Skip to content

fix(deps): update dependency next-themes to ^0.4.0 #405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update dependency next-themes to ^0.4.0 #405

renovate wants to merge 1 commit into from
+7 −7

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 12, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
next-themes ^0.3.0^0.4.0 age confidence

Release Notes

pacocoursey/next-themes (next-themes)

v0.4.6

Compare Source

What's Changed

  • fix: add null check for value in updateDOM function to prevent runtime errors and flashing by @​groveom in #​344

New Contributors

Full Changelog: pacocoursey/next-themes@v0.4.5...v0.4.6

v0.4.5

Compare Source

What's Changed

New Contributors

Full Changelog: pacocoursey/next-themes@v0.4.4...v0.4.5

v0.4.4

Compare Source

What's Changed

New Contributors

Full Changelog: pacocoursey/next-themes@v0.4.3...v0.4.4

v0.4.3

Compare Source

What's Changed

  • Pass nonce to inline style tag when using disableTransitionOnChange

Full Changelog: pacocoursey/next-themes@v0.4.2...v0.4.3

v0.4.2

Compare Source

What's Changed

New Contributors

Full Changelog: pacocoursey/next-themes@v0.4.1...v0.4.2

v0.4.1

Compare Source

What's Changed

New Contributors

Full Changelog: pacocoursey/next-themes@v0.4.0...v0.4.1

v0.4.0

Compare Source

What's Changed

New Contributors

Full Changelog: pacocoursey/next-themes@v0.3.0...v0.4.0

Configuration

📅 Schedule: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Renovatebot and dependabot updates frontend javascript Pull requests that update javascript code labels Dec 12, 2025
@env0
Copy link

env0 bot commented Dec 12, 2025
edited
Loading

🚀  env0 had composed a PR Plan for environment Terraform Example / production :

Plan: 0 to add, 1 to change, 0 to destroy.
Plan Details 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
!   update in-place

Terraform will perform the following actions:


  # module.heritage[0].aws_rds_cluster.face_database will be updated in-place
!   resource "aws_rds_cluster" "face_database" {
        id                                    = "facial-recognition-terraform-example"
        tags                                  = {}
        # (46 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Failed to calculate cost estimation

Full PR Plan logs on env0

@github-actions
Copy link

github-actions bot commented Dec 12, 2025
edited
Loading

Overmind

Open in Overmind ↗

model|risks_v6
✨Frontend Team Review

🔴 Change Signals

Policies 🔴 ▃▂▁ Multiple S3 buckets are missing required tags and lack server-side encryption, while several security groups allow SSH access from anywhere, which is a security risk and shows unusual policy non-compliance that may need review.
Routine 🟢 ▁▂▃▅▇ AWS SNS topic subscriptions showing regular activity with 3 events/week for the last 5 weeks.

View signals ↗

🧠 Reasoning · ✖ 1 · ✔ 2

Elastic IP association/reassociation may break external connectivity and load balancer routing

Observations 3

Hypothesis

Elastic IP (EIP) association changes and reassociations introduce risk of breaking external connectivity and load balancer routing:

  • Updating the EC2 Elastic IP resource (production-api-eip) or re-associating EIP 13.134.236.98 can change the public IP association, allocation ID, or target private IP (e.g., 10.0.101.120).
  • Such changes may cause DNS records and security rules tied to the previous association to mismatch, resulting in loss of reachability for services exposed through that IP.
  • If the EIP is re-associated to a different network interface or instance, external reachability, routing to the backing private IP, and ELB/ALB health checks and client traffic to targets behind that IP can fail.

Investigation

I checked the current state of the EIP, instance, ENI, and the load balancer resources in the blast radius. The EIP 13.134.236.98 (tagged production-api-eip) is presently associated to ENI eni-05ba243f7cdbf6015 on instance i-08da37b2839126955 and maps to private IP 10.0.101.120. The internal NLB target group api-health-terraform-example is configured with TargetType=ip and has a single registered target 10.0.101.120:9090, currently healthy. The plan shows the EC2 instance will be replaced (AMI change) and the EIP resource will be updated (no attribute diff shown, but this typically reflects a re-association when the ENI is replaced). Replacing the instance will delete the current primary ENI and very likely allocate a new private IP; the EIP will be re-associated to the new ENI, but the NLB target group is pinned to the old private IP (10.0.101.120) and is not included in the diffs. That creates a concrete mismatch: the load balancer will continue health checking and routing to 10.0.101.120, which will no longer correspond to the rebuilt instance, resulting in failed health checks and broken routing via the NLB. This is direct evidence of the hypothesized failure mechanism rather than speculation.

✔ Hypothesis proven

EC2 AMI replacement risk to OS, networking, DNS, and dependent services

Observations 15

Hypothesis

Changing the AMI of EC2 instance i-08da37b2839126955 (ami-03322ac39441c49ae -> ami-091198e2f5f70f409) introduces broad risk to instance behavior, OS/kernel, networking, and dependent resources:

  • OS/kernel/drivers and userland changes can alter networking stack, routing, firewall rules, source/dest checks, and interactions with VPC components (subnets, ENIs, NACLs, route tables, security groups) in VPCs vpc-02901bcbb89561298 and vpc-096b686376892bb49, as well as VPC peering and NAT behavior.
  • Application and service configuration may change, affecting SSH host keys, enabled services, IAM instance profile usage, monitoring/CloudWatch metrics, alarms, and health check endpoints, which can lead to service incompatibilities or disabled/renamed services.
  • Network behavior changes can impact IP connectivity for external and internal addresses associated with the instance, including public IPs (e.g., 13.42.93.249, 44.207.52.17) and private IPs (e.g., 10.0.101.182, 10.0.102.25), and associated DNS A records and EIP bindings.
  • Services behind ALB/ELB, Route53, and DNS may see altered health-check responses or protocol behavior, causing targets to become unhealthy, triggering alarms, traffic disruption, or failover.
  • Peers and dependent instances in the same VPC may rely on specific OS features, network behavior, or software versions that could change, impacting inter-instance communication and routed traffic through this instance.
  • Hibernation setting changing to null may alter lifecycle/stop-start behavior, affecting maintenance expectations and recovery procedures.

Investigation

I inspected the planned diff for i-08da37b2839126955 and found the instance will be replaced due to an AMI change. The current instance is Amazon Linux 2023 arm64 on t4g.nano, with private IP 10.0.101.120. In the blast radius, there is an NLB target group (api-health-terraform-example) that uses targetType=ip and currently registers 10.0.101.120 on port 9090, and it is healthy. Replacing an EC2 instance created with its own primary ENI typically results in a new ENI and a different private IP unless the ENI or private_ip is explicitly preserved, which is not indicated in the diffs. I found no planned changes to the target group or its target registration to update the IP. That creates a concrete mismatch: the target group will continue probing the old IP after the instance replacement, turning health checks unhealthy and likely firing alarms or disrupting any internal consumers of that health endpoint. Broader claims about OS/kernel, drivers, IAM profile, or VPC behavior are speculative here: the current AMI is arm64 and compatible with the instance type, the instance has no IAM instance profile, SGs/NACLs/route tables are unchanged, and nothing in the diffs indicates firewall or routing changes. Therefore I validate a narrower but real risk tied to the IP-registered target dependency.

✔ Hypothesis proven

EBS volume with DeleteOnTermination may be deleted on instance replacement, causing data loss

Observations 1

Hypothesis

Changing or replacing EC2 instance i-08da37b2839126955 may disrupt attached EBS volume vol-095ec3866f55d1547:

  • The volume is attached with DeleteOnTermination=true, so instance replacement or re-attachment workflows could delete the volume on termination of the existing instance.
  • Deletion or mis-attachment of this volume can cause irreversible data loss or downtime for services depending on data stored on vol-095ec3866f55d1547.

Investigation

I checked the planned change and the current state of the instance and volume. The instance i-08da37b2839126955 is being replaced due to an AMI update. The only attached EBS volume vol-095ec3866f55d1547 is the root device (/dev/xvda) with DeleteOnTermination=true. The volume record shows it was created from a snapshot (SnapshotId present) and attached as the root disk to this instance only. There are no additional data volumes attached to this instance. Deleting the old root volume during instance replacement is the expected behavior; a fresh root volume will be created for the new instance from the new AMI. There is no evidence that persistent application data lives on this root disk or that it is intended to be preserved across replacements. Therefore, the hypothesis of harmful data loss from DeleteOnTermination on this volume is not supported by the evidence.

✖ Hypothesis disproven

🔥 Risks

Instance replacement and EIP re-association will orphan NLB IP target 10.0.101.120, breaking health checks and routing ❗Medium Open Risk ↗
The EC2 instance backing the API is being replaced, which will tear down ENI eni-05ba243f7cdbf6015 and likely change its private IP. The Elastic IP 13.134.236.98 will be re-associated to the new ENI, restoring public reachability, but the internal NLB target group api-health-terraform-example is statically registered to 10.0.101.120:9090 and is not being updated.

After the change, the NLB will continue probing and routing to 10.0.101.120, which no longer fronts the API instance. Health checks will flip to unhealthy and traffic via the NLB will fail until the target group is updated to the new private IP or the instance retains 10.0.101.120.

Instance replacement will change private IP and break IP-registered NLB health target ❗Medium Open Risk ↗
The api-health-terraform-example NLB target group is registered by IP to the current instance at 10.0.101.120 on port 9090, and it is healthy now. Replacing the EC2 instance to a new AMI will create a new ENI and almost certainly a different private IP, but there is no corresponding change to update the target group’s registered IP.

After replacement, the target group will continue health-checking the stale IP, causing the target to become unhealthy and triggering alarms and any internal failover dependent on that health endpoint. This disrupts monitoring and any services relying on the NLB health check, even if the new instance itself is otherwise healthy.

🟣 Expected Changes

~ ec2-address › 13.134.236.98 
--- current
+++ proposed
@@ -9,5 +9,5 @@
   domain: vpc
   id: eipalloc-05a1609afb54e84ed
-  instance: i-08da37b2839126955
+  instance: (known after apply)
   ipam_pool_id: null
   network_border_group: eu-west-2
+/- ec2-instance › i-08da37b2839126955 
--- current
+++ proposed
@@ -2,60 +2,52 @@
 id: github.com/overmindtech/terraform-example.ec2-instance.module.api_access[0].aws_instance.api_server
 attributes:
-  ami: ami-03322ac39441c49ae
-  arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-08da37b2839126955
-  associate_public_ip_address: true
-  availability_zone: eu-west-2a
-  capacity_reservation_specification:
-    - capacity_reservation_preference: open
-  cpu_core_count: 2
-  cpu_options:
-    - core_count: 2
-      threads_per_core: 1
-  cpu_threads_per_core: 1
-  credit_specification:
-    - cpu_credits: unlimited
-  disable_api_stop: false
-  disable_api_termination: false
-  ebs_optimized: false
-  enable_primary_ipv6: null
-  enclave_options:
-    - enabled: false
+  ami: ami-091198e2f5f70f409
+  arn: (known after apply)
+  associate_public_ip_address: (known after apply)
+  availability_zone: (known after apply)
+  capacity_reservation_specification: (known after apply)
+  cpu_core_count: (known after apply)
+  cpu_options: (known after apply)
+  cpu_threads_per_core: (known after apply)
+  disable_api_stop: (known after apply)
+  disable_api_termination: (known after apply)
+  ebs_block_device: (known after apply)
+  ebs_optimized: (known after apply)
+  enable_primary_ipv6: (known after apply)
+  enclave_options: (known after apply)
+  ephemeral_block_device: (known after apply)
   get_password_data: false
-  hibernation: false
-  host_resource_group_arn: null
-  id: i-08da37b2839126955
-  instance_initiated_shutdown_behavior: stop
-  instance_state: running
+  hibernation: null
+  host_id: (known after apply)
+  host_resource_group_arn: (known after apply)
+  iam_instance_profile: (known after apply)
+  id: (known after apply)
+  instance_initiated_shutdown_behavior: (known after apply)
+  instance_lifecycle: (known after apply)
+  instance_market_options: (known after apply)
+  instance_state: (known after apply)
   instance_type: t4g.nano
-  ipv6_address_count: 0
-  maintenance_options:
-    - auto_recovery: default
-  metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 2
-      http_tokens: required
-      instance_metadata_tags: disabled
-  monitoring: false
-  placement_partition_number: 0
-  primary_network_interface_id: eni-05ba243f7cdbf6015
-  private_dns: ip-10-0-101-120.eu-west-2.compute.internal
-  private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-  private_ip: 10.0.101.120
-  public_dns: ec2-13-134-236-98.eu-west-2.compute.amazonaws.com
-  public_ip: 13.134.236.98
-  root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 3000
-      throughput: 125
-      volume_id: vol-095ec3866f55d1547
-      volume_size: 30
-      volume_type: gp3
+  ipv6_address_count: (known after apply)
+  ipv6_addresses: (known after apply)
+  key_name: (known after apply)
+  maintenance_options: (known after apply)
+  metadata_options: (known after apply)
+  monitoring: (known after apply)
+  network_interface: (known after apply)
+  outpost_arn: (known after apply)
+  password_data: (known after apply)
+  placement_group: (known after apply)
+  placement_partition_number: (known after apply)
+  primary_network_interface_id: (known after apply)
+  private_dns: (known after apply)
+  private_dns_name_options: (known after apply)
+  private_ip: (known after apply)
+  public_dns: (known after apply)
+  public_ip: (known after apply)
+  root_block_device: (known after apply)
+  secondary_private_ips: (known after apply)
+  security_groups: (known after apply)
   source_dest_check: true
+  spot_instance_request_id: (known after apply)
   subnet_id: subnet-07b5b1fb2ba02f964
   tags:
@@ -73,10 +62,10 @@
     Service: core-api
     Team: platform
-  tenancy: default
+  tenancy: (known after apply)
   terraform_address: module.api_access[0].aws_instance.api_server
   terraform_name: module.api_access[0].aws_instance.api_server
   timeouts: null
   user_data: 81da62125f9a922120a56e2408e5798a6cdef634
-  user_data_base64: null
+  user_data_base64: (known after apply)
   user_data_replace_on_change: true
   volume_tags: null

🟠 Unmapped Changes

+/- aws_lb_target_group_attachment › module.api_access[0].aws_lb_target_group_attachment.api_server_ip 
--- current
+++ proposed
@@ -3,8 +3,8 @@
 attributes:
   availability_zone: all
-  id: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/api-health-terraform-example/b062866b5f0bf0e0-20260122024423351300000002
+  id: (known after apply)
   port: 9090
   target_group_arn: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/api-health-terraform-example/b062866b5f0bf0e0
-  target_id: 10.0.101.120
+  target_id: (known after apply)
   terraform_address: module.api_access[0].aws_lb_target_group_attachment.api_server_ip
   terraform_name: module.api_access[0].aws_lb_target_group_attachment.api_server_ip
+ aws_sns_topic_subscription › module.api_access[0].aws_sns_topic_subscription.oncall_email 
--- current
+++ proposed
@@ -0,0 +1,22 @@
+type: aws_sns_topic_subscription
+id: github.com/overmindtech/terraform-example.aws_sns_topic_subscription.module.api_access[0].aws_sns_topic_subscription.oncall_email
+attributes:
+  arn: (known after apply)
+  confirmation_timeout_in_minutes: 1
+  confirmation_was_authenticated: (known after apply)
+  delivery_policy: null
+  endpoint: alerts@example.com
+  endpoint_auto_confirms: false
+  filter_policy: null
+  filter_policy_scope: (known after apply)
+  id: (known after apply)
+  owner_id: (known after apply)
+  pending_confirmation: (known after apply)
+  protocol: email
+  raw_message_delivery: false
+  redrive_policy: null
+  replay_policy: null
+  subscription_role_arn: null
+  terraform_address: module.api_access[0].aws_sns_topic_subscription.oncall_email
+  terraform_name: module.api_access[0].aws_sns_topic_subscription.oncall_email
+  topic_arn: arn:aws:sns:eu-west-2:540044833068:production-api-alerts

💥 Blast Radius

Items 72

Edges 224

github-actions[bot]
github-actions bot approved these changes Dec 12, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overmind

✅ Auto-Approved

🟢 Decision

Auto-approved: All safety checks passed

🔥 Risks Summary

High 0 · Medium 0 · Low 0

View full analysis in Overmind ↗

@renovate renovate bot force-pushed the renovate/next-themes-0.x branch from 9da0710 to 791681f Compare December 31, 2025 13:15
github-actions[bot]
github-actions bot requested changes Dec 31, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overmind

⛔ Auto-Blocked

🔴 Decision

Auto-blocked: Policy signal (-3) is below threshold (-2)

📊 Signals Summary

Policies 🔴 -3

🔥 Risks Summary

High 0 · Medium 0 · Low 0

View full analysis in Overmind ↗

@renovate renovate bot force-pushed the renovate/next-themes-0.x branch from 791681f to af341d7 Compare January 8, 2026 17:08
github-actions[bot]
github-actions bot requested changes Jan 8, 2026
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overmind

⛔ Auto-Blocked

🔴 Decision

Auto-blocked: Policy signal (-3) is below threshold (-2)

📊 Signals Summary

Policies 🔴 -3

🔥 Risks Summary

High 0 · Medium 0 · Low 0

View full analysis in Overmind ↗

@renovate renovate bot force-pushed the renovate/next-themes-0.x branch from af341d7 to 1c4f2cb Compare January 19, 2026 19:58
github-actions[bot]
github-actions bot requested changes Jan 19, 2026
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overmind

⛔ Auto-Blocked

🔴 Decision

Auto-blocked: Policy signal (-3) is below threshold (-2)

📊 Signals Summary

Policies 🔴 -3

🔥 Risks Summary

High 0 · Medium 0 · Low 0

View full analysis in Overmind ↗

@renovate renovate bot force-pushed the renovate/next-themes-0.x branch from 1c4f2cb to 7f8b713 Compare January 23, 2026 19:33
github-actions[bot]
github-actions bot requested changes Jan 23, 2026
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overmind

⛔ Auto-Blocked

🔴 Decision

Auto-blocked: Policy signal (-3) is below threshold (-2)

📊 Signals Summary

Policies 🔴 -3

Routine 🟢 +5

🔥 Risks Summary

High 0 · Medium 2 · Low 0

💥 Blast Radius

Items 72 · Edges 224

View full analysis in Overmind ↗

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

dependencies Renovatebot and dependabot updates frontend javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant