Sourced from @​tanstack/react-virtual's releases.

@​tanstack/react-virtual@​3.13.24

Patch Changes

• Updated dependencies [97a204d]:
  • @​tanstack/virtual-core@​3.14.0

Sourced from @​tanstack/react-virtual's changelog.

3.13.24

Patch Changes

• Updated dependencies [97a204d]:
  • @​tanstack/virtual-core@​3.14.0

• c3d4cd4 ci: Version Packages (#1157)
• See full diff in compare view

Sourced from next's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
• Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
• Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• Compiler: Support boolean and number primtives in next.config defines (#92731)
• turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
• Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
• Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

• 2275bd8 v16.2.4
• e073983 Adding more system info to the 'initialize project' trace (#92427)
• 8a540b5 Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92...
• 2f5343f Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• 2ad9d3f turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...
• 6f3808e Compiler: Support boolean and number primtives in next.config defines (#92731)
• fbc7684 Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• 805d758 Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...
• 1056fae chore: Bump reqwest to 0.13.2 (#92713)
• d5f649b v16.2.3
• Additional commits viewable in compare view

Sourced from @​react-navigation/bottom-tabs's changelog.

7.15.10 (2026-04-24)

Note: Version bump only for package @​react-navigation/bottom-tabs

• c0040ab chore: publish
• See full diff in compare view

Sourced from @​supabase/supabase-js's releases.

v2.104.1

2.104.1 (2026-04-23)

🩹 Fixes

• auth: emit PASSWORD_RECOVERY event for PKCE recovery flows (#2272)
• postgrest: restore runtime test files to tstyche scope (#2266)
• supabase: propagate custom fetch to realtime client (#2267)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.104.1-canary.3

2.104.1-canary.3 (2026-04-23)

🩹 Fixes

• auth: emit PASSWORD_RECOVERY event for PKCE recovery flows (#2272)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.104.1-canary.2

2.104.1-canary.2 (2026-04-23)

This was a version bump only, there were no code changes.

v2.104.1-canary.1

2.104.1-canary.1 (2026-04-22)

🩹 Fixes

• supabase: propagate custom fetch to realtime client (#2267)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.104.1-canary.0

2.104.1-canary.0 (2026-04-22)

🩹 Fixes

• postgrest: restore runtime test files to tstyche scope (#2266)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

... (truncated)

Sourced from @​supabase/supabase-js's changelog.

2.104.1 (2026-04-23)

🩹 Fixes

• supabase: propagate custom fetch to realtime client (#2267)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.104.0 (2026-04-20)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.3 (2026-04-16)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.2 (2026-04-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.1 (2026-04-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.0 (2026-04-09)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.102.1 (2026-04-07)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.102.0 (2026-04-07)

🚀 Features

• supabase: export PostgrestFilterBuilder and StorageApiError from supabase-js (#2222)
• postgrest: add automatic retries for transient errors (#2072)

❤️ Thank You

• Guilherme Souza
• Katerina Skroumpelou @​mandarini

• 122d3a9 fix(supabase): propagate custom fetch to realtime client (#2267)
• 9360d4a chore(release): version 2.104.0 changelogs (#2261)
• 897fb8e docs(repo): show createClient as primary example in all client constructors (...
• 7a9b2e1 chore(release): version 2.103.3 changelogs (#2258)
• a2f9414 chore(release): version 2.103.2 changelogs (#2253)
• f9da9ee chore(release): version 2.103.1 changelogs (#2248)
• d38c180 chore(release): version 2.103.0 changelogs (#2237)
• 16dd265 chore(release): version 2.102.1 changelogs (#2233)
• 0c1e6db chore(release): version 2.102.0 changelogs (#2232)
• 5a6a5be feat(supabase): export PostgrestFilterBuilder and StorageApiError from supaba...
• Additional commits viewable in compare view

• See full diff in compare view

• See full diff in compare view

• See full diff in compare view

• See full diff in compare view

• See full diff in compare view

• See full diff in compare view

• See full diff in compare view

• See full diff in compare view

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

• 23f4f9f 19.2.5
• See full diff in compare view

Sourced from react-native's releases.

0.85.2

---

Hermes dSYMS:

• Debug
• Release

Hermes V1 dSYMS:

• Debug
• Release

ReactNativeDependencies dSYMs:

• Debug
• Release

ReactNative Core dSYMs:

• Debug
• Release

---

You can file issues or pick requests against this release here.

---

To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

---

View the whole changelog in the CHANGELOG.md file.

0.85.1

---

Hermes dSYMS:

• Debug
• Release

Hermes V1 dSYMS:

• Debug
• Release

ReactNativeDependencies dSYMs:

• Debug
• Release

ReactNative Core dSYMs:

• Debug
• Release

... (truncated)

Sourced from react-native's changelog.

v0.85.2

Added

• Animated: Add pushAnimationMutations to AnimationBackend for targeted event-driven animation updates (e4f0509973 by Bartlomiej Bloniarz)

Fixed

• Animated: Fix potential data corruption in animation backend when ShadowTree commits are retried by copying RawProps instead of moving them (77d3df8cab by Bartlomiej Bloniarz)

iOS specific

• Dev Server: Fix "Loading from Metro..." banner getting stuck after reloads in quick succession (e122c24c27 by @​alanjhughes)

v0.85.1

Fixed

• Animated: Share animation backend enabled as experimental(401b1620dc by @​cortinico)

Android specific

• Networking: FormData uploads broken in debug builds (0d1b70ee22 by @​riteshshukla04)

v0.85.0

Breaking

• Animated: Fix unsafe rawPointer access in cloneMultiple. (1d47693230 by @​coado)
• Build: Drop support for EOL Node.js lines and old minors. (c9c601d61a by @​robhogan)
• Jest: Move Jest preset to new react-native/jest-preset package (c4ae05534a by @​kitten)
• StyleSheet: Remove deprecated StyleSheet.absoluteFillObject API (5681db09b8 by @​huntie)
• TypeScript: Removing deprecated type aliases. Use the type directly. (1813df743d by @​sammy-SC)
• TypeScript: Removing deprecated type aliases. Use the type directly. (796a9a8922 by @​sammy-SC)

Android specific

• Events: Re-added receiveTouches to RCTEventEmitter with a default no-op implementation to avoid breaking ecosystem libraries (67db89d08a by @​javache)
• Legacy Architecture: Deprecated UIManagerHelper.getEventDispatcherForReactTag and UIManagerHelper.getEventDispatcher(ReactContext, UIManagerType Int), use getEventDispatcher (4e5d45f4db by @​javache)
• Legacy Architecture: Stub UIImplementation class, this class is unused in the new architecture (fbe15f6605 by @​mdvacca)
• Text: Make ReactTextUpdate internal (faebee4338 by @​NickGerleman)

Added

• Animated: RCTAnimationChoreographer to RCTScheduler (019c9a7d8f by Bartlomiej Bloniarz)
• Animated: std::mutex to AnimationBackend to protect start, stop and callbacks. (4064b89867 by Bartlomiej Bloniarz)
• Animated: Add c++ AnimatedModule to DefaultTurboModules (15e52e3f71 by @​zeyap)
• Animated: Added support for transform operations. (58b7b052c0 by @​coado)
• Animated: Animated calls AnimationBackend::trigger to push updates from. events to the mounting layer (ac06f3bdc7 by Bartlomiej Bloniarz)
• Animated: Animated can now prompt the backend to push changes to the shadowTree on the JS thread, making RSNRU update the ShadowNode references held by the react renderer. (f9e94c0502 by Bartlomiej Bloniarz)

... (truncated)

• 67baaf3 Release 0.85.2
• 5300582 Fix loading banner stuck after a reload
• 430da64 Avoid moving RawProps during animation backend commit when retries are possib...
• 16e6e32 Add pushAnimationMutations to the AnimationBackend (#56401)
• 2c0ae27 Release 0.85.1
• 9dfd26e fix: formData upload broken in debug builds (#56406)
• 76cf797 Update generate-artifacts-executor scripts to skip write/cp for unchanged o...
• 401b162 [0.85] Correclty promote flags to experimental for 0.85 release (#56373)
• 10644a0 Release 0.85.0
• b2839b1 Release 0.85.0-rc.7
• Additional commits viewable in compare view

Sourced from @​clerk/nextjs's releases.

@​clerk/nextjs@​7.2.7

Patch Changes

• Updated dependencies [da76490]:
  • @​clerk/shared@​4.8.5
  • @​clerk/backend@​3.4.1
  • @​clerk/react@​6.4.5

@​clerk/nextjs@​7.2.6

Patch Changes

• Updated dependencies [083c4c5, dcaf694, d9011b4]:
  • @​clerk/shared@​4.8.4
  • @​clerk/react@​6.4.4
  • @​clerk/backend@​3.4.0

@​clerk/nextjs@​7.2.3

Patch Changes

• Updated dependencies [fcc6c0c]:
  • @​clerk/backend@​3.2.13
  • @​clerk/react@​6.4.2

@​clerk/nextjs@​7.2.2

Patch Changes

• Updated dependencies [f800b4f, 8ee6a32, c7b0f47, 34762e8]:
  • @​clerk/backend@​3.2.12
  • @​clerk/shared@​4.8.2
  • @​clerk/react@​6.4.2

@​clerk/nextjs@​7.2.1

Patch Changes

• Normalize URL paths in createPathMatcher to prevent route protection bypass (#8311) by @​nikosdouvlis

• Updated dependencies [b0b6675]:

  • @​clerk/shared@​4.8.1
  • @​clerk/backend@​3.2.11
  • @​clerk/react@​6.4.1

Sourced from @​clerk/nextjs's changelog.

7.2.7

Patch Changes

• Updated dependencies [da76490]:
  • @​clerk/shared@​4.8.5
  • @​clerk/backend@​3.4.1
  • @​clerk/react@​6.4.5

7.2.6

Patch Changes

• Updated dependencies [083c4c5, dcaf694, d9011b4]:
  • @​clerk/shared@​4.8.4
  • @​clerk/react@​6.4.4
  • @​clerk/backend@​3.4.0

7.2.5

Patch Changes

• Refactor clerkMiddleware internals to factor the post-authentication pipeline (handler invocation, CSP, redirects, response decoration) into a private runHandlerWithRequestState helper. Pure refactor — no behavioral change. (#8368) by @​jacekradko

• Updated dependencies [93855c2]:

  • @​clerk/backend@​3.3.0

7.2.4

Patch Changes

• Add helpful TypeScript error for incorrect auth import path (#8358) by @​jacekradko

• Fix an authorization bypass in has(), auth.protect(), and related predicates when a single call combined conditions from more than one dimension (for example, { permission, reverification } or { feature, permission }). A dimension that should have denied the request was treated as indeterminate and ignored by the combining logic, allowing other passing dimensions to carry the result and authorize the call when it should have failed closed. (#8372) by @​nikosdouvlis

  Behavior is now:

  • When a requested dimension cannot be satisfied because the underlying session data is missing, malformed, or invalid, the call denies. Previously these cases were treated as indeterminate and ignored, which could let another passing dimension carry the call.
  • Fixed a minor bug where session.checkAuthorization() was building authorization options from the membership row id instead of the organization id.

  Single-condition role, permission, feature, and plan checks (has({ permission }), etc.) are unchanged. Single-condition reverification checks are unchanged on well-formed session data; calls with a missing or malformed factorVerificationAge payload now deny where they previously returned indeterminate. Callback-form auth.protect(has => ...) is unaffected unless the callback itself invokes the affected shapes.

  Separately, auth.protect() in @clerk/nextjs previously discarded authorization params (role, permission, feature, plan, reverification) whenever the same argument object also contained unauthenticatedUrl, unauthorizedUrl, or token. TypeScript's excess-property check caught this for inline object literals but did not apply once the argument was assigned to a variable, spread, or used from JavaScript. Mixed-shape calls like auth.protect({ role: 'org:admin', unauthorizedUrl: '/denied' }) or auth.protect({ permission: 'org:X', token: 'session_token' }) now correctly enforce the authorization check instead of silently letting every authenticated caller through.

• Updated dependencies [d52b311, abaa339]:

  • @​clerk/shared@​4.8.3
  • @​clerk/backend@​3.2.14
  • @​clerk/react@​6.4.3

7.2.3

... (truncated)

• 2f48ea8 ci(repo): Version packages (#8401)
• 6be2ea9 ci(repo): Version packages (#8389)
• 8a25c6a ci(repo): Version packages (#8377)
• 93855c2 refactor(nextjs): factor runHandlerWithRequestState out of baseNextMiddleware...
• 57bca7b ci(repo): Version packages (#8363)
• d52b311 fix(shared,clerk-js,nextjs): authorization bypass in combined-condition has()...
• 683399a feat(nextjs): add helpful error for incorrect auth import (#8358)
• 7994b5f ci(repo): Version packages (#8340)
• cc8fed5 ci(repo): Version packages (#8322)
• 6399251 ci(repo): Version packages (#8315)
• Additional commits viewable in compare view

Sourced from @​neondatabase/serverless's changelog.

1.1.0 (2026-04-09)

Type declarations are now fully inlined (some were previously re-exported from @types/pg and @types/node). The new types greatly reduce the size of the package with dependencies, and should be compatible in normal usage. The code that is actually run remains unchanged.

A few advanced type-level patterns could be affected. Code that depends on exact type identity with the @types/pg exports, that relies on declare module 'pg' augmentation flowing through these exports, or that assumes Buffer-specific types in places now declared as Uint8Array may need updated types.

• d8d42fc 1.1.0
• aeda724 Updated release instructions in DEVELOP.md and preversion script
• 55f6b42 Add comment to src/shims/pg/index.d.ts about maintenance
• accf39a Inline all TypeScript types for a significant install size reduction (#206)
• 013ae38 Add prisma generate before packages tests (#200)
• 2571f25 Switch CI workflows to protected runner group (#198)
• 010888d Harden CI: disable third-party scripts, add release cooldown, and tighten per...
• See full diff in compare view

This version was pushed to npm by GitHub Actions, a new releaser for @​neondatabase/serverless since your current version.

Sourced from @​supabase/ssr's releases.

v0.10.2

0.10.2 (2026-04-09)

Bug Fixes

• ci: remove packageManager field (#197) (6bf0226)

v0.10.2-rc.88

What's Changed

• fix(ci): remove packageManager field by @​mandarini in supabase/ssr#197

Full Changelog: supabase/ssr@v0.10.1...v0.10.2-rc.88

v0.10.1

0.10.1 (2026-04-08)

Bug Fixes

• auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)

Sourced from @​supabase/ssr's changelog.

0.10.2 (2026-04-09)

Bug Fixes

• ci: remove packageManager field (#197) (6bf0226)

0.10.1 (2026-04-08)

Bug Fixes

• auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)

• 6fc9c52 chore(main): release 0.10.2 (#198)
• 6bf0226 fix(ci): remove packageManager field (#197)
• 6f897b8 chore(main): release 0.10.1 (#195)
• 465759d chore(ci): upgrade Node.js to 22 and npm to 11 via corepack (#196)
• 5f04837 fix(auth): respect user-provided auth options in createBrowserClient (#167)
• 693eab5 chore: update @​supabase/supabase-js to v2.102.1 (#193)
• af23c17 chore: update @​supabase/supabase-js to v2.101.1 (#189)
• 12a09d2 docs: shorten createServerClient tsdoc (#174)
• 2224e06 chore: update @​supabase/supabase-js to v2.101.0 (#188)
• See full diff in compare view

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

• 23f4f9f 19.2.5
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions