Skip to content

Bump the npm-production group across 1 directory with 4 updates#176

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-production-baf9989068
Closed

Bump the npm-production group across 1 directory with 4 updates#176
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-production-baf9989068

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 16, 2026
edited
Loading

Bumps the npm-production group with 4 updates in the / directory: @mui/material, react, react-dom and tailwind-merge.

Updates @mui/material from 7.3.6 to 7.3.8

Release notes

Sourced from @​mui/material's releases.

v7.3.8

A big thanks to the 15 contributors who made this release possible. Here are some highlights ✨:

@mui/material@7.3.8

Core

Docs

... (truncated)

Changelog

Sourced from @​mui/material's changelog.

7.3.8

Feb 12, 2026

A big thanks to the 15 contributors who made this release possible. Here are some highlights ✨:

@mui/material@7.3.8

Core

Docs

... (truncated)

Commits

Updates react from 19.2.1 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

Commits

Updates react-dom from 19.2.1 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

Commits

Updates tailwind-merge from 3.4.0 to 3.4.1

Release notes

Sourced from tailwind-merge's releases.

v3.4.1

Bug Fixes

Full Changelog: dcastil/tailwind-merge@v3.4.0...v3.4.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits
  • 02b6eb6 v3.4.1
  • 6b845eb add agent info for release workflow
  • 655f2f1 add changelog for v3.4.1
  • e44e5eb add agent docs
  • 4a38681 Merge pull request #644 from dcastil/renovate/major-vitest-monorepo
  • 23ac259 migrate to vitest v4
  • 927f617 chore(deps): update vitest monorepo to v4
  • aea4869 Merge pull request #648 from dcastil/renovate/major-octokit-monorepo
  • 78365f2 Merge pull request #646 from dcastil/renovate/actions-exec-3.x
  • b08384d fix(deps): update dependency @​octokit/types to v16
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm-production group across 1 directory with 4 updates
e729590 
Bumps the npm-production group with 4 updates in the / directory: [@mui/material](https://github.com/mui/material-ui/tree/HEAD/packages/mui-material), [react](https://github.com/facebook/react/tree/HEAD/packages/react), [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) and [tailwind-merge](https://github.com/dcastil/tailwind-merge).


Updates `@mui/material` from 7.3.6 to 7.3.8
- [Release notes](https://github.com/mui/material-ui/releases)
- [Changelog](https://github.com/mui/material-ui/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mui/material-ui/commits/v7.3.8/packages/mui-material)

Updates `react` from 19.2.1 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react)

Updates `react-dom` from 19.2.1 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom)

Updates `tailwind-merge` from 3.4.0 to 3.4.1
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](dcastil/tailwind-merge@v3.4.0...v3.4.1)

---
updated-dependencies:
- dependency-name: "@mui/material"
  dependency-version: 7.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: react
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: react-dom
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: tailwind-merge
  dependency-version: 3.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 16, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 16, 2026 17:32
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 16, 2026
@github-actions
Copy link

github-actions bot commented Feb 16, 2026

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 9 0 0 0.09s
✅ JSON jsonlint 11 0 0 0.24s
✅ JSON npm-package-json-lint yes no no 0.37s
✅ JSON prettier 11 0 0 0.9s
✅ JSON v8r 11 0 0 8.77s
✅ MARKDOWN markdownlint 5 0 0 0.96s
✅ REPOSITORY checkov yes no no 22.33s
✅ REPOSITORY gitleaks yes no no 1.22s
✅ REPOSITORY git_diff yes no no 0.19s
❌ REPOSITORY grype yes 4 no 43.84s
✅ REPOSITORY secretlint yes no no 1.28s
✅ REPOSITORY syft yes no no 7.02s
✅ REPOSITORY trivy-sbom yes no no 9.84s
✅ TYPESCRIPT prettier 46 0 0 1.74s
✅ YAML prettier 28 0 0 0.95s
✅ YAML v8r 28 0 0 12.92s
✅ YAML yamllint 28 0 0 0.57s

Detailed Issues

❌ REPOSITORY / grype - 4 errors 
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME     INSTALLED  FIXED IN  TYPE  VULNERABILITY        SEVERITY  EPSS           RISK   
next     15.5.9     15.5.10   npm   GHSA-9g9p-9gw9-jx7f  Medium    < 0.1% (23rd)  < 0.1  
prismjs  1.27.0     1.30.0    npm   GHSA-x7hr-w5r2-h6wg  Medium    < 0.1% (24th)  < 0.1  
undici   5.29.0     6.23.0    npm   GHSA-g9mf-h72j-4rw9  Medium    < 0.1% (4th)   < 0.1  
next     15.5.9     15.5.10   npm   GHSA-h25m-26qc-wcjf  High      N/A            N/A
[0043] ERROR discovered vulnerabilities at or above the severity threshold

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 23, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Feb 23, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm-production-baf9989068 branch February 23, 2026 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants