build(deps): bump the prod-minor-patch group with 6 updates

[dependabot]

Bumps the prod-minor-patch group with 6 updates:

Package	From	To
@tanstack/react-router	1.169.1	1.169.2
better-sqlite3	12.9.0	12.10.0
mobx	6.15.1	6.15.3
react	19.2.5	19.2.6
react-dom	19.2.5	19.2.6
tailwind-merge	3.5.0	3.6.0

Updates @tanstack/react-router from 1.169.1 to 1.169.2

Changelog

Sourced from @​tanstack/react-router's changelog.

1.169.2

Patch Changes

• Updated dependencies [35e88f0]:
  • @​tanstack/router-core@​1.169.2

Commits

• ee96e25 ci: changeset release
• ed3152a test: reproducer for #2547 (#7337)
• 19f496b test: add reproducer for #2514 (#7336)
• 9902eb4 remove old intent artifacts (#7333)
• f08ef9d chore: fix duplicate "the" typo across router packages (#7323)
• See full diff in compare view

Updates better-sqlite3 from 12.9.0 to 12.10.0

Release notes

Sourced from better-sqlite3's releases.

v12.10.0

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in WiseLibs/better-sqlite3#1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in WiseLibs/better-sqlite3#1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1470
• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447
• Add support for electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1466

New Contributors

• @​Maxime-J made their first contribution in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

Commits

• d8885f9 12.10.0
• 3f89324 Temporarily rollback support for Electron v42 prebuilds (#1470)
• a640028 Add support for Node.js v26 prebuilds and remove EOL builds (#1468)
• a69f03c Update SQLite to version 3.53.1 (#1467)
• d116f32 12.9.1
• 04d9b65 Add support for electron v42 prebuilds (#1466)
• ef7d940 Enable percentile functions (#1447)
• See full diff in compare view

Updates mobx from 6.15.1 to 6.15.3

Release notes

Sourced from mobx's releases.

mobx@6.15.3

Patch Changes

• 25e859a3582bcdd3c5a71aa52510adfd924a1a60 #4644 Thanks @​kubk! - Fix TypeScript errors when using flow as a standard decorator.

mobx@6.15.2

Patch Changes

• 52ddce0f179a461b85e578554e35e94bf76edf3c #4642 Thanks @​kubk! - Restore npm release build target forwarding so published tarballs include the standalone ESM development and production bundles.

Commits

• 03f420a Merge pull request #4645 from mobxjs/changeset-release/main
• 81d00b7 Version Packages
• 0521b59 Merge pull request #4644 from mobxjs/support-flow-as-decorator-20223
• fe659f4 comment about legacy decorators
• 25e859a Support flow() as decorator 2022.3
• bf4afc5 chore(docs): Migration guide: Update makeObservable section with decorators s...
• d5a4288 Merge pull request #4643 from mobxjs/changeset-release/main
• 8dd9e2c Version Packages
• f5cb5fd Merge pull request #4642 from mobxjs/fix/npm-build-target-forwarding
• db9e551 fix mobx-react size test script
• Additional commits viewable in compare view

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cursor]

PR Summary

Medium Risk
Mostly patch/minor dependency bumps, but includes better-sqlite3 (native bindings) and React runtime updates that could affect Electron build/install and app behavior at runtime.

Overview
Bumps production dependency versions in package.json and package-lock.json, updating react/react-dom, @tanstack/react-router (and @tanstack/router-core), mobx, tailwind-merge, and better-sqlite3.

The lockfile reflects updated transitive resolutions and better-sqlite3 engine/prebuild metadata (now including Node v26 support).

^{Reviewed by Cursor Bugbot for commit 595e9d4. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	mobx@​6.15.1 ⏵ 6.15.3			+1	+4
	@​tanstack/​react-router@​1.169.1 ⏵ 1.169.2	+1		+1
	react@​19.2.5 ⏵ 19.2.6
	tailwind-merge@​3.5.0 ⏵ 3.6.0	+1		+1
	better-sqlite3@​12.9.0 ⏵ 12.10.0	-11			-2
	react-dom@​19.2.5 ⏵ 19.2.6

View full report