Skip to content

chore(deps): bump the production group across 1 directory with 26 updates#631

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-d8ea7c072b
Open

chore(deps): bump the production group across 1 directory with 26 updates#631
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-d8ea7c072b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps the production group with 26 updates in the / directory:

Package From To
@iconify-json/lucide 1.2.102 1.2.114
@iconify-json/simple-icons 1.2.77 1.2.87
@shikijs/rehype 3.23.0 4.2.0
@takumi-rs/image-response 0.62.8 1.8.7
@takumi-rs/wasm 0.62.8 1.8.7
@tanstack/react-query 5.99.0 5.101.1
@vercel/analytics 1.6.1 2.0.1
@vercel/speed-insights 1.3.1 2.0.0
@wagmi/core 3.4.11 3.5.2
abitype 1.2.3 1.2.4
accounts 0.10.7 0.14.11
hono 4.12.26 4.12.27
ox 0.14.20 0.14.29
posthog-js 1.367.0 1.393.0
posthog-node 5.29.2 5.38.4
react 19.2.6 19.2.7
react-dom 19.2.6 19.2.7
react-server-dom-webpack 19.2.6 19.2.7
shiki 3.23.0 4.2.0
sql-formatter 15.7.3 15.8.2
tailwind-merge 3.5.0 3.6.0
tailwindcss 4.2.2 4.3.1
wagmi 3.6.14 3.6.18
waku 1.0.0-beta.0 1.0.0-beta.4
webauthx 0.1.1 0.1.2
zod 4.3.6 4.4.3

Updates @iconify-json/lucide from 1.2.102 to 1.2.114

Commits

Updates @iconify-json/simple-icons from 1.2.77 to 1.2.87

Commits

Updates @shikijs/rehype from 3.23.0 to 4.2.0

Release notes

Sourced from @​shikijs/rehype's releases.

v4.2.0

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.0

   🐞 Bug Fixes

    View changes on GitHub

v4.0.2

   🐞 Bug Fixes

    View changes on GitHub

v4.0.1

   🐞 Bug Fixes

    View changes on GitHub

v4.0.0

   🚨 Breaking Changes

   🚀 Features

    View changes on GitHub
Commits

Updates @takumi-rs/image-response from 0.62.8 to 1.8.7

Release notes

Sourced from @​takumi-rs/image-response's releases.

@​takumi-rs/image-response@​1.8.7

Patch Changes

  • 9604fd7: Split package export types per import/require condition so CJS consumers resolve .d.cts
  • Updated dependencies [9604fd7]
    • takumi-js@1.8.7

@​takumi-rs/image-response@​1.8.6

Patch Changes

  • takumi-js@1.8.6

@​takumi-rs/image-response@​1.8.5

Patch Changes

  • takumi-js@1.8.5

@​takumi-rs/image-response@​1.8.4

Patch Changes

  • takumi-js@1.8.4

@​takumi-rs/image-response@​1.8.3

Patch Changes

  • takumi-js@1.8.3

@​takumi-rs/image-response@​1.8.2

Patch Changes

  • takumi-js@1.8.2

@​takumi-rs/image-response@​1.8.1

Patch Changes

  • Updated dependencies [55b058d]
    • takumi-js@1.8.1

@​takumi-rs/image-response@​1.8.0

Patch Changes

  • takumi-js@1.8.0
Commits
  • 294bd83 Version Packages (#793)
  • 9604fd7 Split package export types per import/require condition (#795)
  • 4b810d7 chore(deps): update actions/checkout action to v7
  • 81c3678 revert(napi/core): seperate dts build (#792)
  • cafbd48 CI: add least-privilege top-level permissions (#791)
  • a1f4d4e Version Packages (#784)
  • 88497fa WASM: free resource after test ran
  • c1dd195 Crate: fix vertical-align sub/super shift and trim line-end trailing whitespa...
  • 6f55980 Crate: fix line-box height for top/bottom-aligned boxes taller than line-heig...
  • cfac305 Crate: align empty inline-block, inline-flex, and inline-grid boxes to the ba...
  • Additional commits viewable in compare view

Updates @takumi-rs/wasm from 0.62.8 to 1.8.7

Release notes

Sourced from @​takumi-rs/wasm's releases.

@​takumi-rs/wasm@​1.8.7

Patch Changes

  • 9604fd7: Split package export types per import/require condition so CJS consumers resolve .d.cts
  • Updated dependencies [9604fd7]
    • @​takumi-rs/helpers@​1.8.7

@​takumi-rs/wasm@​1.8.6

Patch Changes

  • @​takumi-rs/helpers@​1.8.6

@​takumi-rs/wasm@​1.8.5

Patch Changes

  • @​takumi-rs/helpers@​1.8.5

@​takumi-rs/wasm@​1.8.4

Patch Changes

  • @​takumi-rs/helpers@​1.8.4

@​takumi-rs/wasm@​1.8.3

Patch Changes

  • @​takumi-rs/helpers@​1.8.3

@​takumi-rs/wasm@​1.8.2

Patch Changes

  • 041e5fd: Fix +simd128 flag being override by CI configuration
    • @​takumi-rs/helpers@​1.8.2

@​takumi-rs/wasm@​1.8.1

Patch Changes

  • 55b058d: Hold renderer state behind a lock so all methods take &self, preventing a panic from permanently breaking the wasm-bindgen borrow flag.
    • @​takumi-rs/helpers@​1.8.1

@​takumi-rs/wasm@​1.8.0

Minor Changes

  • ae2c9aa: Built with nightly Rust toolchain with panic=immediate-abort to reduce binary size

Patch Changes

  • @​takumi-rs/helpers@​1.8.0
Commits
  • 294bd83 Version Packages (#793)
  • 9604fd7 Split package export types per import/require condition (#795)
  • 4b810d7 chore(deps): update actions/checkout action to v7
  • 81c3678 revert(napi/core): seperate dts build (#792)
  • cafbd48 CI: add least-privilege top-level permissions (#791)
  • a1f4d4e Version Packages (#784)
  • 88497fa WASM: free resource after test ran
  • c1dd195 Crate: fix vertical-align sub/super shift and trim line-end trailing whitespa...
  • 6f55980 Crate: fix line-box height for top/bottom-aligned boxes taller than line-heig...
  • cfac305 Crate: align empty inline-block, inline-flex, and inline-grid boxes to the ba...
  • Additional commits viewable in compare view

Updates @tanstack/react-query from 5.99.0 to 5.101.1

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-next-experimental@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-persist-client@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query@​5.101.1

Patch Changes

  • Updated dependencies [9eff92e]:
    • @​tanstack/query-core@​5.101.1

@​tanstack/react-query-devtools@​5.101.0

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.0

Patch Changes

  • #10857 7cf5923 - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'

  • Updated dependencies []:

    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-persist-client@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.0
    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query@​5.101.0

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.1

Patch Changes

  • Updated dependencies [9eff92e]:
    • @​tanstack/query-core@​5.101.1

5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0

5.100.14

Patch Changes

  • fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

  • Updated dependencies []:

    • @​tanstack/query-core@​5.100.14

5.100.13

Patch Changes

  • Updated dependencies [d423168]:
    • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.11

5.100.10

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.10

... (truncated)

Commits
  • b809297 ci: Version Packages (#10977)
  • ccc843e test({react,preact}-query/useQueries): move type-only tests to 'useQueries.te...
  • 4154613 test({react,preact}-query/useMutation): split 'should handle conditional logi...
  • 8bb5fde test({react,preact}-query/useMutation): split 'should pass meta to mutation' ...
  • 87426a3 test(react-query): replace deprecated 'toBeCalledTimes' with 'toHaveBeenCalle...
  • feb1efd test(*): move 'vi.useRealTimers' to the end of 'afterEach' so cleanup runs un...
  • f3d8d2a ci: Version Packages (#10774)
  • 532bb29 fix(tests): disable local coverage instrumentation (#10776)
  • ba6e7be ci: Version Packages (#10767)
  • ed20b6d fix(react): do not go into optimistic fetching state when not subscribed (#10...
  • Additional commits viewable in compare view

Updates @vercel/analytics from 1.6.1 to 2.0.1

Release notes

Sourced from @​vercel/analytics's releases.

v2.0.1

What's Changed

New Contributors

Full Changelog: vercel/analytics@v2.0.0...v2.0.1

v2.0.0

What's Changed

Breaking Changes

  • License changed from MPL-2.0 to MIT (#170)
  • Nuxt: introduce module support. If you need to configure it, load injectAnalytics() from @vercel/analytics/nuxt/runtime (#183)

Features

  • feat: load dynamic configuration (#184) — analytics config can now be loaded dynamically

Bug Fixes

  • fix: src and endpoint paths do not work when relative (#186)

Full Changelog: vercel/speed-insights@1.6.1...2.0.0

v2.0.0-canary.1

Canary release for testing 2.0.0 changes

Commits

Updates @vercel/speed-insights from 1.3.1 to 2.0.0

Release notes

Sourced from @​vercel/speed-insights's releases.

v2.0.0

What's Changed

Breaking Changes

  • License changed from Apache-2.0 to MIT (#111)
  • Nuxt: introduce module support (#110). In case you need to configure it, load injectSpeedInsights() from @vercel/speed-insights/nuxt/runtime

Features

  • feat: load dynamic configuration (#112) — speed insights config can now be loaded dynamically

Full Changelog: vercel/speed-insights@1.3.1...2.0.0

v2.0.0-canary.1

Canary release for testing 2.0.0 changes

1.5.0-canary.4

What's Changed

Full Changelog: vercel/speed-insights@1.2.0-canary.3...1.5.0-canary.4

Commits
  • 828d10c chore: bump version to v2.0.0
  • 15cb241 chore: bump version to v2.0.0-canary.1
  • b10a09c feat: load dynamic configuration (#112)
  • c6f4e37 feat(nuxt)!: Add support for injectSpeedInsights() and Nuxt module (#110)
  • See full diff in compare view

Updates @wagmi/core from 3.4.11 to 3.5.2

Release notes

Sourced from @​wagmi/core's releases.

@​wagmi/core@​3.5.2

Patch Changes

  • Bumped accounts peer version (3e12a5e)

@​wagmi/core@​3.5.0

Minor Changes

  • Added discovered EIP-6963 providers to the connector setup config. (#5128)

@​wagmi/core@​3.4.12

Patch Changes

  • Handled malformed cookie state in cookieToInitialState. (#5116)

  • wagmi/tempo: Renamed Actions.wallet.send to Actions.wallet.transfer and Hooks.wallet.useSend to Hooks.wallet.useTransfer. (#5121)

    Also bumps the accounts peer dependency to ~0.12.

    - await Actions.wallet.send(config, {
    -   to: '0x...',
    -   token: '0x...',
    -   value: '1.5',
    - })
    + await Actions.wallet.transfer(config, {
    +   amount: '1.5',
    +   to: '0x...',
    +   token: '0x...',
    + })
    - const send = Hooks.wallet.useSend()
    + const transfer = Hooks.wallet.useTransfer()
Changelog

Sourced from @​wagmi/core's changelog.

3.5.2

Patch Changes

  • Bumped accounts peer version (3e12a5e)

3.5.1

Patch Changes

  • Updated prepareTransactionRequest to use the connector client when available. (#5154)

3.5.0

Minor Changes

  • Added discovered EIP-6963 providers to the connector setup config. (#5128)

3.4.12

Patch Changes

  • Handled malformed cookie state in cookieToInitialState. (#5116)

  • wagmi/tempo: Renamed Actions.wallet.send to Actions.wallet.transfer and Hooks.wallet.useSend to Hooks.wallet.useTransfer. (#5121)

    Also bumps the accounts peer dependency to ~0.12.

    - await Actions.wallet.send(config, {
    -   to: '0x...',
    -   token: '0x...',
    -   value: '1.5',
    - })
    + await Actions.wallet.transfer(config, {
    +   amount: '1.5',
    +   to: '0x...',
    +   token: '0x...',
    + })
    - const send = Hooks.wallet.useSend()
    + const transfer = Hooks.wallet.useTransfer()
Commits

Updates abitype from 1.2.3 to 1.2.4

Release notes

Sourced from abitype's releases.

abitype@1.2.4

Patch Changes

  • Fixed Zod identifier regex to anchor start and end, rejecting invalid identifiers like café, 2g, and hello👋. (#296)
Commits

Updates accounts from 0.10.7 to 0.14.11

Release notes

Sourced from accounts's releases.

accounts@0.14.11

Patch Changes

  • 3610539: Added adapter-supplied default access-key keystores via Adapter.Instance.accessKey.keystores, replacing the removed generateAccessKey.
  • a94dcff: Bumped hono to 4.12.25 (catalog + override for transitive @modelcontextprotocol/sdk paths) to clear the remaining pnpm audit advisories: CORS middleware origin reflection (high), serve-static path traversal, and the AWS Lambda Set-Cookie/body-limit/header issues.
  • 0406c1c: Upgraded vulnerable transitive dependencies to patched versions to clear pnpm audit (vite-plus, vite, ws, tmp, form-data, protobufjs, tar, js-yaml, launch-editor, @​babel/core, dompurify).
  • a65930b: Bumped the mppx dependency to ^0.7.0.
  • 9aa1ed4: Fixed eth_fillTransaction to estimate gas for the signing key's signature size instead of always assuming secp256k1.
  • 3610539: Added an accessKey option group to Provider.createaccessKey.keystores for pluggable per-key-type access-key keystores and accessKey.authorize superseding the now-deprecated top-level authorizeAccessKey.
  • 0b960e2: Restored popup treatment in Safari for wallet_connect in the postMessage adapter.
  • b588aa8: Upgraded the wata dependency to 0.2.0 and migrated the postMessage and mobileWebAuth adapters to its async wata.start() session API.

accounts@0.14.9

Patch Changes

  • e15e2a4: Added mobileWebAuth() and tempoWalletMobileWebAuth() adapters, also available from accounts/mobileWebAuth as mobileWebAuth and tempoWallet.

    Added accounts/react-native/expo-web-browser.

    Added ProviderRequest.parse().

    Renamed accounts/react-native/secure-storage to accounts/react-native/expo-secure-store.

    Removed the reactNative() adapter.

accounts@0.14.8

Patch Changes

  • d0d3cea: Added OIDC identity-token support for verified email extraction.

accounts@0.14.7

Patch Changes

  • 8a9564b: Persist CLI access keys in filesystem-backed provider storage.

  • edab403: Allow Provider.create({ authorizeAccessKey }) to return undefined to skip access-key authorization for the current wallet_connect.

  • df1615e: Persist access keys through provider storage.

  • 1478791: Add provider-owned RPC action handling for adapters that expose a viem account with getAccount.

    Adapters can now implement getAccount and optional generateAccessKey instead of duplicating transaction, signing, and access-key RPC actions.

  • ad48834: Allowed the React Native adapter to connect without requesting an access key.

  • 648df76: Make accounts/react-native adapter-only and move React Native storage adapters behind explicit subpaths.

  • 694e022: Added a React Privy adapter at accounts/react/privy, backed Privy Ethereum signing with secp256k1_sign, and stopped exporting the lower-level Core JS Privy adapter from the root package entrypoint.

  • b1a3a69: Added ability to batch key authorization + server auth into one digest.

... (truncated)

Changelog

Sourced from accounts's changelog.

0.14.11

Patch Changes

  • 3610539: Added adapter-supplied default access-key keystores via Adapter.Instance.accessKey.keystores, replacing the removed generateAccessKey.
  • a94dcff: Bumped hono to 4.12.25 (catalog + override for transitive @modelcontextprotocol/sdk paths) to clear the remaining pnpm audit advisories: CORS middleware origin reflection (high), serve-static path traversal, and the AWS Lambda Set-Cookie/body-limit/header issues.
  • 0406c1c: Upgraded vulnerable transitive dependencies to patched versions to clear pnpm audit (vite-plus, vite, ws, tmp, form-data, protobufjs, tar, js-yaml, launch-editor, @​babel/core, dompurify).
  • a65930b: Bumped the mppx dependency to ^0.7.0.
  • 9aa1ed4: Fixed eth_fillTransaction to estimate gas for the signing key's signature size instead of always assuming secp256k1.
  • 3610539: Added an accessKey option group to Provider.createaccessKey.keystores for pluggable per-key-type access-key keystores and accessKey.authorize superseding the now-deprecated top-level authorizeAccessKey.
  • 0b960e2: Restored popup treatment in Safari for wallet_connect in the postMessage adapter.
  • b588aa8: Upgraded the wata dependency to 0.2.0 and migrated the postMessage and mobileWebAuth adapters to its async wata.start() session API.

0.14.10

Patch Changes

  • fa0434f: Added wallet_updateAccessKey to update an access key's spending limits in place.

  • c5bbc8d: Added multisig approval collection to Handler.relay.

  • ab78127: Fixed raw sponsored transaction signing to restore the configured fee token when the serialized transaction omits it.

  • a993dff: Remove the accounts/react-native subpath; import asyncStorage from accounts/react-native/async-storage instead.

  • 05d5458: Removed the T5 hardfork gate so TIP-1053 witness binding always collapses access-key authorization and the auth proof into a single passkey ceremony.

  • 8203e44: Add encrypted MMKV-backed React Native storage that manages its SecureStore encryption key internally.

    Remove secureStorage from accounts/react-native/expo-secure-store; use secureMmkv from accounts/react-native/secure-mmkv instead.

  • a188f7e: Introduced postMessage adapter built on the Wata transport of the same name.

    Updated the tempoWallet adapter to use postMessage.

    Deprecated dialog adapter in favor of postMessage.

0.14.9

Patch Changes

  • e15e2a4: Added mobileWebAuth() and tempoWalletMobileWebAuth() adapters, also available from accounts/mobileWebAuth as mobileWebAuth and tempoWallet.

    Added accounts/react-native/expo-web-browser.

    Added ProviderRequest.parse().

    Renamed accounts/react-native/secure-storage to accounts/react-native/expo-secure-store.

    Removed the reactNative() adapter.

0.14.8

Patch Changes

... (truncated)

Commits

Updates hono from 4.12.26 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

Commits

Updates ox from 0.14.20 to 0.14.29

Release notes

Sourced from ox's releases.

ox@0.14.29

Patch Changes

  • #268 ed93945 Thanks @​jxom! - viem/tempo: Added genesisConfig shorthand to TIP-1061 multisig helpers and renamed configIdgenesisConfigId on the typed SignatureEnvelope.Multisig.

ox@0.14.28

Patch Changes

  • #265 f5328d2 Thanks @​jxom! - viem/tempo: Added support for TIP-1061 native multisig accounts.

ox@0.14.27

Patch Changes

  • #263 451a442 Thanks @​jxom! - ox/tempo: Added the ReceivePolicyReceipt module for encoding/decoding TIP-1028 receive-policy claim receipts (ClaimReceiptV1 witnesses) with decode, encode, from, fromLog, and fromTransactionReceipt (returns one receipt per TransferBlocked log).

ox@0.14.26

Patch Changes

  • #262 b1ac8c8 Thanks @​jxom! - ox/tempo: Added support for TIP-1049 (admin access keys) via optional isAdmin and account fields on KeyAuthorization that bind into the signing hash.

  • #260 581ccee Thanks @​jxom! - ox/tempo: Added support for TIP-1053 (witnesses in key authorizations) via an optional 32-byte witness field on KeyAuthorization that is included in the signing hash.

ox@0.14.25

Patch Changes

  • #256 ad7610b Thanks @​jxom! - Renamed ChannelDescriptor.from to Channel.from, made Channel.Channel the descriptor type, and changed Channel.computeId to receive channel and options separately.

ox@0.14.24

Patch Changes

  • #254 d837628 Thanks @​jxom! - Added ChannelDescriptor.from for normalizing TIP-20 channel reserve descriptors.

ox@0.14.23

Patch Changes

  • #252 19cd833 Thanks @​jxom! - Added TIP-20 channel reserve constants, channel id computation, and voucher signing helpers.

ox@0.14.22

Patch Changes

  • #227 ffa64c0 Thanks @​Genmin! - Fixed Secp256k1.verify narrowing signature branches before address recovery.

ox@0.14.21

Patch Changes

  • #246 32cf459 Thanks @​0xrusowsky! - Added TxEnvelopeTempo.encodeForSigning to expose the raw Tempo sender-signing preimage bytes.

  • #248 e0474e9 Thanks @​jxom! - Added blockTimestamp support to transaction RPC conversions.

Commits
  • 58ca601 chore: version packages (#269)
  • ed93945 feat(tempo): add genesisConfig shorthand to multisig helpers (#268)
  • ad3330f chore: version packages (#267)
  • 4b3fe3e chore: version packages (#266)
  • ef64a52 ci(tempo): use edge image (tracks main) instead of latest
  • b8a0714 test(tempo): skip TIP-1049 admin e2e until tempo release ships PR #4265
  • f5328d2 feat(tempo): native multisig (#265)
  • ae54345 ci: bump vitest hookTimeout to 60s for tempo localnet cold start
  • 7bb96ea chore: version packages (#264)
  • 451a442 feat(tempo): add ReceivePolicyReceipt module for TIP-1028 claim receipts (#263)
  • Additional commits viewable in compare view

Updates posthog-js from 1.367.0 to 1.393.0

Release notes

Sourced from posthog-js's releases.

posthog-js@1.393.0

1.393.0

Minor Changes

  • #3921 c28b161 Thanks @​marandaneto! - Add disable_capture_url_hashes to strip URL fragments from automatically captured URLs. It is disabled by default for backwards compatibility, and enabled automatically when config.defaults is '2026-06-25' or later. Enabling it (either explicitly or via the '2026-06-25' defaults) is a breaking behavior change for SPAs that rely on URL hashes for routing or analytics, because hash-based routes will be collapsed to the same URL without the fragment in fields such as $current_url, $initial_current_url, $session_entry_url, autocapture $elements[*].attr__href, $external_click_url, replay href URLs, heatmaps, web vitals $current_url, logs url.full, conversations current_url/request_url, or Next.js Pages Router $pageview $current_url.

    If you only want to capture some hashes, leave hash capture enabled and use before_send to remove or redact sensitive hash values before events are sent. (2026-06-23)

Patch Changes

  • Updated dependencies [c28b161]:
    • @​posthog/core@​1.36.0
    • @​posthog/types@​1.391.0

posthog-js@1.392.0

1.392.0

Minor Changes

  • #3895 ce528ed Thanks @​turnipdabeets! - Console log auto-capture (logs: { captureConsoleLogs: true }) now flows through the same pipeline as posthog.captureLog(), posthog.logger.*, and PostHog's other SDKs, instead of OpenTelemetry. As a result:

    • the bundled OpenTelemetry dependencies are removed, shrinking the lazily-loaded logs chunk
    • auto-captured console logs now run through logs.beforeSend (the same hook as captureLog/logger.*), so you can redact or drop sensitive console output before it's sent. To treat c...

      Description has been truncated

…ates

Bumps the production group with 26 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@iconify-json/lucide](https://github.com/iconify/icon-sets) | `1.2.102` | `1.2.114` |
| [@iconify-json/simple-icons](https://github.com/iconify/icon-sets) | `1.2.77` | `1.2.87` |
| [@shikijs/rehype](https://github.com/shikijs/shiki/tree/HEAD/packages/rehype) | `3.23.0` | `4.2.0` |
| [@takumi-rs/image-response](https://github.com/kane50613/takumi) | `0.62.8` | `1.8.7` |
| [@takumi-rs/wasm](https://github.com/kane50613/takumi) | `0.62.8` | `1.8.7` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.99.0` | `5.101.1` |
| [@vercel/analytics](https://github.com/vercel/analytics/tree/HEAD/packages/web) | `1.6.1` | `2.0.1` |
| [@vercel/speed-insights](https://github.com/vercel/speed-insights/tree/HEAD/packages/web) | `1.3.1` | `2.0.0` |
| [@wagmi/core](https://github.com/wevm/wagmi/tree/HEAD/packages/core) | `3.4.11` | `3.5.2` |
| [abitype](https://github.com/wevm/abitype) | `1.2.3` | `1.2.4` |
| [accounts](https://github.com/tempoxyz/accounts) | `0.10.7` | `0.14.11` |
| [hono](https://github.com/honojs/hono) | `4.12.26` | `4.12.27` |
| [ox](https://github.com/wevm/ox) | `0.14.20` | `0.14.29` |
| [posthog-js](https://github.com/PostHog/posthog-js) | `1.367.0` | `1.393.0` |
| [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.29.2` | `5.38.4` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |
| [react-server-dom-webpack](https://github.com/facebook/react/tree/HEAD/packages/react-server-dom-webpack) | `19.2.6` | `19.2.7` |
| [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) | `3.23.0` | `4.2.0` |
| [sql-formatter](https://github.com/sql-formatter-org/sql-formatter) | `15.7.3` | `15.8.2` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.2` | `4.3.1` |
| [wagmi](https://github.com/wevm/wagmi/tree/HEAD/packages/react) | `3.6.14` | `3.6.18` |
| [waku](https://github.com/wakujs/waku/tree/HEAD/packages/waku) | `1.0.0-beta.0` | `1.0.0-beta.4` |
| [webauthx](https://github.com/wevm/webauthx) | `0.1.1` | `0.1.2` |
| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |



Updates `@iconify-json/lucide` from 1.2.102 to 1.2.114
- [Commits](https://github.com/iconify/icon-sets/commits)

Updates `@iconify-json/simple-icons` from 1.2.77 to 1.2.87
- [Commits](https://github.com/iconify/icon-sets/commits)

Updates `@shikijs/rehype` from 3.23.0 to 4.2.0
- [Release notes](https://github.com/shikijs/shiki/releases)
- [Commits](https://github.com/shikijs/shiki/commits/v4.2.0/packages/rehype)

Updates `@takumi-rs/image-response` from 0.62.8 to 1.8.7
- [Release notes](https://github.com/kane50613/takumi/releases)
- [Commits](https://github.com/kane50613/takumi/compare/@takumi-rs/image-response@0.62.8...@takumi-rs/image-response@1.8.7)

Updates `@takumi-rs/wasm` from 0.62.8 to 1.8.7
- [Release notes](https://github.com/kane50613/takumi/releases)
- [Commits](https://github.com/kane50613/takumi/compare/@takumi-rs/wasm@0.62.8...@takumi-rs/wasm@1.8.7)

Updates `@tanstack/react-query` from 5.99.0 to 5.101.1
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.1/packages/react-query)

Updates `@vercel/analytics` from 1.6.1 to 2.0.1
- [Release notes](https://github.com/vercel/analytics/releases)
- [Commits](https://github.com/vercel/analytics/commits/v2.0.1/packages/web)

Updates `@vercel/speed-insights` from 1.3.1 to 2.0.0
- [Release notes](https://github.com/vercel/speed-insights/releases)
- [Commits](https://github.com/vercel/speed-insights/commits/v2.0.0/packages/web)

Updates `@wagmi/core` from 3.4.11 to 3.5.2
- [Release notes](https://github.com/wevm/wagmi/releases)
- [Changelog](https://github.com/wevm/wagmi/blob/main/packages/core/CHANGELOG.md)
- [Commits](https://github.com/wevm/wagmi/commits/@wagmi/core@3.5.2/packages/core)

Updates `abitype` from 1.2.3 to 1.2.4
- [Release notes](https://github.com/wevm/abitype/releases)
- [Commits](https://github.com/wevm/abitype/compare/abitype@1.2.3...abitype@1.2.4)

Updates `accounts` from 0.10.7 to 0.14.11
- [Release notes](https://github.com/tempoxyz/accounts/releases)
- [Changelog](https://github.com/tempoxyz/accounts/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tempoxyz/accounts/compare/accounts@0.10.7...accounts@0.14.11)

Updates `hono` from 4.12.26 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.26...v4.12.27)

Updates `ox` from 0.14.20 to 0.14.29
- [Release notes](https://github.com/wevm/ox/releases)
- [Commits](https://github.com/wevm/ox/compare/ox@0.14.20...ox@0.14.29)

Updates `posthog-js` from 1.367.0 to 1.393.0
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/compare/posthog-js@1.367.0...posthog-js@1.393.0)

Updates `posthog-node` from 5.29.2 to 5.38.4
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/commits/posthog-node@5.38.4/packages/node)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `react-server-dom-webpack` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-server-dom-webpack)

Updates `shiki` from 3.23.0 to 4.2.0
- [Release notes](https://github.com/shikijs/shiki/releases)
- [Commits](https://github.com/shikijs/shiki/commits/v4.2.0/packages/shiki)

Updates `sql-formatter` from 15.7.3 to 15.8.2
- [Release notes](https://github.com/sql-formatter-org/sql-formatter/releases)
- [Commits](sql-formatter-org/sql-formatter@v15.7.3...v15.8.2)

Updates `tailwind-merge` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0)

Updates `tailwindcss` from 4.2.2 to 4.3.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/tailwindcss)

Updates `wagmi` from 3.6.14 to 3.6.18
- [Release notes](https://github.com/wevm/wagmi/releases)
- [Changelog](https://github.com/wevm/wagmi/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/wevm/wagmi/commits/wagmi@3.6.18/packages/react)

Updates `waku` from 1.0.0-beta.0 to 1.0.0-beta.4
- [Release notes](https://github.com/wakujs/waku/releases)
- [Changelog](https://github.com/wakujs/waku/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wakujs/waku/commits/v1.0.0-beta.4/packages/waku)

Updates `webauthx` from 0.1.1 to 0.1.2
- [Release notes](https://github.com/wevm/webauthx/releases)
- [Changelog](https://github.com/wevm/webauthx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wevm/webauthx/compare/webauthx@0.1.1...webauthx@0.1.2)

Updates `zod` from 4.3.6 to 4.4.3
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v4.3.6...v4.4.3)

---
updated-dependencies:
- dependency-name: "@iconify-json/lucide"
  dependency-version: 1.2.114
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: "@iconify-json/simple-icons"
  dependency-version: 1.2.87
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: "@shikijs/rehype"
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production
- dependency-name: "@takumi-rs/image-response"
  dependency-version: 1.8.7
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production
- dependency-name: "@takumi-rs/wasm"
  dependency-version: 1.8.7
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.101.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: "@vercel/analytics"
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production
- dependency-name: "@vercel/speed-insights"
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production
- dependency-name: "@wagmi/core"
  dependency-version: 3.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: abitype
  dependency-version: 1.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: accounts
  dependency-version: 0.14.11
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: ox
  dependency-version: 0.14.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: posthog-js
  dependency-version: 1.393.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: posthog-node
  dependency-version: 5.38.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: react-server-dom-webpack
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: shiki
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production
- dependency-name: sql-formatter
  dependency-version: 15.8.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: tailwind-merge
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: tailwindcss
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: wagmi
  dependency-version: 3.6.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: waku
  dependency-version: 1.0.0-beta.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: webauthx
  dependency-version: 0.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: zod
  dependency-version: 4.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
tempo-docs Error Error Jun 30, 2026 11:30pm

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants