chore: bump the dependencies group with 16 updates

[dependabot]

Bumps the dependencies group with 16 updates:

Package	From	To
better-auth	1.4.10	1.4.18
lucide-react	0.562.0	0.563.0
motion	12.23.26	12.29.2
next	16.1.5	16.1.6
next-intl	4.6.1	4.8.1
react	19.2.3	19.2.4
@types/react	19.2.7	19.2.10
react-dom	19.2.3	19.2.4
swr	2.3.8	2.4.0
zod	4.3.4	4.3.6
@types/node	25.0.3	25.1.0
eslint-config-next	16.1.1	16.1.6
globals	16.5.0	17.3.0
pg	8.16.3	8.18.0
prettier	3.7.4	3.8.1
typescript-eslint	8.51.0	8.54.0

Updates better-auth from 1.4.10 to 1.4.18

Release notes

Sourced from better-auth's releases.

v1.4.18

   🚀 Features

• Add disableImplicitLinking to accountLinking  -  by @​Paola3stefania and @​himself65 in better-auth/better-auth#7270 (a7740)
• Mark /forget-password/email-otp as deprecation  -  by @​bytaesu in better-auth/better-auth#7645 (8f333)
• device-authorization:
  • Add user id checks  -  by @​himself65 in better-auth/better-auth#7632 (4d79c)
• one-tap:
  • Add button mode for Google sign-in  -  by @​himself65 and Alex Yang in better-auth/better-auth#7482 (aeb92)
• sso:
  • Support multi-domain providers  -  by @​Paola3stefania in better-auth/better-auth#7541 (5be34)
  • Add provider list and detail endpoints  -  by @​Paola3stefania and @​himself65 in better-auth/better-auth#6967 (d0ed1)

   🐞 Bug Fixes

• Correctly handle OAuth callback and Apple email field  -  by @​bytaesu in better-auth/better-auth#7181 (c918e)
• Centralize cookie parsing and handle Expires dates correctly  -  by @​bytaesu, @​cursoragent, taesu and @​himself65 in better-auth/better-auth#7556 (d598b)
• Refresh account_data cookie when session is refreshed  -  by @​bytaesu and @​himself65 in better-auth/better-auth#7576 (5d3f7)
• Remove duplicate secondary storage writes from setSessionCookie  -  by @​bytaesu in better-auth/better-auth#7592 (7a4bc)
• Set default logger level to "warn"  -  by @​bytaesu, @​cursoragent and taesu in better-auth/better-auth#7597 (5d0e7)
• Respect the explicitly set sendOnSignUp option  -  by @​bytaesu in better-auth/better-auth#7593 (33619)
• Handle serial and false cases in generateId  -  by @​bytaesu in better-auth/better-auth#7474 (949cd)
• Log error when misconfigured  -  by @​himself65 in better-auth/better-auth#7584 (16201)
• Update google oauth endpoints  -  by @​bytaesu in better-auth/better-auth#7442 (d401b)
• Consistent api version for facebook provider  -  by @​bytaesu in better-auth/better-auth#7445 (cf619)
• Check jsconfig.json in getPathAliases  -  by @​jycouet in better-auth/better-auth#7650 (9cb45)
• 2fa:
  • Server-side trust device expiration and configurable maxAge  -  by @​Paola3stefania and @​himself65 in better-auth/better-auth#7644 (5d15b)
• anonymous:
  • Export types  -  by @​CalLavicka and @​himself65 in better-auth/better-auth#7661 (133a2)
• cli:
  • Use inkeep remote mcp url  -  by @​Bekacru in better-auth/better-auth#7543 (27af8)
  • Update MCP URL from Chonkie to Inkeep  -  by @​Paola3stefania in better-auth/better-auth#7585 (79621)
• core:
  • Consolidate rateLimit table schema definition  -  by @​bytaesu in better-auth/better-auth#7551 (ea589)
• email-otp:
  • Add stricter default rate limits for password reset endpoints  -  by @​bytaesu in better-auth/better-auth#7658 (dcc28)
• expo:
  • Prevent null cookie key when redirect URL has no cookie param  -  by @​bytaesu in better-auth/better-auth#7555 (d2ca0)
  • Prevent duplicate listener notifications in FocusManager and OnlineManager  -  by @​kimchi-developer and @​himself65 in better-auth/better-auth#7552 (a3ffb)
• github:
  • Surface OAuth token exchange errors  -  by @​Paola3stefania in better-auth/better-auth#7186 (94b75)
• mcp:
  • Remove local mpc  -  by @​Paola3stefania in better-auth/better-auth#7574 (d6d62)
• multi-session:
  • Prevent duplicate cookies when same user signs in multiple times  -  by @​Paola3stefania and @​himself65 in better-auth/better-auth#7256 (9db76)
• oauth-provider:
  • Properly handle metadata field in client registration  -  by @​Paola3stefania in better-auth/better-auth#7232 (33015)
• okta:
  • Userinfo route mismatch  -  by @​psigen in better-auth/better-auth#7602 (acf77)

... (truncated)

Commits

• d99d3ce chore: release v1.4.18
• 5d15bf4 fix(2fa): server-side trust device expiration and configurable maxAge (#7644)
• c6f8f3b fix(saml): IdP-Initiated Callback Routing (#6675)
• 040c624 chore: improve rate limiting type definitions (#7313)
• 133a2b2 fix(anonymous): export types (#7661)
• dcc289e fix(email-otp): add stricter default rate limits for password reset endpoints...
• 8f3330d feat: mark /forget-password/email-otp as deprecation (#7645)
• 4d79c43 feat(device-authorization): add user id checks (#7632)
• a7740bc feat: add disableImplicitLinking to accountLinking (#7270)
• 9db76ab fix(multi-session): prevent duplicate cookies when same user signs in multipl...
• Additional commits viewable in compare view

Updates lucide-react from 0.562.0 to 0.563.0

Release notes

Sourced from lucide-react's releases.

Version 0.563.0

What's Changed

aria-hidden is by default added to icons components in all packages. This was already added to lucide-react before. Making icons accessible, you can add an aria-label or a title. See docs about accessibility.

All changes

• chore(dev): Enable ligatures in font build configuration by @​dcxo in lucide-icons/lucide#3876
• chore(repo): add Android to brand stopwords by @​karsa-mistmere in lucide-icons/lucide#3895
• fix(site): add missing titles and a title template by @​taimar in lucide-icons/lucide#3920
• fix(site): unify and improve the styling of input fields by @​taimar in lucide-icons/lucide#3919
• fix(icons): changed star-off icon by @​jguddas in lucide-icons/lucide#3952
• fix(icons): changed tickets-plane icon by @​jguddas in lucide-icons/lucide#3928
• fix(icons): changed monitor-off icon by @​jguddas in lucide-icons/lucide#3962
• fix(icons): changed lasso icon by @​jguddas in lucide-icons/lucide#3961
• fix(icons): changed cloud-off icon by @​jguddas in lucide-icons/lucide#3942
• docs(site): added lucide-web-components third-party package by @​midesweb in lucide-icons/lucide#3948
• chore(deps-dev): bump preact from 10.27.2 to 10.27.3 by @​dependabot[bot] in lucide-icons/lucide#3955
• feat(icon): add globe-x icon with metadata by @​Muhammad-Aqib-Bashir in lucide-icons/lucide#3827
• fix(icons): changed waypoints icon by @​karsa-mistmere in lucide-icons/lucide#3990
• fix(icons): changed bookmark icon by @​jguddas in lucide-icons/lucide#2906
• fix(icons): changed message-square-dashed icon by @​jguddas in lucide-icons/lucide#3959
• fix(icons): changed cloudy icon by @​jguddas in lucide-icons/lucide#3966
• fix(github-actions): resolved spelling mistake in gh issue close command by @​jguddas in lucide-icons/lucide#4000
• Update LICENSE by @​alxgraphy in lucide-icons/lucide#4009
• feat(packages): Added aria-hidden fallback for decorative icons to all packages by @​ericfennis in lucide-icons/lucide#3604
• chore(deps): bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in lucide-icons/lucide#4020
• chore(deps): bump lodash-es from 4.17.21 to 4.17.23 by @​dependabot[bot] in lucide-icons/lucide#4019
• Suggest anchoring to a specific lucide version when using a cdn by @​drago1520 in lucide-icons/lucide#3727
• feat(docs): upgraded backers block by @​karsa-mistmere in lucide-icons/lucide#4014
• fix(site): hide native search input clear "X" icon by @​epifaniofrancisco in lucide-icons/lucide#3933
• feat(icons): added printer-x icon by @​lt25106 in lucide-icons/lucide#3941

New Contributors

• @​dcxo made their first contribution in lucide-icons/lucide#3876
• @​midesweb made their first contribution in lucide-icons/lucide#3948
• @​alxgraphy made their first contribution in lucide-icons/lucide#4009
• @​drago1520 made their first contribution in lucide-icons/lucide#3727
• @​lt25106 made their first contribution in lucide-icons/lucide#3941

Full Changelog: lucide-icons/lucide@0.562.0...0.563.0

Commits

• 67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
• b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
• See full diff in compare view

Updates motion from 12.23.26 to 12.29.2

Changelog

Sourced from motion's changelog.

[12.29.2] 2026-01-26

Fixed

• Updates to layout animations.

[12.29.1] 2026-01-22

Fixed

• useAnimate: Now respects reduced motion settings set via MotionConfig.

[12.29.0] 2026-01-22

Added

• transformViewBoxPoint: Scale drag gestures within <svg> elements where viewBox and rendered width/height are mismatched.
• trackContentSize: New scroll and useScroll option for tracking changes to content size.

Fixed

• Add React 19 test suite to CI.
• Fix types with motion.create().
• Shared element animations now respect layoutDependency.

[12.28.2] 2026-01-22

Added

• Add default value type px for fontSize.

Fixed

• Removed default value type from radius.
• Ensure LazyMotion animates initial state even when state has changed before Motion is loaded.

[12.28.1] 2026-01-21

Fixed

• Ensure scale: "0%" isn't treated as default value.

[12.28.0] 2026-01-20

Added

• useFollowValue and followValue: useSpring-style motion values that can accept any transition.

Fixed

... (truncated)

Commits

• 8f6ad46 v12.29.2
• 7db10f7 Updating changelog
• a917c6e Merge pull request #3492 from motiondivision/motion-animate-layout-codex
• 7ea87bd Increase matchViewportBox tolerance to 5px for CI stability
• 7778736 Refactor LayoutAnimationBuilder
• acfffea v12.28.1-alpha.1
• a8710d1 Fix crossfade
• 162d086 Removing log
• bffbe1d Updating test
• 6fa0b77 v12.28.1-alpha.0
• Additional commits viewable in compare view

Updates next from 16.1.5 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• See full diff in compare view

Updates next-intl from 4.6.1 to 4.8.1

Release notes

Sourced from next-intl's releases.

v4.8.1

4.8.1 (2026-01-30)

Bug Fixes

• Fix precompile alias on Windows (#2237) (8e7151a) – by @​amannn

v4.8.0

4.8.0 (2026-01-28)

Features

• Ahead-of-time compilation for messages (blog post, #2220) – by @​amannn

Fixes

• Normalization of file references for useExtracted (#2230) – by @​amannn

v4.7.0

4.7.0 (2026-01-01)

Improvements for useExtracted

• Only run extraction for next dev and next build (not e.g. for next typegen)
• Include line numbers for file references in .po files
• Incorporate line numbers into sorting of messages within a single file (if you're using the default .po format)

(#2200) (ebc5e43) – by @​amannn

Changelog

Sourced from next-intl's changelog.

4.8.1 (2026-01-30)

Bug Fixes

• Fix precompile alias on Windows (#2237) (8e7151a) – by @​amannn

4.8.0 (2026-01-28)

Features

• Ahead-of-time compilation for messages (#2220) (02149c1) – by @​amannn

4.7.0 (2026-01-01)

Features

• Improvements for useExtracted (#2200) (ebc5e43) – by @​amannn

Commits

• 95238a9 v4.8.1
• 8e7151a fix: Fix precompile alias on Windows (#2237)
• 5baccd8 chore: Add AGENTS.md
• e3315f3 docs: Revise publication date for blog post
• 622a025 chore: Sync canary (#2235)
• 4477304 chore: Sync canary (#2234)
• 5c3e7db docs: Remove subtitle from blog post
• f079514 v4.8.0
• 02149c1 feat: Ahead-of-time compilation for messages (#2220)
• 7196b4e chore: Sync canary (#2218)
• Additional commits viewable in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.10

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates swr from 2.3.8 to 2.4.0

Release notes

Sourced from swr's releases.

v2.4.0

What's Changed

• chore: Migrate suspense related tests to e2e by @​promer94 in vercel/swr#4204
• CI: add missing flag for canary test by @​promer94 in vercel/swr#4206
• fix: Ensure useSWRImmutable overrides global refreshInterval by @​CODEAbhinav-art in vercel/swr#4208
• fix: Extra render when changing to new key with useSWRImmutable by @​promer94 in vercel/swr#4209
• fix: isHydration will cause unnecessary rerender by @​promer94 in vercel/swr#4212
• fix: Ensure preload runs only on client by @​Copilot in vercel/swr#4213

New Contributors

• @​CODEAbhinav-art made their first contribution in vercel/swr#4208
• @​Copilot made their first contribution in vercel/swr#4213

Full Changelog: vercel/swr@v2.3.8...v2.4.0

Commits

• 9a02998 2.4.0
• f864770 fix: Ensure preload runs only on client (#4213)
• 1f93cc2 fix: isHydration will cause unnecessary rerender (#4212)
• b75456a fix: extra render when changing to new key with useSWRImmutable (#4209)
• de1dc5a fix: Ensure useSWRImmutable overrides global refreshInterval (#4208)
• a5214bf ci: add missing flag for canary test (#4206)
• 4acf841 migrate suspense related tests to e2e (#4204)
• See full diff in compare view

Updates zod from 4.3.4 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

• 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
• e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
• 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• 0cdc0b8 4.3.5
• Additional commits viewable in compare view

Updates @types/node from 25.0.3 to 25.1.0

Commits

• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.10

Commits

• See full diff in compare view

Updates eslint-config-next from 16.1.1 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• acba4a6 v16.1.5
• 60de6c2 v16.1.4
• f01cf07 v16.1.3
• cb436b3 v16.1.2
• See full diff in compare view

Updates globals from 16.5.0 to 17.3.0

Release notes

Sourced from globals's releases.

v17.3.0

• Update globals (2026-02-01) (#336) 295fba9

---

sindresorhus/globals@v17.2.0...v17.3.0

v17.2.0

• jasmine: Add throwUnless and throwUnlessAsync globals (#335) 97f23a7

---

sindresorhus/globals@v17.1.0...v17.2.0

v17.1.0

• Add webpack and rspack globals (#333) 65cae73

---

sindresorhus/globals@v17.0.0...v17.1.0

v17.0.0

Breaking

• Split audioWorklet environment from browser (#320) 7bc293e

Improvements

• Update globals (#329) ebe1063
• Get all browser globals from both chrome and firefox (#321) 59ceff8
• Add bunBuiltin environment (#324) 1bc6e3b
• Add denoBuiltin environment (#324) 1bc6e3b
• Add paintWorklet environment (#323) 4b78f56
• Add sharedWorker environment (#322) 4a02a85

---

sindresorhus/globals@v16.5.0...v17.0.0

Commits

• 5edc602 17.3.0
• 295fba9 Update globals (2026-02-01) (#336)
• 8176ac7 17.2.0
• 97f23a7 jasmine: Add throwUnless and throwUnlessAsync globals (#335)
• 7a2f354 17.1.0
• 65cae73 Add webpack and rspack globals (#333)
• 3efe5aa Remove script transform (#332)
• bb89b18 17.0.0
• ebe1063 Update globals (2026-01-01) (#329)
• e3d8da3 Revert "Automate script for paintWorklet environment (#325)" (#328)
• Additional commits viewable in compare view

Updates pg from 8.16.3 to 8.18.0

Changelog

Sourced from pg's changelog.

pg@8.18.0

• Return the client instance as the result of calling connect (previously it was void).

pg@8.17.0

• Throw correct error if database URL parsing fails.

pg@8.16.0

• Add support for min connection pool size.

pg@8.15.0

• Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

• Add support from SCRAM-SAH-256-PLUS i.e. channel binding.

pg@8.13.0

• Add ability to specify query timeout on per-query basis.

pg@8.12.0

• Add queryMode config option to force use of the extended query protocol on queries without any parameters.

pg-pool@8.10.0

• Emit release event when client is returned to the pool.

pg@8.9.0

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

pg@8.8.0

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

pg-pool@3.5.0

• Add connection lifetime limit config option.

... (truncated)

Commits

• fc4de3c Publish
• 0d1541d Always check if activeQuery is null before using it (#3586)
• 57e93b5 Return the client instance in the connect() method (#3564)
• 5b68a11 Publish
• ea06db5 Remove node: prefix from imports (#3584)
• a3a4567 remove unused variable (#3562)
• 4eb7529 Publish
• b94c8e1 Don't use prefix import as it breaks in old nodes. (#3578)
• 6bf475c Improve Deno compatibility: config-first and safe env access (#3547)
• d10e09c Publish
• Additional commits viewable in compare view

Updates prettier from 3.7.4 to 3.8.1

Release notes

Sourced from prettier's releases.

3.8.1

• Include available printers in plugin type declarations (#18706 by @​porada)

🔗 Changelog

3.8.0

• Support Angular v21.1

diff

🔗 Release note "Prettier 3.8: Support for Angular v21.1"

Changelog

Sourced from prettier's changelog.

3.8.1

diff

Include available printers in plugin type declarations (#18706 by @​porada)

// Input
import * as prettierPluginEstree from "prettier/plugins/estree";
// Prettier 3.8.0
// Property 'printers' does not exist on type 'typeof import("prettier/plugins/estree")'. ts(2339)
prettierPluginEstree.printers.estree; //=> any
// Prettier 3.8.1
prettierPluginEstree.printers.estree; //=> Printer
prettierPluginEstree.printers["estree-json"]; //=> Printer

3.8.0

diff

🔗 Release Notes

Commits

• 90983f4 Release 3.8.1
• 57f702f Include available printers in plugin type declarations (#18706)
• bece827 Revert change in release script
• 82a4ab2 Bump Prettier dependency to 3.8.0
• 5213ee4 Clean changelog_unreleased

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
alexanderkonietzko	Ready	Preview, Comment	Feb 1, 2026 6:08am