Bump the prod-deps group across 1 directory with 11 updates

[dependabot]

Bumps the prod-deps group with 11 updates in the / directory:

Package	From	To
@auth0/nextjs-auth0	3.7.0	4.4.1
@mui/material	6.4.8	7.0.1
@neondatabase/serverless	0.10.4	1.0.0
@next/mdx	15.1.6	15.2.4
drizzle-orm	0.39.3	0.41.0
next	15.1.6	15.2.4
react	19.0.0	19.1.0
@types/react	19.0.10	19.1.0
react-dom	19.0.0	19.1.0
@types/react-dom	19.0.4	19.1.1
react-markdown	9.1.0	10.1.0

Updates @auth0/nextjs-auth0 from 3.7.0 to 4.4.1

Release notes

Sourced from @​auth0/nextjs-auth0's releases.

v4.4.1

Fixed

• fix: Properly configure SDK to be distributed as ESM #2028 (frederikprijck)
• Fix broken links in jsdocs #2031 (frederikprijck)
• fix: Throw ConfigurationError when invalid Auth0Client configuration #2026 (tusharpandey13)

v4.4.0

Added

• Add note about access-token endpoint to README #2020 (frederikprijck)
• Add support for Connection Access Token #2010 (frederikprijck)

Fixed

• fix: Delete legacy cookie once v4 cookie is set #2019 (frederikprijck)
• fix: Ensure to delete cookies when switching from single to chunks and vica versa #2013 (frederikprijck)
• fix: Clean up cookie chunks when cookie size shrinks #2014 (frederikprijck)
• fix: use NEXT_PUBLIC_PROFILE_ROUTE in Auth0Provider #2021 (tusharpandey13)
• fix: Ensure to pass-through enableAccessTokenEndpoint #2015 (frederikprijck)
• fix: Remove obsolete warning about cookie-size #2012 (frederikprijck)

v4.3.0

Added

• Access Token Exposure Control #1979 (tusharpandey13)
• Cookie chunking support #1975 (tusharpandey13)
• Add idToken to TokenSet in SessionData #1978 (tusharpandey13)

v4.2.1

Changed

• Bump next in SDK as well as examples #1992 (frederikprijck)

v4.2.0

Security

• Enforce nextjs peerDependency to 14.2.25 and 15.2.3 #1988 (frederikprijck)

The above security fix was done to help prevent customers being vulnerable to Authorization Bypass in Next.js Middleware.

Releasing this as a non-major version bump, even thought this is a breaking change. We are doing this because this is a security fix to help prevent customers using our SDK is versions of NextJS vulnerable to GHSA-f82v-jwr5-mffw

v4.1.0

Added

• Programmatic PAR #1946 (tusharpandey13)

Fixed

• fix: stop importing named export from package.json #1962 (tusharpandey13)

v4.0.3

Fixed

• Fix route matching when Next.js trailingSlash is enabled #1948 (tusharpandey13)
• fix: allow appBaseUrl to not be the root #1941 (frederikprijck)

... (truncated)

Changelog

Sourced from @​auth0/nextjs-auth0's changelog.

v4.4.1 (2025-04-03)

Full Changelog

Fixed

• fix: Properly configure SDK to be distributed as ESM #2028 (frederikprijck)
• Fix broken links in jsdocs #2031 (frederikprijck)
• fix: Throw ConfigurationError when invalid Auth0Client configuration #2026 (tusharpandey13)

v4.4.0 (2025-04-01)

Full Changelog

Added

• Add note about access-token endpoint to README #2020 (frederikprijck)
• Add support for Connection Access Token #2010 (frederikprijck)

Fixed

• fix: Delete legacy cookie once v4 cookie is set #2019 (frederikprijck)
• fix: Ensure to delete cookies when switching from single to chunks and vica versa #2013 (frederikprijck)
• fix: Clean up cookie chunks when cookie size shrinks #2014 (frederikprijck)
• fix: use NEXT_PUBLIC_PROFILE_ROUTE in Auth0Provider #2021 (tusharpandey13)
• fix: Ensure to pass-through enableAccessTokenEndpoint #2015 (frederikprijck)
• fix: Remove obsolete warning about cookie-size #2012 (frederikprijck)

v4.3.0 (2025-03-28)

Full Changelog

Added

• Access Token Exposure Control #1979 (tusharpandey13)
• Cookie chunking support #1975 (tusharpandey13)
• Add idToken to TokenSet in SessionData #1978 (tusharpandey13)

v4.2.1 (2025-03-24)

Full Changelog

Changed

• Bump next in SDK as well as examples #1992 (frederikprijck)

v4.2.0 (2025-03-23)

Full Changelog

Security

• Enforce nextjs peerDependency to 14.2.25 and 15.2.3 #1988 (frederikprijck)

The above security fix was done to help prevent customers being vulnerable to Authorization Bypass in Next.js Middleware.

v4.1.0 (2025-03-13)

Full Changelog

Added

• Programmatic PAR #1946 (tusharpandey13)

... (truncated)

Commits

• 1a1555d Release v4.4.1 (#2032)
• 4adab23 Release v4.4.1
• 6370b96 Feature: Auth0Client Configuration Validation (#2026)
• 0f57478 Merge branch 'feature/configuration-validation' of https://github.com/auth0/n...
• 8e41333 update branch to use esm properly, related to #2028
• 51deff0 Fix broken links in jsdocs (#2031)
• 47fda0b Merge branch 'main' into feature/configuration-validation
• 80e3443 Update link to beforeSessionSaved hook in Migration Guide (#2027)
• af99098 fix: Properly configure SDK to be distributed as ESM (#2028)
• 624dc14 fix: Properly configure SDK to be distributed as ESM
• Additional commits viewable in compare view

Updates @mui/material from 6.4.8 to 7.0.1

Release notes

Sourced from @​mui/material's releases.

v7.0.1

Mar 28, 2025

A big thanks to the 7 contributors who made this release possible.

@mui/[email protected]

• Export ThemeProviderProps (#45701) @​aarongarciah
• [Fab] Fix default variant text color when using CSS vars (#45714) @​aarongarciah
• Remove mention of v7 in deprecation messages (#45708) @​DiegoAndai
• [Popover] Allow null in anchorEl function return type (#45045) @​eduter
• Fix missing CSSProperties/MixinOptions types (#45706) @​Janpot

@mui/[email protected]

• [code-infra] Fix icon-material type resolution under moduleResolution: "node" (#45704) @​Janpot
• Bring back individual icon dts (#45711) @​Janpot

Core

• Improve the release instructions (#45688) @​mnajdova

Docs

• Fix Masonry and Toolpad dark mode demos (#45721) @​siriwatknp
• Update v7 related copy (#45716) @​aarongarciah
• Avoid unwanted undefined in page title (#45718) @​aarongarciah
• Fix joy templates error (#45715) @​siriwatknp
• Rename GitHub icon import (#45709) @​micttyoid
• Fix Safari issue in dark mode (#45696) @​mnajdova
• Fix Grid, GridLegacy, Stack, Badge, Select, Autocomplete demos CSS variables (#45693) @​DiegoAndai
• Add "Material UI v7 is here" to the notifications (#45694) @​DiegoAndai
• Fix Breadcrumbs, List, Divider, and Typography dark mode demos (#45692) @​siriwatknp
• Fix Material Icons page in dark mode (#45691) @​mnajdova

All contributors of this release in alphabetical order: @​aarongarciah, @​DiegoAndai, @​eduter, @​Janpot, @​micttyoid, @​mnajdova, @​siriwatknp

v7.0.0

🎉 We're happy to announce the stable release of v7.

• Read the blog post about the announcement.
• Check out the v7 upgrade guide.

@mui/[email protected]

• [Autocomplete] Fix when onHighlightChange is called (#45438) @​ZeeshanTamboli
• [Tabs] Fix modifier keys + Left/Right Arrow key from being consumed by tab navigation (#45345) @​mushfiqbh
• Update minimum TypeScript support to 4.9 (#45535) @​siriwatknp

... (truncated)

Changelog

Sourced from @​mui/material's changelog.

7.0.1

Mar 28, 2025

A big thanks to the 7 contributors who made this release possible.

@mui/[email protected]

• Export ThemeProviderProps (#45701) @​aarongarciah
• [Fab] Fix default variant text color when using CSS vars (#45714) @​aarongarciah
• Remove mention of v7 in deprecation messages (#45708) @​DiegoAndai
• [Popover] Allow null in anchorEl function return type (#45045) @​eduter
• Fix missing CSSProperties/MixinOptions types (#45706) @​Janpot

@mui/[email protected]

• [code-infra] Fix icon-material type resolution under moduleResolution: "node" (#45704) @​Janpot
• Bring back individual icon dts (#45711) @​Janpot

Core

• Improve the release instructions (#45688) @​mnajdova

Docs

• Fix Masonry and Toolpad dark mode demos (#45721) @​siriwatknp
• Update v7 related copy (#45716) @​aarongarciah
• Avoid unwanted undefined in page title (#45718) @​aarongarciah
• Fix joy templates error (#45715) @​siriwatknp
• Rename GitHub icon import (#45709) @​micttyoid
• Fix Safari issue in dark mode (#45696) @​mnajdova
• Fix Grid, GridLegacy, Stack, Badge, Select, Autocomplete demos CSS variables (#45693) @​DiegoAndai
• Add "Material UI v7 is here" to the notifications (#45694) @​DiegoAndai
• Fix Breadcrumbs, List, Divider, and Typography dark mode demos (#45692) @​siriwatknp
• Fix Material Icons page in dark mode (#45691) @​mnajdova

All contributors of this release in alphabetical order: @​aarongarciah, @​DiegoAndai, @​eduter, @​Janpot, @​micttyoid, @​mnajdova, @​siriwatknp

7.0.0

Mar 26, 2025

🎉 We're happy to announce the stable release of v7.

• Read the blog post about the announcement.
• Check out the v7 upgrade guide.

... (truncated)

Commits

• d6fdcac [release] v7.0.1 (#45726)
• 383c813 [core] Fix missing CSSProperties/MixinOptions types (#45706)
• 8efb73c [material-ui][Popover] Allow null in anchorEl function return type (#45045)
• a5426e6 [material-ui][Fab] Fix default variant text color when using CSS vars (#45714)
• 764c1a6 [material-ui] Remove mention of v7 in deprecation messages (#45708)
• 6f62277 [material-ui][core] Export ThemeProviderProps (#45701)
• 22aa7db v7.0.0 (#45683)
• 97cc2af [core] Prepare master for v7 stable (#45674)
• f26f8aa [system] Fix palette mode does not change when not use CSS vars (#45660)
• cb6430c Bump sinon to ^19.0.4 (#45651)
• Additional commits viewable in compare view

Updates @neondatabase/serverless from 0.10.4 to 1.0.0

Changelog

Sourced from @​neondatabase/serverless's changelog.

1.0.0 (2025-03-25)

Breaking change: the HTTP query template function can now only be called as a template function, not as a conventional function. This improves safety from accidental SQL-injection vulnerabilities. For example:

import { neon } from '@neondatabase/serverless';
const sql = neon(process.env.DATABASE_URL);
const id = 1;
// this is safe and convenient, as before
const result = await sqlSELECT * FROM table WHERE id = ${id};
// this looks very similar and was previously allowed, but was open to SQL
// injection attacks because it uses ordinary string interpolation -- it's now
// both a TypeScript type error and a runtime error
const throws = await sql(SELECT * FROM table WHERE id = ${id});

To fill the gap left by this change, the template function has two new properties: a query() function that allows manually parameterized queries, and an unsafe() function that lets you interpolate trusted arbitrary string values. For example:

// this was previously allowed, and was safe, but is now also an error so as to
// prevent the vulnerability seen above
const throws = await sql('SELECT * FROM table WHERE id = $1', [id]);
// the query() function is the new way to manually specify placeholders and
// values (the same way it's done by client.query() and pool.query())
const result = await sql.query('SELECT * FROM table WHERE id = $1', [id]);
// to interpolate strings like column or table names, only if you know
// they're safe, use the unsafe() function
const table = condition ? 'table1' : 'table2'; // known-safe string values
const result = await sqlSELECT * FROM ${sql.unsafe(table)} WHERE id = ${id};
// but in the above case, you might prefer to do this instead
const table = condition ? sqltable1 : sqltable2;
const result = await sqlSELECT * FROM ${table} WHERE id = ${id};

In addition, HTTP template queries are now fully composable, including those with parameters. For example:

const name = 'Olivia';
const limit = 1;
const whereClause = sql`WHERE name = ${name}`;
const limitClause = sql`LIMIT ${limit}`;
// compilation to raw SQL now happens lazily, at query time, so that parameter
// placeholders can be numbered appropriately
const result = await sqlSELECT * FROM table ${whereClause} ${limitClause};
</tr></table>

... (truncated)

Commits

• See full diff in compare view

Updates @next/mdx from 15.1.6 to 15.2.4

Release notes

Sourced from @​next/mdx's releases.

v15.2.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Match subrequest handling for edge and node (#77474)
• exclude images and static media from dev origin check (#77417)
• ensure /__next middleware URLs are included in the origin check (#77416)
• remove direct ip/port bypass in dev origin check (#77414)
• switch development origin verification to be opt-in rather than opt-out (#77395)

Credits

Huge thanks to @​ijjk and @​ztanner for helping!

v15.2.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary. This release contains a security patch for CVE-2025-29927.

Core Changes

• Update default allowed origins list (#77212)
• unify allowed origin detection handling (#77053)
• Add dev warning for cross-origin and stabilize allowedDevOrigins (#77044)
• Ensure deploymentId is used for CSS preloads (#77210)
• Update middleware request header (#77201)
• [metadata] remove the default segement check for metadata rendering (#77119)
• [ts-hint] fix vscode type hint plugin enabling (#77099)
• [metadata] re-insert icons to head for streamed metadata (#76915)

Credits

Huge thanks to @​ijjk, @​ztanner, and @​huozhi for helping!

v15.2.2

Core Changes

• [dev-overlay] fix styling on overflow error messages, add button hover state: #76771
• Fix: respond 405 status code on OPTIONS request to SSG page: #76767
• [dev-overlay] Always show relative paths: #76742
• [metadata] remove the duplicate metadata in the error boundary: #76791
• Upgrade React from d55cc79b-20250228 to 443b7ff2-20250303: #76804
• [dev-overlay] Ignore animations on page load: #76834
• fix: remove useless set-cookie in action-handler: #76839
• Turbopack: handle task cancelation: #76831
• Upgrade React from 443b7ff2-20250303 to e03ac20f-20250305: #76842

... (truncated)

Commits

• 804aa35 v15.2.4
• 535e26d v15.2.3
• f455282 v15.2.2
• 38cf78e v15.2.2-canary.6
• bdb9cb4 v15.2.2-canary.5
• aa55567 v15.2.2-canary.4
• 15741c5 v15.2.2-canary.3
• 910b07b v15.2.2-canary.2
• 3355371 v15.2.2-canary.1
• f609222 v15.2.2-canary.0
• Additional commits viewable in compare view

Updates drizzle-orm from 0.39.3 to 0.41.0

Release notes

Sourced from drizzle-orm's releases.

0.41.0

• bigint, number modes for SQLite, MySQL, PostgreSQL, SingleStore decimal & numeric column types
• Changed behavior of sql-js query preparation to query prebuild instead of db-side prepare due to need to manually free prepared queries, removed .free() method
• Fixed MySQL, SingleStore varchar allowing not specifying length in config
• Fixed MySQL, SingleStore binary, varbinary data\type mismatches
• Fixed numeric\decimal data\type mismatches: #1290, #1453
• Fixed drizzle-studio + AWS Data Api connection issue: #3224
• Fixed isConfig utility function checking types of wrong fields
• Enabled supportBigNumbers in auto-created mysql2 driver instances
• Fixed custom schema tables querying in RQBv1: #4060
• Removed in-driver mapping for postgres types 1231 (numeric[]), 1115 (timestamp[]), 1185 (timestamp_with_timezone[]), 1187 (interval[]), 1182 (date[]), preventing precision loss and data\type mismatches
• Fixed SQLite buffer-mode blob sometimes returning number[]

0.40.1

Updates to neon-http for @neondatabase/[email protected] - thanks @​jawj

Starting from this version, drizzle-orm will be compatible with both @neondatabase/serverless 1.0

0.40.0

New Features

Added Gel dialect support and gel-js client support

Drizzle is getting a new Gel dialect with its own types and Gel-specific logic. In this first iteration, almost all query-building features have been copied from the PostgreSQL dialect since Gel is fully PostgreSQL-compatible. The only change in this iteration is the data types. The Gel dialect has a different set of available data types, and all mappings for these types have been designed to avoid any extra conversions on Drizzle's side. This means you will insert and select exactly the same data as supported by the Gel protocol.

Drizzle + Gel integration will work only through drizzle-kit pull. Drizzle won't support generate, migrate, or push features in this case. Instead, drizzle-kit is used solely to pull the Drizzle schema from the Gel database, which can then be used in your drizzle-orm queries.

The Gel + Drizzle workflow:

1. Use the gel CLI to manage your schema.
2. Use the gel CLI to generate and apply migrations to the database.
3. Use drizzle-kit to pull the Gel database schema into a Drizzle schema.
4. Use drizzle-orm with gel-js to query the Gel database.

Here is a small example of how to connect to Gel using Drizzle:

// Make sure to install the 'gel' package 
import { drizzle } from "drizzle-orm/gel";
import { createClient } from "gel";
const gelClient = createClient();
const db = drizzle({ client: gelClient });
const result = await db.execute('select 1');

and drizzle-gel schema definition

import { gelTable, uniqueIndex, uuid, smallint, text } from "drizzle-orm/gel-core"
</tr></table> 

... (truncated)

Commits

• f39f885 Various fixes, features bundled for v0.41.0 (#4293)
• a270acb Merge pull request #4287 from drizzle-team/optimize-int-tests
• 1946324 Remove gel-relational
• 44a19a9 Disable singlestore-relational
• 3379afd Split relational tests
• 552fef4 Remove await
• e37b1f5 Fix test
• bfc6bc3 Update latest pipeline
• 007df99 Fix command
• 67f0b33 Split unit tests
• Additional commits viewable in compare view

Updates next from 15.1.6 to 15.2.4

Release notes

Sourced from next's releases.

v15.2.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Match subrequest handling for edge and node (#77474)
• exclude images and static media from dev origin check (#77417)
• ensure /__next middleware URLs are included in the origin check (#77416)
• remove direct ip/port bypass in dev origin check (#77414)
• switch development origin verification to be opt-in rather than opt-out (#77395)

Credits

Huge thanks to @​ijjk and @​ztanner for helping!

v15.2.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary. This release contains a security patch for CVE-2025-29927.

Core Changes

• Update default allowed origins list (#77212)
• unify allowed origin detection handling (#77053)
• Add dev warning for cross-origin and stabilize allowedDevOrigins (#77044)
• Ensure deploymentId is used for CSS preloads (#77210)
• Update middleware request header (#77201)
• [metadata] remove the default segement check for metadata rendering (#77119)
• [ts-hint] fix vscode type hint plugin enabling (#77099)
• [metadata] re-insert icons to head for streamed metadata (#76915)

Credits

Huge thanks to @​ijjk, @​ztanner, and @​huozhi for helping!

v15.2.2

Core Changes

• [dev-overlay] fix styling on overflow error messages, add button hover state: #76771
• Fix: respond 405 status code on OPTIONS request to SSG page: #76767
• [dev-overlay] Always show relative paths: #76742
• [metadata] remove the duplicate metadata in the error boundary: #76791
• Upgrade React from d55cc79b-20250228 to 443b7ff2-20250303: #76804
• [dev-overlay] Ignore animations on page load: #76834
• fix: remove useless set-cookie in action-handler: #76839
• Turbopack: handle task cancelation: #76831
• Upgrade React from 443b7ff2-20250303 to e03ac20f-20250305: #76842

... (truncated)

Commits

• 804aa35 v15.2.4
• ecb72ee Match subrequest handling for edge and node (#77474)
• 25f810b exclude images and static media from dev origin check (#77417)
• d9bcb83 ensure /__next middleware URLs are included in the origin check (#77416)
• cfeaa86 remove direct ip/port bypass in dev origin check (#77414)
• f847302 switch development origin verification to be opt-in rather than opt-out (#77395)
• 535e26d v15.2.3
• 2fcae1d Update default allowed origins list (#77212)
• adf5462 unify allowed origin detection handling (#77053)
• 5e59da1 Add dev warning for cross-origin and stabilize allowedDevOrigins (#77044)
• Additional commits viewable in compare view

Updates react from 19.0.0 to 19.1.0

Release notes

Sourced from react's releases.

19.1.0 (March 28, 2025)

Owner Stack

An Owner Stack is a string representing the components that are directly responsible for rendering a particular component. You can log Owner Stacks when debugging or use Owner Stacks to enhance error overlays or other development tools. Owner Stacks are only available in development builds. Component Stacks in production are unchanged.

• An Owner Stack is a development-only stack trace that helps identify which components are responsible for rendering a particular component. An Owner Stack is distinct from a Component Stacks, which shows the hierarchy of components leading to an error.
• The captureOwnerStack API is only available in development mode and returns a Owner Stack, if available. The API can be used to enhance error overlays or log component relationships when debugging. #29923, #32353, #30306, #32538, #32529, #32538

React

• Enhanced support for Suspense boundaries to be used anywhere, including the client, server, and during hydration. #32069, #32163, #32224, #32252
• Reduced unnecessary client rendering through improved hydration scheduling #31751
• Increased priority of client rendered Suspense boundaries #31776
• Fixed frozen fallback states by rendering unfinished Suspense boundaries on the client. #31620
• Reduced garbage collection pressure by improving Suspense boundary retries. #31667
• Fixed erroneous “Waiting for Paint” log when the passive effect phase was not delayed #31526
• Fixed a regression causing key warnings for flattened positional children in development mode. #32117
• Updated useId to use valid CSS selectors, changing format from :r123: to «r123». #32001
• Added a dev-only warning for null/undefined created in useEffect, useInsertionEffect, and useLayoutEffect. #32355
• Fixed a bug where dev-only methods were exported in production builds. React.act is no longer available in production builds. #32200
• Improved consistency across prod and dev to improve compatibility with Google Closure Complier and bindings #31808
• Improve passive effect scheduling for consistent task yielding. #31785
• Fixed asserts in React Native when passChildrenWhenCloningPersistedNodes is enabled for OffscreenComponent rendering. #32528
• Fixed component name resolution for Portal #32640
• Added support for beforetoggle and toggle events on the dialog element. #32479 #32479

React DOM

• Fixed double warning when the href attribute is an empty string #31783
• Fixed an edge case where getHoistableRoot() didn’t work properly when the container was a Document #32321
• Removed support for using HTML comments (e.g. <!-- -->) as a DOM container. #32250
• Added support for <script> and \<template> tags to be nested within <select> tags. #31837
• Fixed responsive images to be preloaded as HTML instead of headers #32445

use-sync-external-store

• Added exports field to package.json for use-sync-external-store to support various entrypoints. #25231

React Server Components

• Added unstable_prerender, a new experimental API for prerendering React Server Components on the server #31724
• Fixed an issue where streams would hang when receiving new chunks after a global error #31840, #31851
• Fixed an issue where pending chunks were counted twice. #31833
• Added support for streaming in edge environments #31852
• Added support for sending custom error names from a server so that they are available in the client for console replaying. #32116
• Updated the server component wire format to remove IDs for hints and console.log because they have no return value #31671
• Exposed registerServerReference in client builds to handle server references in different environments. #32534
• Added react-server-dom-parcel package which integrates Server Components with the Parcel bundler #31725, #32132, #31799, #32294, #31741

Changelog

Sourced from react's changelog.

19.1.0 (March 28, 2025)

Owner Stack

An Owner Stack is a string representing the components that are directly responsible for rendering a particular component. You can log Owner Stacks when debugging or use Owner Stacks to enhance error overlays or other development tools. Owner Stacks are only available in development builds. Component Stacks in production are unchanged.

• An Owner Stack is a development-only stack trace that helps identify which components are responsible for rendering a particular component. An Owner Stack is distinct from a Component Stacks, which shows the hierarchy of components leading to an error.
• The captureOwnerStack API is only available in development mode and returns a Owner Stack, if available. The API can be used to enhance error overlays or log component relationships when debugging. #29923, #32353, #30306, #32538, #32529, #32538

React

• Enhanced support for Suspense boundaries to be used anywhere, including the client, server, and during hydration. #32069, #32163, #32224, #32252
• Reduced unnecessary client rendering through improved hydration scheduling #31751
• Increased priority of client rendered Suspense boundaries #31776
• Fixed frozen fallback states by rendering unfinished Suspense boundaries on the client. #31620
• Reduced garbage collection pressure by improving Suspense boundary retries. #31667
• Fixed erroneous “Waiting for Paint” log when the passive effect phase was not delayed #31526
• Fixed a regression causing key warnings for flattened positional children in development mode. #32117
• Updated useId to use valid CSS selectors, changing format from :r123: to «r123». #32001
• Added a dev-only warning for null/undefined created in useEffect, useInsertionEffect, and useLayoutEffect. #32355
• Fixed a bug where dev-only methods were exported in production builds. React.act is no longer available in production builds. #32200
• Improved consistency across prod and dev to improve compatibility with Google Closure Complier and bindings #31808
• Improve passive effect scheduling for consistent task yielding. #31785
• Fixed asserts in React Native when passChildrenWhenCloningPersistedNodes is enabled for OffscreenComponent rendering. #32528
• Fixed component name resolution for Portal #32640
• Added support for beforetoggle and toggle events on the dialog element. #32479 #32479

React DOM

• Fixed double warning when the href attribute is an empty string #31783
• Fixed an edge case where getHoistableRoot() didn’t work properly when the container was a Document #32321
• Removed support for using HTML comments (e.g. <!-- -->) as a DOM container. #32250
• Added support for <script> and \<template> tags to be nested within <select> tags. #31837
• Fixed responsive images to be preloaded as HTML instead of headers ...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
svw-web-app	❌ Failed (Inspect)			Apr 7, 2025 2:51pm

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.