chore(deps): bump the production-dependencies group with 27 updates

[dependabot]

Bumps the production-dependencies group with 27 updates:

Package	From	To
@hono/node-server	1.19.6	1.19.7
@hono/trpc-server	0.4.0	0.4.1
@react-email/components	1.0.1	1.0.3
@sentry/cloudflare	10.26.0	10.32.1
@sentry/node	10.26.0	10.32.1
@trpc/server	11.7.2	11.8.1
better-auth	1.4.1	1.4.10
better-sqlite3	12.4.6	12.5.0
drizzle-orm	0.44.7	0.45.1
feedsmith	2.6.0	2.8.0
hono	4.10.6	4.11.3
react-email	5.0.5	5.1.1
resend	6.5.2	6.6.0
zod	4.1.12	4.3.4
react	19.2.0	19.2.3
@sentry/react	10.26.0	10.32.1
@tailwindcss/vite	4.1.17	4.1.18
@tanstack/react-query	5.90.10	5.90.16
@tanstack/react-router	1.139.3	1.144.0
@trpc/client	11.7.2	11.8.1
@trpc/react-query	11.7.2	11.8.1
lucide-react	0.554.0	0.562.0
motion	12.23.24	12.23.26
react-dom	19.2.0	19.2.3
react-hook-form	7.66.1	7.69.0
recharts	3.5.0	3.6.0
tailwindcss	4.1.17	4.1.18

Updates @hono/node-server from 1.19.6 to 1.19.7

Release notes

Sourced from @​hono/node-server's releases.

v1.19.7

What's Changed

• fix: Fix for hono issue 4563 - incorrect content-length after following symlink by @​tshmieldev in honojs/node-server#290
• chore: add configVersion to bun.lock by @​yusukebe in honojs/node-server#291

New Contributors

• @​tshmieldev made their first contribution in honojs/node-server#290

Full Changelog: honojs/node-server@v1.19.6...v1.19.7

Commits

• 0a4826c 1.19.7
• b253386 chore: add configVersion to bun.lock (#291)
• 38e17b5 fix: Fix for hono issue 4563 - incorrect content-length after following symli...
• See full diff in compare view

Updates @hono/trpc-server from 0.4.0 to 0.4.1

Release notes

Sourced from @​hono/trpc-server's releases.

@​hono/trpc-server@​0.4.1

Patch Changes

• #1599 4defad62ab1de77fa91024d5b0c45ce6389eafa0 Thanks @​yusukebe! - fix: auto-detect endpoint from route path

Changelog

Sourced from @​hono/trpc-server's changelog.

0.4.1

Patch Changes

• #1599 4defad62ab1de77fa91024d5b0c45ce6389eafa0 Thanks @​yusukebe! - fix: auto-detect endpoint from route path

Commits

• 2444422 fix(publish): set access public with cli args (#1611)
• cbc0288 chore(deps-dev): bump zod from 3.23.8 to 4.1.13 (#1580)
• 5342216 Version Packages (#1601)
• 4defad6 fix(trpc-server): auto-detect endpoint from route path (#1599)
• dc468a0 refactor: replace tsup with tsdown (#1528)
• 5ede858 chore(deps-dev): bump @​trpc/server from 11.5.1 to 11.7.1 (#1554)
• 565d0e3 chore: bump hono (#1514)
• 68eaa67 chore(deps-dev): bump publint from 0.3.9 to 0.3.14 (#1498)
• f7ebabc chore(deps-dev): bump hono from 4.9.8 to 4.9.10 (#1499)
• db68e22 fix(zod-openapi): remove SimplifyDeepArray from json types (#1469)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​hono/trpc-server since your current version.

Updates @react-email/components from 1.0.1 to 1.0.3

Release notes

Sourced from @​react-email/components's releases.

@​react-email/components@​1.0.3

Patch Changes

• 8b7a660: remove use of devEngines which npm detects
• Updated dependencies [42aca9f]
• Updated dependencies [8b7a660]
  • @​react-email/render@​2.0.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/code-block@​0.2.1
  • @​react-email/container@​0.0.16
  • @​react-email/markdown@​0.0.18
  • @​react-email/tailwind@​2.0.3
  • @​react-email/heading@​0.0.16
  • @​react-email/preview@​0.0.14
  • @​react-email/section@​0.0.17
  • @​react-email/button@​0.2.1
  • @​react-email/column@​0.0.14
  • @​react-email/body@​0.2.1
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/html@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/text@​0.1.6
  • @​react-email/img@​0.0.12
  • @​react-email/row@​0.0.13
  • @​react-email/hr@​0.0.12

@​react-email/components@​1.0.3-canary.0

Patch Changes

• Updated dependencies [42aca9f]
  • @​react-email/render@​2.0.1-canary.0
  • @​react-email/body@​0.2.0
  • @​react-email/button@​0.2.0
  • @​react-email/code-block@​0.2.0
  • @​react-email/code-inline@​0.0.5
  • @​react-email/column@​0.0.13
  • @​react-email/container@​0.0.15
  • @​react-email/font@​0.0.9
  • @​react-email/head@​0.0.12
  • @​react-email/heading@​0.0.15
  • @​react-email/hr@​0.0.11
  • @​react-email/html@​0.0.11
  • @​react-email/img@​0.0.11
  • @​react-email/link@​0.0.12
  • @​react-email/markdown@​0.0.17
  • @​react-email/preview@​0.0.13
  • @​react-email/row@​0.0.12
  • @​react-email/section@​0.0.16
  • @​react-email/tailwind@​2.0.2

... (truncated)

Changelog

Sourced from @​react-email/components's changelog.

1.0.3

Patch Changes

• 8b7a660: remove use of devEngines which npm detects
• Updated dependencies [42aca9f]
• Updated dependencies [8b7a660]
  • @​react-email/render@​2.0.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/code-block@​0.2.1
  • @​react-email/container@​0.0.16
  • @​react-email/markdown@​0.0.18
  • @​react-email/tailwind@​2.0.3
  • @​react-email/heading@​0.0.16
  • @​react-email/preview@​0.0.14
  • @​react-email/section@​0.0.17
  • @​react-email/button@​0.2.1
  • @​react-email/column@​0.0.14
  • @​react-email/body@​0.2.1
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/html@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/text@​0.1.6
  • @​react-email/img@​0.0.12
  • @​react-email/row@​0.0.13
  • @​react-email/hr@​0.0.12

1.0.3-canary.0

Patch Changes

• Updated dependencies [42aca9f]
  • @​react-email/render@​2.0.1-canary.0
  • @​react-email/body@​0.2.0
  • @​react-email/button@​0.2.0
  • @​react-email/code-block@​0.2.0
  • @​react-email/code-inline@​0.0.5
  • @​react-email/column@​0.0.13
  • @​react-email/container@​0.0.15
  • @​react-email/font@​0.0.9
  • @​react-email/head@​0.0.12
  • @​react-email/heading@​0.0.15
  • @​react-email/hr@​0.0.11
  • @​react-email/html@​0.0.11
  • @​react-email/img@​0.0.11
  • @​react-email/link@​0.0.12
  • @​react-email/markdown@​0.0.17
  • @​react-email/preview@​0.0.13
  • @​react-email/row@​0.0.12

... (truncated)

Commits

• 576a4e1 chore(root): version packages (#2755)
• 8b7a660 fix(all): devEngines getting flagged by npm install (#2736)
• 5095cf1 chore(root): version packages (canary) (#2745)
• f9dd7e2 chore(root): version packages (#2741)
• ca5f650 fix: use devEngines for node >=22 instead of engines (#2694)
• See full diff in compare view

Updates @sentry/cloudflare from 10.26.0 to 10.32.1

Release notes

Sourced from @​sentry/cloudflare's releases.

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

Bundle size 📦

Path	Size
@​sentry/browser	24.24 KB
@​sentry/browser - with treeshaking flags	22.77 KB
@​sentry/browser (incl. Tracing)	40.62 KB
@​sentry/browser (incl. Tracing, Profiling)	45.12 KB
@​sentry/browser (incl. Tracing, Replay)	78.3 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	68.28 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	82.88 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	94.83 KB
@​sentry/browser (incl. Feedback)	40.57 KB
@​sentry/browser (incl. sendFeedback)	28.82 KB
@​sentry/browser (incl. FeedbackAsync)	33.7 KB
@​sentry/react	25.92 KB
@​sentry/react (incl. Tracing)	42.77 KB
@​sentry/vue	28.6 KB
@​sentry/vue (incl. Tracing)	42.39 KB
@​sentry/svelte	24.25 KB
CDN Bundle	26.62 KB
CDN Bundle (incl. Tracing)	41.25 KB
CDN Bundle (incl. Tracing, Replay)	77.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	82.44 KB
CDN Bundle - uncompressed	78.18 KB
CDN Bundle (incl. Tracing) - uncompressed	122.47 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	236.27 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	248.74 KB
@​sentry/nextjs (client)	44.94 KB
@​sentry/sveltekit (client)	40.98 KB
@​sentry/node-core	50.4 KB
@​sentry/node	157.73 KB
@​sentry/node - without tracing	90.87 KB
@​sentry/aws-serverless	106.02 KB

10.32.0

Important Changes

... (truncated)

Changelog

Sourced from @​sentry/cloudflare's changelog.

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

10.32.0

Important Changes

• feat(core): Apply scope attributes to logs (#18184)

  You can now set attributes on the SDK's scopes which will be applied to all logs as long as the respective scopes are active. For the time being, only string, number and boolean attribute values are supported.

  Sentry.geGlobalScope().setAttributes({ is_admin: true, auth_provider: 'google' });
  Sentry.withScope(scope => {
  scope.setAttribute('step', 'authentication');
  // scope attributes is_admin, auth_provider and step are added
  Sentry.logger.info(user ${user.id} logged in, { activeSince: 100 });
  Sentry.logger.info(updated ${user.id} last activity);
  });
  // scope attributes is_admin and auth_provider are added
  Sentry.logger.warn('stale website version, reloading page');

• feat(replay): Add Request body with attachRawBodyFromRequest option (#18501)

  To attach the raw request body (from Request objects passed as the first fetch argument) to replay events, you can now use the attachRawBodyFromRequest option in the Replay integration:

  Sentry.init({
    integrations: [
      Sentry.replayIntegration({
        attachRawBodyFromRequest: true,
      }),
    ],
  });

... (truncated)

Commits

• 528ade2 release: 10.32.1
• 25f695d Merge pull request #18578 from getsentry/prepare-release/10.32.1
• a981a3d meta(changelog): Update changelog for 10.32.1
• 0d8547c fix(vercelai): Fix input token count (#18574)
• 71384a2 chore(lint): prefer 'unknown' to 'any', fix lint warnings
• d1dd308 chore(test): Remove cloudflare-astro e2e test (#18567)
• 12f3007 fix(ember): Make implementation field optional (hash routes) (#18564)
• 3fda84d fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• a538901 Merge pull request #18563 from getsentry/master
• 063c4dc Merge pull request #18562 from getsentry/ab/skip-ci-when-no-code-changes
• Additional commits viewable in compare view

Updates @sentry/node from 10.26.0 to 10.32.1

Release notes

Sourced from @​sentry/node's releases.

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

Bundle size 📦

Path	Size
@​sentry/browser	24.24 KB
@​sentry/browser - with treeshaking flags	22.77 KB
@​sentry/browser (incl. Tracing)	40.62 KB
@​sentry/browser (incl. Tracing, Profiling)	45.12 KB
@​sentry/browser (incl. Tracing, Replay)	78.3 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	68.28 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	82.88 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	94.83 KB
@​sentry/browser (incl. Feedback)	40.57 KB
@​sentry/browser (incl. sendFeedback)	28.82 KB
@​sentry/browser (incl. FeedbackAsync)	33.7 KB
@​sentry/react	25.92 KB
@​sentry/react (incl. Tracing)	42.77 KB
@​sentry/vue	28.6 KB
@​sentry/vue (incl. Tracing)	42.39 KB
@​sentry/svelte	24.25 KB
CDN Bundle	26.62 KB
CDN Bundle (incl. Tracing)	41.25 KB
CDN Bundle (incl. Tracing, Replay)	77.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	82.44 KB
CDN Bundle - uncompressed	78.18 KB
CDN Bundle (incl. Tracing) - uncompressed	122.47 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	236.27 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	248.74 KB
@​sentry/nextjs (client)	44.94 KB
@​sentry/sveltekit (client)	40.98 KB
@​sentry/node-core	50.4 KB
@​sentry/node	157.73 KB
@​sentry/node - without tracing	90.87 KB
@​sentry/aws-serverless	106.02 KB

10.32.0

Important Changes

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

10.32.0

Important Changes

• feat(core): Apply scope attributes to logs (#18184)

  You can now set attributes on the SDK's scopes which will be applied to all logs as long as the respective scopes are active. For the time being, only string, number and boolean attribute values are supported.

  Sentry.geGlobalScope().setAttributes({ is_admin: true, auth_provider: 'google' });
  Sentry.withScope(scope => {
  scope.setAttribute('step', 'authentication');
  // scope attributes is_admin, auth_provider and step are added
  Sentry.logger.info(user ${user.id} logged in, { activeSince: 100 });
  Sentry.logger.info(updated ${user.id} last activity);
  });
  // scope attributes is_admin and auth_provider are added
  Sentry.logger.warn('stale website version, reloading page');

• feat(replay): Add Request body with attachRawBodyFromRequest option (#18501)

  To attach the raw request body (from Request objects passed as the first fetch argument) to replay events, you can now use the attachRawBodyFromRequest option in the Replay integration:

  Sentry.init({
    integrations: [
      Sentry.replayIntegration({
        attachRawBodyFromRequest: true,
      }),
    ],
  });

... (truncated)

Commits

• 528ade2 release: 10.32.1
• 25f695d Merge pull request #18578 from getsentry/prepare-release/10.32.1
• a981a3d meta(changelog): Update changelog for 10.32.1
• 0d8547c fix(vercelai): Fix input token count (#18574)
• 71384a2 chore(lint): prefer 'unknown' to 'any', fix lint warnings
• d1dd308 chore(test): Remove cloudflare-astro e2e test (#18567)
• 12f3007 fix(ember): Make implementation field optional (hash routes) (#18564)
• 3fda84d fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• a538901 Merge pull request #18563 from getsentry/master
• 063c4dc Merge pull request #18562 from getsentry/ab/skip-ci-when-no-code-changes
• Additional commits viewable in compare view

Updates @trpc/server from 11.7.2 to 11.8.1

Release notes

Sourced from @​trpc/server's releases.

v11.8.1

What's Changed

• fix(server): pass maxDurationMs timeout signal to subscription handlers by @​tt-a1i in trpc/trpc#7037
• fix(tanstack-react-query): useSubscription prop tracking by @​Julusian in trpc/trpc#7036
• fix(server): fastify form-data type by @​wszgrcy in trpc/trpc#6974

New Contributors

• @​bsdahl made their first contribution in trpc/trpc#6995
• @​tt-a1i made their first contribution in trpc/trpc#7037
• @​Julusian made their first contribution in trpc/trpc#7036
• @​wszgrcy made their first contribution in trpc/trpc#6974

Full Changelog: trpc/trpc@v11.8.0...v11.8.1

v11.8.0

What's Changed

• feat(server): support streaming in API Gateway REST API by @​anatolzak in trpc/trpc#7039
• fixes GHSA-43p4-m455-4f4j

Commits

• 0d08831 v11.8.1
• b802056 fix(server): fastify form-data type (#6974)
• 1c9a6ec chore(deps): update dependency @​oxc-project/runtime to v0.104.0 (#7051)
• 172b6aa fix(server): pass maxDurationMs timeout signal to subscription handlers (#7037)
• 6820949 chore: bump next (#7045)
• d7adb37 chore(server): some internal refactors (#7044)
• a247ce2 v11.8.0
• 78629d5 Fix bug (#7043)
• 9a17cef feat(server): support streaming in API Gateway REST API (#7039)
• fa8d806 chore(deps): update dependency valibot to v1.2.0 [security] (#7026)
• See full diff in compare view

Updates better-auth from 1.4.1 to 1.4.10

Release notes

Sourced from better-auth's releases.

v1.4.10

   🚀 Features

• Support form data for email sign-in/sign-up and fallback to checking fetch Metadata for first login  -  by @​Paola3stefania, @​bytaesu, Bereket Engida and @​jonathansamines in better-auth/better-auth#6314 (3f06d)
• expo:
  • Add webBrowserOptions to openAuthSessionAsync  -  by @​himself65 and Copilot in better-auth/better-auth#7054 (d1184)
• saml:
  • Add XML parser hardening with configurable size limits  -  by @​Paola3stefania in better-auth/better-auth#6805 (6e1f4)
• stripe:
  • Flexible subscription cancellation and termination management  -  by @​bytaesu and @​GautamBytes in better-auth/better-auth#6961 (c128d)
  • Handle customer.subscription.created webhook event  -  by @​bytaesu, Copilot and @​himself65 in better-auth/better-auth#6924 (cf64f)
  • Add disableRedirect option for subscription and billing  -  by @​himself65 and Valerii Strilets in better-auth/better-auth#7068 (11493)

   🐞 Bug Fixes

• Correct accountLinking default to true  -  by @​bytaesu and @​himself65 in better-auth/better-auth#6963 (0ccdf)
• Add supportsArrays to memory and mongodb adapters  -  by @​bytaesu in better-auth/better-auth#6984 (855db)
• Sync updateSession changes to secondary storage and active-sessions list  -  by @​Ridhim-RR, @​bytaesu and Taesu in better-auth/better-auth#6988 (13dbf)
• admin:
  • Custom role type inference  -  by @​bytaesu in better-auth/better-auth#6997 (63438)
  • UserId check in /has-permission  -  by @​himself65 and Copilot in better-auth/better-auth#7016 (adc88)
• anonymous:
  • Missing path breaks anonymous hooks  -  by @​ping-maxwell and @​himself65 in better-auth/better-auth#6794 (8e85b)
• api:
  • Chain plugin onRequest hooks properly  -  by @​bytaesu in better-auth/better-auth#7070 (1ee6d)
• client:
  • Prevent duplicate signal processing in atom listeners  -  by @​himself65 in better-auth/better-auth#7018 (016ba)
  • Apply rate limit focus refetch regardless of session state  -  by @​bytaesu and @​himself65 in better-auth/better-auth#7048 (bf423)
• expo:
  • Improve parseSetCookieHeader  -  by @​bytaesu in better-auth/better-auth#6990 (66a61)
• oauth-provider:
  • Support jwksPath  -  by @​dvanmali in better-auth/better-auth#6989 (54847)
  • Only session db store currently supported  -  by @​dvanmali in better-auth/better-auth#7000 (49821)
• oauth-proxy:
  • Point provider requests to production and fix cookie handling in non-HTTPS environments  -  by @​bytaesu and Bereket Engida in better-auth/better-auth#6472 (8e6ad)
• organization:
  • Remove unnecessary type re-export  -  by @​bytaesu in better-auth/better-auth#7011 (40df9)
• passkey:
  • Use data.id instead of challengeId in deleteVerificationValue  -  by @​GautamBytes in better-auth/better-auth#6826 (8b4cd)
• stripe:
  • Add 'subscription/restore' to pathMethods  -  by @​bytaesu in better-auth/better-auth#6959 (9acb7)
  • Prevent trial abuse by checking all user subscriptions  -  by @​GautamBytes, Taesu and @​himself65 in better-auth/better-auth#6950 (08895)

    View changes on GitHub

v1.4.10-beta.1

   🚀 Features

• Add code property for api error instance  -  by @​himself65 in better-auth/better-auth#6633 (a184e)
• multi-session: Allow to infer additional fields "  -  by @​Bekacru in better-auth/better-auth#6585 (ec57a)

... (truncated)

Commits

• 4bf85c6 chore: release v1.4.10
• 1ee6d20 fix(api): chain plugin onRequest hooks properly (#7070)
• 13dbfd6 fix: sync updateSession changes to secondary storage and active-sessions li...
• 999424f chore: remove duplicate refreshUserSessions calls (#7022)
• bf42379 fix(client): apply rate limit focus refetch regardless of session state (#7048)
• 016ba1d fix(client): prevent duplicate signal processing in atom listeners (#7018)
• 8e6ad93 fix(oauth-proxy): point provider requests to production and fix cookie handli...
• adc88c7 fix(admin): userId check in /has-permission (#7016)
• fd3e95e chore: replace body schema with signUpEmailBodySchema (#7017)
• 40df9a4 fix(organization): remove unnecessary type re-export (#7011)
• Additional commits viewable in compare view

Updates better-sqlite3 from 12.4.6 to 12.5.0

Release notes

Sourced from better-sqlite3's releases.

v12.5.0

What's Changed

• Update SQLite to version 3.51.1 in WiseLibs/better-sqlite3#1424

Full Changelog: WiseLibs/better-sqlite3@v12.4.6...v12.5.0

Commits

• 6209be2 12.5.0
• 3445561 Update SQLite to version 3.51.1 (#1424)
• See full diff in compare view

Updates drizzle-orm from 0.44.7 to 0.45.1

Release notes

Sourced from drizzle-orm's releases.

0.45.1

• Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

• Fixed pg-native Pool detection in node-postgres transactions
• Allowed subqueries in select fields
• Updated typo algorythm => algorithm
• Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)
• Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

Commits

• a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
• c445637 Merge pull request #5095 from drizzle-team/main-workflows
• e7b3aaa Merge branch 'main' into main-workflows
• 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
• 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
• 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
• 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
• ce88a18 Merge remote-tracking branch 'origin/ext-deps-kit' into main-workflows
• 5c8a4c5 +
• 73e2ea4 feat: Add release router workflow to manage feature and latest releases
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for drizzle-orm since your current version.

Updates feedsmith from 2.6.0 to 2.8.0

Release notes

Sourced from feedsmith's releases.

v2.8.0

2.8.0 (2025-12-12)

Bug Fixes

• Preserve HTML entities inside CDATA sections (9c8478d)
• Prevent double-decoding of HTML entities (&lt; → <) (70584b8)

---

⚠️ IMPORTANT ⚠️

What changed

• Single-pass entity decoding: Previously, entities were decoded twice (< → < → <). Now they're decoded once (< → <), preserving intentionally encoded content.

• CDATA content preserved verbatim: Per W3C XML specification, content inside <![CDATA[...]]> sections is no longer entity-decoded. Entities like & inside CDATA now remain as-is.

This change aligns Feedsmith with the W3C XML specification and matches the behavior of other compliant XML/feed parsers.

Why

The previous behavior corrupted certain content:

• Technical blogs with code examples (e.g., <![CDATA[<code>&lt;div&gt;</code>]]>) would have the escaped tags decoded, breaking visible code snippets
• Double-encoded entities from some CMS systems were over-decoded
• CDATA sections (common in podcasts and rich descriptions) had entities incorrectly processed

Example

<description><![CDATA[Use <code>&lt;div&gt;</code> for containers]]></description>

• Before: Use <code><div></code> for containers (Broken HTML)
• After: Use <code>&lt;div&gt;</code> for containers (Visible <div> text )

Who's affected

Most feeds will see no change. Affected content includes:

• Programming/documentation feeds with HTML examples in CDATA
• Feeds with double-enco...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml