chore: Bump the "dependencies" group with 3 updates across multiple ecosystems

[dependabot]

Bumps the dependencies group with 1 update: zizmorcore/zizmor-action.

Updates zizmorcore/zizmor-action from 0.5.6 to 0.5.7

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.7

1.26.1 is now available via the action 1.26.1 is now the default version of zizmor used by the action

Commits

• 192e21d Sync zizmor versions (#127)
• 2720f26 Update README.md with new actions/checkout version (#126)
• 40b41b8 chore(deps): bump the github-actions group with 2 updates (#123)
• a687b25 chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 in the github-ac...
• 64a6900 add note to explain that the default value for online-checks is different t...
• 14050ab chore(deps): bump the github-actions group with 2 updates (#118)
• ee9b419 chore(deps): bump github/codeql-action in the github-actions group (#116)
• fddf2b4 Bump pins in README (#115)
• See full diff in compare view

Bumps the dependencies group with 1 update: pnpm/pnpm.

Updates pnpm/pnpm from 11.8.0 to 11.9.0

Bumps the dependencies group with 11 updates:

Package	From	To
fumadocs-core	16.10.4	16.10.5
fumadocs-ui	16.10.4	16.10.5
lucide-react	1.20.0	1.21.0
lucide-static	1.20.0	1.21.0
motion	12.40.0	12.41.0
swr	2.4.1	2.4.2
vite	8.0.16	8.1.0
@types/node	25.9.3	26.0.1
@vitejs/plugin-react	6.0.2	6.0.3
oxfmt	0.55.0	0.56.0
oxlint	1.70.0	1.71.0

Updates fumadocs-core from 16.10.4 to 16.10.5

Commits

• 7365d63 Version Packages (#3366)
• 23c00f2 fix(openapi): fix typescript definitions name
• 4fe2821 fix(openapi): fix usage tabs
• 58c2574 fix custom script
• 1a323a6 dedupe deps
• 19955f3 fix(ui): use prompt query param for "Open in ChatGPT" page action (#3365)
• See full diff in compare view

Updates fumadocs-ui from 16.10.4 to 16.10.5

Commits

• 7365d63 Version Packages (#3366)
• 23c00f2 fix(openapi): fix typescript definitions name
• 4fe2821 fix(openapi): fix usage tabs
• 58c2574 fix custom script
• 1a323a6 dedupe deps
• 19955f3 fix(ui): use prompt query param for "Open in ChatGPT" page action (#3365)
• See full diff in compare view

Updates lucide-react from 1.20.0 to 1.21.0

Release notes

Sourced from lucide-react's releases.

Version 1.21.0

What's Changed

• ci(release.yml): Remove new-version in release flow by @​ericfennis in lucide-icons/lucide#4478
• ci(release.yml): Fix workflow and remove version scripts in package scripts by @​ericfennis in lucide-icons/lucide#4479
• fix(docs): rename navigation category label by @​Hsiii in lucide-icons/lucide#4483
• feat(icons): added broken-bone icon by @​Patolord in lucide-icons/lucide#4131

New Contributors

• @​Hsiii made their first contribution in lucide-icons/lucide#4483
• @​Patolord made their first contribution in lucide-icons/lucide#4131

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

Commits

• 5ff536e ci(release.yml): Fix workflow and remove version scripts in package scripts...
• See full diff in compare view

Updates lucide-static from 1.20.0 to 1.21.0

Release notes

Sourced from lucide-static's releases.

Version 1.21.0

What's Changed

• ci(release.yml): Remove new-version in release flow by @​ericfennis in lucide-icons/lucide#4478
• ci(release.yml): Fix workflow and remove version scripts in package scripts by @​ericfennis in lucide-icons/lucide#4479
• fix(docs): rename navigation category label by @​Hsiii in lucide-icons/lucide#4483
• feat(icons): added broken-bone icon by @​Patolord in lucide-icons/lucide#4131

New Contributors

• @​Hsiii made their first contribution in lucide-icons/lucide#4483
• @​Patolord made their first contribution in lucide-icons/lucide#4131

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

Commits

• 7983b2a feat(icons): added broken-bone icon (#4131)
• 7ddb1e2 fix(docs): rename navigation category label (#4483)
• 5ff536e ci(release.yml): Fix workflow and remove version scripts in package scripts...
• bb7d2d9 ci(release.yml): Remove new-version in release flow (#4478)
• See full diff in compare view

Updates motion from 12.40.0 to 12.41.0

Changelog

Sourced from motion's changelog.

[12.41.0] 2026-06-23

Added

• animateView: Moves from Motion+ Early Access and alpha to main library.
• animateView: .add() resolves a CSS selector or Element to automatically generate, apply and remove view-transition-name.
• animateView: .new() and .old() configures values to animate on new and old layers.
• animateView: .layout() can set a custom transition on the size/position animation of the currently selected elements.
• animateView: Group layers now automatically crop with children set to cover, with border-radius animating from old radius to new. .crop(false) disables this behaviour.
• animateView: .class(name) tags currently selected elements with a view-transition-class as a custom CSS hook.

Fixed

• AnimatePresence: Prevent stuck exit animations when children interrupt.
• drag: Child e.stopPropagation() no longer break drag end.
• Fixing Next.js OOM on Windows when importing via motion package.
• animateLayout: Improve handling of parallel/interleaved calls.

Changed

• animateView: .enter() and .exit() now refer specifically to new and old layers where there are no matching old or new layers.
• animateView: Interrupted transition setups now return resolved animation rather than throwing.

Commits

• f0f893e v12.41.0
• c0c53cb Updating changelog
• 18c3e3e Removing plans
• 378fc4c Merge pull request #3761 from motiondivision/worktree-view-target
• 94ea505 Merge branch 'main' into worktree-view-target
• de65f6b Fade auto morph crossfades over the spring's visual duration
• f8af239 Let an explicit duration override the inherited spring on a view layer
• 3608ea7 Fix plus-lighter brightness flash on morph crossfades
• 51e82aa Fix view-transition correctness bugs from code review
• 9ca2f8d Export view-transition types through to the motion package
• Additional commits viewable in compare view

Updates swr from 2.4.1 to 2.4.2

Release notes

Sourced from swr's releases.

v2.4.2

Patches

• fix: guard against double-unsubscribe removing wrong subscriber in cache.ts by @​tomohiro86 in vercel/swr#4252
• Prevent resolved promise to suspend due to missing status by @​devjiwonchoi in vercel/swr#4271

Chores

• Update axios versions in the examples by @​lukesandberg in vercel/swr#4243
• ci: switch npm publish to OIDC trusted publishing by @​huozhi in vercel/swr#4274
• ci: remove registry url by @​huozhi in vercel/swr#4277
• ci: update release job by @​huozhi in vercel/swr#4278
• 2.4.2 by @​huozhi in vercel/swr#4279
• chore: pin pnpm 10.33.0 by @​styfle in vercel/swr#4258
• ci: update GitHub Actions for Node 24 by @​promer94 in vercel/swr#4254
• chore: remove the axios examples by @​huozhi in vercel/swr#4263

New Contributors

• @​lukesandberg made their first contribution in vercel/swr#4243
• @​tomohiro86 made their first contribution in vercel/swr#4252

Full Changelog: vercel/swr@v2.4.1...v2.4.2

Commits

• f1c1fd8 2.4.2 (#4279)
• 10b6b65 ci: update release job (#4278)
• 95592f3 ci: remove registry url (#4277)
• 11bbc8f ci: switch npm publish to OIDC trusted publishing (#4274)
• a89bbe7 Prevent resolved promise to suspend due to missing status (#4271)
• f8d4995 chore: remove the axios examples (#4263)
• e384af7 ci: update GitHub Actions for Node 24 (#4254)
• a376f88 chore: pin pnpm 10.33.0 (#4258)
• c39d701 fix: guard against double-unsubscribe removing wrong subscriber in cache.ts (...
• 46f3954 Security: Update axios versions in the examples (#4243)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for swr since your current version.

Updates vite from 8.0.16 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

• extend server.fs.deny list with common files (#22707) (61ba8fd)
• update rolldown to 1.1.2 (#22695) (4f008a6)
• use ~ for Rolldown (#22693) (9928722)

Bug Fixes

• bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
• cache falsy values in perEnvironmentState (#22715) (0e91e79)
• glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
• html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
• optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
• resolved build options should be kept as a getter (#22691) (3527191)
• server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
• use literal envPrefix queries for Vite Task (#22706) (da72733)
• warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

• client: inline dev-id value in CSS selector (#22736) (57f59bc)
• remove unused removeRawQuery util (#22724) (403cc60)
• use rolldownOptions property for chunkImportMap (#22692) (8e8816c)

8.1.0-beta.0 (2026-06-15)

Features

• import.meta.glob support caseSensitive option (#21707) (2ad6737)
• add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
• build: chunk importmap (#21580) (e180312)
• css: support lightningcss plugin dependency (#21748) (0b7aaed)
• deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
• html: add html.additionalAssetSources option (#21412) (a41404b)
• integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
• rename server.hmr options to server.ws options (#21357) (9ce3036)
• server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
• track dependencies when loading config with native (#22602) (a7e2da8)
• types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
• update rolldown to 1.1.1 (#22593) (8a13d63)
• wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

• apply correct fs restrictions for pnpm gvs (#22415) (092320b)
• css: support external CSS with lightningcss (#18389) (d64a1a5)
• deps: update all non-major dependencies (#22637) (44bb9d9)
• deps: update all non-major dependencies (#22681) (f4f0633)
• html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
• optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

• 5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
• 39a0a15 chore(deps): update rolldown-related dependencies (#21095)
• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• Additional commits viewable in compare view

Updates @types/node from 25.9.3 to 26.0.1

Commits

• See full diff in compare view

Updates @vitejs/plugin-react from 6.0.2 to 6.0.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.3 (2026-06-23)

Commits

• 640fd35 release: plugin-react@6.0.3
• 889efb0 fix(deps): update all non-major dependencies (#1249)
• 6c57dd4 fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...
• 3cc33a7 fix(deps): update react-related dependencies (#1245)
• c0f7c7f docs: mention the Biome rule in the "Consistent components exports" section (...
• cd80f0f fix(deps): update all non-major dependencies (#1241)
• e38acca fix(deps): update all non-major dependencies (#1227)
• 9a9bb26 perf(react): improve react compiler preset so that slightly more modules are ...
• See full diff in compare view

Updates oxfmt from 0.55.0 to 0.56.0

Changelog

Sourced from oxfmt's changelog.

Changelog

All notable changes to this package will be documented in this file.

The format is based on Keep a Changelog.

Commits

• c4be770 release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (#23707)
• See full diff in compare view

Updates oxlint from 1.70.0 to 1.71.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.71.0] - 2026-06-22

🚀 Features

• 0dc2405 linter: Add schema for eslint/no-restricted-properties (#23619) (Sysix)
• b638d0e linter: Add schema for node/callback-return (#23615) (Sysix)
• eb8bedc linter: Add schema for import/extensions (#23557) (WaterWhisperer)
• 46f3625 linter: Implement node/no-sync rule (#23589) (fujitani sora)
• b01739a linter: Add schema for unicorn/numeric-separators-style (#23554) (Mikhail Baev)
• 68afd2a linter/node: Implement no-mixed-requires rule (#23539) (fujitani sora)
• a421215 linter: Add schema for eslint/prefer-destructuring (#23410) (WaterWhisperer)
• 84438be linter/jsdoc: Added missing options to require-param-description (#23416) (kapobajza)
• 51910df linter/jsdoc: Add missing options to require-param-type rule (#23418) (kapobajza)
• e90925f linter/unicorn: Implement prefer-number-coercion rule (#23497) (Shekhu☺️)
• dd1c866 linter/vue: Implement no-async-in-computed-properties rule (#23493) (bab)
• b02444e linter: Add schema for react/jsx-no-script-url (#23475) (WaterWhisperer)
• a8dce46 linter/unicorn: Implement max-nested-calls rule (#23461) (arieleli01212)

🐛 Bug Fixes

• a303c23 linter/jsx-a11y: Align anchor-is-valid config with upstream (#23446) (camc314)

📚 Documentation

• b50bf4d linter: Remove manually written options doc for eslint/arrow-body-style (#23490) (Mikhail Baev)

Commits

• c4be770 release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (#23707)
• 0dc2405 feat(linter): add schema for eslint/no-restricted-properties (#23619)
• b638d0e feat(linter): add schema for node/callback-return (#23615)
• 6d355ab refactor(linter): remove number_as_object_schema helper (#23614)
• eb8bedc feat(linter): add schema for import/extensions (#23557)
• 46f3625 feat(linter): implement node/no-sync rule (#23589)
• 953c7b3 refactor(linter): make unicorn/numeric-separators-style options u32 (#23558)
• b01739a feat(linter): add schema for unicorn/numeric-separators-style (#23554)
• 68afd2a feat(linter/node): implement no-mixed-requires rule (#23539)
• b08e9f5 refactor(linter): re-enable schema for `jsx_a11y/no-noninteractive-element-in...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions