chore(deps): bump the prod-deps group across 1 directory with 10 updates

[dependabot]

Bumps the prod-deps group with 10 updates in the / directory:

Package	From	To
@openpanel/web	1.2.0	1.3.0
@sentry/react	10.43.0	10.46.0
@uiw/react-markdown-preview	5.1.5	5.2.0
convex	1.33.1	1.34.1
react-resizable-panels	4.7.3	4.8.0
@auth/core	0.37.4	0.41.1
@openpanel/nextjs	1.3.0	1.4.0
@sentry/nextjs	10.43.0	10.46.0
next	16.1.7	16.2.1
@openpanel/sdk	1.2.0	1.3.0

Updates @openpanel/web from 1.2.0 to 1.3.0

Updates @sentry/react from 10.43.0 to 10.46.0

Release notes

Sourced from @​sentry/react's releases.

10.46.0

Important Changes

• feat(elysia): @sentry/elysia - Alpha Release (#19509)

  New Sentry SDK for the Elysia web framework, supporting both Bun and Node.js runtimes.

  Note: This is an alpha release. Please report any issues or feedback on GitHub.

  Features

  • Automatic error capturing — 5xx errors captured via global onError hook; 3xx/4xx ignored by default. Customizable with shouldHandleError.
  • Automatic tracing — Lifecycle spans for every Elysia phase (Request, Parse, Transform, BeforeHandle, Handle, AfterHandle, MapResponse, AfterResponse, Error) with parameterized route names (e.g. GET /users/:id).
  • Distributed tracing — sentry-trace and baggage headers propagated automatically on incoming/outgoing requests.

  Usage

  import * as Sentry from '@sentry/elysia';
  import { Elysia } from 'elysia';
  Sentry.init({ dsn: 'DSN', tracesSampleRate: 1.0 });
  const app = Sentry.withElysia(new Elysia());
  app.get('/', () => 'Hello World');
  app.listen(3000);

Other Changes

• feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• fix(cloudflare): Forward ctx argument to Workflow.do user callback (#19891)
• fix(cloudflare): Send correct events in local development (#19900)
• fix(core): Do not overwrite user provided conversation id in Vercel (#19903)
• fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• fix(core): Send internal_error as span status for Vercel error spans (#19921)
• fix(core): Truncate content array format in Vercel (#19911)
• fix(deps): bump fast-xml-parser to 5.5.8 in @​azure/core-xml chain (#19918)
• fix(deps): bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 (#19880)
• fix(nestjs): Add node to nest metadata (#19875)
• fix(serverless): Add node to metadata (#19878)

• chore(ci): Fix "Gatbsy" typo in issue package label workflow (#19905)
• chore(claude): Enable Claude Code Intelligence (LSP) (#19930)
• chore(deps): bump mongodb-memory-server-global from 10.1.4 to 11.0.1 (#19888)
• chore(deps-dev): bump @​react-router/node from 7.13.0 to 7.13.1 (#19544)
• chore(deps-dev): bump effect from 3.19.19 to 3.20.0 (#19926)
• chore(deps-dev): bump qunit-dom from 3.2.1 to 3.5.0 (#19546)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.46.0

Important Changes

• feat(elysia): @sentry/elysia - Alpha Release (#19509)

  New Sentry SDK for the Elysia web framework, supporting both Bun and Node.js runtimes.

  Note: This is an alpha release. Please report any issues or feedback on GitHub.

  Features

  • Automatic error capturing — 5xx errors captured via global onError hook; 3xx/4xx ignored by default. Customizable with shouldHandleError.
  • Automatic tracing — Lifecycle spans for every Elysia phase (Request, Parse, Transform, BeforeHandle, Handle, AfterHandle, MapResponse, AfterResponse, Error) with parameterized route names (e.g. GET /users/:id).
  • Distributed tracing — sentry-trace and baggage headers propagated automatically on incoming/outgoing requests.

  Usage

  import * as Sentry from '@sentry/elysia';
  import { Elysia } from 'elysia';
  Sentry.init({ dsn: 'DSN', tracesSampleRate: 1.0 });
  const app = Sentry.withElysia(new Elysia());
  app.get('/', () => 'Hello World');
  app.listen(3000);

Other Changes

• feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• fix(cloudflare): Forward ctx argument to Workflow.do user callback (#19891)
• fix(cloudflare): Send correct events in local development (#19900)
• fix(core): Do not overwrite user provided conversation id in Vercel (#19903)
• fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• fix(core): Send internal_error as span status for Vercel error spans (#19921)
• fix(core): Truncate content array format in Vercel (#19911)
• fix(deps): bump fast-xml-parser to 5.5.8 in @​azure/core-xml chain (#19918)
• fix(deps): bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 (#19880)
• fix(nestjs): Add node to nest metadata (#19875)
• fix(serverless): Add node to metadata (#19878)

• chore(ci): Fix "Gatbsy" typo in issue package label workflow (#19905)
• chore(claude): Enable Claude Code Intelligence (LSP) (#19930)
• chore(deps): bump mongodb-memory-server-global from 10.1.4 to 11.0.1 (#19888)
• chore(deps-dev): bump @​react-router/node from 7.13.0 to 7.13.1 (#19544)
• chore(deps-dev): bump effect from 3.19.19 to 3.20.0 (#19926)

... (truncated)

Commits

• e5fdc9d release: 10.46.0
• c01fe86 release: 10.46.0
• 0f1171b Merge pull request #19973 from getsentry/prepare-release/10.46.0
• 6f48cc4 meta(changelog): Update changelog for 10.46.0
• 54abb35 refactor(elysia): drop @​elysiajs/opentelemetry dependency (#19947)
• a54de04 ref(core): Remove duplicate buildMethodPath utility from openai (#19969)
• 0156846 feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• 18a624e feat(elysia): Elysia SDK (#19509)
• c9812ae test(cloudflare): Enable multi-worker tests for CF integration tests (#19938)
• 83cabf3 fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• Additional commits viewable in compare view

Updates @uiw/react-markdown-preview from 5.1.5 to 5.2.0

Release notes

Sourced from @​uiw/react-markdown-preview's releases.

v5.2.0

Documentation v5.2.0: https://raw.githack.com/uiwjs/react-markdown-preview/7474ab8/index.html
Comparing Changes: uiwjs/react-markdown-preview@v5.1.7...v5.2.0

• 🌟 feat: add common syntax highlight entry. #291 b51f018 @​jaywcjlove

npm i @uiw/react-markdown-preview@5.2.0

v5.1.7

Documentation v5.1.7: https://raw.githack.com/uiwjs/react-markdown-preview/af7e41b/index.html
Comparing Changes: uiwjs/react-markdown-preview@v5.1.7...v5.1.7

npm i @uiw/react-markdown-preview@

v5.1.6

Documentation v5.1.6: https://raw.githack.com/uiwjs/react-markdown-preview/8bd0f0b/index.html
Comparing Changes: uiwjs/react-markdown-preview@v5.1.5...v5.1.6

npm i @uiw/react-markdown-preview@5.1.6 

• 💄 chore(deps): Change rehype-prism-plus to ~2.0.0 (#290) b6448b0e @​RARgames

Commits

• 945313b released v5.2.0 #291
• b51f018 feat: add common syntax highlight entry. #291
• 367c06a released v5.1.7
• 761a409 fix(deps): update dependency react-markdown to v10 (#283)
• 91995c5 released v5.1.6 #291 #289 #290
• b6448b0 chore(deps): Change rehype-prism-plus to ~2.0.0 (#290)
• e923195 doc: Update README.md
• fad5ff7 ci: update workflows config.
• ac636cb chore: update funding.
• 093e64f chore: update README.md
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​uiw/react-markdown-preview since your current version.

Updates convex from 1.33.1 to 1.34.1

Changelog

Sourced from convex's changelog.

1.34.1

• Hides the --yes flag on npx convex deploy to discourage YOLO agents being run in privileged environments from pushing to production.
• Improves client backoff strategy to reconnect more quickly. The changes in 1.34.0 did not correctly reset backoff sufficiently after reconnect.
• AI files will not be installed by default in non-interactive environments.
• Disabling AI files is now tracked with an "enabled" flag in convex.json that hides nags for initial setup and updates when set to false.
• Fix ai-files re-prompting to install files on setup when they already exist.
• Fix local deployments returning stale credentials when ports change.

1.34.0

• The CLI can now automatically provide Convex AI context files (AGENTS.md, CLAUDE.md, guidelines/state files) to your project when using npx convex dev. You can manage Convex AI files using the new npx convex ai-files command:
  • npx convex ai-files install - Install or refresh AI files
  • npx convex ai-files update - Update to latest available AI files
  • npx convex ai-files status - Show what is installed and what is stale
  • npx convex ai-files disable - Suppress install and staleness messages in npx convex dev
  • npx convex ai-files enable - Re-enable install and staleness messages
  • npx convex ai-files remove - Remove Convex-managed AI files
• Adds new npx convex deployment commands:
  • npx convex deployment create allows you to create new cloud deployments for a project
  • npx convex deployment select allows you to select the deployment to use in your project directory when running commands
• CLI commands now support the --deployment flag to select a deployment to target. It accepts a deployment name (e.g. joyful-capybara-123), ref (e.g. dev/james), dev (for your personal dev deployment), or prod (for your project’s default production deployment). You can also select deployments in other projects with project-slug:ref or team-slug:project-slug:ref.
• Improves websocket client backoff behavior.
• No longer recreates convex/README.md when convex/ already exists.

Commits

• See full diff in compare view

Updates react-resizable-panels from 4.7.3 to 4.8.0

Release notes

Sourced from react-resizable-panels's releases.

4.8.0

• 699: useDefaultLayout hook automatically migrates legacy layouts to version 4 format; see issue 605 or PR 699 for details on how this works.

4.7.6

• 698: Replace Panel aria-disabled attribute with data-disabled

4.7.5

• 696: Improved server rendering support for defaultSize prop

4.7.4

• 689: Fix edge case bug with pointer event capture

Changelog

Sourced from react-resizable-panels's changelog.

4.8.0

• 699: useDefaultLayout hook automatically migrates legacy layouts to version 4 format; see issue 605 for details on how this works.

4.7.6

• 698: Replace Panel aria-disabled attribute with data-disabled

4.7.5

• 696: Improved server rendering support for defaultSize prop

4.7.4

• 689: Fix edge case bug with pointer event capture

Commits

• 1e299c3 4.7.6 -> 4.8.0
• 09bec23 Import version 3 saved layouts in version 4 (#699)
• 1adf716 Update CONTRIBUTING.md
• bf4f8c6 4.7.5 -> 4.7.6
• d7e4d97 Replace Panel aria-disabled attribute with data-disabled (#698)
• ebf443d Upgrade react-lib-tools
• 225be97 Upgrade react-lib-tools
• 57bf680 Tweaked defaultSize warning wording
• 6e41d82 4.7.4 -> 4.7.5
• 5941ff3 Improved server rendering support for defaultSize prop (#696)
• Additional commits viewable in compare view

Updates @auth/core from 0.37.4 to 0.41.1

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.1

Bugfixes

• security issue from nodemailer (#13305)

Other

• update links for Credentials-based Authentication (#13258)

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

@​auth/core@​0.40.0

Features

• providers: Mailgun region selection (#13027) (e0168ed1)

Bugfixes

• core: undefined providerId (#12947) (dd211c56)
• providers: Microsoft Entra ID (#12616) (e16b07b8)
• providers: enable OIDC capabilities for Keycloak (#12964) (0adbd101)

Other

• docs: fix typo Avaliable Scopes -> Available Scopes (#13009) (22c1b8b0)
• typo succesful -> successful (#12973)
• fix typo profie -> profile (#12987)

Commits

• 089f0e3 chore(release): bump package version(s) [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• 8f3b2c7 fix: security issue from nodemailer (#13305)
• 240e343 docs: update the Prisma ORM page to use Prisma Postgres (#13299)
• 0bcd32d chore(drizzle): migrate sqliteTable to array API (#13280)
• 90188fa ci: enable merge queue (#13288)
• 8d02b3d docs: remove carbon developer ads widget from docs sidebar (#13286)
• c8cd9b1 chore: remove unused script (#13279)
• 3a7c669 docs: update links for Credentials-based Authentication (#13258)
• e9e2b50 chore(release): bump package version(s) [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/core since your current version.

Updates @openpanel/nextjs from 1.3.0 to 1.4.0

Updates @sentry/nextjs from 10.43.0 to 10.46.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.46.0

Important Changes

• feat(elysia): @sentry/elysia - Alpha Release (#19509)

  New Sentry SDK for the Elysia web framework, supporting both Bun and Node.js runtimes.

  Note: This is an alpha release. Please report any issues or feedback on GitHub.

  Features

  • Automatic error capturing — 5xx errors captured via global onError hook; 3xx/4xx ignored by default. Customizable with shouldHandleError.
  • Automatic tracing — Lifecycle spans for every Elysia phase (Request, Parse, Transform, BeforeHandle, Handle, AfterHandle, MapResponse, AfterResponse, Error) with parameterized route names (e.g. GET /users/:id).
  • Distributed tracing — sentry-trace and baggage headers propagated automatically on incoming/outgoing requests.

  Usage

  import * as Sentry from '@sentry/elysia';
  import { Elysia } from 'elysia';
  Sentry.init({ dsn: 'DSN', tracesSampleRate: 1.0 });
  const app = Sentry.withElysia(new Elysia());
  app.get('/', () => 'Hello World');
  app.listen(3000);

Other Changes

• feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• fix(cloudflare): Forward ctx argument to Workflow.do user callback (#19891)
• fix(cloudflare): Send correct events in local development (#19900)
• fix(core): Do not overwrite user provided conversation id in Vercel (#19903)
• fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• fix(core): Send internal_error as span status for Vercel error spans (#19921)
• fix(core): Truncate content array format in Vercel (#19911)
• fix(deps): bump fast-xml-parser to 5.5.8 in @​azure/core-xml chain (#19918)
• fix(deps): bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 (#19880)
• fix(nestjs): Add node to nest metadata (#19875)
• fix(serverless): Add node to metadata (#19878)

• chore(ci): Fix "Gatbsy" typo in issue package label workflow (#19905)
• chore(claude): Enable Claude Code Intelligence (LSP) (#19930)
• chore(deps): bump mongodb-memory-server-global from 10.1.4 to 11.0.1 (#19888)
• chore(deps-dev): bump @​react-router/node from 7.13.0 to 7.13.1 (#19544)
• chore(deps-dev): bump effect from 3.19.19 to 3.20.0 (#19926)
• chore(deps-dev): bump qunit-dom from 3.2.1 to 3.5.0 (#19546)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.46.0

Important Changes

• feat(elysia): @sentry/elysia - Alpha Release (#19509)

  New Sentry SDK for the Elysia web framework, supporting both Bun and Node.js runtimes.

  Note: This is an alpha release. Please report any issues or feedback on GitHub.

  Features

  • Automatic error capturing — 5xx errors captured via global onError hook; 3xx/4xx ignored by default. Customizable with shouldHandleError.
  • Automatic tracing — Lifecycle spans for every Elysia phase (Request, Parse, Transform, BeforeHandle, Handle, AfterHandle, MapResponse, AfterResponse, Error) with parameterized route names (e.g. GET /users/:id).
  • Distributed tracing — sentry-trace and baggage headers propagated automatically on incoming/outgoing requests.

  Usage

  import * as Sentry from '@sentry/elysia';
  import { Elysia } from 'elysia';
  Sentry.init({ dsn: 'DSN', tracesSampleRate: 1.0 });
  const app = Sentry.withElysia(new Elysia());
  app.get('/', () => 'Hello World');
  app.listen(3000);

Other Changes

• feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• fix(cloudflare): Forward ctx argument to Workflow.do user callback (#19891)
• fix(cloudflare): Send correct events in local development (#19900)
• fix(core): Do not overwrite user provided conversation id in Vercel (#19903)
• fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• fix(core): Send internal_error as span status for Vercel error spans (#19921)
• fix(core): Truncate content array format in Vercel (#19911)
• fix(deps): bump fast-xml-parser to 5.5.8 in @​azure/core-xml chain (#19918)
• fix(deps): bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 (#19880)
• fix(nestjs): Add node to nest metadata (#19875)
• fix(serverless): Add node to metadata (#19878)

• chore(ci): Fix "Gatbsy" typo in issue package label workflow (#19905)
• chore(claude): Enable Claude Code Intelligence (LSP) (#19930)
• chore(deps): bump mongodb-memory-server-global from 10.1.4 to 11.0.1 (#19888)
• chore(deps-dev): bump @​react-router/node from 7.13.0 to 7.13.1 (#19544)
• chore(deps-dev): bump effect from 3.19.19 to 3.20.0 (#19926)

... (truncated)

Commits

• e5fdc9d release: 10.46.0
• c01fe86 release: 10.46.0
• 0f1171b Merge pull request #19973 from getsentry/prepare-release/10.46.0
• 6f48cc4 meta(changelog): Update changelog for 10.46.0
• 54abb35 refactor(elysia): drop @​elysiajs/opentelemetry dependency (#19947)
• a54de04 ref(core): Remove duplicate buildMethodPath utility from openai (#19969)
• 0156846 feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• 18a624e feat(elysia): Elysia SDK (#19509)
• c9812ae test(cloudflare): Enable multi-worker tests for CF integration tests (#19938)
• 83cabf3 fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• Additional commits viewable in compare view

Updates next from 16.1.7 to 16.2.1

Release notes

Sourced from next's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.13

Misc Changes

• docs: opengraph-image papercuts: #92018
• Update revalidateTag examples to use the new two-argument signature: #92065

Credits

Huge thanks to @​icyJoseph and @​aurorascharff for helping!

v16.2.1-canary.12

Core Changes

• Upgrade React from 3cb2c420-20260324 to 9627b5a1-20260327: #92015
• [experiment] Add useOffline flag with offline retry behavior: #92011
• adapters: remove unused suffix code: #91997
• [experiment] Add useOffline hook to expose offline state to userland: #92012
• [turbopack] Don't use turborepo to build the docker image: #92029

Misc Changes

• Use RcStr directly in napi(object) structs instead of converting to String: #92014
• Rename SingleModuleReference::asset to SingleModuleReference::module: #92028

Credits

Huge thanks to @​acdlite, @​ztanner, @​mmastrac, @​sokra, and @​bgw for helping!

v16.2.1-canary.11

Core Changes

... (truncated)

Commits

• ed7d2ce v16.2.1
• 3e37bb4 docs: post release amends (#91715)
• a15ec6e docs: fix broken Activity Patterns demo link in preserving UI state guide (#9...
• 600cd2f Fix adapter outputs for dynamic metadata routes (#91680)
• 27886d3 Turbopack: fix webpack loader runner layer (#91727)
• 88fc430 Fix server actions in standalone mode with cacheComponents (#91711)
• 37aed86 turbo-persistence: remove Unmergeable mmap advice (#91713)
• d6195ec Fix layout segment optimization: move app-page imports to server-utility tran...
• 6cb97d6 Turbopack: lazy require metadata and handle TLA (#91705)
• e6b101a [turbopack] Respect {eval:true} in worker_threads constructors (#91666)
• Additional commits viewable in compare view

Updates @openpanel/sdk from 1.2.0 to 1.3.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
souls-directory	Ignored		Mar 30, 2026 10:10am

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.