⬆️(deps): Bump the security-updates group across 1 directory with 7 updates

[dependabot]

Bumps the security-updates group with 7 updates in the / directory:

Package	From	To
@sentry/nextjs	10.34.0	10.46.0
contentful	11.10.2	11.12.0
geist	1.5.1	1.7.0
lucide-react	0.562.0	1.7.0
shadcn	3.7.0	4.1.1
tailwind-merge	3.4.0	3.5.0
web-vitals	5.1.0	5.2.0

Updates @sentry/nextjs from 10.34.0 to 10.46.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.46.0

Important Changes

• feat(elysia): @sentry/elysia - Alpha Release (#19509)

  New Sentry SDK for the Elysia web framework, supporting both Bun and Node.js runtimes.

  Note: This is an alpha release. Please report any issues or feedback on GitHub.

  Features

  • Automatic error capturing — 5xx errors captured via global onError hook; 3xx/4xx ignored by default. Customizable with shouldHandleError.
  • Automatic tracing — Lifecycle spans for every Elysia phase (Request, Parse, Transform, BeforeHandle, Handle, AfterHandle, MapResponse, AfterResponse, Error) with parameterized route names (e.g. GET /users/:id).
  • Distributed tracing — sentry-trace and baggage headers propagated automatically on incoming/outgoing requests.

  Usage

  import * as Sentry from '@sentry/elysia';
  import { Elysia } from 'elysia';
  Sentry.init({ dsn: 'DSN', tracesSampleRate: 1.0 });
  const app = Sentry.withElysia(new Elysia());
  app.get('/', () => 'Hello World');
  app.listen(3000);

Other Changes

• feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• fix(cloudflare): Forward ctx argument to Workflow.do user callback (#19891)
• fix(cloudflare): Send correct events in local development (#19900)
• fix(core): Do not overwrite user provided conversation id in Vercel (#19903)
• fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• fix(core): Send internal_error as span status for Vercel error spans (#19921)
• fix(core): Truncate content array format in Vercel (#19911)
• fix(deps): bump fast-xml-parser to 5.5.8 in @​azure/core-xml chain (#19918)
• fix(deps): bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 (#19880)
• fix(nestjs): Add node to nest metadata (#19875)
• fix(serverless): Add node to metadata (#19878)

• chore(ci): Fix "Gatbsy" typo in issue package label workflow (#19905)
• chore(claude): Enable Claude Code Intelligence (LSP) (#19930)
• chore(deps): bump mongodb-memory-server-global from 10.1.4 to 11.0.1 (#19888)
• chore(deps-dev): bump @​react-router/node from 7.13.0 to 7.13.1 (#19544)
• chore(deps-dev): bump effect from 3.19.19 to 3.20.0 (#19926)
• chore(deps-dev): bump qunit-dom from 3.2.1 to 3.5.0 (#19546)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.46.0

Important Changes

• feat(elysia): @sentry/elysia - Alpha Release (#19509)

  New Sentry SDK for the Elysia web framework, supporting both Bun and Node.js runtimes.

  Note: This is an alpha release. Please report any issues or feedback on GitHub.

  Features

  • Automatic error capturing — 5xx errors captured via global onError hook; 3xx/4xx ignored by default. Customizable with shouldHandleError.
  • Automatic tracing — Lifecycle spans for every Elysia phase (Request, Parse, Transform, BeforeHandle, Handle, AfterHandle, MapResponse, AfterResponse, Error) with parameterized route names (e.g. GET /users/:id).
  • Distributed tracing — sentry-trace and baggage headers propagated automatically on incoming/outgoing requests.

  Usage

  import * as Sentry from '@sentry/elysia';
  import { Elysia } from 'elysia';
  Sentry.init({ dsn: 'DSN', tracesSampleRate: 1.0 });
  const app = Sentry.withElysia(new Elysia());
  app.get('/', () => 'Hello World');
  app.listen(3000);

Other Changes

• feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• fix(cloudflare): Forward ctx argument to Workflow.do user callback (#19891)
• fix(cloudflare): Send correct events in local development (#19900)
• fix(core): Do not overwrite user provided conversation id in Vercel (#19903)
• fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• fix(core): Send internal_error as span status for Vercel error spans (#19921)
• fix(core): Truncate content array format in Vercel (#19911)
• fix(deps): bump fast-xml-parser to 5.5.8 in @​azure/core-xml chain (#19918)
• fix(deps): bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 (#19880)
• fix(nestjs): Add node to nest metadata (#19875)
• fix(serverless): Add node to metadata (#19878)

• chore(ci): Fix "Gatbsy" typo in issue package label workflow (#19905)
• chore(claude): Enable Claude Code Intelligence (LSP) (#19930)
• chore(deps): bump mongodb-memory-server-global from 10.1.4 to 11.0.1 (#19888)
• chore(deps-dev): bump @​react-router/node from 7.13.0 to 7.13.1 (#19544)
• chore(deps-dev): bump effect from 3.19.19 to 3.20.0 (#19926)

... (truncated)

Commits

• e5fdc9d release: 10.46.0
• c01fe86 release: 10.46.0
• 0f1171b Merge pull request #19973 from getsentry/prepare-release/10.46.0
• 6f48cc4 meta(changelog): Update changelog for 10.46.0
• 54abb35 refactor(elysia): drop @​elysiajs/opentelemetry dependency (#19947)
• a54de04 ref(core): Remove duplicate buildMethodPath utility from openai (#19969)
• 0156846 feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• 18a624e feat(elysia): Elysia SDK (#19509)
• c9812ae test(cloudflare): Enable multi-worker tests for CF integration tests (#19938)
• 83cabf3 fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• Additional commits viewable in compare view

Updates contentful from 11.10.2 to 11.12.0

Release notes

Sourced from contentful's releases.

v11.12.0

11.12.0 (2026-03-23)

Features

• add integration for locale based publishing in CDA [TOL-3653] (#2649) (1952af9)

v11.11.1

11.11.1 (2026-03-20)

v11.11.0

11.11.0 (2026-03-18)

Features

• types: align CreateClientParams with contentful-sdk-core (#2635) (4c42bdc)

v11.10.7

11.10.7 (2026-03-17)

v11.10.6

11.10.6 (2026-03-11)

v11.10.5

11.10.5 (2026-02-24)

v11.10.4

11.10.4 (2026-02-17)

v11.10.3

11.10.3 (2026-01-27)

Bug Fixes

• deps: bump contentful-sdk-core version [DX-704] (#2631) (258aebf)

Commits

• 1952af9 feat: add integration for locale based publishing in CDA [TOL-3653] (#2649)
• af346f2 build(deps): update @​semantic-release/npm, which updates @​actions/core, which...
• 6fae9ed [DX-820] Fix security vulnerabilities (#2660)
• 4c42bdc feat(types): align CreateClientParams with contentful-sdk-core (#2635)
• 2ef4adb ci(github-actions): update main on triggers to include pull requests (#2658)
• 2ff7175 build(deps): bump axios in the production-dependencies group (#2657)
• 57e399b Fix/ts query contentype (#2655)
• 6d85031 build(deps-dev): bump @​optimize-lodash/rollup-plugin from 4.0.4 to 6.0.0 (#2654)
• 48081cb build(deps-dev): bump @​rollup/plugin-babel, prettier, semantic-release, types...
• 338157b build(deps): bump contentful-resolve-response (#2652)
• Additional commits viewable in compare view

Updates geist from 1.5.1 to 1.7.0

Release notes

Sourced from geist's releases.

geist@1.7.0

We're excited to announce a new member to our font family: Geist Pixel

It's a display typeface family featuring five unique pixel-based variants, each with a distinct visual style. It is designed for decorative use in headlines, logos, and other display contexts where a pixelated aesthetic is desired.

It includes five distinct variants, each exported separately:

Export	CSS Variable	Description
GeistPixelSquare	--font-geist-pixel-square	Square pixel shapes
GeistPixelGrid	--font-geist-pixel-grid	Grid-based pixel pattern
GeistPixelCircle	--font-geist-pixel-circle	Circular pixel shapes
GeistPixelTriangle	--font-geist-pixel-triangle	Triangular pixel shapes
GeistPixelLine	--font-geist-pixel-line	Line-based pixel pattern

import {
  GeistPixelSquare,
  GeistPixelGrid,
  GeistPixelCircle,
  GeistPixelTriangle,
  GeistPixelLine,
} from "geist/font/pixel";

Changelog

Sourced from geist's changelog.

1.7.0

Minor Changes

• d7ef63c: We're excited to announce a new member to our font family: Geist Pixel

  It's a display typeface family featuring five unique pixel-based variants, each with a distinct visual style. It is designed for decorative use in headlines, logos, and other display contexts where a pixelated aesthetic is desired.

  It includes five distinct variants, each exported separately:

  Export	CSS Variable	Description
  GeistPixelSquare	--font-geist-pixel-square	Square pixel shapes
  GeistPixelGrid	--font-geist-pixel-grid	Grid-based pixel pattern
  GeistPixelCircle	--font-geist-pixel-circle	Circular pixel shapes
  GeistPixelTriangle	--font-geist-pixel-triangle	Triangular pixel shapes
  GeistPixelLine	--font-geist-pixel-line	Line-based pixel pattern

  import {
    GeistPixelSquare,
    GeistPixelGrid,
    GeistPixelCircle,
    GeistPixelTriangle,
    GeistPixelLine,
  } from "geist/font/pixel";

Commits

• 8aad8b1 trigger release
• 723e7ec fix: remove beta, switch to 1.7.0 to sync with GH release version number
• 750611c update: changeset release note
• 2d6add6 chore: version packages for beta release
• b99f97f Merge branch 'Pixel' of https://github.com/vercel/geist-font into Pixel
• 1e695ec update release note
• 76f475a chore: version packages for beta release
• 70ebcf1 fix: remove img, readme formatting
• 7125a63 chore: version packages for beta release
• 7a1fb49 update: readme images
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for geist since your current version.

Updates lucide-react from 0.562.0 to 1.7.0

Release notes

Sourced from lucide-react's releases.

Version 1.7.0

What's Changed

• fix(lucide-react): Fix dynamic imports by @​ericfennis in lucide-icons/lucide#4210
• feat(icons): added map-pin-search icon by @​TonySullivan in lucide-icons/lucide#4125

New Contributors

• @​TonySullivan made their first contribution in lucide-icons/lucide#4125

Full Changelog: lucide-icons/lucide@1.6.0...1.7.0

Version 1.6.0

What's Changed

• feat(icons): added radio-off icon by @​kongsgard in lucide-icons/lucide#4138

New Contributors

• @​kongsgard made their first contribution in lucide-icons/lucide#4138

Full Changelog: lucide-icons/lucide@1.5.0...1.6.0

Version 1.5.0

What's Changed

• feat(icons): added beef-off icon by @​jguddas in lucide-icons/lucide#3816

Full Changelog: lucide-icons/lucide@1.4.0...1.5.0

Version 1.4.0

What's Changed

• feat(icons): added sport-shoe icon by @​Youya-ui in lucide-icons/lucide#3953

New Contributors

• @​Youya-ui made their first contribution in lucide-icons/lucide#3953

Full Changelog: lucide-icons/lucide@1.3.0...1.4.0

Version 1.3.0

What's Changed

• feat(icons): added shield-cog icon by @​KnarliX in lucide-icons/lucide#3902

New Contributors

• @​KnarliX made their first contribution in lucide-icons/lucide#3902

Full Changelog: lucide-icons/lucide@1.2.0...1.3.0

Version 1.2.0

What's Changed

• feat(icons): added line-style icon by @​dg-ac in lucide-icons/lucide#4030

New Contributors

• @​dg-ac made their first contribution in lucide-icons/lucide#4030

... (truncated)

Commits

• dada0a8 fix(lucide-react): Fix dynamic imports (#4210)
• a6e648a fix(lucide-react): correct client directives in RSC files (#4189)
• 1f010a3 fix(lucide-react): Fixes provider export and RSC render issues (#4175)
• 484f2c9 docs(version-1): Version 1 website (#4142)
• a0e202d feat(packages/angular): add new @​lucide/angular package (#3897)
• c5b155e Merge branch 'main' of https://github.com/lucide-icons/lucide into next
• f6c0d06 chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)
• 628d4f9 Merge branch 'main' of https://github.com/lucide-icons/lucide into next
• 67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
• b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
• Additional commits viewable in compare view

Updates shadcn from 3.7.0 to 4.1.1

Release notes

Sourced from shadcn's releases.

shadcn@4.1.1

Patch Changes

• #10202 12b49c986fcf7e6db9be7f515df6142f822f2236 Thanks @​shadcn! - fix packageManager in package.json

shadcn@4.1.0

Minor Changes

• #10115 687f09817b614a3450f0f56779edf367082e1e53 Thanks @​shadcn! - add fontHeading to presets

• #10115 687f09817b614a3450f0f56779edf367082e1e53 Thanks @​shadcn! - add chartColor

shadcn@4.0.8

Patch Changes

• #10041 a97ebe54f1824032d8ad00d1d0c079e3dc6f52d7 Thanks @​shadcn! - Bundle @​antfu/ni and tinyexec to fix missing module error with npx

shadcn@4.0.7

Patch Changes

• #9929 f9b365bc7f9d591c995952976711dbdd7b1bc45a Thanks @​kapishdima! - add dependency field to registry:font

shadcn@4.0.6

Patch Changes

• #10022 7e93eb81ea8160c06c86f98bb6bfeb1ddfd0d237 Thanks @​shadcn! - ensure monorepo respect package manager

shadcn@4.0.5

Patch Changes

• #9960 5ee456735377158c12cf55eefbe872f7303e1325 Thanks @​shadcn! - update handling of init urls

shadcn@4.0.4

Patch Changes

• #9957 aa841e35cf405e574123478b46f4058cff0e179a Thanks @​shadcn! - fix cache in resolveRegistryBaseConfig

shadcn@4.0.3

Patch Changes

• #9950 ce2c3ca688916db4fdb5fe173e9c6902f78696ed Thanks @​shadcn! - add support for translucent menu

shadcn@4.0.2

Patch Changes

• #9903 f5ac4a0d2aa5af87202f67558a4b9b8f92c00bd2 Thanks @​shadcn! - scaffold templates from github remote

shadcn@4.0.1

Patch Changes

... (truncated)

Changelog

Sourced from shadcn's changelog.

4.1.1

Patch Changes

• #10202 12b49c986fcf7e6db9be7f515df6142f822f2236 Thanks @​shadcn! - fix packageManager in package.json

4.1.0

Minor Changes

• #10115 687f09817b614a3450f0f56779edf367082e1e53 Thanks @​shadcn! - add fontHeading to presets

• #10115 687f09817b614a3450f0f56779edf367082e1e53 Thanks @​shadcn! - add chartColor

4.0.8

Patch Changes

• #10041 a97ebe54f1824032d8ad00d1d0c079e3dc6f52d7 Thanks @​shadcn! - Bundle @​antfu/ni and tinyexec to fix missing module error with npx

4.0.7

Patch Changes

• #9929 f9b365bc7f9d591c995952976711dbdd7b1bc45a Thanks @​kapishdima! - add dependency field to registry:font

4.0.6

Patch Changes

• #10022 7e93eb81ea8160c06c86f98bb6bfeb1ddfd0d237 Thanks @​shadcn! - ensure monorepo respect package manager

4.0.5

Patch Changes

• #9960 5ee456735377158c12cf55eefbe872f7303e1325 Thanks @​shadcn! - update handling of init urls

4.0.4

Patch Changes

• #9957 aa841e35cf405e574123478b46f4058cff0e179a Thanks @​shadcn! - fix cache in resolveRegistryBaseConfig

4.0.3

Patch Changes

• #9950 ce2c3ca688916db4fdb5fe173e9c6902f78696ed Thanks @​shadcn! - add support for translucent menu

... (truncated)

Commits

• 14bb486 chore(release): version packages (#10203)
• 12b49c9 fix: packageManager in package.json (#10202)
• 563d572 chore(release): version packages (#10120)
• 687f098 feat: chartColor and fontHeading (#10115)
• e2d36a3 chore(release): version packages (#10046)
• a97ebe5 fix: bundle @​antfu/ni to resolve tinyexec missing module error (#10041)
• af99d4e chore(release): version packages (#10037)
• 725ca57 Rename test to clarify non-variable font coverage.
• 1dc39e2 Add dependency field to font schema for explicit fontsource package control.
• 0905566 Revert "fix: added fountsource, @​support ovveride when registry:font install,...
• Additional commits viewable in compare view

Updates tailwind-merge from 3.4.0 to 3.5.0

Release notes

Sourced from tailwind-merge's releases.

v3.5.0

New Features

• Add support for Tailwind CSS v4.2 by @​dcastil in dcastil/tailwind-merge#651

Full Changelog: dcastil/tailwind-merge@v3.4.1...v3.5.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

v3.4.1

Bug Fixes

• Prevent arbitrary font-family and font-weight from merging by @​roneymoon in dcastil/tailwind-merge#635

Full Changelog: dcastil/tailwind-merge@v3.4.0...v3.4.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• 270ac79 v3.5.0
• 86f772e add changelog for 3.5.0
• 6c1f77c Merge pull request #651 from dcastil/feature/add-support-for-tailwind-css-v4.2
• 7a4cacf Add support for decimal fraction values
• 9ef0f79 fix incorrectly escaped characters
• f4938b0 update README with v4.2 support
• b02a572 Add Tailwind v4.2 font-features utilities support
• 5bd25ec Add Tailwind v4.2 logical sizing utilities
• 697c920 Add Tailwind v4.2 logical border block utilities
• 6656a47 Improve JSDoc comments for logical insets
• Additional commits viewable in compare view

Updates web-vitals from 5.1.0 to 5.2.0

Changelog

Sourced from web-vitals's changelog.

v5.2.0 (2026-03-25)

• Replace filter()[0] with find() for better performance (#658)
• Use queueMicrotask for microtask scheduling (#660)
• Simplify the event and LoAF entry clean up logic (#662)
• Remove obsolete FID polyfill types (#675)
• Use LargestContentfulPaint.id as fallback when element is removed from DOM (#676)
• Fix bug for onLCP when attached late (#697)
• FHandle initially hidden pages and onLCP registered on visibility change (#698)
• Ensure we clear idle callbacks in whenIdleOrHidden (#707)
• Limit pending events to conserve memory (#710)
• Add includeProcessedEventEntries option (#714)
• Reduce bundle size by refactoring (#713)

Commits

• c071fd0 Release v5.2.0
• 15cd449 Prep changelog for v.5.2.0 (#693)
• 384dd9c Reduce bundle size by refactoring (#713)
• 1742e6b Add includeProcessedEventEntries option (#714)
• 4733a93 Bump flatted from 3.3.3 to 3.4.2 (#718)
• efc4845 Bump fast-xml-parser from 5.5.6 to 5.5.7 (#717)
• 8e4e689 Bump undici from 6.23.0 to 6.24.1 (#716)
• 9750cc9 Bump fast-xml-parser from 5.4.2 to 5.5.6 (#715)
• 8fb24d7 Limit pending events to conserve memory (#710)
• 1a8233e Address flaky test (#711)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions