Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 41 updates#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-1c075bc1ca
Open

chore(deps): bump the minor-and-patch group across 1 directory with 41 updates#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-1c075bc1ca

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown

Bumps the minor-and-patch group with 39 updates in the / directory:

Package From To
@ar-agents/identity 0.5.1 0.9.1
@capacitor/android 8.3.1 8.4.1
@capacitor/core 8.3.1 8.4.1
@capacitor/push-notifications 8.0.4 8.1.1
@formatjs/intl-localematcher 0.8.9 0.8.10
@google-cloud/profiler 6.0.4 6.0.5
@google-cloud/pubsub 5.3.0 5.3.1
@google-cloud/secret-manager 6.1.2 6.2.0
@google-cloud/storage 7.19.0 7.21.0
@google-cloud/tasks 6.2.2 6.2.3
@google/adk 1.1.0 1.3.0
@google/genai 2.6.0 2.10.0
@radix-ui/react-dialog 1.1.15 1.1.17
@radix-ui/react-select 2.2.6 2.3.1
@radix-ui/react-separator 1.1.8 1.1.10
@radix-ui/react-switch 1.2.6 1.3.1
@radix-ui/react-toggle 1.1.10 1.1.12
@radix-ui/react-toggle-group 1.1.11 1.1.13
@radix-ui/react-tooltip 1.2.8 1.2.10
@tanstack/react-query 5.100.14 5.101.2
@tanstack/react-virtual 3.13.24 3.14.4
cron-parser 5.5.0 5.6.1
google-auth-library 10.6.2 10.9.0
libphonenumber-js 1.13.6 1.13.7
lucide-react 1.16.0 1.22.0
mercadopago 3.0.0 3.1.0
next 16.2.6 16.2.9
pdfkit 0.18.0 0.19.1
react 19.2.6 19.2.7
@types/react 19.2.14 19.2.17
react-dom 19.2.6 19.2.7
recharts 3.8.1 3.9.0
@capacitor/cli 8.3.1 8.4.1
@playwright/test 1.60.0 1.61.1
@tailwindcss/postcss 4.3.0 4.3.1
esbuild 0.28.0 0.28.1
eslint 10.4.0 10.6.0
typescript-eslint 8.59.1 8.62.0
vitest 4.1.7 4.1.9

Updates @ar-agents/identity from 0.5.1 to 0.9.1

Release notes

Sourced from @​ar-agents/identity's releases.

@​ar-agents/identity@​0.9.1

Patch Changes

  • #94 ce7d818 Thanks @​naza00000! - Sanitize monotributoCategoria and fechaInscripcion in AFIP padron data (DeepSec MEDIUM follow-up).

    The prompt-injection sanitizer covered nombre/domicilioFiscal/actividades but skipped monotributoCategoria and fechaInscripcion as "coded fields". The WSCDC parser actually fills both from raw AFIP response text (<descripcionCategoria>, contract/categorization dates), so a hostile taxpayer record could smuggle control/zero-width/bidi characters and instruction-like text through them into the agent loop. sanitizeAfipData now cleans both fields, and the _provenance note lists them as untrusted. condicion (a derived enum, never raw text) is the only field passed through.

@​ar-agents/identity-attest@​0.7.0

Minor Changes

  • #92 f200577 Thanks @​naza00000! - Harden identity attestation against OTP brute-force races and cross-tenant reads (DeepSec MEDIUM).

    • OTP attempt counter race (rate-limit-bypass): completeVerification decremented attemptsRemaining with a non-atomic read-modify-write, so concurrent wrong submissions could all read the same counter and exceed maxAttempts. The client now atomically CLAIMS an attempt (new AttestationStore.decrementAttempts) BEFORE verifying, so even a fully concurrent burst can never run more than maxAttempts verifications. Infrastructure errors from an adapter refund the slot (new AttestationStore.incrementAttempts) so a transient external-IdP failure doesn't burn a legitimate user's attempt. Both new store methods are optional — stores that omit them fall back to a (single-process-safe) read-modify-write. InMemoryAttestationStore implements both atomically.
    • Cross-tenant attestation reads (cross-tenant-id): check_verification_status and get_attestation returned subject/claims/signature for any caller-supplied request_id. New optional IdentityAttestToolsOptions.authorizeRead(ctx) hook gates both read tools — construct the tools per request with the caller bound (e.g. compare ctx.externalReference), return false to deny, and the tool responds with not_authorized exposing no data. Omitting it preserves current behavior.

    New exports: IdentityAttestReadContext.

@​ar-agents/identity@​0.9.0

Minor Changes

  • #90 5c2ff8c Thanks @​naza00000! - Harden the agent-callable AFIP padron lookup against abuse and prompt injection (DeepSec MEDIUM).

    • lookup_cuit_afip now enforces the CUIT checksum (parseCuit().valid) in code before querying AFIP, instead of relying on the tool description to tell the model to call validate_cuit first. Malformed CUITs short-circuit with a clear error and never reach the adapter.
    • New IdentityToolsOptions.authorizeLookup hook (IdentityLookupContextIdentityLookupDecision) lets hosts add authorization, per-tenant allowlisting, or rate limiting. It runs after validation and before the adapter, and fails closed: returning false / { allowed: false, reason } denies the lookup without hitting AFIP.
    • AFIP free-text (nombre, domicilioFiscal, actividades) is now sanitized — control codes, zero-width characters, and bidi overrides stripped — both at the WSCDC parser and at the tool boundary, and tool output carries a _provenance marker tagging it as untrusted external data so an agent treats embedded text as data, never instructions.

    New exports: sanitizeRegistryText, sanitizeAfipData, withRegistryProvenance, REGISTRY_PROVENANCE, IdentityLookupContext, IdentityLookupDecision.

@​ar-agents/identity@​0.8.3

Patch Changes

  • #89 043a4b1 Thanks @​naza00000! - Harden the AFIP SOAP envelope builders against XML injection (DeepSec MEDIUM).

    • identity buildGetPersonaSoap now validates cuitRepresentado / cuitToQuery as exactly 11 digits before building the envelope and XML-escapes them as defense-in-depth, so a malformed or hostile CUIT can no longer break out of the SOAP context.
    • facturacion solicitarCAE / getCotizacion now XML-escape every interpolated string field (auth CUIT, fchServDesde / fchServHasta / fchVtoPago, cbteFch, docNro, monId, and cbtesAsoc cuit / fecha). Numeric fields were already type-safe.

@​ar-agents/identity-attest@​0.6.0

Minor Changes

  • #88 13eda70 Thanks @​naza00000! - Security hardening (DeepSec audit, all true-positive):

    • Attestation HMAC now covers claims + externalReference. The previous delimiter payload signed only id/verifier/method/trustLevel/subject/dates, so claims and externalReference could be tampered without invalidating the signature. Signing is now a canonical (sorted-key) serialization of every security-relevant field. BREAKING: signatures issued by older versions no longer verify (they were forgeable on those fields).
    • Auth0 verification binds to the requested subject. A valid Auth0 id_token for a different account no longer satisfies a request: subject.type:"oauth" requires payload.sub === subject.value; "email" requires

... (truncated)

Changelog

Sourced from @​ar-agents/identity's changelog.

0.9.1

Patch Changes

  • #94 ce7d818 Thanks @​naza00000! - Sanitize monotributoCategoria and fechaInscripcion in AFIP padron data (DeepSec MEDIUM follow-up).

    The prompt-injection sanitizer covered nombre/domicilioFiscal/actividades but skipped monotributoCategoria and fechaInscripcion as "coded fields". The WSCDC parser actually fills both from raw AFIP response text (<descripcionCategoria>, contract/categorization dates), so a hostile taxpayer record could smuggle control/zero-width/bidi characters and instruction-like text through them into the agent loop. sanitizeAfipData now cleans both fields, and the _provenance note lists them as untrusted. condicion (a derived enum, never raw text) is the only field passed through.

0.9.0

Minor Changes

  • #90 5c2ff8c Thanks @​naza00000! - Harden the agent-callable AFIP padron lookup against abuse and prompt injection (DeepSec MEDIUM).

    • lookup_cuit_afip now enforces the CUIT checksum (parseCuit().valid) in code before querying AFIP, instead of relying on the tool description to tell the model to call validate_cuit first. Malformed CUITs short-circuit with a clear error and never reach the adapter.
    • New IdentityToolsOptions.authorizeLookup hook (IdentityLookupContextIdentityLookupDecision) lets hosts add authorization, per-tenant allowlisting, or rate limiting. It runs after validation and before the adapter, and fails closed: returning false / { allowed: false, reason } denies the lookup without hitting AFIP.
    • AFIP free-text (nombre, domicilioFiscal, actividades) is now sanitized — control codes, zero-width characters, and bidi overrides stripped — both at the WSCDC parser and at the tool boundary, and tool output carries a _provenance marker tagging it as untrusted external data so an agent treats embedded text as data, never instructions.

    New exports: sanitizeRegistryText, sanitizeAfipData, withRegistryProvenance, REGISTRY_PROVENANCE, IdentityLookupContext, IdentityLookupDecision.

0.8.3

Patch Changes

  • #89 043a4b1 Thanks @​naza00000! - Harden the AFIP SOAP envelope builders against XML injection (DeepSec MEDIUM).

    • identity buildGetPersonaSoap now validates cuitRepresentado / cuitToQuery as exactly 11 digits before building the envelope and XML-escapes them as defense-in-depth, so a malformed or hostile CUIT can no longer break out of the SOAP context.
    • facturacion solicitarCAE / getCotizacion now XML-escape every interpolated string field (auth CUIT, fchServDesde / fchServHasta / fchVtoPago, cbteFch, docNro, monId, and cbtesAsoc cuit / fecha). Numeric fields were already type-safe.

0.8.2

Patch Changes

  • Rebuild and republish from PII-scrubbed source. Versions published before the 2026-06-17 fixture scrub shipped a real CUIT and address in their README/AGENTS/cookbook/dist; this rebuild from the now-clean source removes them. No API changes. The earlier contaminated versions are deprecated on npm.

0.8.1

Patch Changes

  • Frontier release: new packages x402 (HTTP 402 agent payments), bind (BIND APIBANK), fecred (AFIP WSFECred FCE MiPyME). BiasBusters description audit across the toolkit (EN+ES task phrasing). MCP SDK 1.29.

0.8.0

Minor Changes

  • ea61bf9 Thanks @​naza00000! - IdentityError now extends ArAgentsError from @ar-agents/core.

    This gives the package a uniform error shape with the rest of the @ar-agents/* family so middleware (withRetry, withMetrics, etc.) can switch on the same code / retryable / context fields across

... (truncated)

Commits
  • 63ef839 chore(release): version identity@0.9.1 (sanitize coded fields)
  • ce7d818 fix(identity): sanitize monotributoCategoria + fechaInscripcion (DeepSec MEDI...
  • f630d05 chore(release): version identity@0.9.0 (AFIP lookup hardening)
  • 5c2ff8c fix(identity): harden AFIP lookup — validate, authorize, sanitize (DeepSec ME...
  • 3b7d46a chore(release): version identity@0.8.3, facturacion@0.4.3 (SOAP-XML hardening)
  • 043a4b1 fix(identity,facturacion): escape + validate SOAP envelope fields (DeepSec ME...
  • 6bdffad Vercel-native hardening: AI SDK 7 + native tool-approval + BotID + Connect (#83)
  • f438420 chore(release): regen manifests + discovery for bumped versions
  • 92130e5 chore(release): rebuild + republish 17 packages from PII-scrubbed source
  • 1035be0 Reconcile the treasury bridge onto main + harden (idempotency, society wiring...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by naza-ar, a new releaser for @​ar-agents/identity since your current version.


Updates @capacitor/android from 8.3.1 to 8.4.1

Release notes

Sourced from @​capacitor/android's releases.

8.4.1

8.4.1 (2026-06-19)

Bug Fixes

  • cli: make SPM dependency patch work on prereleases (#8508) (6048e90)
  • cli: patch Capacitor SPM dependency version in plugins (#8492) (28bb2c6)

8.4.0

8.4.0 (2026-06-02)

Bug Fixes

  • android: show only the requested system bar (#8480) (4c6c321)
  • cli: revert live reload config on failure (#8485) (1d031a4)
  • SystemBars: make safe-area-inset-x available on API <= 34 (#8424) (e456de0)
  • SystemBars: respect insetsHandling disable (#8481) (d4ad7ff)

Features

8.3.4

8.3.4 (2026-05-12)

Note: Version bump only for package capacitor

8.3.3

8.3.3 (2026-05-08)

Bug Fixes

  • cli: copy plugin files in CocoaPods projects (#8467) (b2d7719)

8.3.2

8.3.2 (2026-05-07)

Bug Fixes

  • cli: add cSettings support for compiler flags in generated Package.swift (#8448) (0bd0676)

... (truncated)

Changelog

Sourced from @​capacitor/android's changelog.

8.4.1 (2026-06-19)

Bug Fixes

  • cli: make SPM dependency patch work on prereleases (#8508) (6048e90)
  • cli: patch Capacitor SPM dependency version in plugins (#8492) (28bb2c6)

8.4.0 (2026-06-02)

Bug Fixes

  • android: show only the requested system bar (#8480) (4c6c321)
  • cli: revert live reload config on failure (#8485) (1d031a4)
  • SystemBars: make safe-area-inset-x available on API <= 34 (#8424) (e456de0)
  • SystemBars: respect insetsHandling disable (#8481) (d4ad7ff)

Features

8.3.4 (2026-05-12)

Note: Version bump only for package capacitor

8.3.3 (2026-05-08)

Bug Fixes

  • cli: copy plugin files in CocoaPods projects (#8467) (b2d7719)

8.3.2 (2026-05-07)

Bug Fixes

  • cli: add cSettings support for compiler flags in generated Package.swift (#8448) (0bd0676)
  • cli: add system framework and weak framework support in SPM Package.swift (#8447) (3232f0f)
  • cli: correct Capacitor plugin SPM compat check (#8440) (e5ccc45)
  • cli: generate binaryTarget entries for custom xcframeworks in Package.swift (#8445) (1f7e33f)
  • cli: generate resource entries in Package.swift (#8455) (790bd27)
  • cli: handle Cordova plugins without iOS source files (#8443) (0da130e)
  • cli: link plugin dependencies in Package.swift (#8457) (b3c769e)
  • ios: support Cordova plugins with Package.swift (#8438) (139943b)
  • SystemBars: avoid extra view padding on API <= 34 (#8439) (5b135a7)
Commits
  • 7217b52 Release 8.4.1
  • 6048e90 fix(cli): make SPM dependency patch work on prereleases (#8508)
  • 28bb2c6 fix(cli): patch Capacitor SPM dependency version in plugins (#8492)
  • 41fd9de Release 8.4.0
  • 36b729d chore: Decrease timeout for CI jobs from 60 to 30 minutes (#8476)
  • 4c6c321 fix(android): show only the requested system bar (#8480)
  • d4ad7ff fix(SystemBars): respect insetsHandling disable (#8481)
  • f1077ef chore: fix typo in declarations.ts (#8488)
  • 1d031a4 fix(cli): revert live reload config on failure (#8485)
  • b4b297a feat(cli): capture ios_package_manager in telemetry (#8482)
  • Additional commits viewable in compare view

Updates @capacitor/core from 8.3.1 to 8.4.1

Release notes

Sourced from @​capacitor/core's releases.

8.4.1

8.4.1 (2026-06-19)

Bug Fixes

  • cli: make SPM dependency patch work on prereleases (#8508) (6048e90)
  • cli: patch Capacitor SPM dependency version in plugins (#8492) (28bb2c6)

8.4.0

8.4.0 (2026-06-02)

Bug Fixes

  • android: show only the requested system bar (#8480) (4c6c321)
  • cli: revert live reload config on failure (#8485) (1d031a4)
  • SystemBars: make safe-area-inset-x available on API <= 34 (#8424) (e456de0)
  • SystemBars: respect insetsHandling disable (#8481) (d4ad7ff)

Features

8.3.4

8.3.4 (2026-05-12)

Note: Version bump only for package capacitor

8.3.3

8.3.3 (2026-05-08)

Bug Fixes

  • cli: copy plugin files in CocoaPods projects (#8467) (b2d7719)

8.3.2

8.3.2 (2026-05-07)

Bug Fixes

  • cli: add cSettings support for compiler flags in generated Package.swift (#8448) (0bd0676)

... (truncated)

Changelog

Sourced from @​capacitor/core's changelog.

8.4.1 (2026-06-19)

Bug Fixes

  • cli: make SPM dependency patch work on prereleases (#8508) (6048e90)
  • cli: patch Capacitor SPM dependency version in plugins (#8492) (28bb2c6)

8.4.0 (2026-06-02)

Bug Fixes

  • android: show only the requested system bar (#8480) (4c6c321)
  • cli: revert live reload config on failure (#8485) (1d031a4)
  • SystemBars: make safe-area-inset-x available on API <= 34 (#8424) (e456de0)
  • SystemBars: respect insetsHandling disable (#8481) (d4ad7ff)

Features

8.3.4 (2026-05-12)

Note: Version bump only for package capacitor

8.3.3 (2026-05-08)

Bug Fixes

  • cli: copy plugin files in CocoaPods projects (#8467) (b2d7719)

8.3.2 (2026-05-07)

Bug Fixes

  • cli: add cSettings support for compiler flags in generated Package.swift (#8448) (0bd0676)
  • cli: add system framework and weak framework support in SPM Package.swift (#8447) (3232f0f)
  • cli: correct Capacitor plugin SPM compat check (#8440) (e5ccc45)
  • cli: generate binaryTarget entries for custom xcframeworks in Package.swift (#8445) (1f7e33f)
  • cli: generate resource entries in Package.swift (#8455) (790bd27)
  • cli: handle Cordova plugins without iOS source files (#8443) (0da130e)
  • cli: link plugin dependencies in Package.swift (#8457) (b3c769e)
  • ios: support Cordova plugins with Package.swift (#8438) (139943b)
  • SystemBars: avoid extra view padding on API <= 34 (#8439) (5b135a7)
Commits
  • 7217b52 Release 8.4.1
  • 6048e90 fix(cli): make SPM dependency patch work on prereleases (#8508)
  • 28bb2c6 fix(cli): patch Capacitor SPM dependency version in plugins (#8492)
  • 41fd9de Release 8.4.0
  • 36b729d chore: Decrease timeout for CI jobs from 60 to 30 minutes (#8476)
  • 4c6c321 fix(android): show only the requested system bar (#8480)
  • d4ad7ff fix(SystemBars): respect insetsHandling disable (#8481)
  • f1077ef chore: fix typo in declarations.ts (#8488)
  • 1d031a4 fix(cli): revert live reload config on failure (#8485)
  • b4b297a feat(cli): capture ios_package_manager in telemetry (#8482)
  • Additional commits viewable in compare view

Updates @capacitor/push-notifications from 8.0.4 to 8.1.1

Release notes

Sourced from @​capacitor/push-notifications's releases.

@​capacitor/push-notifications@​8.1.1

8.1.1 (2026-05-15)

Note: Version bump only for package @​capacitor/push-notifications

@​capacitor/push-notifications@​8.1.0

8.1.0 (2026-05-15)

Features

  • push-notifications: add banner and list presentation options for iOS (#2529) (f266d2e)
Commits
  • 63c874c chore(release): publish [skip ci]
  • 8ec56cb docs(push-notifications): update README to reflect banner and list Android be...
  • 84131ae chore(release): publish [skip ci]
  • f266d2e feat(push-notifications): add banner and list presentation options for iOS (#...
  • 78bea4c feat(local-notifications): add presentationOptions config support for iOS (#2...
  • See full diff in compare view

Updates @formatjs/intl-localematcher from 0.8.9 to 0.8.10

Release notes

Sourced from @​formatjs/intl-localematcher's releases.

@​formatjs/intl-localematcher: 0.8.10

0.8.10 (2026-06-03)

What's Changed

Full Changelog: https://github.com/formatjs/formatjs/compare/@​formatjs/intl-localematcher@0.8.9...@​formatjs/intl-localematcher@0.8.10

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​formatjs/fast-memoize bumped to 3.1.6
Commits
  • 7930811 chore: release main (#6721)
  • 4525fda chore(deps): update dependency rolldown to v1.0.3 (#6725)
  • 0e70f24 build: add bazel release-please workspace plugin (#6723)
  • eae5854 chore(deps): update dependency @​typescript/native-preview to v7.0.0-dev.20260...
  • 3c4dcb9 chore(deps): update dependency @​rescripts/rescript-env to v0.0.14 (#6717)
  • e7496d1 build: align release-please with generated package manifests (#6720)
  • 9119580 chore(deps): update dependency react-scripts to v5.0.1 (#6719)
  • 076e91d chore(deps): update dependency @​rescripts/cli to v0.0.16 (#6716)
  • 368aa19 build: generate package manifests (#6718)
  • 77eccdb build: verify generated package manifests from bazel deps (#6701)
  • Additional commits viewable in compare view

Updates @google-cloud/profiler from 6.0.4 to 6.0.5

Changelog

Sourced from @​google-cloud/profiler's changelog.

6.0.5 (2026-05-11)

Bug Fixes

Commits

Updates @google-cloud/pubsub from 5.3.0 to 5.3.1

Changelog

Sourced from @​google-cloud/pubsub's changelog.

5.3.1 (2026-05-11)

Bug Fixes

Commits

Updates @google-cloud/secret-manager from 6.1.2 to 6.2.0

Release notes

Sourced from @​google-cloud/secret-manager's releases.

grafeas: v6.2.0

6.2.0 (2026-06-16)

Features

secret-manager: v6.2.0

6.2.0 (2026-06-16)

Features

Bug Fixes

  • google-cloud-secretmanager: Improve librarian.js script an re-add missing functions (#8424) (13d03c1)

service-directory: v6.2.0

6.2.0 (2026-06-16)

Features

  • Local OwlBot generation batch 3 (#8614) (

…1 updates

Bumps the minor-and-patch group with 39 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@ar-agents/identity](https://github.com/ar-agents/ar-agents/tree/HEAD/packages/identity) | `0.5.1` | `0.9.1` |
| [@capacitor/android](https://github.com/ionic-team/capacitor) | `8.3.1` | `8.4.1` |
| [@capacitor/core](https://github.com/ionic-team/capacitor) | `8.3.1` | `8.4.1` |
| [@capacitor/push-notifications](https://github.com/ionic-team/capacitor-plugins) | `8.0.4` | `8.1.1` |
| [@formatjs/intl-localematcher](https://github.com/formatjs/formatjs) | `0.8.9` | `0.8.10` |
| [@google-cloud/profiler](https://github.com/googleapis/google-cloud-node/tree/HEAD/handwritten/cloud-profiler) | `6.0.4` | `6.0.5` |
| [@google-cloud/pubsub](https://github.com/googleapis/google-cloud-node/tree/HEAD/handwritten/pubsub) | `5.3.0` | `5.3.1` |
| [@google-cloud/secret-manager](https://github.com/googleapis/google-cloud-node/tree/HEAD/packages/google-cloud-secretmanager) | `6.1.2` | `6.2.0` |
| [@google-cloud/storage](https://github.com/googleapis/google-cloud-node/tree/HEAD/handwritten/storage) | `7.19.0` | `7.21.0` |
| [@google-cloud/tasks](https://github.com/googleapis/google-cloud-node/tree/HEAD/packages/google-cloud-tasks) | `6.2.2` | `6.2.3` |
| [@google/adk](https://github.com/google/adk-js) | `1.1.0` | `1.3.0` |
| [@google/genai](https://github.com/googleapis/js-genai) | `2.6.0` | `2.10.0` |
| [@radix-ui/react-dialog](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dialog) | `1.1.15` | `1.1.17` |
| [@radix-ui/react-select](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/select) | `2.2.6` | `2.3.1` |
| [@radix-ui/react-separator](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/separator) | `1.1.8` | `1.1.10` |
| [@radix-ui/react-switch](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/switch) | `1.2.6` | `1.3.1` |
| [@radix-ui/react-toggle](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/toggle) | `1.1.10` | `1.1.12` |
| [@radix-ui/react-toggle-group](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/toggle-group) | `1.1.11` | `1.1.13` |
| [@radix-ui/react-tooltip](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/tooltip) | `1.2.8` | `1.2.10` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.14` | `5.101.2` |
| [@tanstack/react-virtual](https://github.com/TanStack/virtual/tree/HEAD/packages/react-virtual) | `3.13.24` | `3.14.4` |
| [cron-parser](https://github.com/harrisiirak/cron-parser) | `5.5.0` | `5.6.1` |
| [google-auth-library](https://github.com/googleapis/google-cloud-node/tree/HEAD/core/packages/google-auth-library-nodejs) | `10.6.2` | `10.9.0` |
| [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) | `1.13.6` | `1.13.7` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.16.0` | `1.22.0` |
| [mercadopago](https://github.com/mercadopago/sdk-nodejs) | `3.0.0` | `3.1.0` |
| [next](https://github.com/vercel/next.js) | `16.2.6` | `16.2.9` |
| [pdfkit](https://github.com/foliojs/pdfkit) | `0.18.0` | `0.19.1` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.17` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |
| [recharts](https://github.com/recharts/recharts) | `3.8.1` | `3.9.0` |
| [@capacitor/cli](https://github.com/ionic-team/capacitor) | `8.3.1` | `8.4.1` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.1` |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.3.0` | `4.3.1` |
| [esbuild](https://github.com/evanw/esbuild) | `0.28.0` | `0.28.1` |
| [eslint](https://github.com/eslint/eslint) | `10.4.0` | `10.6.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.59.1` | `8.62.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.7` | `4.1.9` |



Updates `@ar-agents/identity` from 0.5.1 to 0.9.1
- [Release notes](https://github.com/ar-agents/ar-agents/releases)
- [Changelog](https://github.com/ar-agents/ar-agents/blob/main/packages/identity/CHANGELOG.md)
- [Commits](https://github.com/ar-agents/ar-agents/commits/@ar-agents/identity@0.9.1/packages/identity)

Updates `@capacitor/android` from 8.3.1 to 8.4.1
- [Release notes](https://github.com/ionic-team/capacitor/releases)
- [Changelog](https://github.com/ionic-team/capacitor/blob/main/CHANGELOG.md)
- [Commits](ionic-team/capacitor@8.3.1...8.4.1)

Updates `@capacitor/core` from 8.3.1 to 8.4.1
- [Release notes](https://github.com/ionic-team/capacitor/releases)
- [Changelog](https://github.com/ionic-team/capacitor/blob/main/CHANGELOG.md)
- [Commits](ionic-team/capacitor@8.3.1...8.4.1)

Updates `@capacitor/push-notifications` from 8.0.4 to 8.1.1
- [Release notes](https://github.com/ionic-team/capacitor-plugins/releases)
- [Changelog](https://github.com/ionic-team/capacitor-plugins/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ionic-team/capacitor-plugins/compare/@capacitor/push-notifications@8.0.4...@capacitor/push-notifications@8.1.1)

Updates `@formatjs/intl-localematcher` from 0.8.9 to 0.8.10
- [Release notes](https://github.com/formatjs/formatjs/releases)
- [Commits](https://github.com/formatjs/formatjs/compare/@formatjs/intl-localematcher@0.8.9...@formatjs/intl-localematcher@0.8.10)

Updates `@google-cloud/profiler` from 6.0.4 to 6.0.5
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/handwritten/cloud-profiler/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/cloud-profiler-v6.0.5/handwritten/cloud-profiler)

Updates `@google-cloud/pubsub` from 5.3.0 to 5.3.1
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/handwritten/pubsub/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/dns-v5.3.1/handwritten/pubsub)

Updates `@google-cloud/secret-manager` from 6.1.2 to 6.2.0
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-secretmanager/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/dlp-v6.2.0/packages/google-cloud-secretmanager)

Updates `@google-cloud/storage` from 7.19.0 to 7.21.0
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/handwritten/storage/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/storage-v7.21.0/handwritten/storage)

Updates `@google-cloud/tasks` from 6.2.2 to 6.2.3
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-tasks/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/tasks-v6.2.3/packages/google-cloud-tasks)

Updates `@google/adk` from 1.1.0 to 1.3.0
- [Release notes](https://github.com/google/adk-js/releases)
- [Commits](google/adk-js@adk-v1.1.0...adk-v1.3.0)

Updates `@google/genai` from 2.6.0 to 2.10.0
- [Release notes](https://github.com/googleapis/js-genai/releases)
- [Changelog](https://github.com/googleapis/js-genai/blob/main/CHANGELOG.md)
- [Commits](googleapis/js-genai@v2.6.0...v2.10.0)

Updates `@radix-ui/react-dialog` from 1.1.15 to 1.1.17
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dialog/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dialog)

Updates `@radix-ui/react-select` from 2.2.6 to 2.3.1
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/select/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/select)

Updates `@radix-ui/react-separator` from 1.1.8 to 1.1.10
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/separator/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/separator)

Updates `@radix-ui/react-slot` from 1.2.4 to 1.3.0
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slot/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slot)

Updates `@radix-ui/react-switch` from 1.2.6 to 1.3.1
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/switch/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/switch)

Updates `@radix-ui/react-toggle` from 1.1.10 to 1.1.12
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/toggle/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/toggle)

Updates `@radix-ui/react-toggle-group` from 1.1.11 to 1.1.13
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/toggle-group/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/toggle-group)

Updates `@radix-ui/react-tooltip` from 1.2.8 to 1.2.10
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/tooltip/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/tooltip)

Updates `@tanstack/react-query` from 5.100.14 to 5.101.2
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.2/packages/react-query)

Updates `@tanstack/react-virtual` from 3.13.24 to 3.14.4
- [Release notes](https://github.com/TanStack/virtual/releases)
- [Changelog](https://github.com/TanStack/virtual/blob/main/packages/react-virtual/CHANGELOG.md)
- [Commits](https://github.com/TanStack/virtual/commits/@tanstack/react-virtual@3.14.4/packages/react-virtual)

Updates `cron-parser` from 5.5.0 to 5.6.1
- [Release notes](https://github.com/harrisiirak/cron-parser/releases)
- [Commits](harrisiirak/cron-parser@v5.5.0...v5.6.1)

Updates `google-auth-library` from 10.6.2 to 10.9.0
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/core/packages/google-auth-library-nodejs/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/google-auth-library-v10.9.0/core/packages/google-auth-library-nodejs)

Updates `libphonenumber-js` from 1.13.6 to 1.13.7
- [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/commits/master)

Updates `lucide-react` from 1.16.0 to 1.22.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.22.0/packages/lucide-react)

Updates `mercadopago` from 3.0.0 to 3.1.0
- [Release notes](https://github.com/mercadopago/sdk-nodejs/releases)
- [Changelog](https://github.com/mercadopago/sdk-nodejs/blob/master/CHANGELOG.MD)
- [Commits](mercadopago/sdk-nodejs@v3.0.0...3.1.0)

Updates `next` from 16.2.6 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.6...v16.2.9)

Updates `pdfkit` from 0.18.0 to 0.19.1
- [Release notes](https://github.com/foliojs/pdfkit/releases)
- [Changelog](https://github.com/foliojs/pdfkit/blob/master/CHANGELOG.md)
- [Commits](foliojs/pdfkit@v0.18.0...v0.19.1)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `@types/react` from 19.2.14 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `recharts` from 3.8.1 to 3.9.0
- [Release notes](https://github.com/recharts/recharts/releases)
- [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md)
- [Commits](recharts/recharts@v3.8.1...v3.9.0)

Updates `@capacitor/cli` from 8.3.1 to 8.4.1
- [Release notes](https://github.com/ionic-team/capacitor/releases)
- [Changelog](https://github.com/ionic-team/capacitor/blob/main/CHANGELOG.md)
- [Commits](ionic-team/capacitor@8.3.1...8.4.1)

Updates `@playwright/test` from 1.60.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.1)

Updates `@tailwindcss/postcss` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/@tailwindcss-postcss)

Updates `@types/react` from 19.2.14 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `esbuild` from 0.28.0 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.28.0...v0.28.1)

Updates `eslint` from 10.4.0 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.4.0...v10.6.0)

Updates `tailwindcss` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/tailwindcss)

Updates `typescript-eslint` from 8.59.1 to 8.62.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/typescript-eslint)

Updates `vitest` from 4.1.7 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

---
updated-dependencies:
- dependency-name: "@ar-agents/identity"
  dependency-version: 0.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@capacitor/android"
  dependency-version: 8.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@capacitor/core"
  dependency-version: 8.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@capacitor/push-notifications"
  dependency-version: 8.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@formatjs/intl-localematcher"
  dependency-version: 0.8.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@google-cloud/profiler"
  dependency-version: 6.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@google-cloud/pubsub"
  dependency-version: 5.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@google-cloud/secret-manager"
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@google-cloud/storage"
  dependency-version: 7.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@google-cloud/tasks"
  dependency-version: 6.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@google/adk"
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@google/genai"
  dependency-version: 2.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-dialog"
  dependency-version: 1.1.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-select"
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-separator"
  dependency-version: 1.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-slot"
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-switch"
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-toggle"
  dependency-version: 1.1.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-toggle-group"
  dependency-version: 1.1.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-tooltip"
  dependency-version: 1.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.101.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tanstack/react-virtual"
  dependency-version: 3.14.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: cron-parser
  dependency-version: 5.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: google-auth-library
  dependency-version: 10.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: libphonenumber-js
  dependency-version: 1.13.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: lucide-react
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: mercadopago
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: next
  dependency-version: 16.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: pdfkit
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: recharts
  dependency-version: 3.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@capacitor/cli"
  dependency-version: 8.4.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: typescript-eslint
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants