements when animation interrupted.
• Ensure we skip WAAPI for non-animatable keyframes.
• Ensure we skip WAAPI for SVG transforms.
• Ensure MotionValue props are not passed to SVG.
• AnimatePresence: Prevent mode="wait" elements from getting stuck when switched rapidly.

[12.35.2] 2026-03-09

Fixed

... (truncated)

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates @commitlint/cli from 20.4.2 to 20.5.0

Release notes

Sourced from @​commitlint/cli's releases.

v20.5.0

20.5.0 (2026-03-15)

Bug Fixes

• fix(resolve-extends): always resolve extended parser presets for proper merging by @​omar-y-abdi in conventional-changelog/commitlint#4647
• fix(load): resolve async config exports in CJS projects by @​omar-y-abdi in conventional-changelog/commitlint#4659
• fix(cli): validate that --cwd directory exists before execution by @​omar-y-abdi in conventional-changelog/commitlint#4658

Features

• feat(cz-commitlint): add exclamation mark support for breaking changes by @​mrt181 in conventional-changelog/commitlint#4655

New Contributors

• @​mrt181 made their first contribution in conventional-changelog/commitlint#4655
• @​omar-y-abdi made their first contribution in conventional-changelog/commitlint#4647

Full Changelog: conventional-changelog/commitlint@v20.4.4...v20.5.0

v20.4.4

20.4.4 (2026-03-12)

Bug Fixes

• fix(types): allow context parameter in QualifiedRuleConfig functions by @​Br1an67 in conventional-changelog/commitlint#4636
• fix(read): update git-raw-commits to v5 API by @​Tamas-hi in conventional-changelog/commitlint#4638
• fix(is-ignored): strip CI skip markers from release commits by @​Br1an67 in conventional-changelog/commitlint#4637

New Contributors

• @​Br1an67 made their first contribution in conventional-changelog/commitlint#4636
• @​Tamas-hi made their first contribution in conventional-changelog/commitlint#4638

Full Changelog: conventional-changelog/commitlint@v20.4.3...v20.4.4

v20.4.3

20.4.3 (2026-03-03)

Bug Fixes

• fix: npx usage #613 by @​escapedcat in conventional-changelog/commitlint#4630
• fix(types): incorrect types for rule options by @​Zamiell in conventional-changelog/commitlint#4633

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

20.5.0 (2026-03-15)

Bug Fixes

• cli: validate that --cwd directory exists before execution (#4658) (cf80f75), closes #4595

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/cli

20.4.3 (2026-03-03)

Bug Fixes

• footer parser does not escape special chars for regex #4560 (#4634) (8ff7c7f)

Commits

• a7918e9 v20.5.0
• cf80f75 fix(cli): validate that --cwd directory exists before execution (#4658)
• 02d7245 v20.4.4
• a746981 v20.4.3
• 18bd371 chore: deps (#4635)
• 8ff7c7f fix: footer parser does not escape special chars for regex #4560 (#4634)
• See full diff in compare view

Updates @commitlint/config-conventional from 20.4.2 to 20.5.0

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.5.0

20.5.0 (2026-03-15)

Bug Fixes

• fix(resolve-extends): always resolve extended parser presets for proper merging by @​omar-y-abdi in conventional-changelog/commitlint#4647
• fix(load): resolve async config exports in CJS projects by @​omar-y-abdi in conventional-changelog/commitlint#4659
• fix(cli): validate that --cwd directory exists before execution by @​omar-y-abdi in conventional-changelog/commitlint#4658

Features

• feat(cz-commitlint): add exclamation mark support for breaking changes by @​mrt181 in conventional-changelog/commitlint#4655

New Contributors

• @​mrt181 made their first contribution in conventional-changelog/commitlint#4655
• @​omar-y-abdi made their first contribution in conventional-changelog/commitlint#4647

Full Changelog: conventional-changelog/commitlint@v20.4.4...v20.5.0

v20.4.4

20.4.4 (2026-03-12)

Bug Fixes

• fix(types): allow context parameter in QualifiedRuleConfig functions by @​Br1an67 in conventional-changelog/commitlint#4636
• fix(read): update git-raw-commits to v5 API by @​Tamas-hi in conventional-changelog/commitlint#4638
• fix(is-ignored): strip CI skip markers from release commits by @​Br1an67 in conventional-changelog/commitlint#4637

New Contributors

• @​Br1an67 made their first contribution in conventional-changelog/commitlint#4636
• @​Tamas-hi made their first contribution in conventional-changelog/commitlint#4638

Full Changelog: conventional-changelog/commitlint@v20.4.3...v20.4.4

v20.4.3

20.4.3 (2026-03-03)

Bug Fixes

• fix: npx usage #613 by @​escapedcat in conventional-changelog/commitlint#4630
• fix(types): incorrect types for rule options by @​Zamiell in conventional-changelog/commitlint#4633

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.5.0 (2026-03-15)

Note: Version bump only for package @​commitlint/config-conventional

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/config-conventional

20.4.3 (2026-03-03)

Bug Fixes

• footer parser does not escape special chars for regex #4560 (#4634) (8ff7c7f)

Commits

• a7918e9 v20.5.0
• 02d7245 v20.4.4
• a746981 v20.4.3
• 8ff7c7f fix: footer parser does not escape special chars for regex #4560 (#4634)
• See full diff in compare view

Updates @iconify-json/lucide from 1.2.96 to 1.2.98

Commits

• See full diff in compare view

Updates rollup-plugin-visualizer from 6.0.8 to 6.0.11

Changelog

Sourced from rollup-plugin-visualizer's changelog.

6.0.11

• Identical to 6.0.5 to have latest v6 that is not deprecated

Commits

• a9d913c 6.0.11
• c613c5b Correct tag
• 33e384c 6.0.10
• 7896810 Update build script for branch
• 1425f70 6.0.9
• c69b1b6 Update snapshots to accomodate version updates
• f606b6b Set minumum version of node to v20
• 023fb44 Update dependencies
• 5bea1b2 Update supported node version
• 7cae234 Update README.md (#205)
• Additional commits viewable in compare view

Updates mongoose from 9.2.2 to 9.3.1

Release notes

Sourced from mongoose's releases.

9.3.1 / 2026-03-17

• fix(model): handle passing string projection to hydrate() #16082
• fix(model): fix bulkWrite() sorting #16079 #16080 pnkov
• fix(QueryCursor): fix wrong this context in QueryCursor close callback #16104 techcodie
• types(schema): infer schema options correctly for model context in statics #16046 #16102
• types(schema): fix type definition for HydratedDocType in autoTypedVirtuals #16083
• types(plugin): allow passing model with custom TStatics into Schema.prototype.plugin() #16090 #16086
• chore: use MongooseError instead of Error in schema, model, and aggregate #15995 mahmoodhamdi
• docs(projection): clean up jsdoc for parseProjection()

9.3.0 / 2026-03-10

• feat(schema): support discriminators option inline for better TypeScript support #16053
• feat(aggregate): add pipelineForUnionWith() helper to allow reusing pipelines with $unionWith in TypeScript #16033
• feat(setDefaultsOnInsert): pass query as context to default functions #16041 #16025
• fix: resolve deeply nested discriminator paths in arrayFilters #16072 Yatin81
• fix(changeStream): emit ready on next tick to allow stream to initialize
• fix(connection): handle calling watch() on disconnected connection
• fix: remove references to mongodb option "promiseLibrary" hasezoey
• fix(model+query): backwards compatible validateBeforeSave handling and avoid TypeError in removeUnusedArrayFilters on nullish update
• perf(model): remove unnecessary overhead when saving new doc
• types(InferRawDocType): fall back to using InferRawDocType instead of pulling non-raw inferred doc type if EnforcedDocType not set #16053
• types: add type constraints for Document#$model() and Document#model() mrazauskas
• docs: fix broken links and update MongoDB documentation links #16037 hasezoey
• docs(contributing): update issue tracker links to Automattic org AkaHarshit

9.2.4 / 2026-03-03

• types(models): allow unknown keys in subdocs while retaining autocomplete suggestions #16048
• types(schema): fix issues related to defining timestamps and virtuals with methods and/or statics in schema options #16052 #16046
• docs: use lowercase primitive types in JSDoc and fix incorrect @returns declarations #16036 #16018
• docs(field-level-encryption): improve CSFLE docs with model registration guidance and schema definition example #16065 #16015

9.2.3 / 2026-02-26

• types(model): make bulkSave() correctly take array of THydratedDocumentType #16032

Changelog

Sourced from mongoose's changelog.

9.3.1 / 2026-03-17

• fix(model): handle passing string projection to hydrate() #16082
• fix(model): fix bulkWrite() sorting #16079 #16080 pnkov
• fix(QueryCursor): fix wrong this context in QueryCursor close callback #16104 techcodie
• types(schema): infer schema options correctly for model context in statics #16046 #16102
• types(schema): fix type definition for HydratedDocType in autoTypedVirtuals #16083
• types(plugin): allow passing model with custom TStatics into Schema.prototype.plugin() #16090 #16086
• chore: use MongooseError instead of Error in schema, model, and aggregate #15995 mahmoodhamdi
• docs(projection): clean up jsdoc for parseProjection()

9.3.0 / 2026-03-10

• feat(schema): support discriminators option inline for better TypeScript support #16053
• feat(aggregate): add pipelineForUnionWith() helper to allow reusing pipelines with $unionWith in TypeScript #16033
• feat(setDefaultsOnInsert): pass query as context to default functions #16041 #16025
• fix: resolve deeply nested discriminator paths in arrayFilters #16072 Yatin81
• fix(changeStream): emit ready on next tick to allow stream to initialize
• fix(connection): handle calling watch() on disconnected connection
• fix: remove references to mongodb option "promiseLibrary" hasezoey
• fix(model+query): backwards compatible validateBeforeSave handling and avoid TypeError in removeUnusedArrayFilters on nullish update
• perf(model): remove unnecessary overhead when saving new doc
• types(InferRawDocType): fall back to using InferRawDocType instead of pulling non-raw inferred doc type if EnforcedDocType not set #16053
• types: add type constraints for Document#$model() and Document#model() mrazauskas
• docs: fix broken links and update MongoDB documentation links #16037 hasezoey
• docs(contributing): update issue tracker links to Automattic org AkaHarshit

9.2.4 / 2026-03-03

• types(models): allow unknown keys in subdocs while retaining autocomplete suggestions #16048
• types(schema): fix issues related to defining timestamps and virtuals with methods and/or statics in schema options #16052 #16046
• docs: use lowercase primitive types in JSDoc and fix incorrect @returns declarations #16036 #16018
• docs(field-level-encryption): improve CSFLE docs with model registration guidance and schema definition example #16065 #16015

9.2.3 / 2026-02-26

• types(model): make bulkSave() correctly take array of THydratedDocumentType #16032

Commits

• 88673cc chore: release 9.3.1
• 89ae6ec Merge pull request #16104 from techcodie/fix-query-cursor-close-context
• 1a6e317 Merge pull request #16102 from Automattic/vkarpov15/gh-16046-2
• 31bc5a1 Fix wrong this context in QueryCursor._read cursor.close callback
• 6a593e3 Merge pull request #16083 from mrazauskas/use-tstyche-assertions
• 6043037 Update virtuals type in autoTypedVirtuals function
• 81f96d3 Import mongoose alongside other mongoose types
• 6bd17b2 Fix type definition for HydratedDocType
• 8285600 Update type expectations for virtuals in tests
• c98dde6 types(schema): infer schema options correctly for model context in statics
• Additional commits viewable in compare view

Updates resend from 6.9.3 to 6.9.4

Release notes

Sourced from resend's releases.

v6.9.4

What's Changed

• chore(deps): update dependency tsdown to v0.21.0 by @​renovate[bot] in resend/resend-node#868
• chore(deps): update pnpm to v10.30.3 by @​renovate[bot] in resend/resend-node#846
• chore(deps): update tj-actions/changed-files digest to c23d52b by @​renovate[bot] in resend/resend-node#851
• chore(deps): update pnpm/action-setup digest to 9b5745c by @​renovate[bot] in resend/resend-node#852
• chore(deps): update dependency rimraf to v6.1.3 by @​renovate[bot] in resend/resend-node#850
• chore(deps): update dependency @​types/react to v19.2.14 by @​renovate[bot] in resend/resend-node#845
• chore(deps): update dependency dotenv to v17.3.1 by @​renovate[bot] in resend/resend-node#848
• fix(deps): update dependency svix to v1.86.0 by @​renovate[bot] in resend/resend-node#849
• chore(deps): update dependency @​types/node to v24.11.0 by @​renovate[bot] in resend/resend-node#856
• chore(deps): update dependency @​biomejs/biome to v2.4.6 by @​renovate[bot] in resend/resend-node#847
• feat(api-keys): add last_used_at field to API key response by @​joaopcm in resend/resend-node#877
• chore(deps): update dependency @​biomejs/biome to v2.4.7 by @​renovate[bot] in resend/resend-node#879
• chore: bump package version to 6.9.4 by @​joaopcm in resend/resend-node#878

Full Changelog: resend/resend-node@v6.9.3...v6.9.4

Commits

• 95e4630 chore: bump package version to 6.9.4 (#878)
• 3413387 chore(deps): update dependency @​biomejs/biome to v2.4.7 (#879)
• 0987940 feat(api-keys): add last_used_at field to API key response (#877)
• 02ee43c chore(deps): update dependency @​biomejs/biome to v2.4.6 (#847)
• 35cd31a chore(deps): update dependency @​types/node to v24.11.0 (#856)
• cfd8a08 fix(deps): update dependency svix to v1.86.0 (#849)
• 0acc12d chore(deps): update dependency dotenv to v17.3.1 (

[dependabot]

Assignees

The following users could not be added as assignees: TomCo, Tomco. Either they do not exist or they do not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: auto-update, dependencies, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
tc-dynamics	Ready	Preview, Comment	Mar 18, 2026 6:16am

[greptile-apps]

Greptile Summary

This is a Dependabot-generated PR that bumps 10 frontend dependencies across package.json, api/package.json, apps/frontend/package.json, and package-lock.json. Most updates are routine patch or minor version bumps (e.g., framer-motion 12.38.0, mongoose 9.3.1, vercel CLI 50.33.0).

Key concern:

• svix lockfile inconsistency: The package-lock.json workspace entry for the api package changes svix from ^1.88.0 to ^1.86.0, which is the opposite of what the PR description states (bump from 1.86.0 to 1.88.0) and contradicts api/package.json which still declares "svix": "^1.88.0". This discrepancy will cause npm ci to fail because npm enforces that the lockfile's workspace package entry matches the manifest exactly.

Other observations:

• The PR description cites some "from" versions (e.g., framer-motion from 12.34.3, mongoose from 9.2.2) that differ from what the actual diff shows (from 12.37.0 and 9.3.0 respectively), suggesting intermediate bumps were applied before this PR. This is expected in a monorepo with frequent dependency updates.
• pip-requirements-js and its transitive dependency ohm-js are removed from the lockfile as part of the @vercel/python-analysis 0.9.1 → 0.10.0 upgrade, which is intentional upstream.

Confidence Score: 2/5

• Not safe to merge as-is — the svix version in the lockfile is inconsistent with api/package.json, which will break npm ci.
• All other dependency bumps are routine and low-risk, but the svix lockfile regression (going from ^1.88.0 to ^1.86.0 in the lockfile's api workspace entry while the manifest keeps ^1.88.0) will cause CI failures with npm ci. This needs to be fixed before merging.
• package-lock.json — the api workspace section incorrectly downgrades svix from ^1.88.0 to ^1.86.0.

Important Files Changed

Filename	Overview
api/package.json	Bumps mongoose from ^9.3.0 to ^9.3.1. svix is unchanged at ^1.88.0, but is inconsistently reflected in package-lock.json.
apps/frontend/package.json	Bumps framer-motion from ^12.37.0 to ^12.38.0. Straightforward version bump with no issues.
package.json	Bumps vercel CLI devDependency from ^50.32.5 to ^50.33.0. No issues.
package-lock.json	Lockfile updated for all 10 dependency bumps, but contains a critical inconsistency: the api workspace entry for svix is downgraded to ^1.86.0 while api/package.json still declares ^1.88.0, which will cause npm ci failures.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[package.json\nvercel ^50.32.5 → ^50.33.0] --> R[Root Workspace]
    B[api/package.json\nmongoose ^9.3.0 → ^9.3.1\nsvix ^1.88.0 unchanged] --> API[API Workspace]
    C[apps/frontend/package.json\nframer-motion ^12.37.0 → ^12.38.0] --> FE[Frontend Workspace]

    R --> LF[package-lock.json]
    API --> LF
    FE --> LF

    LF -->|"✅ vercel 50.33.0\n✅ framer-motion 12.38.0\n✅ mongoose 9.3.1\n✅ @polar-sh/sdk 0.46.4\n✅ @commitlint/* 20.5.0\n✅ rollup-plugin-visualizer 6.0.11\n✅ resend 6.9.4\n✅ svix 1.88.0 (resolved)"| OK[Most deps OK]
    LF -->|"⚠️ api workspace entry:\nsvix ^1.88.0 → ^1.86.0\n(should stay ^1.88.0)"| ERR[Lockfile mismatch!\nnpm ci will fail]

Loading

_{Last reviewed commit: "chore(deps): bump th..."}

[greptile-apps]

Lockfile/manifest version mismatch for svix

The package-lock.json now declares svix: ^1.86.0 for the api workspace, but api/package.json still specifies "svix": "^1.88.0". These two files are out of sync.

In npm v7+ lockfile format, the packages section mirrors each workspace's package.json exactly. When these disagree, npm ci will fail with a "does not satisfy" error, and npm install will regenerate the lockfile. The PR description also states svix should be bumped from 1.86.0 to 1.88.0, but the lockfile workspace entry is moving in the opposite direction.

Expected post-merge state in package-lock.json (api workspace section):

Suggested change

	"mongoose": "^9.3.1",
	"svix": "^1.88.0"

[cubic-dev-ai]

2 issues found across 4 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="package.json">

<violation number="1" location="package.json:86">
P2: This Vercel CLI bump changes unauthenticated AI-agent startup from a fast failure into an auto-login flow, which can block `npm run dev:vercel` here because the script still omits the required `--token`.</violation>
</file>

<file name="package-lock.json">

<violation number="1" location="package-lock.json:67">
P1: Keep the lockfile workspace dependency aligned with `api/package.json` by using `^1.88.0` for `svix`; this mismatch can break `npm ci` and causes lockfile churn.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: Keep the lockfile workspace dependency aligned with api/package.json by using ^1.88.0 for svix; this mismatch can break npm ci and causes lockfile churn.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At package-lock.json, line 67:

<comment>Keep the lockfile workspace dependency aligned with `api/package.json` by using `^1.88.0` for `svix`; this mismatch can break `npm ci` and causes lockfile churn.</comment>

<file context>
@@ -62,9 +62,9 @@
+        "mongoose": "^9.3.1",
         "resend": "^6.9.4",
-        "svix": "^1.88.0"
+        "svix": "^1.86.0"
       }
     },
</file context>

[cubic-dev-ai]

P2: This Vercel CLI bump changes unauthenticated AI-agent startup from a fast failure into an auto-login flow, which can block npm run dev:vercel here because the script still omits the required --token.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At package.json, line 86:

<comment>This Vercel CLI bump changes unauthenticated AI-agent startup from a fast failure into an auto-login flow, which can block `npm run dev:vercel` here because the script still omits the required `--token`.</comment>

<file context>
@@ -83,7 +83,7 @@
     "dotenv-cli": "^11.0.0",
     "turbo": "^2.8.17",
-    "vercel": "^50.32.5",
+    "vercel": "^50.33.0",
     "eslint": "^9.39.4",
     "@eslint/js": "^9.39.4",
</file context>