chore(deps): bump the dependencies group with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates:

Package	From	To
date-fns	4.3.0	4.4.0
lucide-react	1.16.0	1.17.0
posthog-js	1.376.2	1.376.4
posthog-node	5.35.4	5.35.6
react-aria	3.48.0	3.49.0
react-email	6.3.3	6.5.0
react-stately	3.46.0	3.47.0
svix	1.94.0	1.95.1
eslint	10.4.0	10.4.1

Updates date-fns from 4.3.0 to 4.4.0

Release notes

Sourced from date-fns's releases.

v4.4.0

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

• DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

• Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

Commits

• cd53d25 Promote to v4.4.0
• d948ec1 Preserve but deprecate CDN versions for v4, set up v5 with polyfills
• ee65753 Add root mise :format task
• 9f5bdf5 Add positional argument to test/smoke.sh script
• 651ead6 Split CDN bundles into separate @​date-fns/cdn package
• 224c1a2 Deprecate type tests as attw hangs on date-fns package
• 7bb2842 Switch PACKAGE_OUTPUT_PATH to --dist flag in the package build script
• b6ad5ac Add flags to control package build script
• 424a783 Fix docs release after moving to monorepo setup
• See full diff in compare view

Updates lucide-react from 1.16.0 to 1.17.0

Release notes

Sourced from lucide-react's releases.

Version 1.17.0

What's Changed

• chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove deprecated packages by @​ericfennis in lucide-icons/lucide#4376
• chore(repo): Update issue templates and documentation for package ren… by @​ericfennis in lucide-icons/lucide#4379
• feat(site): Adds survey overlay to website by @​ericfennis in lucide-icons/lucide#4380
• feat(site): Certificate dev links by @​ericfennis in lucide-icons/lucide#4390
• fix(icons): changed martini icon by @​jamiemlaw in lucide-icons/lucide#4335
• chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by @​dependabot[bot] in lucide-icons/lucide#4386
• chore(deps): bump @​tootallnate/once from 2.0.0 to 2.0.1 by @​dependabot[bot] in lucide-icons/lucide#4404
• chore(deps): bump devalue from 5.8.0 to 5.8.1 by @​dependabot[bot] in lucide-icons/lucide#4391
• chore(deps): bump ws from 8.18.0 to 8.20.1 by @​dependabot[bot] in lucide-icons/lucide#4392
• fix(gh-icon): limit icon size to a maximum of 256 pixels by @​jguddas in lucide-icons/lucide#4398
• chore(dependencies): Update dependencies by @​ericfennis in lucide-icons/lucide#4377
• feat(copilot): Adding copilot instructions by @​ericfennis in lucide-icons/lucide#4407
• feat(icons): add globe-check by @​Barakudum in lucide-icons/lucide#4342
• feat(metadata): Require use-cases in meta json by @​ericfennis in lucide-icons/lucide#4321
• feat(icons): added parasol icon by @​karsa-mistmere in lucide-icons/lucide#4347

Full Changelog: lucide-icons/lucide@1.16.0...1.17.0

Commits

• See full diff in compare view

Updates posthog-js from 1.376.2 to 1.376.4

Release notes

Sourced from posthog-js's releases.

posthog-js@1.376.4

1.376.4

Patch Changes

• #3685 f59f35a Thanks @​ioannisj! - fix(cookieless): enable request queue when opting out in on_reject mode. When using cookieless_mode: "on_reject", calling opt_out_capturing() correctly switched the SDK into cookieless capturing but never enabled the RequestQueue — so batched events were enqueued but never flushed over the network. At init time the queue was not started because consent was PENDING and is_capturing() returned false; opt_out_capturing() is the first moment capturing becomes active but was missing the _start_queue_if_opted_in() call that opt_in_capturing() already had. (2026-05-28)

• #3692 f01cd93 Thanks @​ksvat! - fix(replay): take a fresh full snapshot after session ID rotates via forcedIdleReset. Previously, when the session manager's idle enforcement timer rotated the session id, the recorder tore down rrweb and set _isIdle = 'unknown' before the new session id was observed. Neither restart path then fired (the _onSessionIdCallback guard only restarted when _isIdle === true, and _updateWindowAndSessionIds could not run with rrweb stopped), so the new session received only incremental mutations until a later snapshot — leaving the player stuck on "Buffering". The restart guard now also fires when rrweb isn't running. (2026-05-28)

• #3691 cc71f3f Thanks @​ksvat! - fix(replay): ship ph-no-capture absolute-position fix from #3678 to posthog-js. The original changeset only bumped @posthog/rrweb and @posthog/rrweb-snapshot; because posthog-js depends on @posthog/rrweb via workspace:*, the cascade did not bump posthog-js, so the rebuilt bundle containing the fix was not published. This changeset re-publishes posthog-js with the fix. (2026-05-28)

• #3695 e1ff722 Thanks @​ksvat! - chore(replay): expose $sdk_debug_rrweb_attached and $sdk_debug_rrweb_start_attempted debug properties on captured events. Today the SDK already stamps several $sdk_debug_* properties (start reason, linked-flag trigger status, recording status) that report the SDK's intent to record — they all flip to "active" as soon as the state machine evaluates the configured triggers. None of them observe whether rrweb actually attached and is producing events. The new booleans close that gap: $sdk_debug_rrweb_start_attempted is set when _startRecorder() is first entered, and $sdk_debug_rrweb_attached reflects whether _stopRrweb is currently a non-falsy stop handle (i.e. rrwebRecord({...}) returned successfully and the recorder has not been torn down). No behavior change — this only adds two booleans to the existing sdkDebugProperties channel, used to diagnose cases where a session reports trigger_activated / recording_status: active but no $snapshot data is ever uploaded. (2026-05-28)

• Updated dependencies [7b84b75]:

  • @​posthog/core@​1.29.13
  • @​posthog/types@​1.376.4

posthog-js@1.376.3

1.376.3

Patch Changes

• #3649 9cac1f6 Thanks @​marandaneto! - Improve console log serialization performance for large objects. (2026-05-27)
• Updated dependencies []:
  • @​posthog/types@​1.376.3
  • @​posthog/core@​1.29.12

Commits

• a122070 chore: update versions and lockfile [version bump]
• 714ffa5 fix(convex): register refresh cron unconditionally (#3684)
• e1ff722 fix(replay): add debugging logs for recorder (#3695)
• f01cd93 fix(replay): fix idle session rotation race condition (#3692)
• e05aea5 fix(core): stop leaking DOM globals into public type surface (#3693)
• f59f35a fix(cookieless): enable request queue when opting out in on_reject mode (#3685)
• cc71f3f chore(replay): bump posthog-js (#3691)
• 7b84b75 fix: unify capture exception (#3681)
• 8ade9cb feat(mcp): scaffold @​posthog/mcp package (1/2) (#3652)
• 4b1231f chore: update versions and lockfile [version bump]
• Additional commits viewable in compare view

Updates posthog-node from 5.35.4 to 5.35.6

Release notes

Sourced from posthog-node's releases.

posthog-node@5.35.6

5.35.6

Patch Changes

• #3681 7b84b75 Thanks @​ablaszkiewicz! - unify captureException in posthog core (2026-05-28)
• Updated dependencies [7b84b75]:
  • @​posthog/core@​1.29.13

posthog-node@5.35.5

5.35.5

Patch Changes

• Updated dependencies []:
  • @​posthog/core@​1.29.12

Changelog

Sourced from posthog-node's changelog.

5.35.6

Patch Changes

• #3681 7b84b75 Thanks @​ablaszkiewicz! - unify captureException in posthog core (2026-05-28)
• Updated dependencies [7b84b75]:
  • @​posthog/core@​1.29.13

5.35.5

Patch Changes

• Updated dependencies []:
  • @​posthog/core@​1.29.12

Commits

• a122070 chore: update versions and lockfile [version bump]
• 7b84b75 fix: unify capture exception (#3681)
• 727ddcf chore: update versions and lockfile [version bump]
• See full diff in compare view

Updates react-aria from 3.48.0 to 3.49.0

Commits

• 791377f Publish
• 7840603 chore: update test util page badges (#10123)
• 2cea5b5 chore: update circleci resource classes (#10119)
• 83e5b53 chore: Omit calendar features from v3 (#10122)
• 2c18eb6 fix: Custom 454 Calendar month (#10115)
• ed9170f fix: ensure Tableview and ListView render their dividers and borders with the...
• 6206fc3 chore: Only export DragPreview from useDragAndDrop subpath (#10114)
• 8e4498f docs: add api section with slots to DragPreview (#10113)
• 719ebb2 fix: optimize locales not tree-shaking react-stately intl messages (#10111)
• 3547c08 fix: stabilise our flaky CI jobs (#10106)
• Additional commits viewable in compare view

Updates react-email from 6.3.3 to 6.5.0

Release notes

Sourced from react-email's releases.

react-email@6.5.0

Minor Changes

• 3875d2a: add a --clients option to email dev and a COMPATIBILITY_EMAIL_CLIENTS environment variable to narrow which email clients trigger compatibility warnings. By default the preview still warns for gmail, apple-mail, outlook, and yahoo. Teams that only target one or two clients can now skip the noise: email dev --clients outlook,apple-mail. The CLI flag wins over the env var; an empty or fully-invalid list falls back to the defaults so warnings can't be silently switched off. Builds on #2797 by @​ReemX.

Patch Changes

• d47825a: Add accessibility defaults to components: dir/lang on Body, an empty alt fallback on Img, role="presentation" on the Markdown table, and a <title> from Preview.

react-email@6.4.0

Minor Changes

• ba99365: resolve and strip unresolved --tw-* CSS variables in non-inlinable rules so Tailwind media query utilities no longer break Gmail

Changelog

Sourced from react-email's changelog.

6.5.0

Minor Changes

• 3875d2a: add a --clients option to email dev and a COMPATIBILITY_EMAIL_CLIENTS environment variable to narrow which email clients trigger compatibility warnings. By default the preview still warns for gmail, apple-mail, outlook, and yahoo. Teams that only target one or two clients can now skip the noise: email dev --clients outlook,apple-mail. The CLI flag wins over the env var; an empty or fully-invalid list falls back to the defaults so warnings can't be silently switched off. Builds on #2797 by @​ReemX.

Patch Changes

• d47825a: Add accessibility defaults to components: dir/lang on Body, an empty alt fallback on Img, role="presentation" on the Markdown table, and a <title> from Preview.

6.4.0

Minor Changes

• ba99365: resolve and strip unresolved --tw-* CSS variables in non-inlinable rules so Tailwind media query utilities no longer break Gmail

Commits

• 6263060 chore(root): version packages (#3548)
• 3875d2a feat(react-email): filter compatibility warnings by email client (#3547)
• d47825a feat: better accessibility defaults (#3546)
• c295594 chore(root): version packages (#3543)
• ba99365 fix(tailwind): tw-* variables in non inlined rules (#3542)
• 32cb16c fix(editor): repair columns.spec.tsx type errors + run typecheck on CI (#3539)
• See full diff in compare view

Updates react-stately from 3.46.0 to 3.47.0

Release notes

Sourced from react-stately's releases.

React Spectrum S2 v1.3.0

In this release we are excited to announce support for expandable rows in TableView, highlight selection in TreeView, and window scrolling in collection components! Window scrolling enables virtualized collections to automatically scroll with the rest of the page – no height needed. In addition, we've updated the set of available workflow icons, and reduced the number of dependencies installed when using S2 by over 90% – see the full release notes for details.

To help assist with migrations from S1 to S2, we've added a new end to end migration Agent skill that you can use with your agent of choice. Our existing S2 Agent skill has also been updated to greatly improve its ability to select the proper S2 component to use from context, so be sure to update.

Full release notes

React Spectrum S2 v1.2.0

In this release, we are excited to announce that ListView and unavailable menu items are now available! In addition, we have added ActionBar support for TreeView and custom renderer support for the Picker's display value. We also shipped multiple TableView fixes and a set of documentation improvements including a Typography search view now available in the main search menu.

Thanks to all of our contributors for the updates in this release.

Full release notes

React Spectrum S2 v1.1.0

It’s our first release of the new year and we’ve got plenty of exciting treats we’re bringing to the table. We’ve added a variety of new features to our documentation site including a new dark/light mode switch in the site header. Our search menu also now features a Colors section where you can browse the Spectrum-defined colors and search by name or hex value to find close or exact matches. We also now offer our docs in the form of Agent Skills that can be installed locally and used by your favorite AI coding tools.

This release also includes several bugs fixes, such as properly rendering menus when rendered from within a popover and updates to TreeView disabledBehavior styling to match the latest designs.

Full Release Notes

Commits

• 791377f Publish
• 7840603 chore: update test util page badges (#10123)
• 2cea5b5 chore: update circleci resource classes (#10119)
• 83e5b53 chore: Omit calendar features from v3 (#10122)
• 2c18eb6 fix: Custom 454 Calendar month (#10115)
• ed9170f fix: ensure Tableview and ListView render their dividers and borders with the...
• 6206fc3 chore: Only export DragPreview from useDragAndDrop subpath (#10114)
• 8e4498f docs: add api section with slots to DragPreview (#10113)
• 719ebb2 fix: optimize locales not tree-shaking react-stately intl messages (#10111)
• 3547c08 fix: stabilise our flaky CI jobs (#10106)
• Additional commits viewable in compare view

Updates svix from 1.94.0 to 1.95.1

Release notes

Sourced from svix's releases.

v1.95.1

What's Changed

• Libs/Python: Fix release workflow (1.95.0 of the Python SDK failed publishing)

Full Changelog: svix/svix-webhooks@v1.95.0...v1.95.1

v1.95.0

What's Changed

• Libs/All: Enable server-side support of 'canceled' message-attempt status by default
  • If you were previously comparing attempt statuses against 'success', note that the result of the comparison will now change for messages canceled by a transformation script
• Libs/Python: Move from setup.py to PEP-518-compliant pyproject.toml build system
• Libs/Python: Clarify that the minimum-supported Python interpreter version is 3.8
• Libs/Python: Actually run tests against all supported python versions
• Libs/PHP: Fix deprecation warning for DateTimeImmutable construction from null (thanks @​VincentLanglet)

Full Changelog: svix/svix-webhooks@v1.94.0...v1.95.0

Changelog

Sourced from svix's changelog.

Version 1.95.1

• Libs/Python: Fix release workflow (1.95.0 of the Python SDK failed publishing)

Version 1.95.0

• Libs/All: Enable server-side support of 'canceled' message-attempt status by default
  • If you were previously comparing attempt statuses against 'success', note that the result of the comparison will now change for messages canceled by a transformation script
• Libs/Python: Move from setup.py to PEP-518-compliant pyproject.toml build system
• Libs/Python: Clarify that the minimum-supported Python interpreter version is 3.8
• Libs/Python: Actually run tests against all supported python versions
• Libs/PHP: Fix deprecation warning for DateTimeImmutable construction from null (thanks @​VincentLanglet)

Commits

• 10535b5 Release v1.95.1 (#2359)
• c00f512 ci: Fix python release to include setup-uv (#2358)
• 2e92628 Release v1.95.0 (#2353)
• 5c10305 py: make tests pass ruff and ty, and work better (#2357)
• d7cf62f forbid empty webhook secrets (#2347)
• 7743ad8 py: update documentation (#2356)
• 9970d6e Upgrade hyper to 1.10 (#2352)
• 8c5f1b8 py: fix matrix builds (#2355)
• 5ba62d8 py: redo build system (#2350)
• 0726159 bridge: Upgrade reqwest and fix feature selection
• Additional commits viewable in compare view

Updates eslint from 10.4.0 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

Commits

• 4a3d15a 10.4.1
• 43e7e2b Build: changelog update for 10.4.1
• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
• b0e466b test: add data property to invalid tests cases for rules (#20924)
• d4ce898 fix: propagate failures from delegated commands (#20917)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
• f78838b test: add CodePath type coverage (#20904)
• 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
• 002942c ci: declare contents:read on update-readme workflow (#20919)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mikebifulco-com-bnbu	Ready	Preview, Comment	May 30, 2026 5:10am