chore(deps): bump the production-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the production-dependencies group with 6 updates in the / directory:

Package	From	To
dotenv	17.2.3	17.2.4
lenis	1.3.16	1.3.17
next	16.1.1	16.1.6
postgres	3.4.7	3.4.8
react-dom	19.2.3	19.2.4
zustand	5.0.8	5.0.11

Updates dotenv from 17.2.3 to 17.2.4

Changelog

Sourced from dotenv's changelog.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• See full diff in compare view

Updates lenis from 1.3.16 to 1.3.17

Release notes

Sourced from lenis's releases.

v1.3.17

• stopInertiaOnNavigate allows SPA to reset scroll on page change.
• renamed __experimental__naiveDimensions to naiveDimensions
• always use lerp for syncTouch

Commits

• 3dc917b v1.3.17
• 7f6c1cb syncTouch lerp only
• 712679f Allow SPA to reset scroll on navigate (#492)
• 947c9f7 Update sponsor list in README.md
• See full diff in compare view

Updates next from 16.1.1 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• acba4a6 v16.1.5
• e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
• 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
• Additional commits viewable in compare view

Updates postgres from 3.4.7 to 3.4.8

Release notes

Sourced from postgres's releases.

v3.4.8

• Prevent out of bound errors from commit-time failures de64f7a
• fix: use lower max connections in Cloudflare Workers environment 94b7170
• Add support for sslnegotiation=direct - fixes #1104 7f80980
• omit Sql properties absent from TransactionSql 36a53f6
• Someones engines are getting pedantic - fixes #1061 3ffc3c4
• Better error if trying to run query during copy 3a43815
• Fix PGAPPNAME env access by prioritizing connection.application_name 32feb25

---

porsager/postgres@v3.4.7...v3.4.8

Commits

• 5c8135f 3.4.8
• ad24665 build
• de64f7a Prevent out of bound errors from commit-time failures
• 94b7170 fix: use lower max connections in Cloudflare Workers environment
• 7f80980 Add support for sslnegotiation=direct - fixes #1104
• 36a53f6 omit Sql properties absent from TransactionSql
• 3ffc3c4 Someones engines are getting pedantic - fixes #1061
• 3a43815 Better error if trying to run query during copy
• 32feb25 Fix PGAPPNAME env access by prioritizing connection.application_name
• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates zustand from 5.0.8 to 5.0.11

Release notes

Sourced from zustand's releases.

v5.0.11

This release includes small improvements in middleware thanks to contributors.

What's Changed

• chore: improve typing in devtools middleware by @​grigoriy-reshetniak in pmndrs/zustand#3362
• fix(persist): avoid relying on global localStorage by @​honuuk in pmndrs/zustand#3367
• fix(immer): Proper typing for immer middleware in combination with slices by @​wheerd in pmndrs/zustand#3371

New Contributors

• @​SeongYongLee made their first contribution in pmndrs/zustand#3355
• @​grigoriy-reshetniak made their first contribution in pmndrs/zustand#3351
• @​DormancyWang made their first contribution in pmndrs/zustand#3363
• @​Ea-st-ring made their first contribution in pmndrs/zustand#3369
• @​winner07 made their first contribution in pmndrs/zustand#3373
• @​honuuk made their first contribution in pmndrs/zustand#3367
• @​wheerd made their first contribution in pmndrs/zustand#3371

Full Changelog: pmndrs/zustand@v5.0.10...v5.0.11

v5.0.10

This version includes a fix to the persist middleware for an edge case.

What's Changed

• fix(persist): prevent race condition during concurrent rehydrate calls by @​Niyaz-Mazhitov in pmndrs/zustand#3336

New Contributors

• @​max-programming made their first contribution in pmndrs/zustand#3310
• @​oleksandr-danylchenko made their first contribution in pmndrs/zustand#3319
• @​MateuszSobiech made their first contribution in pmndrs/zustand#3334
• @​EduardoRangelG made their first contribution in pmndrs/zustand#3326
• @​1mehdifaraji made their first contribution in pmndrs/zustand#3339
• @​kamja44 made their first contribution in pmndrs/zustand#3349
• @​Niyaz-Mazhitov made their first contribution in pmndrs/zustand#3336

Full Changelog: pmndrs/zustand@v5.0.9...v5.0.10

v5.0.9

This includes experimental middleware unstable_ssrSafe for a new usage with Next.js. Related discussion: pmndrs/zustand#2740

What's Changed

• experimental: unstable ssrSafe middleware by @​dai-shi in pmndrs/zustand#3308

New Contributors

• @​Dan503 made their first contribution in pmndrs/zustand#3222
• @​01-binary made their first contribution in pmndrs/zustand#3223
• @​ugouhar made their first contribution in pmndrs/zustand#3233
• @​ehsanaslani made their first contribution in pmndrs/zustand#3241
• @​totorototo made their first contribution in pmndrs/zustand#3252
• @​yuraBezh made their first contribution in pmndrs/zustand#3246

... (truncated)

Commits

• 99379a6 5.0.11
• c81b4eb chore(deps): update dev dependencies (#3375)
• 3871d53 fix(immer): Proper typing for immer middleware in combination with slices (#...
• 9b505ac fix(persist): use window.localStorage as default storage reference (#3367)
• 267a57c Update code block in tutorial-tic-tac-toe.md (#3373)
• 6813f7b docs: remove stray Russian comment in beginner-typescript guide (#3369)
• d9ea330 docs(testing): fix undefined counterStoreRef variable (#3368)
• 6e026d7 chore: improve typing in devtools middleware (#3362)
• e7d4593 Revert "chore(deps): bump pmndrs/docs/.github/workflows/build.yml from 2 to 3...
• 0f49ad8 chore(deps): bump pmndrs/docs/.github/workflows/build.yml from 2 to 3 (#3364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for zustand since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fluxlens-ai	Error		Feb 6, 2026 0:04am