⬆️ Bump the updates group across 1 directory with 16 updates

[dependabot]

Bumps the updates group with 16 updates in the / directory:

Package	From	To
@conform-to/react	1.14.1	1.16.0
@conform-to/zod	1.14.1	1.16.0
@t3-oss/env-nextjs	0.13.8	0.13.10
@tabler/icons-react	3.35.0	3.36.1
dotenv	17.2.3	17.2.4
drizzle-orm	0.45.0	0.45.1
framer-motion	12.23.25	12.34.0
postgres	3.4.7	3.4.8
react	19.2.1	19.2.4
@types/react	19.2.7	19.2.13
react-dom	19.2.1	19.2.4
zod	4.1.13	4.3.6
@trivago/prettier-plugin-sort-imports	6.0.0	6.0.2
drizzle-kit	0.31.8	0.31.9
eslint-plugin-n	17.23.1	17.23.2
prettier	3.7.4	3.8.1

Updates @conform-to/react from 1.14.1 to 1.16.0

Release notes

Sourced from @​conform-to/react's releases.

v1.16.0

Breaking Changes (Future APIs)

• The useFormData() selector is now only called when the form is available. When unavailable, the hook returns undefined or the new fallback option if provided. (#1142)

  // Before
  const value = useFormData(formRef, (formData) => {
    if (formData === null) return '';
    return formData.get('name') ?? '';
  });
  // After
  const value = useFormData(formRef, (formData) => formData.get('name') ?? '', {
  fallback: '',
  });

What's Changed

• Introduced the configureForms future API, a factory function that creates form hooks with custom configuration and full type inference. It replaces FormOptionsProvider (now deprecated). (#1131)

  import { configureForms } from '@conform-to/react/future';
  import { getConstraints } from '@conform-to/zod/v3/future';
  const { useForm, useField, FormProvider } = configureForms({
  shouldValidate: 'onBlur',
  getConstraints,
  extendFieldMetadata(metadata) {
  return {
  get textFieldProps() {
  return {
  name: metadata.name,
  defaultValue: metadata.defaultValue,
  'aria-invalid': !metadata.valid,
  };
  },
  };
  },
  });

• Added getConstraints and isSchema to @conform-to/zod and @conform-to/valibot future exports. getConstraints replaces getZodConstraint and getValibotConstraint (now deprecated). (#1131)

• Fixed unbound-method TypeScript ESLint error by using arrow function syntax for change, focus, and blur methods in the Control type (#1129)

Documentation

• Fixed the number of properties returned by useForm hook in the docs by @​DarkstarXDD (#1136)

... (truncated)

Commits

• 927e0d9 release: bump packages version (#1130)
• 0367bba feat: introduce configureForms API (#1131)
• 85564bb Return undefined from useFormData when form element is unavailable (#1142)
• 17e71ee Fix unbound-method ESLint error for useControl hook methods (#1129)
• e1f9169 release: bump packages version (#1123)
• 1950986 fix(conform-react): useControl() should dispatch change event when initiali...
• 8436d64 feat: useControl should preserve DOM defaultValue when no options are provide...
• a7c9e99 release: bump packages version (#1119)
• 7e775f7 feat: getFieldValue helper (#1112)
• See full diff in compare view

Updates @conform-to/zod from 1.14.1 to 1.16.0

Release notes

Sourced from @​conform-to/zod's releases.

v1.16.0

Breaking Changes (Future APIs)

• The useFormData() selector is now only called when the form is available. When unavailable, the hook returns undefined or the new fallback option if provided. (#1142)

  // Before
  const value = useFormData(formRef, (formData) => {
    if (formData === null) return '';
    return formData.get('name') ?? '';
  });
  // After
  const value = useFormData(formRef, (formData) => formData.get('name') ?? '', {
  fallback: '',
  });

What's Changed

• Introduced the configureForms future API, a factory function that creates form hooks with custom configuration and full type inference. It replaces FormOptionsProvider (now deprecated). (#1131)

  import { configureForms } from '@conform-to/react/future';
  import { getConstraints } from '@conform-to/zod/v3/future';
  const { useForm, useField, FormProvider } = configureForms({
  shouldValidate: 'onBlur',
  getConstraints,
  extendFieldMetadata(metadata) {
  return {
  get textFieldProps() {
  return {
  name: metadata.name,
  defaultValue: metadata.defaultValue,
  'aria-invalid': !metadata.valid,
  };
  },
  };
  },
  });

• Added getConstraints and isSchema to @conform-to/zod and @conform-to/valibot future exports. getConstraints replaces getZodConstraint and getValibotConstraint (now deprecated). (#1131)

• Fixed unbound-method TypeScript ESLint error by using arrow function syntax for change, focus, and blur methods in the Control type (#1129)

Documentation

• Fixed the number of properties returned by useForm hook in the docs by @​DarkstarXDD (#1136)

... (truncated)

Commits

• 927e0d9 release: bump packages version (#1130)
• 0367bba feat: introduce configureForms API (#1131)
• e1f9169 release: bump packages version (#1123)
• 2321244 fix(conform-dom): don't report a null error in createSubmission when the valu...
• c4dc258 fix(conform-to/zod) add support for nullable constraints in getZodConstraint ...
• a7c9e99 release: bump packages version (#1119)
• See full diff in compare view

Updates @t3-oss/env-nextjs from 0.13.8 to 0.13.10

Changelog

Sourced from @​t3-oss/env-nextjs's changelog.

0.13.10

Patch Changes

• Updated dependencies [a778bf3]:
  • @​t3-oss/env-core@​0.13.10

0.13.9

Patch Changes

• Updated dependencies [5987d5a]:
  • @​t3-oss/env-core@​0.13.9

Commits

• aefbe74 chore(release): 📦 version packages (#389)
• 1551e40 update the docs to zod 4 (#382)
• 090edb2 chore(release): 📦 version packages (#387)
• 19c5d6f bump valibot
• 5f68dca feat: improve oxc lint/fmt, add husky hooks to pre-commit and CI/CD (#386)
• 5382c57 init oxc (#384)
• 256f679 chore: bump remaining packagers (#379)
• df1fd78 bump tsdown and use unbundle setting (#378)
• 66bb202 chore: bump a bunch of stuff (#377)
• 16c5ee7 chore: upgrade zod to v4 (#376)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​t3-oss/env-nextjs since your current version.

Updates @tabler/icons-react from 3.35.0 to 3.36.1

Release notes

Sourced from @​tabler/icons-react's releases.

Releace 3.36.1

Changed

• 2,433 icons have been optimized and fixed
• outline/brand-adobe-premier → outline/brand-adobe-premiere (typo fix)

Fixed

• React (@tabler/icons-react): Fixed TypeScript type definition for TablerIcon to properly handle ref forwarding
• Webfont (@tabler/icons-webfont): Fixed font generation - icons now render correctly in webfont format

Release 3.36.0

18 new icons:

• outline/alphabet-polish
• outline/alphabet-runes
• outline/blind
• outline/brand-tabnine
• outline/circle-asterisk
• outline/deaf
• outline/hexagon-asterisk
• outline/ripple-down
• outline/ripple-up
• outline/rosette-asterisk
• outline/settings-ai
• outline/sparkles-2
• outline/square-rotated-asterisk
• outline/subtitles-ai
• outline/subtitles-edit
• outline/subtitles-off
• outline/subtitles
• outline/whisk

Fixed icons

Fixed over 2000 icons with improved category formatting, consistent newline usage, and enhanced accessibility tags.

New features

• Svelte 5 (Runes) support: Added new @tabler/icons-svelte-runes package for Svelte 5 with Runes syntax
• GitHub Actions workflow: Added automated workflow to sync icons to CDN
• Enhanced accessibility: All outline icons now have proper categories and tags for improved accessibility

Performance improvements

• Optimized build process: Refactored build-outline.mjs with:
  • Increased concurrency from 32 to 64 for faster processing
  • Parallel file processing and copying

... (truncated)

Commits

• 0094572 Release 3.36.1
• 7358779 Remove eleventy-sass dependency and update @​tabler/icons references to use wo...
• 2702274 Update package dependencies and configurations (#1447)
• 78e46e4 Added type checks in icons-react tests and ensured consistent dependency ma...
• f76e44c Release 3.36.0
• a6f86a0 Fix ref types in icons-react (#1394)
• See full diff in compare view

Updates dotenv from 17.2.3 to 17.2.4

Changelog

Sourced from dotenv's changelog.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• See full diff in compare view

Updates drizzle-orm from 0.45.0 to 0.45.1

Release notes

Sourced from drizzle-orm's releases.

0.45.1

• Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

Commits

• a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
• See full diff in compare view

Updates framer-motion from 12.23.25 to 12.34.0

Changelog

Sourced from framer-motion's changelog.

[12.34.0] 2026-02-09

Fixed

• useScroll: Hardware accelerated animations.

[12.33.2] 2026-02-06

Fixed

• Improve detection of detached elements with vanilla layout animations.

[12.33.1] 2026-02-06

Fixed

• AnimatePresence: Ensure exiting nodes are correctly removed when rapidly switching children.

[12.33.0] 2026-02-05

Added

• <motion />: New propagate.tap prop prevents tap gestures from propagating to parents.

[12.32.0] 2026-02-05

Added

• transition.inherit: When true, inherit transition values from less-specific transitions.

[12.31.3] 2026-02-05

Fixed

• <motion />: Ensure animation state is reset after being re-suspended.
• Prevent stale values when mixing transitionEnd and transition.type: false.
• Drag: Fix "sticky" throw velocity on initial interaciton.
• Drag: Ensure catching a thrown element kills its velocity.

[12.31.2] 2026-02-05

Fixed

• onHoverStart and onHoverEnd first argument now correctly typed as PointerEvent.
• whileHover: No longer persists after drag end.
• AnimatePresence: Allow changing mode prop.

[12.31.1] 2026-02-04

Added

... (truncated)

Commits

• 5adbf49 v12.34.0
• 5f57695 Updating changelog
• deb5717 Merge pull request #3549 from motiondivision/use-spring-waapi
• b24d9ff latest
• ec0446a Scroll acceleration
• 365b0ad v12.33.2
• 9ebe1cf Updating changelog
• 836da23 Fixing
• 76d0775 Fixing
• 6e4c224 Fix scroll-accelerate Cypress tests to check getAnimations() directly
• Additional commits viewable in compare view

Updates postgres from 3.4.7 to 3.4.8

Release notes

Sourced from postgres's releases.

v3.4.8

• Prevent out of bound errors from commit-time failures de64f7a
• fix: use lower max connections in Cloudflare Workers environment 94b7170
• Add support for sslnegotiation=direct - fixes #1104 7f80980
• omit Sql properties absent from TransactionSql 36a53f6
• Someones engines are getting pedantic - fixes #1061 3ffc3c4
• Better error if trying to run query during copy 3a43815
• Fix PGAPPNAME env access by prioritizing connection.application_name 32feb25

---

porsager/postgres@v3.4.7...v3.4.8

Commits

• 5c8135f 3.4.8
• ad24665 build
• de64f7a Prevent out of bound errors from commit-time failures
• 94b7170 fix: use lower max connections in Cloudflare Workers environment
• 7f80980 Add support for sslnegotiation=direct - fixes #1104
• 36a53f6 omit Sql properties absent from TransactionSql
• 3ffc3c4 Someones engines are getting pedantic - fixes #1061
• 3a43815 Better error if trying to run query during copy
• 32feb25 Fix PGAPPNAME env access by prioritizing connection.application_name
• See full diff in compare view

Updates react from 19.2.1 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

Commits

• 90ab3f8 Version 19.2.4
• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.13

Commits

• See full diff in compare view

Updates react-dom from 19.2.1 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

Commits

• 90ab3f8 Version 19.2.4
• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• See full diff in compare view

Updates zod from 4.1.13 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

• 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
• e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
• 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

• 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
• e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
• 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
• decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
• 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
• 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
• b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

• f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

• bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
• f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
• 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

• 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• 0cdc0b8 4.3.5
• Additional commits viewable in compare view

Updates @trivago/prettier-plugin-sort-imports from 6.0.0 to 6.0.2

Release notes

Sourced from @​trivago/prettier-plugin-sort-imports's releases.

v6.0.2

What's Changed

• Fix recognising mandatory prefix built-in imports by @​TomFryersMidsummer in trivago/prettier-plugin-sort-imports#389

New Contributors

• @​TomFryersMidsummer made their first contribution in trivago/prettier-plugin-sort-imports#389

Full Changelog: trivago/prettier-plugin-sort-imports@v6.0.1...v6.0.2

v6.0.1

What's Changed

• ignore eslint errors due to undefined export variables by @​vladislavarsenev in trivago/prettier-plugin-sort-imports#391

Full Changelog: trivago/prettier-plugin-sort-imports@v6.0.0...v6.0.1

Changelog

Sourced from @​trivago/prettier-plugin-sort-imports's changelog.

6.0.2

Bug fixes

• Fix recognising mandatory prefix built-in imports #389 by @​TomFryersMidsummer - Fixed detection of Node.js built-in modules that are only accessible with the node: prefix (like node:test, node:sqlite) to be correctly recognized when using <BUILTIN_MODULES> placeholder

6.0.1

Bug fixes

• Fix Svelte export snippet parsing #390 - Fixed by adding support for new Svelte snippet syntax

Commits

• d9c690f bump version. update changelog.
• 97214c3 Merge pull request #389 from TomFryersMidsummer/patch-1
• 7235355 Merge branch 'main' into patch-1
• 0c37c9d bump version
• 035e20a Merge pull request #391 from trivago/svelte-snippet-support
• d626e1b ignore eslint errors due to undefined export variables
• 0b1dc59 Fix recognising mandatory prefix built-in imports
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.13

Commits

• See full diff in compare view

Updates drizzle-kit from 0.31.8 to 0.31.9

Release notes

Sourced from drizzle-kit's releases.

drizzle-kit@0.31.9

• drizzle-kit api improvements for D1 connections

Commits

• e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
• a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
• See full diff in compare view

Updates eslint-plugin-n from 17.23.1 to 17.23.2

Release notes

Sourced from eslint-plugin-n's releases.

v17.23.2

17.23.2 (2026-01-13)

🩹 Fixes

• avoid any type for no-top-level-await listener node (build issue) (#498) (f071703)
• file-extension-in-import: handle directory index imports (#499) (754a1a6)
• file-extension-in-import: handle files with dots in basename (#506) (600f3f2)
• no-sync: resolve full typed names for ignores (#501) (047301a)

📚 Documentation

• safely disable no-unpublished-bin npm v10+ (#487) (8af9c86)

🧹 Chores

• no-missing-import: align fixture message with latest resolver output (#500) (a3719d2)

Changelog

Sourced from eslint-plugin-n's changelog.

17.23.2 (2026-01-13)

🩹 Fixes

• avoid any type for no-top-level-await listener node (build issue) (#498) (f071703)
• file-extension-in-import: handle directory index imports (#499) (754a1a6)
• file-extension-in-import: handle files with dots in basename (#506) (600f3f2)
• no-sync: resolve full typed names for ignores (#501) (047301a)

📚 Documentation

• safely disable no-unpublished-bin npm v10+ (#487) (8af9c86)

🧹 Chores

• no-missing-import: align fixture message with latest resolver output (#500) (a3719d2)

Commits

• 7541d64 chore(master): release 17.23.2 (#488)
• 600f3f2 fix(file-extension-in-import): handle files with dots in basename (#506)
• 754a1a6 fix(file-extension-in-import): handle directory index imports (#499)
• 047301a fix(no-sync): resolve full typed names for ignores (#501)
• f071703 fix: avoid any type for no-top-level-await listener node (build issue) (#498)
• a3719d2 test(no-missing-import): align fixture message with latest resolver output (#...
• d27b585 ci: trusted publishing (#492)
• 8af9c86 docs: safely disable no-unpublished-bin npm v10+ (#487)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-n since your current version.

Updates prettier from 3.7.4 to 3.8.1

Release notes

Sourced from prettier's releases.

3.8.1

• Include available printers in plugin type declarations (#18706 by @​porada)

🔗 Changelog

3.8.0

• Support Angular v21.1

diff

🔗 Release note "Prettier 3.8: Support for Angular v21.1"

Changelog

Sourced from prettier's changelog.

3.8.1

diff

Include available printers in plugin type declarations (#18706 by @​porada)

// Input
import * as prettierPluginEstree from "prettier/plugins/estree";
// Prettier 3.8.0
// Property 'printers' does not exist on type 'typeof import("prettier/plugins/estree")'. ts(2339)
prettierPluginEstree.printers.estree; //=> any
// Prettier 3.8.1
prettierPluginEstree.printers.estree; //=> Printer
prettierPluginEstree.printers["estree-json"]; //=> Printer

3.8.0

diff

🔗 Release Notes

Commits

• 90983f4 Release 3.8.1
• 57f702f Include available printers in plugin type declarations (#18706)
• bece827 Revert change in release script
• 82a4ab2 Bump Prettier dependency to 3.8.0
• 5213ee4 Clean changelog_unreleased
• f95ad0f Comment out finished steps
• b2034e8 Fix release script
• 5824b15 Release 3.8.0
• 0433601 Add blog post for v3.8.0 (#18639)
• b04d05b Remove lint step from release script (#18415)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions