chore(deps): bump the production-dependencies group with 19 updates

[dependabot]

Bumps the production-dependencies group with 19 updates:

Package	From	To
@dnd-kit/sortable	7.0.2	10.0.0
@portabletext/editor	4.3.7	6.0.2
@sanity/types	5.8.1	5.12.0
@tanstack/react-query	5.90.20	5.90.21
@trpc/client	11.9.0	11.10.0
@trpc/react-query	11.9.0	11.10.0
@trpc/server	11.9.0	11.10.0
@vercel/blob	2.2.0	2.3.0
@workos-inc/authkit-nextjs	2.13.0	2.15.0
apexcharts	5.3.6	5.6.0
dotenv	17.2.4	17.3.1
html2canvas-pro	1.6.6	2.0.2
react-apexcharts	1.9.0	2.0.1
react-dropzone	14.4.0	15.0.0
resend	6.9.1	6.9.2
sanity	5.8.1	5.12.0
styled-components	6.3.9	6.3.11
tailwind-merge	3.4.0	3.5.0
tailwindcss	4.1.18	4.2.1

Updates @dnd-kit/sortable from 7.0.2 to 10.0.0

Changelog

Sourced from @​dnd-kit/sortable's changelog.

10.0.0

Patch Changes

• Updated dependencies [0c6a28d]:
  • @​dnd-kit/core@​6.3.0

9.0.0

Patch Changes

• #1542 f629ec6 Thanks @​clauderic! - Fix bug with draggable and sortable elements with an id equal to 0.

• Updated dependencies [00ec286, 995dc23, f629ec6, 99643f6, 6bbe39b, 545a41c, bcaf7c4]:

  • @​dnd-kit/core@​6.2.0

8.0.0

Patch Changes

• Updated dependencies [bc588c7, b417f0f, f342d5e]:
  • @​dnd-kit/core@​6.1.0
  • @​dnd-kit/utilities@​3.2.2

Commits

• 060c982 Version Packages
• 2eedcc3 Version Packages
• f629ec6 Fix for when id is equal to 0
• 694dcc2 Version Packages (#1240)
• See full diff in compare view

Updates @portabletext/editor from 4.3.7 to 6.0.2

Release notes

Sourced from @​portabletext/editor's releases.

@​portabletext/editor@​6.0.2

Patch Changes

• #2263 68d4f82 Thanks @​christianhg! - fix(deps): remove @​portabletext/sanity-bridge peer dependency

• Updated dependencies []:

  • @​portabletext/block-tools@​5.0.4

@​portabletext/editor@​6.0.1

Patch Changes

• #2200 da6e04f Thanks @​christianhg! - fix: bypass editor methods for DOM input events

  DOM input events now route directly to the behavior system instead of going through Editor methods first. This moves event handling closer to the source, giving more control over how input is processed.

• #2256 a4b0b48 Thanks @​christianhg! - Remove unused internal Slate editor methods (edges, first, fragment, hasBlocks, hasTexts, isEmpty, last). These are internal to the Slate layer and not part of the public PTE API.

• #2241 9e768b1 Thanks @​christianhg! - fix: add editor to focus listener effect dependency array

• #2241 d28c017 Thanks @​christianhg! - fix(perf): optimize normalizeNode with split loops and element refetching

• #2252 c3b7905 Thanks @​christianhg! - fix: remove unused internal Editor methods

  Removed internal Editor methods that were superseded by the behavior system: addMark, removeMark, deleteBackward, deleteForward, deleteFragment, insertSoftBreak, insertNode, and Transforms.setPoint. These were never part of the public API.

• #2239 e9bcda3 Thanks @​christianhg! - fix: replace is-hotkey with @​portabletext/keyboard-shortcuts. is-hotkey doesn't ship ESM.

• #2255 80c7378 Thanks @​christianhg! - fix: remove remaining WeakMaps, move state onto editor object

  WeakMaps are an upstream Slate pattern for supporting multiple editor instances sharing a module scope. Since PTE owns the editor lifecycle, storing state directly on the editor object is simpler and easier to debug.

• #2253 77a10ce Thanks @​christianhg! - fix: remove WeakMaps from Slate core, move state onto editor object

  WeakMaps are an upstream Slate pattern for supporting multiple editor instances sharing a module scope. Since PTE owns the editor lifecycle, storing state directly on the editor object is simpler and easier to debug.

• #2254 018857f Thanks @​christianhg! - fix: remove Editor-keyed WeakMaps from slate-dom, move state onto DOMEditor

  WeakMaps are an upstream Slate pattern for supporting multiple editor instances sharing a module scope. Since PTE owns the editor lifecycle, storing state directly on the editor object is simpler and easier to debug.

• #2251 398adef Thanks @​christianhg! - fix: replace Transforms calls with raw operations in editor internals

  Replaced all Transforms.* calls in PTE source code with raw editor.apply() operations or direct editor.* method calls. This is an internal refactor with no behavior change. Helper utilities (applySelect, applyDeselect, applySetNode, applyInsertNodeAtPath, applyInsertNodeAtPoint, applyMove) extracted to internal-utils/.

• #2241 7d5b051 Thanks @​christianhg! - fix: respect suppressThrow in toSlatePoint findPath calls

@​portabletext/editor@​6.0.0

Major Changes

• #2184 79b69a5 Thanks @​christianhg! - feat!: remove change$ observable and rxjs dependency

... (truncated)

Changelog

Sourced from @​portabletext/editor's changelog.

6.0.2

Patch Changes

• #2263 68d4f82 Thanks @​christianhg! - fix(deps): remove @​portabletext/sanity-bridge peer dependency

• Updated dependencies []:

  • @​portabletext/block-tools@​5.0.4

6.0.1

Patch Changes

• #2200 da6e04f Thanks @​christianhg! - fix: bypass editor methods for DOM input events

  DOM input events now route directly to the behavior system instead of going through Editor methods first. This moves event handling closer to the source, giving more control over how input is processed.

• #2256 a4b0b48 Thanks @​christianhg! - Remove unused internal Slate editor methods (edges, first, fragment, hasBlocks, hasTexts, isEmpty, last). These are internal to the Slate layer and not part of the public PTE API.

• #2241 9e768b1 Thanks @​christianhg! - fix: add editor to focus listener effect dependency array

• #2241 d28c017 Thanks @​christianhg! - fix(perf): optimize normalizeNode with split loops and element refetching

• #2252 c3b7905 Thanks @​christianhg! - fix: remove unused internal Editor methods

  Removed internal Editor methods that were superseded by the behavior system: addMark, removeMark, deleteBackward, deleteForward, deleteFragment, insertSoftBreak, insertNode, and Transforms.setPoint. These were never part of the public API.

• #2239 e9bcda3 Thanks @​christianhg! - fix: replace is-hotkey with @​portabletext/keyboard-shortcuts. is-hotkey doesn't ship ESM.

• #2255 80c7378 Thanks @​christianhg! - fix: remove remaining WeakMaps, move state onto editor object

  WeakMaps are an upstream Slate pattern for supporting multiple editor instances sharing a module scope. Since PTE owns the editor lifecycle, storing state directly on the editor object is simpler and easier to debug.

• #2253 77a10ce Thanks @​christianhg! - fix: remove WeakMaps from Slate core, move state onto editor object

  WeakMaps are an upstream Slate pattern for supporting multiple editor instances sharing a module scope. Since PTE owns the editor lifecycle, storing state directly on the editor object is simpler and easier to debug.

• #2254 018857f Thanks @​christianhg! - fix: remove Editor-keyed WeakMaps from slate-dom, move state onto DOMEditor

  WeakMaps are an upstream Slate pattern for supporting multiple editor instances sharing a module scope. Since PTE owns the editor lifecycle, storing state directly on the editor object is simpler and easier to debug.

• #2251 398adef Thanks @​christianhg! - fix: replace Transforms calls with raw operations in editor internals

  Replaced all Transforms.* calls in PTE source code with raw editor.apply() operations or direct editor.* method calls. This is an internal refactor with no behavior change. Helper utilities (applySelect, applyDeselect, applySetNode, applyInsertNodeAtPath, applyInsertNodeAtPoint, applyMove) extracted to internal-utils/.

• #2241 7d5b051 Thanks @​christianhg! - fix: respect suppressThrow in toSlatePoint findPath calls

6.0.0

Major Changes

... (truncated)

Commits

• 5d000fe Version Packages
• 68d4f82 fix(deps): remove @​portabletext/sanity-bridge peer dependency
• b1ed91c Version Packages
• a4b0b48 fix: remove unused internal Editor methods
• 119a796 test: add undo tests for decorator and annotation add across a range
• 398adef fix: replace Transforms with raw operations in delete, decorator, annotatio...
• a324d13 fix: replace Transforms with raw operations in slate plugins
• 64488d9 fix: replace Transforms with raw operations in selection and node mutation ops
• 80c7378 fix: remove remaining WeakMaps, move state onto editor object
• 018857f fix: remove Editor-keyed WeakMaps from slate-dom, move state onto DOMEditor
• Additional commits viewable in compare view

Updates @sanity/types from 5.8.1 to 5.12.0

Release notes

Sourced from @​sanity/types's releases.

v5.12.0

Sanity Studio v5.12.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit: www.sanity.io/changelog/studio-NS4xMS4w

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author	Message	Commit
@​RitaDias	add telemetry around the publish button state and time (#12189)	50a46ed8c71950310a3c7afcad4e7f7e49268eda
squiggler[bot]	fix linter issues 🤖 ✨ (#12232)	5614e988a10eed69f9860b8ea59e65baf5ed600c
@​christianhg	move EditorChange type ownership from PTE to Studio (#12230)	1990fdfa5015e0d0bf230fa66c6ab6728704a5f5
@​bjoerge	remove @​sanity/ui-workshop and all workshop files (#12224)	9c4e8a189bd2075d80df3c10be51c4939161ce1e
@​RitaDias	remove enhancedObjectDialog from config (#12231)	5444de827663e1b00a3ccc7a93abe05c99fe0c0c
squiggler[bot]	dedupe pnpm-lock.yaml (#12228)	456bfde9f846b66e0111a3062ac0030a60684cc3
@​tbeseda	upgrade blueprints commands (#12226)	245a07ff585caf4c63536c47f7dd468c5c01205a
@​christianhg	prepare for PTE v6 render component types (#12216)	8b228852b74a31fdf27e5ea0ad68fc90310ca9d0
@​bjoerge	restore missing version mismatch warning (#12223)	320b4ee691caf6c859e0056c40665d7b79b37441
renovate[bot]	update dependency styled-components to ^6.3.11 (#12222)	ae1bb42d884c0d315ef7675d845a044ce10c1edd
@​RitaDias	navigation to root element having issues navigating completely out (#12204)	15fb1a4b70fa6126979f36aab869601716244cf7
@​adoprog	add commands for managing embeddings (#12212)	759d47e7bf219eca7e0fb09b824ad1aadbc9a3bc
@​bjoerge	use knip for depcheck (#12217)	734cd00019628df50c2d1b2a6eb8e7bcc3df6b73
@​bjoerge	skip lintPr workflow in main (#12219)	abf0d896feea186dc212940f91b404b9acadc0c3
@​bjoerge	speed up preinstall by adding only-allow as workspace dependency (#12215)	5855068d96277575ea72a0b08a18c4fdbfd87aad
@​rexxars	fix missing main when comparing staged changes (#12209)	b67472342d1cf7b711a7f05b72c424019a7ef23a
renovate[bot]	update dependency @​sanity/import to ^4.1.2 (#12208)	2c7841db8e3a583832dcf49b0af9087a71eb236c
squiggler[bot]	dedupe pnpm-lock.yaml (#12213)	7aa41fd277e8aa4cf5148008f547236d9beea009
@​christianhg	prepare for PTE v6 EditorConfig and paste type changes (#12181)	e131d6a52b26a0a6cc4566803bbdd959aabc5999
@​christianhg	bump @​portabletext/sanity-bridge to ^2.0.2 (#12181)	48ed32b532e197a6628dda66d84f6b490227ae21
@​webpro	introduce knip & some initial housekeeping (#12154)	b2d2df2c8320fa6eb9537722908dd982554e9b70
renovate[bot]	Update portabletext (#12210)	d7294b9a1e3d51f37a4e7bd8a1121863ae81a13a
@​jwoods02	add Gemini, Codex and Copilot CLIs to MCP configure (#12194)	093e7165e77bce80e11e59e7a98f58524d363e43

v5.11.0

Sanity Studio v5.11.0

... (truncated)

Changelog

Sourced from @​sanity/types's changelog.

5.12.0 (2026-02-24)

Note: Version bump only for package @​sanity/types

5.11.0 (2026-02-19)

Features

• conditional multi schema references (#12066) (7e7ea6d) by Jordan Lawrence (jordanl17@me.com)

5.10.0 (2026-02-17)

Note: Version bump only for package @​sanity/types

5.9.0 (2026-02-10)

Features

• add hidden to validation context (#12050) (26b665b) by RitaDias (rita@sanity.io)

Reverts

• rollback v5.9.0 version bump (#12139) (4195d26) by Bjørge Næss (bjoerge@gmail.com)

Commits

• f469e5a chore(release): publish v5.12.0 (#12211)
• 734cd00 chore: use knip for depcheck (#12217)
• aa4d1c2 chore(release): publish v5.11.0 (#12178)
• 7e7ea6d feat: conditional multi schema references (#12066)
• b759231 chore(release): publish v5.10.0 (#12141)
• fd77a3c chore(release): publish v5.9.0 (#12138)
• 4195d26 revert: rollback v5.9.0 version bump (#12139)
• a1365bd chore(release): publish v5.9.0 (#12099)
• 26b665b feat: add hidden to validation context (#12050)
• See full diff in compare view

Updates @tanstack/react-query from 5.90.20 to 5.90.21

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-persist-client@​5.90.21

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.18
  • @​tanstack/react-query@​5.90.19

@​tanstack/react-query@​5.90.21

Patch Changes

• refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#10082)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.90.21

Patch Changes

• refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#10082)

Commits

• 08050cb ci: Version Packages (#10115)
• c5def66 refactor(react-query/useQueries): remove unreachable 'willFetch' branch in su...
• da2ff5a chore(vite.config): exclude 'tests' directory from coverage reports (#10084)
• 2a592d2 test(react-query/suspense): add test cases for 'static' staleTime with number...
• 7e3ea62 test(react-query/QueryResetErrorBoundary): relocate 'issue-9728' test and mig...
• dee5d3e test(react-query/ssr): add 'useMutation' and 'useMutationState' tests for SSR...
• See full diff in compare view

Updates @trpc/client from 11.9.0 to 11.10.0

Release notes

Sourced from @​trpc/client's releases.

v11.10.0

What's Changed

• fix(tanstack-react-query): mark react-dom as optional peer dependency by @​bbinya1224 in trpc/trpc#7108
• docs(docs): Add Nx Plugin for AWS to Awesome tRPC Collection by @​cogwirrel in trpc/trpc#6965
• feat(client): return origin error in cause in localLink by @​evolvomind in trpc/trpc#7134
• fix(client): client connectionParams should respect specified encoder by @​SirajChokshi in trpc/trpc#7132
• docs: Add tRPC Docs Generator to extensions list by @​liorcodev in trpc/trpc#7122
• docs: document Fastify v5+ requirement for tRPC adapter by @​tarunsinghofficial in trpc/trpc#7109
• chore(docs): improve wording in docs by @​sajadtorkamani in trpc/trpc#7133
• fix(ci): allow backticks in semantic PR by @​KATT in trpc/trpc#7141
• feat(server): add batchIndex to procedures and middleware in batched requests by @​anatolzak in trpc/trpc#7097
• chore(www): update companies using by @​KATT in trpc/trpc#7145
• Improve layout control in CompaniesUsing component by @​clicktodev in trpc/trpc#7148

New Contributors

• @​bbinya1224 made their first contribution in trpc/trpc#7108
• @​cogwirrel made their first contribution in trpc/trpc#6965
• @​evolvomind made their first contribution in trpc/trpc#7134
• @​liorcodev made their first contribution in trpc/trpc#7122
• @​tarunsinghofficial made their first contribution in trpc/trpc#7109
• @​sajadtorkamani made their first contribution in trpc/trpc#7133

Full Changelog: trpc/trpc@v11.9.0...v11.10.0

Commits

• 54ee800 v11.10.0
• 328cb0a Revert "v11.10.0"
• de58ad3 v11.10.0
• bc215fe feat(server): add batchIndex to procedures and middleware in batched reques...
• d92cc45 fix(client): client connectionParams should respect specified encoder (#7132)
• 9d4b3b9 feat(client): return origin error in cause in localLink (#7134)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​trpc/client since your current version.

Updates @trpc/react-query from 11.9.0 to 11.10.0

Release notes

Sourced from @​trpc/react-query's releases.

v11.10.0

What's Changed

• fix(tanstack-react-query): mark react-dom as optional peer dependency by @​bbinya1224 in trpc/trpc#7108
• docs(docs): Add Nx Plugin for AWS to Awesome tRPC Collection by @​cogwirrel in trpc/trpc#6965
• feat(client): return origin error in cause in localLink by @​evolvomind in trpc/trpc#7134
• fix(client): client connectionParams should respect specified encoder by @​SirajChokshi in trpc/trpc#7132
• docs: Add tRPC Docs Generator to extensions list by @​liorcodev in trpc/trpc#7122
• docs: document Fastify v5+ requirement for tRPC adapter by @​tarunsinghofficial in trpc/trpc#7109
• chore(docs): improve wording in docs by @​sajadtorkamani in trpc/trpc#7133
• fix(ci): allow backticks in semantic PR by @​KATT in trpc/trpc#7141
• feat(server): add batchIndex to procedures and middleware in batched requests by @​anatolzak in trpc/trpc#7097
• chore(www): update companies using by @​KATT in trpc/trpc#7145
• Improve layout control in CompaniesUsing component by @​clicktodev in trpc/trpc#7148

New Contributors

• @​bbinya1224 made their first contribution in trpc/trpc#7108
• @​cogwirrel made their first contribution in trpc/trpc#6965
• @​evolvomind made their first contribution in trpc/trpc#7134
• @​liorcodev made their first contribution in trpc/trpc#7122
• @​tarunsinghofficial made their first contribution in trpc/trpc#7109
• @​sajadtorkamani made their first contribution in trpc/trpc#7133

Full Changelog: trpc/trpc@v11.9.0...v11.10.0

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​trpc/react-query since your current version.

Updates @trpc/server from 11.9.0 to 11.10.0

Release notes

Sourced from @​trpc/server's releases.

v11.10.0

What's Changed

• fix(tanstack-react-query): mark react-dom as optional peer dependency by @​bbinya1224 in trpc/trpc#7108
• docs(docs): Add Nx Plugin for AWS to Awesome tRPC Collection by @​cogwirrel in trpc/trpc#6965
• feat(client): return origin error in cause in localLink by @​evolvomind in trpc/trpc#7134
• fix(client): client connectionParams should respect specified encoder by @​SirajChokshi in trpc/trpc#7132
• docs: Add tRPC Docs Generator to extensions list by @​liorcodev in trpc/trpc#7122
• docs: document Fastify v5+ requirement for tRPC adapter by @​tarunsinghofficial in trpc/trpc#7109
• chore(docs): improve wording in docs by @​sajadtorkamani in trpc/trpc#7133
• fix(ci): allow backticks in semantic PR by @​KATT in trpc/trpc#7141
• feat(server): add batchIndex to procedures and middleware in batched requests by @​anatolzak in trpc/trpc#7097
• chore(www): update companies using by @​KATT in trpc/trpc#7145
• Improve layout control in CompaniesUsing component by @​clicktodev in trpc/trpc#7148

New Contributors

• @​bbinya1224 made their first contribution in trpc/trpc#7108
• @​cogwirrel made their first contribution in trpc/trpc#6965
• @​evolvomind made their first contribution in trpc/trpc#7134
• @​liorcodev made their first contribution in trpc/trpc#7122
• @​tarunsinghofficial made their first contribution in trpc/trpc#7109
• @​sajadtorkamani made their first contribution in trpc/trpc#7133

Full Changelog: trpc/trpc@v11.9.0...v11.10.0

Commits

• 54ee800 v11.10.0
• 328cb0a Revert "v11.10.0"
• de58ad3 v11.10.0
• bc215fe feat(server): add batchIndex to procedures and middleware in batched reques...
• 185b223 chore(deps): update dependency @​oxc-project/runtime to v0.112.0 (#7142)
• bb9a907 chore(deps): update dependency @​oxc-project/runtime to v0.111.0 (#7125)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​trpc/server since your current version.

Updates @vercel/blob from 2.2.0 to 2.3.0

Release notes

Sourced from @​vercel/blob's releases.

@​vercel/blob@​2.3.0

Minor Changes

• 04ca1f0: Add private storage support (beta), a new get() method, and conditional gets

  Private storage (beta)

  You can now upload and read private blobs by setting access: 'private' on put() and get(). Private blobs require authentication to access — they are not publicly accessible via their URL.

  New get() method

  Fetch blob content by URL or pathname. Returns a ReadableStream along with blob metadata (url, pathname, contentType, size, etag, etc.).

  Conditional gets with ifNoneMatch

  Pass an ifNoneMatch option to get() with a previously received ETag. When the blob hasn't changed, the response returns statusCode: 304 with stream: null, avoiding unnecessary re-downloads.

  Example

  import { put, get } from "@vercel/blob";
  // Upload a private blob
  const blob = await put("user123/avatar.png", file, { access: "private" });
  // Read it back
  const response = await get(blob.pathname, { access: "private" });
  // response.stream — ReadableStream of the blob content
  // response.blob — metadata (url, pathname, contentType, size, etag, ...)
  // Conditional get — skip download if unchanged
  const cached = await get(blob.pathname, {
  access: "private",
  ifNoneMatch: response.blob.etag,
  });
  if (cached.statusCode === 304) {
  // Blob hasn't changed, reuse previous data
  }

  Learn more: https://vercel.com/docs/vercel-blob/private-storage

Changelog

Sourced from @​vercel/blob's changelog.

2.3.0

Minor Changes

• 04ca1f0: Add private storage support (beta), a new get() method, and conditional gets

  Private storage (beta)

  You can now upload and read private blobs by setting access: 'private' on put() and get(). Private blobs require authentication to access — they are not publicly accessible via their URL.

  New get() method

  Fetch blob content by URL or pathname. Returns a ReadableStream along with blob metadata (url, pathname, contentType, size, etag, etc.).

  Conditional gets with ifNoneMatch

  Pass an ifNoneMatch option to get() with a previously received ETag. When the blob hasn't changed, the response returns statusCode: 304 with stream: null, avoiding unnecessary re-downloads.

  Example

  import { put, get } from "@vercel/blob";
  // Upload a private blob
  const blob = await put("user123/avatar.png", file, { access: "private" });
  // Read it back
  const response = await get(blob.pathname, { access: "private" });
  // response.stream — ReadableStream of the blob content
  // response.blob — metadata (url, pathname, contentType, size, etag, ...)
  // Conditional get — skip download if unchanged
  const cached = await get(blob.pathname, {
  access: "private",
  ifNoneMatch: response.blob.etag,
  });
  if (cached.statusCode === 304) {
  // Blob hasn't changed, reuse previous data
  }

  Learn more: https://vercel.com/docs/vercel-blob/private-storage

Commits

• e006f7c Version Packages (#981)
• 04ca1f0 feat(blob): Add private storage (#924)
• 9b7df67 chore(deps): update dependency @​types/node to v24.10.13 (#969)
• d56768b chore(deps): update dependency @​types/node to v24.10.12 (#968)
• See full diff in compare view

Updates @workos-inc/authkit-nextjs from 2.13.0 to 2.15.0

Release notes

Sourced from @​workos-inc/authkit-nextjs's releases.

v2.15.0

2.15.0 (2026-02-25)

Features

• Add returnTo option to getSignInUrl and getSignUpUrl functions (#375) (fc75708)

v2.14.0

What's Changed

• chore: switch from npm to pnpm by @​nicknisi in workos/authkit-nextjs#360
• docs: add warning about catch-all middleware matcher breaking styles by @​nicknisi in workos/authkit-nextjs#355
• chore: migrate from Jest to Vitest by @​nicknisi in workos/authkit-nextjs#367
• chore: upgrade @​workos-inc/node to v8 by @​nicknisi in workos/authkit-nextjs#368
• Add example app as pnpm workspace package by @​nicknisi in workos/authkit-nextjs#370
• v2.14.0 by @​nicknisi in workos/authkit-nextjs#369

Full Changelog: workos/authkit-nextjs@v2.13.0...v2.14.0

Changelog

Sourced from @​workos-inc/authkit-nextjs's changelog.

2.15.0 (2026-02-25)

Features

• Add returnTo option to getSignInUrl and getSignUpUrl functions (#375) (fc75708)

Commits

• 05ab5f2 chore(main): release 2.15.0 (#377)
• fc75708 feat: Add returnTo option to getSignInUrl and getSignUpUrl functions (...
• 11dd6f0 chore: add release-please automation (#376)
• f848652 v2.14.0 (#369)
• c5dc7ee Add example app as pnpm workspace package (#370)
• 911e58c chore: upgrade to workos-node v8 (#368)
• 96bf26c chore: migrate from Jest to Vitest (#367)
• 9af5faf docs: add warning about catch-all middleware matcher breaking styles (#355)
• f5204e8 chore: switch from npm to pnpm (#360)
• See full diff in compare view

Updates apexcharts from 5.3.6 to 5.6.0

Release notes

Sourced from apexcharts's releases.

💎 Version 5.6.0

Bug Fixes

Critical Fix: Tooltip and Chart Interactions Restored (#5168)

• Fixed a critical regression where tooltips were not appearing and chart interactions were completely blocked
• The <foreignObject> element, which contains the legend wrapper, was incorrectly positioned as the last child in the SVG DOM, causing it to overlay and block all mouse events on the chart
• Restored the correct DOM ordering by ensuring <foreignObject> is always the first child element (at the back of the z-order), allowing chart interactions to work properly
• This issue affected all chart types including column, scatter, heatmap, bar, and others
• The regression was introduced in v5.5.0 when accessibility features were added

Comprehensive DOM Ordering Tests

• Added extensive test coverage to prevent future regressions of DOM element ordering

If you experienced tooltip or interaction issues in v5.5.0/v5.5.1, this release fully resolves those problems. Simply upgrade to v5.6.0 - no code changes required on your end.

💎 Version 5.5.0Description has been truncated

Greptile Summary

This is a Dependabot-generated bulk upgrade of 19 production dependencies. Most updates are safe patch or minor bumps, but 5 packages receive major version bumps that carry meaningful breaking-change risk and should be verified against a full test run and manual smoke-test before merging to production.

Key changes and risks:

• @portabletext/editor 4.3.7 → 6.0.2 (two major versions): The 6.0.0 release explicitly marks the removal of the change$ observable and the rxjs peer dependency as a breaking change (feat!). The lock file confirms rxjs is no longer a resolved peer. The sanity 5.12.0 upgrade in this same PR prepares the Studio layer for PTE v6, which is the correct pairing — but any direct application-level usage of change$ or rxjs from PTE must be audited and migrated.
• @dnd-kit/sortable 7.0.2 → 10.0.0 (three major versions): The intermediate releases appear to be dependency-chain bumps on @dnd-kit/core, with no visible public API removals, but three major version jumps in one step warrants a quick review of any custom sortable usage.
• html2canvas-pro 1.6.6 → 2.0.2, react-dropzone 14.4.0 → 15.0.0, react-apexcharts 1.9.0 → 2.0.1: All three cross a major version boundary and should be smoke-tested.
• apexcharts 5.3.6 → 5.6.0: Includes a critical regression fix for broken tooltips and chart interactions (introduced in v5.5.0, fixed in v5.6.0) — this is a positive, necessary fix.
• tailwindcss 4.1.18 → 4.2.1 and tailwind-merge 3.4.0 → 3.5.0: Minor bumps; low risk but visual regression testing on layouts is recommended.
• @workos-inc/authkit-nextjs 2.13.0 → 2.15.0 drops express as a resolved peer dependency (v2.14.0 upgraded the internal WorkOS Node SDK to v8), which is a positive cleanup.

Confidence Score: 3/5

• Moderate risk — multiple major version bumps with at least one documented breaking change require manual verification before merging.
• Five packages cross a major version boundary in a single PR. @portabletext/editor has an explicitly documented breaking API removal (change$ / rxjs). While the corresponding sanity upgrade to 5.12.0 is designed to accommodate PTE v6, any direct application-level usage of the removed APIs would silently break. The remaining major bumps (@dnd-kit/sortable, html2canvas-pro, react-dropzone, react-apexcharts) lack inline changelogs in the PR and need smoke-testing. The patch/minor bumps (trpc, tanstack-query, tailwindcss, etc.) are low risk.
• package.json — specifically the @portabletext/editor, @dnd-kit/sortable, react-dropzone, html2canvas-pro, and react-apexcharts version bumps warrant manual review and testing.

Important Files Changed

Filename	Overview
package.json	19 production dependency updates including 5 major version bumps (@dnd-kit/sortable 7→10, @portabletext/editor 4→6, html2canvas-pro 1→2, react-dropzone 14→15, react-apexcharts 1→2) that require careful testing for API compatibility.
pnpm-lock.yaml	Lock file correctly updated to reflect all dependency version changes; the @portabletext/editor upgrade notably drops rxjs and @portabletext/sanity-bridge peer dependencies, consistent with the PTE v6 breaking changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[19 Dependency Updates] --> B[Patch / Minor bumps\nLow risk]
    A --> C[Major version bumps\nRequire testing]

    B --> B1["@tanstack/react-query 5.90.20→5.90.21"]
    B --> B2["@trpc/* 11.9.0→11.10.0"]
    B --> B3["@vercel/blob 2.2.0→2.3.0"]
    B --> B4["@workos-inc/authkit-nextjs 2.13.0→2.15.0"]
    B --> B5["apexcharts 5.3.6→5.6.0 ✅ critical regression fix"]
    B --> B6["dotenv, resend, styled-components, tailwind-merge, tailwindcss, sanity"]

    C --> C1["@portabletext/editor 4.3.7→6.0.2\n⚠️ BREAKING: change$ observable + rxjs removed"]
    C --> C2["@dnd-kit/sortable 7.0.2→10.0.0\n3 major versions"]
    C --> C3["html2canvas-pro 1.6.6→2.0.2"]
    C --> C4["react-dropzone 14.4.0→15.0.0\nPeer dep range excludes React 19 explicitly"]
    C --> C5["react-apexcharts 1.9.0→2.0.1\nNow requires apexcharts ≥5.6.0"]

    C1 --> D["sanity 5.8.1→5.12.0\nprepares Studio for PTE v6 ✅"]

Loading

_{Last reviewed commit: 0422a31}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cloudnativedays	Ready	Preview, Comment	Mar 1, 2026 4:58am

[greptile-apps]

_{2 files reviewed, 4 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Breaking change: @portabletext/editor skips two major versions

@portabletext/editor is jumping from 4.3.7 to 6.0.2, spanning two major versions. The 6.0.0 release includes a documented breaking change: the removal of the change$ observable and its rxjs dependency (feat!: remove change$ observable and rxjs dependency).

This is confirmed in the lock file, where the old resolved version included (rxjs@7.8.2) as a peer, and the new version has no such requirement. If any component in the codebase subscribed to change$ for real-time editor change events, it will fail silently or throw at runtime after this update.

The sanity upgrade to 5.12.0 in this same PR does prepare for PTE v6 (the changelog mentions "move EditorChange type ownership from PTE to Studio" and "prepare for PTE v6 render component types"), which mitigates the risk — but any direct application-level usage of change$ or rxjs from PTE would still need to be migrated.

[greptile-apps]

Three major versions skipped for @dnd-kit/sortable

@dnd-kit/sortable jumps from 7.0.2 to 10.0.0, spanning three major versions (8, 9, and 10). While the individual changelogs in the PR description show these releases were primarily dependency bumps on @dnd-kit/core, skipping three semver majors in one step is worth verifying against any custom sortable configurations in the codebase to confirm nothing in the public API surface changed in a breaking way.

[greptile-apps]

Additional Comments (2)

package.json
react-dropzone peer dependency range excludes React 19

react-dropzone@15.0.0 declares its peer dependency as react: '>= 16.8 || 18.0.0'. This range does not explicitly enumerate React 19, though the >= 16.8 part of the union technically covers it, and pnpm resolves it correctly against react@19.2.4. In practice this works, but it indicates the library was not explicitly tested against React 19 at time of release. If any quirky React 19 behavior surfaces in file upload flows, this would be the first place to check.

---

package.json
react-apexcharts minimum apexcharts peer version tightened

react-apexcharts@2.0.1 now requires apexcharts: '>=5.6.0' (previously '>=4.0.0'). Both packages are upgraded together in this PR (apexcharts goes to 5.6.0), so the constraint is satisfied exactly at the minimum bound. If apexcharts is ever rolled back independently, react-apexcharts@2.0.1 would produce peer dependency warnings or fail. Keep these two packages in sync.