chore(deps): bump the npm-deps group across 2 directories with 15 updates

[dependabot]

Bumps the npm-deps group with 12 updates in the /frontend/app directory:

Package	From	To
@sentry/react	10.49.0	10.50.0
@tanstack/react-query	5.99.0	5.100.5
@tanstack/react-query-devtools	5.99.0	5.100.5
@tanstack/react-router	1.141.0	1.168.24
@tanstack/react-router-devtools	1.141.0	1.166.13
axios	1.15.0	1.15.2
dompurify	3.4.0	3.4.2
lucide-react	1.8.0	1.11.0
posthog-js	1.369.2	1.372.1
react-hook-form	7.72.1	7.74.0
react-syntax-highlighter	15.6.1	15.6.6
uuid	13.0.0	13.0.1

Bumps the npm-deps group with 5 updates in the /frontend/docs directory:

Package	From	To
lucide-react	1.8.0	1.11.0
posthog-js	1.369.2	1.372.1
postcss	8.5.12	8.5.13
posthog-node	5.29.2	5.30.4
swagger-ui-react	5.32.4	5.32.5

Updates @sentry/react from 10.49.0 to 10.50.0

Release notes

Sourced from @​sentry/react's releases.

10.50.0

Important Changes

• feat(effect): Support v4 beta (#20394)

  The @sentry/effect integration now supports Effect v4 beta, enabling Sentry instrumentation for the latest Effect framework version. Read more in the Effect SDK readme.

• feat(hono): Add @sentry/hono/bun for Bun runtime (#20355)

  A new @sentry/hono/bun entry point adds first-class support for running Hono applications instrumented with Sentry on the Bun runtime. Read more in the Hono SDK readme.

• feat(replay): Add replayStart/replayEnd client lifecycle hooks (#20369)

  New replayStart and replayEnd client lifecycle hooks let you react to replay session start and end events in your application.

Other Changes

• feat(core): Emit no_parent_span client outcomes for discarded spans requiring a parent (#20350)
• feat(deps): Bump protobufjs from 7.5.4 to 7.5.5 (#20372)
• feat(hono): Add runtime packages as optional peer dependencies (#20423)
• feat(opentelemetry): Add tracingChannel utility for context propagation (#20358)
• fix(browser): Enrich graphqlClient spans for relative URLs (#20370)
• fix(browser): Filter implausible LCP values (#20338)
• fix(cloudflare): Use TransformStream to keep track of streams (#20452)
• fix(console): Re-patch console in AWS Lambda runtimes (#20337)
• fix(core): Correct GoogleGenAIIstrumentedMethod typo in type name
• fix(core): Handle stateless MCP wrapper transport correlation (#20293)
• fix(hono): Remove undefined from options type (#20419)
• fix(node): Guard against null httpVersion in outgoing request span attributes (#20430)
• fix(node-core): Pass rejection reason instead of Promise as originalException (#20366)

• chore: Ignore claude worktrees (#20440)
• chore: Prevent test from creating zombie process (#20392)
• chore: Update size-limit (#20412)
• chore(dev-deps): Bump nx from 22.5.0 to 22.6.5 (#20458)
• chore(e2e-tests): Use tarball symlinks for E2E tests instead of verdaccio (#20386)
• chore(lint): Remove lint warnings (#20413)
• chore(test): Remove empty variant tests (#20443)
• chore(tests): Use verdaccio as node process instead of docker image (#20336)
• docs(readme): Update usage instructions for binary scripts (#20426)
• ref(node): Vendor undici instrumentation (#20190)
• test(aws-serverless): Ensure aws-serverless E2E tests run locally (#20441)
• test(aws-serverless): Split npm & layer tests (#20442)
• test(browser): Fix flaky sessions route-lifecycle test + upgrade axios (#20197)
• test(cloudflare): Use .makeRequestAndWaitForEnvelope to wait for envelopes (#20208)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.50.0

Important Changes

• feat(effect): Support v4 beta (#20394)

  The @sentry/effect integration now supports Effect v4 beta, enabling Sentry instrumentation for the latest Effect framework version. Read more in the Effect SDK readme.

• feat(hono): Add @sentry/hono/bun for Bun runtime (#20355)

  A new @sentry/hono/bun entry point adds first-class support for running Hono applications instrumented with Sentry on the Bun runtime. Read more in the Hono SDK readme.

• feat(replay): Add replayStart/replayEnd client lifecycle hooks (#20369)

  New replayStart and replayEnd client lifecycle hooks let you react to replay session start and end events in your application.

Other Changes

• feat(core): Emit no_parent_span client outcomes for discarded spans requiring a parent (#20350)
• feat(deps): Bump protobufjs from 7.5.4 to 7.5.5 (#20372)
• feat(hono): Add runtime packages as optional peer dependencies (#20423)
• feat(opentelemetry): Add tracingChannel utility for context propagation (#20358)
• fix(browser): Enrich graphqlClient spans for relative URLs (#20370)
• fix(browser): Filter implausible LCP values (#20338)
• fix(cloudflare): Use TransformStream to keep track of streams (#20452)
• fix(console): Re-patch console in AWS Lambda runtimes (#20337)
• fix(core): Correct GoogleGenAIIstrumentedMethod typo in type name
• fix(core): Handle stateless MCP wrapper transport correlation (#20293)
• fix(hono): Remove undefined from options type (#20419)
• fix(node): Guard against null httpVersion in outgoing request span attributes (#20430)
• fix(node-core): Pass rejection reason instead of Promise as originalException (#20366)

• chore: Ignore claude worktrees (#20440)
• chore: Prevent test from creating zombie process (#20392)
• chore: Update size-limit (#20412)
• chore(dev-deps): Bump nx from 22.5.0 to 22.6.5 (#20458)
• chore(e2e-tests): Use tarball symlinks for E2E tests instead of verdaccio (#20386)
• chore(lint): Remove lint warnings (#20413)
• chore(test): Remove empty variant tests (#20443)
• chore(tests): Use verdaccio as node process instead of docker image (#20336)
• docs(readme): Update usage instructions for binary scripts (#20426)
• ref(node): Vendor undici instrumentation (#20190)
• test(aws-serverless): Ensure aws-serverless E2E tests run locally (#20441)
• test(aws-serverless): Split npm & layer tests (#20442)
• test(browser): Fix flaky sessions route-lifecycle test + upgrade axios (#20197)

... (truncated)

Commits

• 785e756 release: 10.50.0
• ed26a19 Merge pull request #20461 from getsentry/prepare-release/10.50.0
• 7b584c4 meta(changelog): Update changelog for 10.50.0
• 39740da test(cloudflare): Use .makeRequestAndWaitForEnvelope to wait for envelopes (#...
• c741030 test(aws-serverless): Split npm & layer tests (#20442)
• f97076d chore(dev-deps): Bump nx from 22.5.0 to 22.6.5 (#20458)
• 4b4ac76 fix(node): Guard against null httpVersion in outgoing request span attribut...
• 7569b10 fix(cloudflare): Use TransformStream to keep track of streams (#20452)
• a4c9686 test(hono): Add E2E tests for middleware spans (#20451)
• ff23846 chore: Ignore claude worktrees (#20440)
• Additional commits viewable in compare view

Updates @tanstack/react-query from 5.99.0 to 5.100.5

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.5

Patch Changes

• Updated dependencies [a53ef97]:
  • @​tanstack/query-core@​5.100.5

5.100.4

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.4

5.100.3

Patch Changes

• fix(suspense): skip calling combine when queries would suspend (#10576)

• Updated dependencies [f85d825]:

  • @​tanstack/query-core@​5.100.3

5.100.2

Patch Changes

• Updated dependencies [ea4497e, d6a7bf3, 645d5d1]:
  • @​tanstack/query-core@​5.100.2

5.100.1

Patch Changes

• Updated dependencies [1bb0d23]:
  • @​tanstack/query-core@​5.100.1

5.100.0

Patch Changes

• Updated dependencies [6540a41]:
  • @​tanstack/query-core@​5.100.0

5.99.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.99.2

... (truncated)

Commits

• 441204b ci: Version Packages (#10582)
• 55afb3e ci: Version Packages (#10581)
• fe287cc ci: Version Packages (#10579)
• f85d825 Feature/use suspense queries combine (#10576)
• 93b2845 ci: Version Packages (#10575)
• ea4497e fix(query-core): stop wrapping persister generics in NoInfer (#10510)
• 2f9527e ci: Version Packages (#10568)
• ad517e5 ci: Version Packages (#10567)
• 6540a41 feat(core): callback for retryOnMount (#10515)
• e236194 test(react-query/useQuery.promise): improve stability by isolating 'queryClie...
• Additional commits viewable in compare view

Updates @tanstack/react-query-devtools from 5.99.0 to 5.100.5

Changelog

Sourced from @​tanstack/react-query-devtools's changelog.

5.100.5

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.5
  • @​tanstack/react-query@​5.100.5

5.100.4

Patch Changes

• fix(devtools): change onClose callback type from () => unknown to () => void (#10118)

• Updated dependencies [3d1a62e]:

  • @​tanstack/query-devtools@​5.100.4
  • @​tanstack/react-query@​5.100.4

5.100.3

Patch Changes

• Updated dependencies [f85d825]:
  • @​tanstack/react-query@​5.100.3
  • @​tanstack/query-devtools@​5.100.3

5.100.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.2
  • @​tanstack/react-query@​5.100.2

5.100.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.1
  • @​tanstack/react-query@​5.100.1

5.100.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.0
  • @​tanstack/react-query@​5.100.0

... (truncated)

Commits

• 441204b ci: Version Packages (#10582)
• 55afb3e ci: Version Packages (#10581)
• 3d1a62e fix(devtools): change onClose callback type from () => unknown to () … (#10118)
• fe287cc ci: Version Packages (#10579)
• 93b2845 ci: Version Packages (#10575)
• 2f9527e ci: Version Packages (#10568)
• ad517e5 ci: Version Packages (#10567)
• a3ec7b3 ci: Version Packages (#10520)
• 69d2757 ci: Version Packages (#10514)
• See full diff in compare view

Updates @tanstack/react-router from 1.141.0 to 1.168.24

Changelog

Sourced from @​tanstack/react-router's changelog.

1.168.24

Patch Changes

• Add TanStack Start inline CSS manifest support for SSR so route styles can be embedded in the HTML response and hydrated without duplicate stylesheet links. (#7253)

• Updated dependencies [4d864ee]:

  • @​tanstack/router-core@​1.168.16

1.168.23

Patch Changes

• fix(react-router): prevent webpack static analysis of React.use with let binding (#7182)

1.168.22

Patch Changes

• Preserve shared route stylesheet links across client navigation by rendering route CSS assets with React stylesheet precedence. (#7186)

1.168.21

Patch Changes

• Updated dependencies [16f6892]:
  • @​tanstack/router-core@​1.168.15

1.168.20

Patch Changes

• Fix React Server Component imports from @tanstack/react-router by adding a react-server root export that preserves the normal API surface while resolving notFound and redirect from a server-safe entry. (#7183)

  This fixes RSC routes that throw notFound() or redirect() from server functions so they behave correctly during SSR and client navigation.

1.168.19

Patch Changes

• Fix route file transforms to preserve route ID quoting, handle more exported Route patterns, and avoid incorrect import rewrites in edge cases. (#7167)

  Improve transform robustness with clearer route-call detection, safer import removal, and expanded test coverage for quote preservation, constructor swaps, and unsupported route definitions.

1.168.18

Patch Changes

• Updated dependencies [0e2c900]:
  • @​tanstack/router-core@​1.168.14

... (truncated)

Commits

• 4c161c5 ci: changeset release
• 4d864ee inline css (#7253)
• 91a7089 rsbuild plugin (#7228)
• 4d66d42 ci: changeset release
• cd91cee fix(react-router): prevent webpack static analysis of React.use with let bind...
• 6d00881 ci: changeset release
• e30814d fix react-router shared route css persistence on nav (#7186)
• 26680c9 ci: changeset release
• 16f6892 fix(router-core): avoid intermediate success state for async notFound (#7184)
• 73cd569 ci: changeset release
• Additional commits viewable in compare view

Updates @tanstack/react-router-devtools from 1.141.0 to 1.166.13

Changelog

Sourced from @​tanstack/react-router-devtools's changelog.

1.166.13

Patch Changes

• Updated dependencies [6355bb7]:
  • @​tanstack/router-devtools-core@​1.167.3
  • @​tanstack/react-router@​1.168.15
  • @​tanstack/router-core@​1.168.11

1.166.12

Patch Changes

• Updated dependencies [459057c]:
  • @​tanstack/router-devtools-core@​1.167.2
  • @​tanstack/react-router@​1.168.14
  • @​tanstack/router-core@​1.168.10

1.166.11

Patch Changes

• Updated dependencies [c9e1855]:
  • @​tanstack/router-devtools-core@​1.167.1
  • @​tanstack/react-router@​1.168.2
  • @​tanstack/router-core@​1.168.2

1.166.10

Patch Changes

• Updated dependencies [0545239]:
  • @​tanstack/router-devtools-core@​1.167.0
  • @​tanstack/react-router@​1.168.0
  • @​tanstack/router-core@​1.168.0

1.166.9

Patch Changes

• build: update to vite-config 5.x (rolldown) (#6926)

• Updated dependencies [838b0eb]:

  • @​tanstack/router-devtools-core@​1.166.9
  • @​tanstack/react-router@​1.167.2
  • @​tanstack/router-core@​1.167.2

1.166.8

Patch Changes

... (truncated)

Commits

• c066031 ci: changeset release
• 27890af ci: changeset release
• b1c0f46 chore: upgrade tooling to typescript 6 (#7024)
• 67d9e69 ci: changeset release
• 423be8a ci: changeset release
• a0a6aa8 ci: changeset release
• 91d1085 ci: changeset release
• ef9b241 build: update to @​tanstack/vite-config v0.4.3 (#6923)
• 7706e3f release: v1.166.7
• 964cae0 release: v1.166.6
• Additional commits viewable in compare view

Updates axios from 1.15.0 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

• Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
• SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
• Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

• allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

• Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

• Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)
• Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

• FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)
• HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)
• Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)
• Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)
• buildFullPath: Uses strict equality in the base/relative URL check. (#7252)
• AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)
• Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

• Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
• SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
• Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

• allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

• Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

• Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

---

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

... (truncated)

Commits

• 5829343 chore(release): prepare release 1.15.2 (#10789)
• 4709a48 fix: added fix for memory leak in sockets (#10788)
• be33360 chore: update changelog (#10781)
• 4791514 fix: more header pollutions (#10779)
• 6feafcf fix: socket issue (#10777)
• 302e273 docs: update docs, add a couple actions etc (#10776)
• ac42446 chore(release): prepare release 1.15.1 (#10767)
• 908f220 docs: update threatmodel (#10765)
• f93f815 docs: added docs around potential decompressions bomb (#10763)
• 1728aa1 fix: short-circuits on any truthy non-boolean in withXSRFToken (#10762)
• Additional commits viewable in compare view

Updates dompurify from 3.4.0 to 3.4.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.2

• Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
• Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

DOMPurify 3.4.1

• Fixed an issue with on-handler stripping for HTML-spec-reserved custom element names (font-face, color-profile, missing-glyph, font-face-src, font-face-uri, font-face-format, font-face-name) under permissive CUSTOM_ELEMENT_HANDLING
• Fixed a case-sensitivity gap in the annotation-xml check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode
• Fixed SANITIZE_NAMED_PROPS repeatedly prefixing already-prefixed id and name values on subsequent sanitization
• Fixed the IN_PLACE root-node check to explicitly guard against non-string nodeName (DOM-clobbering robustness)
• Removed a duplicate slot entry from the default HTML attribute allow-list
• Strengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for SANITIZE_NAMED_PROPS, and a negative-control assertion ensuring the invariants actually fire
• Added regression and pinning tests covering the above fixes and two accepted-behavior contracts (SAFE_FOR_TEMPLATES greedy scrub, hook-added attribute handling)
• Extended CodeQL analysis to run on 3.x and 2.x maintenance branches

Commits

• 6f67fd3 Sync/3.4.2 (#1322)
• 5b0cdbb chore: merge main into 3.x for 3.4.1 release (#1301)
• 09f5911 test: added three more browsers to test setup (OSX, mobile)
• See full diff in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates lucide-react from 1.8.0 to 1.11.0

Release notes

Sourced from lucide-react's releases.

Version 1.11.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in lucide-icons/lucide#4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in lucide-icons/lucide#4315
• feat(docs): blur background of framework-select by @​Spleefies in lucide-icons/lucide#4238
• feat(icon): add heart-x icon by @​swastik7805 in lucide-icons/lucide#4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in lucide-icons/lucide#4299
• feat(icons): added layers-minus icon by @​Spleefies in lucide-icons/lucide#4005
• feat(icons): added bell-check icon by @​pettelau in lucide-icons/lucide#4152

New Contributors

• @​jglu made their first contribution in lucide-icons/lucide#4309
• @​pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

Version 1.10.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in lucide-icons/lucide#4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in lucide-icons/lucide#4315
• feat(docs): blur background of framework-select by @​Spleefies in lucide-icons/lucide#4238
• feat(icon): add heart-x icon by @​swastik7805 in lucide-icons/lucide#4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in lucide-icons/lucide#4299
• feat(icons): added layers-minus icon by @​Spleefies in lucide-icons/lucide#4005
• feat(icons): added bell-check icon by @​pettelau in lucide-icons/lucide#4152

New Contributors

• @​jglu made their first contribution in lucide-icons/lucide#4309
• @​pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.10.0

Version 1.9.0

What's Changed

• fix(packages/angular): allow string inputs for size by @​swastik7805 in lucide-icons/lucide#4253
• fix(gh-icon): update colors for ColoredPath component by @​jguddas in lucide-icons/lucide#4233
• feat(packages): use .mjs for ESM bundles by @​karsa-mistmere in lucide-icons/lucide#4285
• fix(build-font): add collision detection to font codepoints by @​karsa-mistmere in lucide-icons/lucide#4300
• feat(icons): added timeline icon by @​jguddas in lu...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hatchet-docs	Ready	Preview, Comment	May 4, 2026 5:09am