deps(deps): bump the minor-and-patch group with 12 updates

[dependabot]

Bumps the minor-and-patch group with 12 updates:

Package	From	To
@supabase/supabase-js	2.93.1	2.93.3
framer-motion	12.29.2	12.30.0
next	16.1.5	16.1.6
openai	6.16.0	6.17.0
puppeteer	24.36.0	24.36.1
resend	6.8.0	6.9.1
undici	7.19.1	7.20.0
@types/node	25.0.10	25.2.0
@types/react	19.2.9	19.2.10
@vitejs/plugin-react	5.1.2	5.1.3
autoprefixer	10.4.23	10.4.24
eslint-config-next	16.1.5	16.1.6

Updates @supabase/supabase-js from 2.93.1 to 2.93.3

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.93.3

2.93.3 (2026-01-29)

🩹 Fixes

• auth: add webauthn tests and fix fallback naming (#1763)
• ci: add persist-credentials: false to release job checkouts (#2074)
• storage: handle empty 200 responses in vector operations (#2073)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.93.2

2.93.2 (2026-01-27)

🩹 Fixes

• supabase: revert client platform and runtime detection headers (#2067)

❤️ Thank You

• Guilherme Souza

v2.93.2-canary.0

2.93.2-canary.0 (2026-01-27)

🩹 Fixes

• supabase: revert client platform and runtime detection headers (#2067)

❤️ Thank You

• Guilherme Souza

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.93.3 (2026-01-29)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.93.2 (2026-01-27)

🩹 Fixes

• supabase: revert client platform and runtime detection headers (#2067)

❤️ Thank You

• Guilherme Souza

Commits

• de20d50 chore(release): version 2.93.2 changelogs (#2068)
• 91b36d7 fix(supabase): revert client platform and runtime detection headers (#2067)
• 6004430 chore(release): version 2.93.1 changelogs (#2061)
• See full diff in compare view

Updates framer-motion from 12.29.2 to 12.30.0

Changelog

Sourced from framer-motion's changelog.

[12.30.0] 2026-02-02

Added

• MotionConfig: Add skipAnimations option.

Fixed

• animate: Prevent error when calling stop() on removed elements.
• animateLayout: Fixing shared element animations when animate called before animateLayout.

[12.29.3] 2026-02-02

Fixed

• Reorder: Fixed viewport autoscroll.

Commits

• f3ebcdb v12.30.0
• 5f6c358 Updating changelog
• ad4dd59 Merge pull request #3523 from motiondivision/claude/investigate-motion-issue-...
• be9917e Merge pull request #3511 from motiondivision/vanilla-scale-correction
• 8b45585 Updating changelog
• eca4a40 Merge pull request #3510 from motiondivision/claude/fix-issue-3509-1OlJw
• c84f4cf Fix animateMini crash when element removed from DOM during scroll cancellation
• 7cf8824 v12.29.3
• c2d4cc4 Updating changelog
• cdbd047 Merge pull request #3508 from lgaspari/feat/reorder-auto-scroll-page
• Additional commits viewable in compare view

Updates next from 16.1.5 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• See full diff in compare view

Updates openai from 6.16.0 to 6.17.0

Release notes

Sourced from openai's releases.

v6.17.0

6.17.0 (2026-01-28)

Full Changelog: v6.16.0...v6.17.0

Features

• api: add shell_call_output status field (edf9590)
• api: api update (6a2eb80)
• api: api updates (19ca100)

Bug Fixes

• api: mark assistants as deprecated (3ae2a14)

Chores

• ci: upgrade actions/github-script (4ea73d3)
• internal: update actions/checkout version (f163b77)
• internal: upgrade babel, qs, js-yaml (2e2f3c6)

Changelog

Sourced from openai's changelog.

6.17.0 (2026-01-28)

Full Changelog: v6.16.0...v6.17.0

Features

• api: add shell_call_output status field (edf9590)
• api: api update (6a2eb80)
• api: api updates (19ca100)

Bug Fixes

• api: mark assistants as deprecated (3ae2a14)

Chores

• ci: upgrade actions/github-script (4ea73d3)
• internal: update actions/checkout version (f163b77)
• internal: upgrade babel, qs, js-yaml (2e2f3c6)

Commits

• 114e795 release: 6.17.0
• df95bf2 feat(api): add shell_call_output status field
• f19b5b3 feat(api): api updates
• e0a7828 fix(api): mark assistants as deprecated
• e81a8a9 chore(ci): upgrade actions/github-script
• c49cae8 Update README models to gpt-5.2
• ae80b55 codegen metadata
• a4b6473 feat(api): api update
• 315426d chore(internal): update actions/checkout version
• 604082a chore(internal): upgrade babel, qs, js-yaml
• See full diff in compare view

Updates puppeteer from 24.36.0 to 24.36.1

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.36.1

24.36.1 (2026-01-27)

♻️ Chores

• improve TargetManager code (#14602) (2c1e002)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.11.1 to 2.11.2

puppeteer: v24.36.1

24.36.1 (2026-01-27)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.11.1 to 2.11.2
    • puppeteer-core bumped from 24.36.0 to 24.36.1

Changelog

Sourced from puppeteer's changelog.

24.36.1 (2026-01-27)

♻️ Chores

• improve TargetManager code (#14602) (2c1e002)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.11.1 to 2.11.2

Commits

• 5d820f2 chore: release main (#14601)
• 2c1e002 refactor: improve TargetManager code (#14602)
• 306fa41 chore(deps): update site deps (#14608)
• f09b945 chore(deps-dev): bump the dev-dependencies group across 1 directory with 15 u...
• 7d9eaa1 chore(deps): bump the all group across 1 directory with 5 updates (#14605)
• 34b1635 test: fix ng-schematics tests (#14606)
• c95d1bf fix: typo in the config path in getConfigHomeLinux (#14600)
• See full diff in compare view

Updates resend from 6.8.0 to 6.9.1

Release notes

Sourced from resend's releases.

v6.9.1

What's Changed

• fix(deps): update dependency mailparser to v3.9.1 by @​renovate[bot] in resend/resend-node#809
• chore(deps): update pnpm to v10.28.2 by @​renovate[bot] in resend/resend-node#807
• chore(deps): update dependency @​biomejs/biome to v2.3.13 by @​renovate[bot] in resend/resend-node#806
• fix(deps): update react monorepo by @​renovate[bot] in resend/resend-node#811
• chore: add react and react-dom as devDependencies by @​gabrielmfern in resend/resend-node#814
• fix(deps): update dependency next to v16.1.5 by @​renovate[bot] in resend/resend-node#810
• chore: bump to 6.9.1 by @​gabrielmfern in resend/resend-node#816

Full Changelog: resend/resend-node@v6.9.0...v6.9.1

v6.9.0

What's Changed

• chore(deps): update pnpm to v10.28.1 by @​renovate[bot] in resend/resend-node#796
• feat(contacts): create contact with segments and topics by @​Cisneiros in resend/resend-node#800
• chore(deps): update dependency @​biomejs/biome to v2.3.12 by @​renovate[bot] in resend/resend-node#805
• chore(deps): update dependency tsdown to v0.20.1 by @​renovate[bot] in resend/resend-node#804
• chore(deps): update dependency vitest to v4.0.18 by @​renovate[bot] in resend/resend-node#803
• chore(deps): update dependency @​types/react to v19.2.9 by @​renovate[bot] in resend/resend-node#799
• chore(deps): update tj-actions/changed-files digest to 7d5bbf4 - autoclosed by @​renovate[bot] in resend/resend-node#798
• fix(deps): update dependency next to v16.1.4 by @​renovate[bot] in resend/resend-node#794
• chore(deps): update dependency @​types/node to v24.10.9 by @​renovate[bot] in resend/resend-node#786
• feat: export all interfaces from main index by @​xiaoyu2er in resend/resend-node#802
• feat: add method to help with forwarding inbound emails by @​lucasfcosta in resend/resend-node#797

New Contributors

• @​xiaoyu2er made their first contribution in resend/resend-node#802

Full Changelog: resend/resend-node@v6.8.0...v6.9.0

Commits

• e015620 chore: bump to 6.9.1 (#816)
• 6f0195a fix(deps): update dependency next to v16.1.5 (#810)
• aec5a72 chore: add react and react-dom as devDependencies (#814)
• e97db88 fix(deps): update react monorepo (#811)
• fe07bd1 chore(deps): update dependency @​biomejs/biome to v2.3.13 (#806)
• f1baaec chore(deps): update pnpm to v10.28.2 (#807)
• 8a8ebcc fix(deps): update dependency mailparser to v3.9.1 (#809)
• 2a48341 chore: bump to 6.9.0 (#808)
• 0d97792 feat: add method to help with forwarding inbound emails (#797)
• f0dfcb0 feat: export all interfaces from main index (#802)
• Additional commits viewable in compare view

Updates undici from 7.19.1 to 7.20.0

Release notes

Sourced from undici's releases.

v7.20.0

What's Changed

• fix: preserve fetch stack traces by @​mcollina in nodejs/undici#4778
• Fix error handling in MockPool example by @​dave-kennedy in nodejs/undici#4781
• feat: expose statusText in request() ResponseData by @​domenic in nodejs/undici#4784
• test: reduce retry-after invalid date flake by @​mcollina in nodejs/undici#4788
• extractBody fixes by @​KhafraDev in nodejs/undici#4791
• fix: MockAgent delayed response with AbortSignal (#4693) by @​mcollina in nodejs/undici#4772
• fix: onParserTimeout potentially accessing undefined by @​vbfox in nodejs/undici#4758

New Contributors

• @​dave-kennedy made their first contribution in nodejs/undici#4781
• @​vbfox made their first contribution in nodejs/undici#4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

v7.19.2

What's Changed

• Minor code cleanups to decompress interceptor by @​domenic in nodejs/undici#4754
• fix(h2): fix flaky stream end handling on macOS by @​mcollina in nodejs/undici#4762
• return response when receiving 401 instead of network error by @​KhafraDev in nodejs/undici#4769
• fix: properly close idle connections in test server cleanup by @​mcollina in nodejs/undici#4764
• fix: decode HTTP headers as latin1 instead of utf8 by @​mcollina in nodejs/undici#4768
• fix: submodule update by @​Uzlopak in nodejs/undici#4648
• build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 by @​dependabot[bot] in nodejs/undici#4720

New Contributors

• @​domenic made their first contribution in nodejs/undici#4754

Full Changelog: nodejs/undici@v7.19.1...v7.19.2

Commits

• 6cc668d Bumped v7.20.0 (#4792)
• e65fa39 fix: onParserTimeout potentially accessing undefined (#4758)
• f1d50a2 fix: MockAgent delayed response with AbortSignal (#4693) (#4772)
• 9948d6f extractBody fixes (#4791)
• 5a5920d test: reduce retry-after invalid date timing flake (#4788)
• 352c691 feat: expose statusText in request() ResponseData (#4784)
• fecd473 docs: Fix error handling in MockPool example (#4781)
• 1edea72 fix: preserve fetch stack traces (#4778)
• 4b36fef Bumped v7.19.2 (#4777)
• 44e437d build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 (#4720)
• Additional commits viewable in compare view

Updates @types/node from 25.0.10 to 25.2.0

Commits

• See full diff in compare view

Updates @types/react from 19.2.9 to 19.2.10

Commits

• See full diff in compare view

Updates @vitejs/plugin-react from 5.1.2 to 5.1.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.3 (2026-02-02)

Commits

• cf0cb8a release: plugin-react@5.1.3
• 99e480c fix(deps): update all non-major dependencies (#1090)
• 77f5e42 fix(deps): update react 19.2.4 (#1084)
• e327da4 fix(deps): update all non-major dependencies (#1083)
• 3d3dbc2 chore: add metadata for vite-plugin-registry (#1078)
• 58dfb9d fix(deps): update all non-major dependencies (#1066)
• fefad3d fix(deps): update all non-major dependencies (#1048)
• 36704df chore: setup oxfmt for formatting (#997)
• 54231d9 docs(plugin-react): add docs for exclude option (#1046)
• 6d203af fix(deps): update all non-major dependencies (#1030)
• Additional commits viewable in compare view

Updates autoprefixer from 10.4.23 to 10.4.24

Release notes

Sourced from autoprefixer's releases.

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

Changelog

Sourced from autoprefixer's changelog.

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

Commits

• 36692c2 Release 10.4.24 version
• 67df014 Update dependencies
• 032440e perf: reduce array allocations (#1542)
• See full diff in compare view

Updates eslint-config-next from 16.1.5 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• adf8c61 v16.1.6
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​16.1.5 ⏵ 16.1.6			+1
	eslint-config-next@​16.1.5 ⏵ 16.1.6
	@​types/​react@​19.2.9 ⏵ 19.2.10	+1		+1	+1
	@​types/​node@​25.0.10 ⏵ 25.2.0	+1		+1
	autoprefixer@​10.4.23 ⏵ 10.4.24			+1
	puppeteer@​24.36.0 ⏵ 24.36.1				+1
	@​vitejs/​plugin-react@​5.1.2 ⏵ 5.1.3
	undici@​7.19.1 ⏵ 7.20.0	+1		+1	+1
	framer-motion@​12.29.2 ⏵ 12.30.0	+1		+1	+1
	openai@​6.16.0 ⏵ 6.17.0				+2
	resend@​6.8.0 ⏵ 6.9.1				+1
	@​supabase/​supabase-js@​2.93.1 ⏵ 2.93.3

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm @zone-eu/mailsplit under EUPL-1.2 License: EUPL-1.2 - the applicable license policy does not allow this license (4) (package/LICENSE.EUPL-1.2) From: pnpm-lock.yaml → npm/resend@6.9.1 → npm/@zone-eu/mailsplit@5.4.8 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@zone-eu/mailsplit@5.4.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml