chore(deps): bump the npm group with 16 updates

[dependabot]

Bumps the npm group with 16 updates:

Package	From	To
@fortawesome/react-fontawesome	3.1.0	3.1.1
@vercel/analytics	1.5.0	1.6.0
@vercel/speed-insights	1.2.0	1.3.0
framer-motion	12.23.24	12.23.25
next	16.0.3	16.0.6
@biomejs/biome	2.3.2	2.3.8
@graphql-codegen/cli	6.0.1	6.1.0
@graphql-codegen/typescript-operations	5.0.2	5.0.6
@tailwindcss/postcss	4.1.16	4.1.17
@tsconfig/next	2.0.3	2.0.4
@types/node	24.9.2	24.10.1
@types/react	19.2.2	19.2.7
@types/react-dom	19.2.2	19.2.3
graphql-request	7.3.1	7.3.5
tailwind-variants	3.1.1	3.2.2
tailwindcss	4.1.16	4.1.17

Updates @fortawesome/react-fontawesome from 3.1.0 to 3.1.1

Release notes

Sourced from @​fortawesome/react-fontawesome's releases.

v3.1.1

3.1.1 (2025-11-28)

Bug Fixes

• WCAG: allow custom role attribute on svgs like previous versions (ef4986b)

Documentation

• remove irrelevant upgrade guide from 0.1-0.2x (7d41077)

Chores

• deps: fix GH advisory GHSA-5j98-mcp5-4vw2 (2cd0c3f)
• deps: regenerate lockfile (779488e)
• deps: upgrade all dev deps (b92e5a7)
• release: explicit registry in publish script (2aee952)
• release: fix semantic release config missing npm plugin (ebabf46)

Changelog

Sourced from @​fortawesome/react-fontawesome's changelog.

3.1.1 (2025-11-28)

Bug Fixes

• WCAG: allow custom role attribute on svgs like previous versions (ef4986b)

Documentation

• remove irrelevant upgrade guide from 0.1-0.2x (7d41077)

Chores

• deps: fix GH advisory GHSA-5j98-mcp5-4vw2 (2cd0c3f)
• deps: regenerate lockfile (779488e)
• deps: upgrade all dev deps (b92e5a7)
• release: explicit registry in publish script (2aee952)
• release: fix semantic release config missing npm plugin (ebabf46)

Commits

• 24238e8 chore(release): 3.1.1 [skip ci]
• 2aee952 chore(release): explicit registry in publish script
• ebabf46 chore(release): fix semantic release config missing npm plugin
• 9c50bbb Merge pull request #609 from FortAwesome/fix/role-attribute
• ef4986b fix(WCAG): allow custom role attribute on svgs like previous versions
• 7d41077 docs: remove irrelevant upgrade guide from 0.1-0.2x
• 2aed44f Merge pull request #608 from FortAwesome/fix/cve-fixes
• 2cd0c3f chore(deps): fix GH advisory GHSA-5j98-mcp5-4vw2
• 779488e chore(deps): regenerate lockfile
• b92e5a7 chore(deps): upgrade all dev deps
• See full diff in compare view

Updates @vercel/analytics from 1.5.0 to 1.6.0

Release notes

Sourced from @​vercel/analytics's releases.

1.6.0

What's Changed

• feat(nuxt): Add support for injectAnalytics() and Nuxt module by @​atinux in vercel/analytics#178
• Add undefined to AllowedPropertyValues type by @​timolins in vercel/analytics#174

New Contributors

• @​atinux made their first contribution in vercel/analytics#178

Full Changelog: vercel/analytics@1.5.0...1.6.0

Commits

• 182d185 chore: prepare release (#180)
• 4f2b656 Add undefined to AllowedPropertyValues type (#174)
• 9a406c4 feat(nuxt): Add support for injectAnalytics() and Nuxt module (#178)
• See full diff in compare view

Updates @vercel/speed-insights from 1.2.0 to 1.3.0

Release notes

Sourced from @​vercel/speed-insights's releases.

1.3.0

What's Changed

• feat(nuxt): Add support for injectSpeedInsights() and Nuxt module by @​HugoRCD in vercel/speed-insights#104
• feat: postinstall script removal by @​feugy in vercel/speed-insights#106
• fix: add route param to beforeSend event type by @​fgascon in vercel/speed-insights#102

New Contributors

• @​HugoRCD made their first contribution in vercel/speed-insights#104
• @​fgascon made their first contribution in vercel/speed-insights#102

Full Changelog: vercel/speed-insights@1.2.0...1.3.0

Commits

• 7ed15ed fix: add route param to beforeSend event type (#102)
• a1dfa74 feat: next release and postinstall script removal (#106)
• f48623c feat(nuxt): Add support for injectSpeedInsights() and Nuxt module (#104)
• See full diff in compare view

Updates framer-motion from 12.23.24 to 12.23.25

Changelog

Sourced from framer-motion's changelog.

[12.23.25] 2025-12-01

Fixed

• Ensure relative projection boxes are re-measured when parent layout changes.

Commits

• 78681bc v12.23.25
• 757b56f Updating changelog
• 3d1f73d Merge pull request #3412 from motiondivision/fix/layout-group
• 4f249bd Removing logs
• 00b0f3b Updating changelog
• 07b95ff Updating changelog
• 64a2b22 Adding layout version
• 68e0f9b Fix image links in README.md
• e20a643 Update README.md with new sponsor links
• e787e5f Remove duplicate links in README.md
• Additional commits viewable in compare view

Updates next from 16.0.3 to 16.0.6

Release notes

Sourced from next's releases.

v16.0.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• bump the browserslist version to silence a warning in CI (#86625)

Credits

Huge thanks to @​lukesandberg for helping!

v16.0.5

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix(nodejs-middleware): await for body cloning to be properly finalized (#85418)

Credits

Huge thanks to @​lucasadrianof for helping!

v16.0.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: Rename proxy.js to middleware.js in NFT file (#86214)
• fix: prevent fetch abort errors propagating to user error boundaries (#86277)
• Turbopack: fix passing project options from napi (#86256)

Credits

Huge thanks to @​devjiwonchoi, @​sokra and @​ztanner for helping!

Commits

• aab1edc v16.0.6
• 279f2e3 bump the browserslist version to silence a warning in CI (#86625)
• 89ccb9f v16.0.5
• 75f63f7 backport fix(nodejs-middleware): await for body cloning to be properly finali...
• d440c75 v16.0.4
• 296923e Turbopack: fix passing project options from napi (#86256)
• 98317f5 fix: prevent fetch abort errors propagating to user error boundaries (#86277)
• 7780025 fix: Rename proxy.js to middleware.js in NFT file (#86214)
• See full diff in compare view

Updates @biomejs/biome from 2.3.2 to 2.3.8

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.8

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

  const foo = "Line 1\nLine 2";
  const bar = `Line 1

... (truncated)

Commits

• 0a6b6fb chore: restore version and yaml how they were
• 5d15cd5 chore: revert version
• 59fa146 ci: release (#8263)
• f7e836f feat(biome_js_analyze): implement noProto rule (#8276)
• b537918 feat(js_biome_analyze): implement noDuplicatedSpreadProps (#8116)
• 91484d1 feat(biome_js_analyze): implement noMultiStr rule (#8218)
• 68c052e feat(biome_js_analyze): implement noEqualsToNull rule (#8214)
• 79adaea feat(lint): added new rule no-leaked-render from eslint-react (#8171)
• cd2edd7 feat(js_analyze): implement noTernary (#8201)
• 8e97b89 ci: release (#8161)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates @graphql-codegen/cli from 6.0.1 to 6.1.0

Changelog

Sourced from @​graphql-codegen/cli's changelog.

6.1.0

Minor Changes

• #10510 9e70bcb Thanks @​nickmessing! - add importExtension configuration option

Patch Changes

• Updated dependencies [9e70bcb]:
  • @​graphql-codegen/plugin-helpers@​6.1.0
  • @​graphql-codegen/client-preset@​5.2.0

6.0.2

Patch Changes

• #10430 aad7f03 Thanks @​renovate! - dependencies updates:
  • Updated dependency @graphql-tools/github-loader@^9.0.0 ↗︎ (from ^8.0.0, in dependencies)
  • Updated dependency @graphql-tools/url-loader@^9.0.0 ↗︎ (from ^8.0.0, in dependencies)
• Updated dependencies []:
  • @​graphql-codegen/client-preset@​5.1.2

Commits

• bec7e74 chore(release): update monorepo packages versions (#10513)
• 9e70bcb feat: add importExtension configuration option (#10510)
• 135ce4d chore(release): update monorepo packages versions (#10484)
• aad7f03 fix(deps): update graphql-tools (major) (#10430)
• c87b779 [CLI] Create watcher.run.spec to test actual running behaviour (#10474)
• ed30b56 chore(deps): update dependency vitest to v4 (#10475)
• See full diff in compare view

Updates @graphql-codegen/typescript-operations from 5.0.2 to 5.0.6

Changelog

Sourced from @​graphql-codegen/typescript-operations's changelog.

5.0.6

Patch Changes

• Updated dependencies [b995ed1]:
  • @​graphql-codegen/visitor-plugin-common@​6.2.1
  • @​graphql-codegen/typescript@​5.0.6

5.0.5

Patch Changes

• Updated dependencies [f821e8a, 9e70bcb]:
  • @​graphql-codegen/visitor-plugin-common@​6.2.0
  • @​graphql-codegen/plugin-helpers@​6.1.0
  • @​graphql-codegen/typescript@​5.0.5

5.0.4

Patch Changes

• Updated dependencies [51a1a72]:
  • @​graphql-codegen/visitor-plugin-common@​6.1.2
  • @​graphql-codegen/typescript@​5.0.4

5.0.3

Patch Changes

• Updated dependencies [6715330]:
  • @​graphql-codegen/visitor-plugin-common@​6.1.1
  • @​graphql-codegen/typescript@​5.0.3

Commits

• 90b62ea chore(release): update monorepo packages versions (#10526)
• b995ed1 Use parent type name on interface types without fragments (#10503)
• bec7e74 chore(release): update monorepo packages versions (#10513)
• b7f90b0 chore(release): update monorepo packages versions (#10500)
• 135ce4d chore(release): update monorepo packages versions (#10484)
• See full diff in compare view

Updates @tailwindcss/postcss from 4.1.16 to 4.1.17

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.1.17

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.1.17] - 2025-11-06

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

Commits

• e9c9c4f Release v4.1.17 (#19272)
• See full diff in compare view

Updates @tsconfig/next from 2.0.3 to 2.0.4

Commits

• See full diff in compare view

Updates @types/node from 24.9.2 to 24.10.1

Commits

• See full diff in compare view

Updates @types/react from 19.2.2 to 19.2.7

Commits

• See full diff in compare view

Updates @types/react-dom from 19.2.2 to 19.2.3

Commits

• See full diff in compare view

Updates graphql-request from 7.3.1 to 7.3.5

Release notes

Sourced from graphql-request's releases.

[email protected]

Bug Fixes

• Fixed #1281: GraphQL errors and data are now accessible from 4xx/5xx HTTP responses
• Fixed #1461: ClientError is properly returned for non-2xx responses with malformed bodies
• Fixed #1462: ClientError is properly returned for non-2xx responses with unsupported content types

Changes

• Non-2xx HTTP responses now parse the response body first to extract GraphQL errors/data when available
• Non-2xx responses with valid GraphQL bodies return ClientError with errors and data accessible
• Non-2xx responses with invalid bodies still return ClientError (not generic Error) for backwards compatibility
• This release reverts PRs #1457 and #1459 which introduced regressions, then reapplies a minimal fix for #1281

Breaking Changes

None - this release maintains backwards compatibility while adding support for accessing GraphQL errors from 4xx/5xx responses.

[email protected]

Bug Fixes

• Non-JSON Error Response Handling: Fixed regression in 7.3.2 where servers returning HTTP 4xx/5xx status codes with non-JSON response bodies (HTML, plain text) would throw an unhelpful error: "Invalid execution result: result is not object or array" (#1459, closes #1458)
  • Added safe JSON parsing fallback for responses without proper Content-Type headers
  • Returns descriptive error messages with response body preview for non-JSON responses
  • Handles common production scenarios: load balancer errors (502/503 HTML pages), CDN errors, WAF/firewall responses, misconfigured servers
  • Maintains backward compatibility for servers that omit Content-Type but return valid JSON
  • Added comprehensive test coverage for HTML, plain text, and missing Content-Type scenarios

What Changed

Version 7.3.2 introduced a bug where the ELSE branch in parseResultFromResponse would pass raw strings (HTML, plain text) to a parser expecting objects/arrays. This only surfaced when:

1. Server returns 4xx/5xx status code
2. Content-Type header is missing or non-JSON (e.g., text/html, text/plain)
3. Response body is not valid JSON

This is now fixed with graceful error handling and clear error messages.

[email protected]

Bug Fixes

• HTTP Error Handling: Fixed regression from v6 to v7 where HTTP 4xx/5xx responses would not include GraphQL errors from response body in ClientError (#1457, closes #1281)

  • Response body is now parsed before checking HTTP status
  • Users can access GraphQL errors via error.response.errors even with non-2xx status codes
  • Common use case: authentication errors (422), server errors (500)

• graphql-codegen Compatibility: Added support for TypedDocumentString from @graphql-codegen when using documentMode: 'string' (#1456, closes #1453)

  • Handles boxed String objects created by TypedDocumentString class
  • Normalizes document input to prevent crashes when passing to GraphQL operations

Commits

• 599c487 chore: bump version to 7.3.5
• dbac13d fix: add TypedDocumentString to accepted document types (#1468)
• 2b4cd54 chore: bump version to 7.3.4
• 657b126 Fix: parse GraphQL errors from 4xx/5xx responses (#1281) (#1465)
• 280e294 Revert PRs #1457 and #1459 - will reimplement properly (#1463)
• a9f94c1 chore: bump ver
• 97d9822 Fix: handle non-JSON error responses gracefully (#1459)
• cc99d03 chore: bump version to 7.3.2
• 7a1ee76 fix: parse GraphQL errors from response body on HTTP 4xx/5xx status codes (#1...
• 0f60a64 fix: support TypedDocumentString from graphql-codegen (#1456)
• See full diff in compare view

Updates tailwind-variants from 3.1.1 to 3.2.2

Release notes

Sourced from tailwind-variants's releases.

v3.2.2

No significant changes

    View changes on GitHub

v3.2.1

   🐞 Bug Fixes

• Update cn function type and import cx from tailwind-variants/lite  -  by @​jrgarciadev in heroui-inc/tailwind-variants#285 (3a3af)

    View changes on GitHub

v3.2.0

   🚀 Features

• Add cx function and refactor cn to use tailwind-merge  -  by @​jrgarciadev in heroui-inc/tailwind-variants#278 (8ec5f)

   🐞 Bug Fixes

• No longer minifyng the code  -  by @​jrgarciadev in heroui-inc/tailwind-variants#282 (34c62)
• Make twMerge default to true in cn function  -  by @​jrgarciadev in heroui-inc/tailwind-variants#283 (1659a)
• Export defaultConfig as value and remove responsiveVariants  -  by @​jrgarciadev in heroui-inc/tailwind-variants#284 (65ee7)

    View changes on GitHub

Changelog

Sourced from tailwind-variants's changelog.

3.2.2 (2025-11-22)

3.2.1 (2025-11-22)

Bug Fixes

• update cn function type and import cx from tailwind-variants/lite (#285) (3a3afce)

3.2.0 (2025-11-22)

Bug Fixes

• export defaultConfig as value and remove responsiveVariants (#284) (65ee73c)
• make twMerge default to true in cn function (#283) (1659aa7)
• no longer minifyng the code (#282) (34c62f4)

Features

• add cx function and refactor cn to use tailwind-merge (#278) (8ec5f6f)

Commits

• fb6e0bf chore: release v3.2.2
• ee83f93 refactor: split cn into cn and cnMerge functions (#286)
• 9c3a937 chore: release v3.2.1
• 3a3afce fix: update cn function type and import cx from tailwind-variants/lite (#285)
• c19f93d chore: release v3.2.0
• 65ee73c fix: export defaultConfig as value and remove responsiveVariants (#284)
• e531070 Merge branch 'main' of github.com:nextui-org/tailwind-variants
• a3c7505 refactor: simplify withFalsy array in benchmark.js
• 1659aa7 fix: make twMerge default to true in cn function (#283)
• d85ad99 Merge branch 'main' of github.com:nextui-org/tailwind-variants
• Additional commits viewable in compare view

Updates tailwindcss from 4.1.16 to 4.1.17

Release notes

Sourced from tailwindcss's releases.

v4.1.17

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

Changelog

Sourced from tailwindcss's changelog.

[4.1.17] - 2025-11-06

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

Commits

• e9c9c4f Release v4.1.17 (#19272)
• dc6a3ce Substitute @variant inside utilities (#19263)
• e71e70e Update magic-string 0.30.19 → 0.30.21 (minor) (#19238)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions