chore(deps): bump the production-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the production-dependencies group with 9 updates in the / directory:

Package	From	To
@base-ui/react	1.3.0	1.4.1
@sentry/nextjs	10.47.0	10.53.1
@supabase/ssr	0.10.0	0.10.3
next	16.2.2	16.2.6
react	19.2.4	19.2.6
react-dom	19.2.4	19.2.6
shadcn	4.1.2	4.7.0
tailwind-merge	3.5.0	3.6.0
zod	4.3.6	4.4.3

Updates @base-ui/react from 1.3.0 to 1.4.1

Release notes

Sourced from @​base-ui/react's releases.

v1.4.1

General changes

• Clear highlight on pointer leave when item is clipped by scroll container (#4604) by @​atomiks
• Fix display: contents tabbability (#4642) by @​atomiks
• Fix multi-argument event handler forwarding in mergeProps (#4598) by @​atomiks
• Mark date-fns peer dependencies as optional (#4639) by @​LukasTy

Navigation Menu

• Fix stale popup size on rapid trigger hover (#4646) by @​atomiks

All contributors of this release in alphabetical order: @​atomiks, @​LukasTy

v1.4.0

General changes

• Improve render prop warning accuracy (#4324, #4363) by @​atomiks
• Fix preventBaseUIHandler runtime wrapping (#4330) by @​atomiks
• Fix Uncaught TypeError: Converting circular structure to JSON (#4452) by @​Profesor08
• Expose form prop on hidden inputs (#4352) by @​atomiks
• Add suppressHydrationWarning to hidden inputs (#4482) by @​devxoul
• Fix outside-press dismissal in a shared shadow root (#4333) by @​atomiks
• Fix Positioner not repositioning to a different trigger when reopened with keepMounted (#4407) by @​mdm317
• Lock scroll of full-width anchored modal popups with touch input (#3100) by @​atomiks

Alert Dialog

• Fix detached trigger HMR with recreated handles (#4472) by @​atomiks

Autocomplete

• Fix initial live region announcements (#4286) by @​atomiks

Avatar

• Fix flash when image is cached (#4469) by @​mj12albert

Checkbox

• Fix uncontrolled default initialization (#4535) by @​atomiks
• Prevent input state changes in readOnly mode (#4551) by @​tsbehlman

Collapsible

• Fix open state when keepMounted has no transitions (#4555) by @​mj12albert

Combobox

• Fix clicks in Chips/InputGroup areas not focusing the input or opening the popup (#4296) by @​CiscoFran10

... (truncated)

Changelog

Sourced from @​base-ui/react's changelog.

v1.4.1

Apr 20, 2026

General changes

• Clear highlight on pointer leave when item is clipped by scroll container (#4604) by @​atomiks
• Fix display: contents tabbability (#4642) by @​atomiks
• Fix multi-argument event handler forwarding in mergeProps (#4598) by @​atomiks
• Mark date-fns peer dependencies as optional (#4639) by @​LukasTy

Navigation Menu

• Fix stale popup size on rapid trigger hover (#4646) by @​atomiks

All contributors of this release in alphabetical order: @​atomiks, @​LukasTy

v1.4.0

Apr 13, 2026

General changes

• Improve render prop warning accuracy (#4324, #4363) by @​atomiks
• Fix preventBaseUIHandler runtime wrapping (#4330) by @​atomiks
• Fix Uncaught TypeError: Converting circular structure to JSON (#4452) by @​Profesor08
• Expose form prop on hidden inputs (#4352) by @​atomiks
• Add suppressHydrationWarning to hidden inputs (#4482) by @​devxoul
• Fix outside-press dismissal in a shared shadow root (#4333) by @​atomiks
• Fix Positioner not repositioning to a different trigger when reopened with keepMounted (#4407) by @​mdm317
• Lock scroll of full-width anchored modal popups with touch input (#3100) by @​atomiks

Alert Dialog

• Fix detached trigger HMR with recreated handles (#4472) by @​atomiks

Autocomplete

• Fix initial live region announcements (#4286) by @​atomiks

Avatar

• Fix flash when image is cached (#4469) by @​mj12albert

Checkbox

• Fix uncontrolled default initialization (#4535) by @​atomiks
• Prevent input state changes in readOnly mode (#4551) by @​tsbehlman

Collapsible

... (truncated)

Commits

• be88b61 [release] v1.4.1 (#4650)
• fc7f4f9 [navigation menu] Fix stale popup size on rapid trigger hover (#4646)
• 783e530 [mergeProps] Fix multi-argument event handler forwarding (#4598)
• 2622ddf [all components] Fix display: contents tabbability (#4642)
• c0b4937 [core] Mark date-fns peer dependencies as optional (#4639)
• c8fd3a0 [dialog][popover][tooltip][menu][preview] Remove dead create*EventDetails w...
• 099541a [select] Remove unused itemToStringLabel and itemToStringValue from context (...
• 7158d7b [otp] Refactor OTPFieldRoot and OTPFieldHiddenInput (#4609)
• af33404 [temporal adapter date-fns] Fix date-only string parsing and setTimezone duck...
• 41da0c1 [docs] Fix Field validity API descriptions (#4592)
• Additional commits viewable in compare view

Updates @sentry/nextjs from 10.47.0 to 10.53.1

Release notes

Sourced from @​sentry/nextjs's releases.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

Bundle size 📦

Path	Size
@​sentry/browser	26.22 KB
@​sentry/browser - with treeshaking flags	24.69 KB
@​sentry/browser (incl. Tracing)	43.69 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.62 KB
@​sentry/browser (incl. Tracing, Profiling)	48.56 KB
@​sentry/browser (incl. Tracing, Replay)	82.4 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.99 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.33 KB
@​sentry/browser (incl. Feedback)	43 KB
@​sentry/browser (incl. sendFeedback)	30.92 KB
@​sentry/browser (incl. FeedbackAsync)	35.91 KB
@​sentry/browser (incl. Metrics)	27.27 KB
@​sentry/browser (incl. Logs)	27.42 KB
@​sentry/browser (incl. Metrics & Logs)	28.08 KB
@​sentry/react	27.92 KB
@​sentry/react (incl. Tracing)	45.9 KB
@​sentry/vue	31.01 KB
@​sentry/vue (incl. Tracing)	45.5 KB
@​sentry/svelte	26.24 KB
CDN Bundle	28.55 KB
CDN Bundle (incl. Tracing)	46.04 KB
CDN Bundle (incl. Logs, Metrics)	29.89 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.14 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.3 KB
CDN Bundle (incl. Tracing, Replay)	82.55 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.6 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.23 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.3 KB
CDN Bundle - uncompressed	83.97 KB
CDN Bundle (incl. Tracing) - uncompressed	138.12 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.07 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.5 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.97 KB

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

10.53.0

Important Changes

• feat(core): Add streamGenAiSpans options to stream gen_ai spans (#20785)

  Adds a new streamGenAiSpans option that controls how gen_ai spans are sent to Sentry. When set, the SDK extracts all gen_ai spans out of a transaction and sends them as v2 envelope items.

  Enable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.

  Sentry.init({
    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',
    streamGenAiSpans: true,
  });

Other Changes

• feat(browser): Migrate browser profiling thread data to span attributes (#20800)
• feat(core): Add addConsoleInstrumentationFilter utility (#20790)
• feat(core): Add applicationKey to BuildTimeOptionsBase (#20789)
• feat(core): split exports by browser/server for bundle size (#20435)
• feat(nextjs): Add top-level applicationKey option (#20794)
• feat(node): Support Node 26 (#20710)
• feat(profiling-node): Bump @sentry-internal/node-cpu-profiler to 2.4.0 (#20720)
• fix(cloudflare): avoid flush lock self-wait (#20719)
• fix(hono): Capture transaction name on request for correct culprit (#20801)
• fix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (#20699)
• fix(node-core): Guard against undefined util.getSystemErrorMap (#20660)
• fix(replay): Capture aborted/errored fetch requests in replay network tab (#20722)

... (truncated)

Commits

• cd97408 release: 10.53.1
• 66cfb25 Merge pull request #20838 from getsentry/prepare-release/10.53.1
• df8fd38 meta(changelog): Update changelog for 10.53.1
• 5881009 fix(core): Include subpath type shims in published package (#20835)
• 6a7d179 fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• ad47c3c ref(hono): Consolidate route patching and add clarification comments (#20829)
• 28d6fe5 Merge pull request #20826 from getsentry/master
• 46aca45 Merge branch 'release/10.53.0'
• b5cbc9c chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...
• 05489b8 release: 10.53.0
• Additional commits viewable in compare view

Updates @supabase/ssr from 0.10.0 to 0.10.3

Release notes

Sourced from @​supabase/ssr's releases.

v0.10.3

0.10.3 (2026-05-07)

Bug Fixes

• allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
• enable tree-shaking for browser bundles (#216) (f009d71)
• tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
• validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

v0.10.3-rc.101

What's Changed

• fix: allow cookies encode without getAll/setAll on browser client by @​mandarini in supabase/ssr#213

Full Changelog: supabase/ssr@v0.10.3-rc.100...v0.10.3-rc.101

v0.10.3-rc.100

What's Changed

• chore: update @​supabase/supabase-js to v2.105.3 by @​supabase-libs-pr-manager[bot] in supabase/ssr#215
• fix: enable tree-shaking for browser bundles by @​mandarini in supabase/ssr#216

Full Changelog: supabase/ssr@v0.10.3-rc.98...v0.10.3-rc.100

v0.10.3-rc.98

What's Changed

• chore: update @​supabase/supabase-js to v2.105.2 by @​supabase-libs-pr-manager[bot] in supabase/ssr#214
• fix: validate base64-prefixed chunked cookies decode to valid JSON by @​mandarini in supabase/ssr#210

Full Changelog: supabase/ssr@v0.10.3-rc.96...v0.10.3-rc.98

v0.10.3-rc.96

What's Changed

• chore: update @​supabase/supabase-js to v2.103.0 by @​supabase-libs-pr-manager[bot] in supabase/ssr#199
• chore: update @​supabase/supabase-js to v2.103.2 by @​supabase-libs-pr-manager[bot] in supabase/ssr#201
• chore: update @​supabase/supabase-js to v2.104.0 by @​supabase-libs-pr-manager[bot] in supabase/ssr#203
• chore: update @​supabase/supabase-js to v2.104.1 by @​supabase-libs-pr-manager[bot] in supabase/ssr#204
• chore: update @​supabase/supabase-js to v2.105.0 by @​supabase-libs-pr-manager[bot] in supabase/ssr#206
• chore: update @​supabase/supabase-js to v2.105.1 by @​supabase-libs-pr-manager[bot] in supabase/ssr#208
• fix(tsconfig): set explicit rootDir to silence TS6059 in consumer IDEs by @​mandarini in supabase/ssr#211

Full Changelog: supabase/ssr@v0.10.2...v0.10.3-rc.96

v0.10.2

0.10.2 (2026-04-09)

... (truncated)

Changelog

Sourced from @​supabase/ssr's changelog.

0.10.3 (2026-05-07)

Bug Fixes

• allow cookies encode without getAll/setAll on browser client (#213) (89f3f28), closes #170
• enable tree-shaking for browser bundles (#216) (f009d71)
• tsconfig: set explicit rootDir to silence TS6059 in consumer IDEs (#211) (a77ee8a), closes #209
• validate base64-prefixed chunked cookies decode to valid JSON (#210) (302cc0e)

0.10.2 (2026-04-09)

Bug Fixes

• ci: remove packageManager field (#197) (6bf0226)

0.10.1 (2026-04-08)

Bug Fixes

• auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)

Commits

• 9630b33 chore(main): release 0.10.3 (#212)
• 89f3f28 fix: allow cookies encode without getAll/setAll on browser client (#213)
• f009d71 fix: enable tree-shaking for browser bundles (#216)
• 4fef7d9 chore: update @​supabase/supabase-js to v2.105.3 (#215)
• 302cc0e fix: validate base64-prefixed chunked cookies decode to valid JSON (#210)
• 8449015 chore: update @​supabase/supabase-js to v2.105.2 (#214)
• a77ee8a fix(tsconfig): set explicit rootDir to silence TS6059 in consumer IDEs (#211)
• 65453df chore: update @​supabase/supabase-js to v2.105.1 (#208)
• 2ec3349 chore: update @​supabase/supabase-js to v2.105.0 (#206)
• 0ca0031 chore: update @​supabase/supabase-js to v2.104.1 (#204)
• Additional commits viewable in compare view

Updates @supabase/supabase-js from 2.101.1 to 2.105.4

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.105.4

2.105.4 (2026-05-08)

🩹 Fixes

• auth: return null from getItemAsync on JSON parse failure (#2336)
• postgrest: restore non-Error abort detection in fetch catch (#2335)
• realtime: guard sessionStorage access in restricted-storage browsers (#2339)

v2.105.4-canary.2

2.105.4-canary.2 (2026-05-08)

This was a version bump only, there were no code changes.

v2.105.4-canary.1

2.105.4-canary.1 (2026-05-08)

🩹 Fixes

• realtime: guard sessionStorage access in restricted-storage browsers (#2339)

v2.105.4-canary.0

2.105.4-canary.0 (2026-05-08)

🩹 Fixes

• auth: return null from getItemAsync on JSON parse failure (#2336)
• postgrest: restore non-Error abort detection in fetch catch (#2335)

v2.105.3

2.105.3 (2026-05-04)

🩹 Fixes

• auth: narrow OAuth/CustomProvider types to fix downstream consumer typecheck (#2326)

v2.105.2

2.105.2 (2026-05-04)

🩹 Fixes

• auth: forward lockAcquireTimeout to SupabaseAuthClient (#2309)
• auth: add toJSON to WebAuthnError for correct JSON serialization (#2317)
• misc: widen enum-like unions with (string & {}) for forward compat (#2303)
• misc: reduce any usage across packages (#2314)
• postgrest: unify insert/upsert signatures (#2315)

❤️ Thank You

• Muzzaiyyan Hussain @​MuzzaiyyanHussain

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.105.4 (2026-05-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.105.2 (2026-05-04)

🩹 Fixes

• auth: forward lockAcquireTimeout to SupabaseAuthClient (#2309)
• misc: widen enum-like unions with (string & {}) for forward compat (#2303)

❤️ Thank You

• Muzzaiyyan Hussain @​MuzzaiyyanHussain

2.105.1 (2026-04-28)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.105.0 (2026-04-27)

🚀 Features

• auth: add passkey support with WebAuthn registration, authentication, and management (#2283)
• realtime: Realtime deferred disconnect (#2282)

2.104.1 (2026-04-23)

🩹 Fixes

• supabase: propagate custom fetch to realtime client (#2267)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.104.0 (2026-04-20)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.3 (2026-04-16)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.2 (2026-04-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.1 (2026-04-15)

... (truncated)

Commits

• db53b0f chore(release): version 2.105.2 changelogs (#2323)
• 5223888 [patchback] docs(repo): @​category and @​subcategory tags across all packages (...
• 0412d0d fix(auth): forward lockAcquireTimeout to SupabaseAuthClient (#2309)
• 42c9cbb [patchback] fix(misc): widen enum-like unions with (string & {}) for forward ...
• 7e1773c chore(release): version 2.105.1 changelogs (#2302)
• ca8c418 chore(release): version 2.105.0 changelogs (#2290)
• d19e6d3 [patchback] docs(misc): rename anon key → publishable key and service role ke...
• c420456 [patchback] feat(auth): add passkey support with WebAuthn registration, authe...
• bfb18bc [patchback] feat(realtime): Realtime deferred disconnect (#2282)
• ed49eed chore(release): version 2.104.1 changelogs (#2273)
• Additional commits viewable in compare view

Updates next from 16.2.2 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

• fix: preserve HTTP access fallbacks during prerender recovery (#92231)
• Fix fallback route params case in app-page handler (#91737)
• Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
• Patch setHeader for direct route handlers (#93101)
• Include deployment id in cacheHandlers keys (#93453)
• Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

• ee6e79b v16.2.6
• afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
• 97a154e Turbopack: Fix middleware matcher suffix (#93590)
• 83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
• 7b222b9 [backport][test] Pin package manager to patch versions (#93595)
• a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
• 766148f v16.2.5
• 0dd9483 fix: add explicit checks for RSC header (#83) (#98)
• d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
• 9d50c0b Strip next-resume header from incoming requests (#92)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates react from 19.2.4 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Updates shadcn from 4.1.2 to 4.7.0

Release notes

Sourced from shadcn's releases.

shadcn@4.7.0

Minor Changes

• #10519 eb42ae25fda81e90e621f1e334e5126b1f22371d Thanks @​shadcn! - add support for package imports

• #10528 309d95017fce3936548c15d2ef827c84560cc45a Thanks @​shadcn! - allow alias placeholders in target for registry items

Patch Changes

• #10559 28b3e5f36086677b0533583817407d8f936a567b Thanks @​shadcn! - add previous version error suggestion

shadcn@4.6.0

Minor Changes

• #10530 ea6086cbcc33b359bb876651374e26f643ea85b1 Thanks @​shadcn! - add shadcn preset commands

• #10516 c236d0c009b4ff87c77a04c618d2b348cac7cdcb Thanks @​shadcn! - add preset info to npx shadcn info

Patch Changes

• #10526 55fd4dc71be9e6410a528d6ce6bc7287ffba262c Thanks @​shadcn! - update docs and info urls

• #10524 6dea65ebcbbdb8773b3072ca74c9cee4e386988b Thanks @​shadcn! - fix apply in monorepo

shadcn@4.5.0

Minor Changes

• #10488 eb6e783fb3861aba3b35289a473954080e6f1607 Thanks @​shadcn! - add --pointer option to cli.

  npx shadcn init --pointer will enable cursor: pointer on buttons.

shadcn@4.4.0

Minor Changes

• #10451 e456fed9d3f0b7aacf7084aecc02a75e8fde622d Thanks @​shadcn! - add apply --only

Patch Changes

• 9c572ab778b5a0ab42693eb07bc4a75d0c24603e Thanks @​shadcn! - fix chartColor in presets

shadcn@4.3.1

Patch Changes

• #10436 b7cfc364aca36bc90f8efa86773bc81011502036 Thanks @​shadcn! - Ensure init only runs template post-init hooks for newly created projects.

• #10179 d00605c5fb5fe3cfbcb68cea65398430cdd819f8 Thanks @​EthanThatOneKid! - Send Accept: application/vnd.shadcn.v1+json, application/json;q=0.9 and User-Agent: shadcn on registry fetches so servers using HTTP content negotiation can reliably serve JSON to the CLI. Fixes #10164.

shadcn@4.3.0

Minor Changes

... (truncated)

Changelog

Sourced from shadcn's changelog.

4.7.0

Minor Changes

• #10519 eb42ae25fda81e90e621f1e334e5126b1f22371d Thanks @​shadcn! - add support for package imports

• #10528 309d95017fce3936548c15d2ef827c84560cc45a Thanks @​shadcn! - allow alias placeholders in target for registry items

Patch Changes

• #10559 28b3e5f36086677b0533583817407d8f936a567b Thanks @​shadcn! - add previous version error suggestion

4.6.0

Minor Changes

• #10530 ea6086cbcc33b359bb876651374e26f643ea85b1 Thanks @​shadcn! - add shadcn preset commands

• #10516 c236d0c009b4ff87c77a04c618d2b348cac7cdcb Thanks @​shadcn! - add preset info to npx shadcn info

Patch Changes

• #10526 55fd4dc71be9e6410a528d6ce6bc7287ffba262c Thanks @​shadcn! - update docs and info urls

• #10524 6dea65ebcbbdb8773b3072ca74c9cee4e386988b Thanks @​shadcn! - fix apply in monorepo

4.5.0

Minor Changes

• #10488 eb6e783fb3861aba3b35289a473954080e6f1607 Thanks @​shadcn! - add --pointer option to cli.

  npx shadcn init --pointer will enable cursor: pointer on buttons.

4.4.0

Minor Changes

• #10451 e456fed9d3f0b7aacf7084aecc02a75e8fde622d Thanks @​shadcn! - add apply --only

Patch Changes

• 9c572ab778b5a0ab42693eb07bc4a75d0c24603e Thanks @​shadcn! - fix chartColor in presets

4.3.1

Patch Changes

• #10436 b7cfc364aca36bc90f8efa86773bc81011502036 Thanks @​shadcn! - Ensure init only runs template post-init hooks for newly created projects.

... (truncated)

Commits

• 1137b24 chore(release): version packages (#10556)
• 28b3e5f fix(cli): suggest previous minor on errors (#10559)
• 309d950 feat(shadcn): alias placeholders in target (#10528)
• eb42ae2 feat: add support for package imports (#10519)
• c2e1a57 chore(release): version packages (#10517)
• ea6086c feat: add preset commands (#10530)
• 55fd4dc feat(shadcn): add code redirect (#10526Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
x-archive	Ignored	Preview	May 12, 2026 5:25pm

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Dependabot encountered an unknown error. Because of this, Dependabot cannot update this pull request.

[pdugan20]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.