search

SchizzY / next-month-web

https://next-month-web.vercel.app
2 stars 0 forks source link

npm: bump the prod-deps group across 1 directory with 3 updates #60

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the prod-deps group with 3 updates in the / directory: @clerk/nextjs, lucide-react and tailwind-merge.

Updates @clerk/nextjs from 5.1.6 to 5.2.2

Release notes

Sourced from @​clerk/nextjs's releases.

@​clerk/nextjs@​5.2.2

Patch Changes

@​clerk/nextjs@​5.2.1

Patch Changes

@​clerk/nextjs@​5.2.0

Minor Changes

  • Introduces dynamic keys from clerkMiddleware, allowing access by server-side helpers like auth. Keys such as signUpUrl, signInUrl, publishableKey and secretKey are securely encrypted using AES algorithm. (#3525) by @​LauraBeatris

    • When providing secretKey, CLERK_ENCRYPTION_KEY is required as the encryption key. If secretKey is not provided, CLERK_SECRET_KEY is used by default.
    • clerkClient from @clerk/nextjs should now be called as a function, and its singleton form is deprecated. This change allows the Clerk backend client to read keys from the current request, which is necessary to support dynamic keys.

    For more information, refer to the documentation: https://clerk.com/docs/references/nextjs/clerk-middleware#dynamic-keys

Patch Changes

Changelog

Sourced from @​clerk/nextjs's changelog.

5.2.2

Patch Changes

5.2.1

Patch Changes

5.2.0

Minor Changes

  • Introduces dynamic keys from clerkMiddleware, allowing access by server-side helpers like auth. Keys such as signUpUrl, signInUrl, publishableKey and secretKey are securely encrypted using AES algorithm. (#3525) by @​LauraBeatris

    • When providing secretKey, CLERK_ENCRYPTION_KEY is required as the encryption key. If secretKey is not provided, CLERK_SECRET_KEY is used by default.
    • clerkClient from @clerk/nextjs should now be called as a function, and its singleton form is deprecated. This change allows the Clerk backend client to read keys from the current request, which is necessary to support dynamic keys.

    For more information, refer to the documentation: https://clerk.com/docs/references/nextjs/clerk-middleware#dynamic-keys

Patch Changes

5.1.7

Patch Changes

Commits
  • aa35afd ci(repo): Version packages (#3665)
  • e8a2af5 fix(nextjs): Update imports to avoid Node.js build warnings on edge runtime (...
  • 81bd03b ci(repo): Version packages (#3659)
  • 1a704ed ci(repo): Version packages (#3631)
  • f1847b7 feat(nextjs,backend,integration): Introduce dynamic keys from `clerkMiddlewar...
  • 361fc6e ci(repo): Version packages (#3625)
  • See full diff in compare view


Updates lucide-react from 0.396.0 to 0.401.0

Release notes

Sourced from lucide-react's releases.

New icons 0.401.0

New icons 🎨

Modified Icons 🔨

New icons 0.400.0

New icons 🎨

New icons 0.399.0

New icons 🎨

Modified Icons 🔨

... (truncated)

Commits


Updates tailwind-merge from 2.3.0 to 2.4.0

Release notes

Sourced from tailwind-merge's releases.

v2.4.0

New Features

  • Allow hooking into class parsing logic (experimental) by @​dcastil in dcastil/tailwind-merge#444
    • There is no info to this in the docs because this is experimental, but there is a new experimentalParseClassName property in the config that allows you to customize how tailwind-merge recognizes classes. If you're interested, you can read how to use it in the inline JSDocs and subscribe to dcastil/tailwind-merge#385 for upcoming more powerful low-level functionality.
  • Create security policy by @​dcastil in dcastil/tailwind-merge#439
    • Added documentation on how to report potential vulnerabilities
  • Avoid @babel/runtime dependency by @​dcastil in dcastil/tailwind-merge#431
    • Now no dependencies in tailwind-merge anymore. This dependency was only used in the tailwind-merge/es5 bundle anyway which I don't optimize for.

Documentation

Other

Full Changelog: https://github.com/dcastil/tailwind-merge/compare/v2.3.0...v2.4.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​jamesreaco and @​microsoft for sponsoring tailwind-merge! ❤️

Commits
  • f745ace v2.4.0
  • 3847cc0 Merge pull request #444 from dcastil/feature/440/allow-hooking-into-class-par...
  • 9aa1c8e add tests for experimentalParseClassName
  • 6812bf7 fix outdated import path in class-map test
  • 922bfda fix experimentalParseClassName config property not being overriden in mergeCo...
  • f6c7b19 update versioning docs
  • 91eb1b6 add inline documentation for experimentalParseClassName
  • e28c73a add experimentalParseClassName feature to tailwind-merge
  • f39111d rename splitModifiers to parseClassName
  • 6fdf5ef rename class utils to class group utils
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
vercel[bot] commented 2 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
next-month-web ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 8, 2024 5:20am
dependabot[bot] commented 2 months ago

Dependabot tried to add @octocat, @christoff-linde, @SchizzY and @seanloock as reviewers to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/SchizzY/next-month-web/pulls/60/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the SchizzY/next-month-web repository. // See: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request
dependabot[bot] commented 2 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.