chore(deps): bump the production-dependencies group across 1 directory with 40 updates

[dependabot]

Bumps the production-dependencies group with 40 updates in the / directory:

Package	From	To
@apollo/client	4.1.4	4.1.6
@aws-sdk/client-s3	3.975.0	3.1024.0
@aws-sdk/s3-request-presigner	3.1015.0	3.1024.0
@strapi/plugin-graphql	5.36.0	5.41.1
@strapi/plugin-users-permissions	5.36.0	5.41.1
@strapi/provider-upload-aws-s3	5.36.0	5.41.1
@strapi/strapi	5.36.0	5.41.1
dotenv	16.4.5	17.4.0
pg	8.18.0	8.20.0
react	18.3.1	19.2.4
react-dom	18.3.1	19.2.4
react-router-dom	6.30.3	7.14.0
styled-components	6.3.9	6.3.12
graphql	16.12.0	16.13.2
@mux/mux-node	9.0.1	12.8.1
@t3-oss/env-nextjs	0.13.10	0.13.11
lucide-react	0.577.0	1.7.0
next	15.5.14	16.2.2
openai	4.104.0	6.33.0
workflow	4.2.0-beta.70	4.2.0-beta.76
@react-navigation/native	7.1.33	7.2.2
@react-navigation/native-stack	7.14.4	7.14.10
expo	54.0.33	55.0.11
expo-blur	15.0.8	55.0.12
expo-linear-gradient	15.0.8	55.0.11
expo-status-bar	3.0.9	55.0.5
expo-updates	55.0.16	55.0.18
expo-video	3.0.16	55.0.13
react-native	0.81.5	0.84.1
react-native-safe-area-context	5.6.2	5.7.0
react-native-screens	4.16.0	4.24.0
react-native-svg	15.12.1	15.15.4
react-native-webview	13.15.0	13.16.1
@shopify/flash-list	2.0.2	2.3.1
expo-image	3.0.11	55.0.8
expo-router	6.0.23	55.0.10
react-markdown	9.1.0	10.1.0
@base-ui/react	1.2.0	1.3.0
shadcn	4.0.3	4.1.2
gql.tada	1.9.0	1.9.2

Updates @apollo/client from 4.1.4 to 4.1.6

Release notes

Sourced from @​apollo/client's releases.

@​apollo/client@​4.1.6

Patch Changes

• #13128 6c0b8e4 Thanks @​pavelivanov! - Fix useQuery hydration mismatch when ssr: false and skip: true are used together

  When both options were combined, the server would return loading: false (because useSSRQuery checks skip first), but the client's getServerSnapshot was returning ssrDisabledResult with loading: true, causing a hydration mismatch.

@​apollo/client@​4.1.5

Patch Changes

• #13155 3ba1583 Thanks @​jerelmiller! - Fix an issue where useQuery would poll with pollInterval when skip was initialized to true.

• #13135 fd42142 Thanks @​jerelmiller! - Fix issue where client.query would apply options from defaultOptions.watchQuery.

Changelog

Sourced from @​apollo/client's changelog.

4.1.6

Patch Changes

• #13128 6c0b8e4 Thanks @​pavelivanov! - Fix useQuery hydration mismatch when ssr: false and skip: true are used together

  When both options were combined, the server would return loading: false (because useSSRQuery checks skip first), but the client's getServerSnapshot was returning ssrDisabledResult with loading: true, causing a hydration mismatch.

4.1.5

Patch Changes

• #13155 3ba1583 Thanks @​jerelmiller! - Fix an issue where useQuery would poll with pollInterval when skip was initialized to true.

• #13135 fd42142 Thanks @​jerelmiller! - Fix issue where client.query would apply options from defaultOptions.watchQuery.

Commits

• 1f6decb Version Packages (#13160)
• 7bb2071 fix(useQuery): prevent hydration mismatch when ssr: false and skip: true are ...
• ca88f33 update jest config again 🤦
• 355900a ignore test for React 17
• 40e5706 revert file to state on main
• 5cae14d Merge branch 'main' into fix/prevent-hydration-mismatch
• 3b6278d change test
• fc3d8cc roll back, change logic in useQuery, end to end test
• 31f3f9a format
• 67578d8 Apply suggestion from @​phryneas
• Additional commits viewable in compare view

Updates @aws-sdk/client-s3 from 3.975.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

v3.1023.0

3.1023.0(2026-04-02)

Documentation Changes

• client-geo-places: This release updates API reference documentation for Amazon Location Service Places APIs to reflect regional restrictions for Grab Maps users in ReverseGeocode, Suggest, SearchText, and GetPlace operations (f60237d7)

New Features

• clients: update client endpoints as of 2026-04-02 (b5ffded0)
• client-gamelift: Amazon GameLift Servers now includes a ComputeName field in game session API responses, making it easier to identify which compute is hosting a game session without cross-referencing IP addresses. (9eb2723f)
• client-connect: Include CUSTOMER to evaluation target and participant role. Support Korean, Japanese and Simplified Chinese in evaluation forms. (69be1448)
• client-bedrock-data-automation: Data Automation Library is a BDA capability that lets you create reusable entity resources to improve extraction accuracy. Libraries support Custom Vocabulary entities that enhance speech recognition for audio and video content with domain-specific terminology shared across projects (b7560ab1)
• client-pricing: This release increases the MaxResults parameter of the GetAttributeValues API from 100 to 10000. (f3944601)
• client-cloudwatch: CloudWatch now supports OTel enrichment to make vended metrics for supported AWS resources queryable via PromQL with resource ARN and tag labels, and PromQL alarms for metrics ingested via the OTLP endpoint with multi-contributor evaluation. (c34638a1)
• client-bedrock-agentcore-control: Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (3bf4e650)
• client-bedrock-runtime: Relax ToolUseId pattern to allow dots and colons (2837c477)
• client-appstream: Amazon WorkSpaces Applications now supports drain mode for instances in multi-session fleets. This capability allows administrators to instruct individual fleet instances to stop accepting new user sessions while allowing existing sessions to continue uninterrupted. (3644b4c1)
• client-cloudwatch-logs: We are pleased to announce that our logs transformation csv processor now has a destination field, allowing you to specify under which parent node parsed columns be placed under. (d3d6f2bb)
• client-deadline: AWS Deadline Cloud now supports configurable scheduling on each queue. The scheduling configuration controls how workers are distributed across jobs. (522c454c)

---

For list of updated packages, view updated-packages.md in assets-3.1023.0.zip

v3.1022.0

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1023.0 (2026-04-02)

Note: Version bump only for package @​aws-sdk/client-s3

3.1022.0 (2026-04-01)

Note: Version bump only for package @​aws-sdk/client-s3

3.1021.0 (2026-03-31)

Bug Fixes

• codegen: sync for adaptive retry throttling detection fix (#7905) (03f108d)

Features

• client-s3: Add Bucket Metrics configuration support to directory buckets (67ff7cc)

3.1020.0 (2026-03-30)

Note: Version bump only for package @​aws-sdk/client-s3

3.1019.0 (2026-03-27)

... (truncated)

Commits

• 99bf9fc Publish v3.1024.0
• 34e7b07 Publish v3.1023.0
• e7e636a Publish v3.1022.0
• 86db170 Publish v3.1021.0
• 67ff7cc feat(client-s3): Add Bucket Metrics configuration support to directory buckets
• 03f108d fix(codegen): sync for adaptive retry throttling detection fix (#7905)
• 15cfc71 Publish v3.1020.0
• c702a75 chore(codegen): update smithy package versions (#7903)
• 7f8c031 chore(codegen): differentiate type imports (#7897)
• a84cde6 Publish v3.1019.0
• Additional commits viewable in compare view

Updates @aws-sdk/s3-request-presigner from 3.1015.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

v3.1023.0

3.1023.0(2026-04-02)

Documentation Changes

• client-geo-places: This release updates API reference documentation for Amazon Location Service Places APIs to reflect regional restrictions for Grab Maps users in ReverseGeocode, Suggest, SearchText, and GetPlace operations (f60237d7)

New Features

• clients: update client endpoints as of 2026-04-02 (b5ffded0)
• client-gamelift: Amazon GameLift Servers now includes a ComputeName field in game session API responses, making it easier to identify which compute is hosting a game session without cross-referencing IP addresses. (9eb2723f)
• client-connect: Include CUSTOMER to evaluation target and participant role. Support Korean, Japanese and Simplified Chinese in evaluation forms. (69be1448)
• client-bedrock-data-automation: Data Automation Library is a BDA capability that lets you create reusable entity resources to improve extraction accuracy. Libraries support Custom Vocabulary entities that enhance speech recognition for audio and video content with domain-specific terminology shared across projects (b7560ab1)
• client-pricing: This release increases the MaxResults parameter of the GetAttributeValues API from 100 to 10000. (f3944601)
• client-cloudwatch: CloudWatch now supports OTel enrichment to make vended metrics for supported AWS resources queryable via PromQL with resource ARN and tag labels, and PromQL alarms for metrics ingested via the OTLP endpoint with multi-contributor evaluation. (c34638a1)
• client-bedrock-agentcore-control: Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (3bf4e650)
• client-bedrock-runtime: Relax ToolUseId pattern to allow dots and colons (2837c477)
• client-appstream: Amazon WorkSpaces Applications now supports drain mode for instances in multi-session fleets. This capability allows administrators to instruct individual fleet instances to stop accepting new user sessions while allowing existing sessions to continue uninterrupted. (3644b4c1)
• client-cloudwatch-logs: We are pleased to announce that our logs transformation csv processor now has a destination field, allowing you to specify under which parent node parsed columns be placed under. (d3d6f2bb)
• client-deadline: AWS Deadline Cloud now supports configurable scheduling on each queue. The scheduling configuration controls how workers are distributed across jobs. (522c454c)

---

For list of updated packages, view updated-packages.md in assets-3.1023.0.zip

v3.1022.0

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1023.0 (2026-04-02)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1022.0 (2026-04-01)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1021.0 (2026-03-31)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1020.0 (2026-03-30)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1019.0 (2026-03-27)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1018.0 (2026-03-26)

... (truncated)

Commits

• 99bf9fc Publish v3.1024.0
• 34e7b07 Publish v3.1023.0
• e7e636a Publish v3.1022.0
• 86db170 Publish v3.1021.0
• 15cfc71 Publish v3.1020.0
• c702a75 chore(codegen): update smithy package versions (#7903)
• a84cde6 Publish v3.1019.0
• a3a34e3 Publish v3.1018.0
• 32dfe7f Publish v3.1017.0
• 7ca64d5 Publish v3.1016.0
• See full diff in compare view

Updates @strapi/plugin-graphql from 5.36.0 to 5.41.1

Release notes

Sourced from @​strapi/plugin-graphql's releases.

v5.41.1

5.41.1 (2026-04-01)

🔥 Bug fix

• load inquirer async (043798dbe8)

❤️ Thank You

• Ben Irvin

v5.41.0

5.41.0 (2026-04-01)

🔥 Bug fix

• use strapi.fetch for remote uploads (#25661)
• Content types with attributes named filters, sort, fields, or populate no longer cause 400 validation errors on populate queries and countDraftRelations (#21338, #25762)
• check devDependencies when resolving required admin deps (#22130)
• use max batch sizes per dialect (#25390)
• content-type-builder: default draftAndPublish to true in AI CTB (#25781)
• document-service: re-insert cascade-deleted bidirectional relations (#25725)
• graphql: expose status and hasPublishedVersion on non–D&P root queries for nested relations (#25763)
• homepage: render widgets progressively and batch permission checks (#25846)
• upload: allow removal of file type filter in media library (#25399)
• upload: row duplicate-key warning (#25670)
• upload: allow upload of files with empty MIME type (#25844)

⚙️ Chore

• deps: bump undici from 6.23.0 to 6.24.0 (#25731)
• deps: bump effect from 3.19.19 to 3.21.0 (#25796)
• scripts/check-package-versions: support Yarn catalog (#25625)

💅 Enhancement

• add customField parameter to extendFields (#22521)
• content-manager: add documentid in listview and editview (#25759)

🚨 Security

• package upgrades to remove deprecated versions of boolean, tar, and glob (#25776)

❤️ Thank You

• Adrien Foulon @​Tofandel
• akash-dabhi-qed @​akash-dabhi-qed
• Bassel Kanso @​Bassel17
• Ben Irvin
• Daniil Barkov @​giollord

... (truncated)

Commits

• 5ae36e3 release: 5.41.1
• 967175a release: 5.41.0
• ba17962 release: 5.40.0
• e1cdebd release: 5.40.0
• d708498 fix(graphql): expose status and hasPublishedVersion on non–D&P root queries f...
• ea3b700 Merge branch 'main' into develop
• 243c96f release: 5.39.0
• cd12da7 release: 5.38.1
• a0a1865 chore: use https instead of git url in package.repository.url (#25698)
• f2a8048 chore: update package metadata (#25599)
• Additional commits viewable in compare view

Updates @strapi/plugin-users-permissions from 5.36.0 to 5.41.1

Release notes

Sourced from @​strapi/plugin-users-permissions's releases.

v5.41.1

5.41.1 (2026-04-01)

🔥 Bug fix

• load inquirer async (043798dbe8)

❤️ Thank You

• Ben Irvin

v5.41.0

5.41.0 (2026-04-01)

🔥 Bug fix

• use strapi.fetch for remote uploads (#25661)
• Content types with attributes named filters, sort, fields, or populate no longer cause 400 validation errors on populate queries and countDraftRelations (#21338, #25762)
• check devDependencies when resolving required admin deps (#22130)
• use max batch sizes per dialect (#25390)
• content-type-builder: default draftAndPublish to true in AI CTB (#25781)
• document-service: re-insert cascade-deleted bidirectional relations (#25725)
• graphql: expose status and hasPublishedVersion on non–D&P root queries for nested relations (#25763)
• homepage: render widgets progressively and batch permission checks (#25846)
• upload: allow removal of file type filter in media library (#25399)
• upload: row duplicate-key warning (#25670)
• upload: allow upload of files with empty MIME type (#25844)

⚙️ Chore

• deps: bump undici from 6.23.0 to 6.24.0 (#25731)
• deps: bump effect from 3.19.19 to 3.21.0 (#25796)
• scripts/check-package-versions: support Yarn catalog (#25625)

💅 Enhancement

• add customField parameter to extendFields (#22521)
• content-manager: add documentid in listview and editview (#25759)

🚨 Security

• package upgrades to remove deprecated versions of boolean, tar, and glob (#25776)

❤️ Thank You

• Adrien Foulon @​Tofandel
• akash-dabhi-qed @​akash-dabhi-qed
• Bassel Kanso @​Bassel17
• Ben Irvin
• Daniil Barkov @​giollord

... (truncated)

Commits

• 5ae36e3 release: 5.41.1
• 967175a release: 5.41.0
• 353a86a security: package upgrades to remove deprecated versions of boolean, tar, and...
• e1cdebd release: 5.40.0
• ea3b700 Merge branch 'main' into develop
• 243c96f release: 5.39.0
• cd12da7 release: 5.38.1
• a0a1865 chore: use https instead of git url in package.repository.url (#25698)
• f2a8048 chore: update package metadata (#25599)
• 12c801d chore: upgrade koa to 20.8.4 and minimatch to 10.2.4 (#25624)
• Additional commits viewable in compare view

Updates @strapi/provider-upload-aws-s3 from 5.36.0 to 5.41.1

Release notes

Sourced from @​strapi/provider-upload-aws-s3's releases.

v5.41.1

5.41.1 (2026-04-01)

🔥 Bug fix

• load inquirer async (043798dbe8)

❤️ Thank You

• Ben Irvin

v5.41.0

5.41.0 (2026-04-01)

🔥 Bug fix

• use strapi.fetch for remote uploads (#25661)
• Content types with attributes named filters, sort, fields, or populate no longer cause 400 validation errors on populate queries and countDraftRelations (#21338, #25762)
• check devDependencies when resolving required admin deps (#22130)
• use max batch sizes per dialect (#25390)
• content-type-builder: default draftAndPublish to true in AI CTB (#25781)
• document-service: re-insert cascade-deleted bidirectional relations (#25725)
• graphql: expose status and hasPublishedVersion on non–D&P root queries for nested relations (#25763)
• homepage: render widgets progressively and batch permission checks (#25846)
• upload: allow removal of file type filter in media library (#25399)
• upload: row duplicate-key warning (#25670)
• upload: allow upload of files with empty MIME type (#25844)

⚙️ Chore

• deps: bump undici from 6.23.0 to 6.24.0 (#25731)
• deps: bump effect from 3.19.19 to 3.21.0 (#25796)
• scripts/check-package-versions: support Yarn catalog (#25625)

💅 Enhancement

• add customField parameter to extendFields (#22521)
• content-manager: add documentid in listview and editview (#25759)

🚨 Security

• package upgrades to remove deprecated versions of boolean, tar, and glob (#25776)

❤️ Thank You

• Adrien Foulon @​Tofandel
• akash-dabhi-qed @​akash-dabhi-qed
• Bassel Kanso @​Bassel17
• Ben Irvin
• Daniil Barkov @​giollord

... (truncated)

Commits

• 5ae36e3 release: 5.41.1
• 967175a release: 5.41.0
• e1cdebd release: 5.40.0
• ea3b700 Merge branch 'main' into develop
• 243c96f release: 5.39.0
• cd12da7 release: 5.38.1
• a0a1865 chore: use https instead of git url in package.repository.url (#25698)
• f2a8048 chore: update package metadata (#25599)
• 29f5741 release: 5.38.0
• e7bb15d release: 5.37.1
• Additional commits viewable in compare view

Updates @strapi/strapi from 5.36.0 to 5.41.1

Release notes

Sourced from @​strapi/strapi's releases.

v5.41.1

5.41.1 (2026-04-01)

🔥 Bug fix

• load inquirer async (043798dbe8)

❤️ Thank You

• Ben Irvin

v5.41.0

5.41.0 (2026-04-01)

🔥 Bug fix

• use strapi.fetch for remote uploads (#25661)
• Content types with attributes named filters, sort, fields, or populate no longer cause 400 validation errors on populate queries and countDraftRelations (#21338, #25762)
• check devDependencies when resolving required admin deps (#22130)
• use max batch sizes per dialect (#25390)
• content-type-builder: default draftAndPublish to true in AI CTB (#25781)
• document-service: re-insert cascade-deleted bidirectional relations (#25725)
• graphql: expose status and hasPublishedVersion on non–D&P root queries for nested relations (#25763)
• homepage: render widgets progressively and batch permission checks (#25846)
• upload: allow removal of file type filter in media library (#25399)
• upload: row duplicate-key warning (#25670)
• upload: allow upload of files with empty MIME type (#25844)

⚙️ Chore

• deps: bump undici from 6.23.0 to 6.24.0 (#25731)
• deps: bump effect from 3.19.19 to 3.21.0 (#25796)
• scripts/check-package-versions: support Yarn catalog (#25625)

💅 Enhancement

• add customField parameter to extendFields (#22521)
• content-manager: add documentid in listview and editview (#25759)

🚨 Security

• package upgrades to remove deprecated versions of boolean, tar, and glob (#25776)

❤️ Thank You

• Adrien Foulon @​Tofandel
• akash-dabhi-qed @​akash-dabhi-qed
• Bassel Kanso @​Bassel17
• Ben Irvin
• Daniil Barkov @​giollord

... (truncated)

Commits

• 5ae36e3 release: 5.41.1
• 043798d fix: load inquirer async
• 967175a release: 5.41.0
• 353a86a security: package upgrades to remove deprecated versions of boolean, tar, and...
• b487698 fix: check devDependencies when resolving required admin deps (#22130)
• e1cdebd release: 5.40.0
• ea3b700 Merge branch 'main' into develop
• 243c96f release: 5.39.0
• cd12da7 release: 5.38.1
• a0a1865 chore: use https instead of git url in package.repository.url (#25698)
• Additional commits viewable in compare view

Updates dotenv from 16.4.5 to 17.4.0

Changelog

Sourced from dotenv's changelog.

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

... (truncated)

Commits

• a2e31d6 17.4.0
• 4f041ee changelog 🪵
• bab8b98 README
• 516d47e update
• ce9b98f adjust quickstart
• d3a9065 update links
• 9a3f955 add banner
• d35b6a9 clean up
• a115e3a remove version
• 185e641 hide as2 for now - very early beta
• Additional commits viewable in compare view

Updates pg from 8.18.0 to 8.20.0

Changelog

Sourced from pg's changelog.

pg@8.20.0

• Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

pg@8.19.0

• Deprecate interal query queue.
• Pass connection parameters to password callback.

Commits

• c9070cc Publish
• ad36e3c fix: typo in deprecation notice for client.query() (#3618)
• f2d7d11 Publish
• 5a4bafc Deprecate Client's internal query queue (#3603)
• a215bfb Typo fix in PgPass deprecation (funciton) (#3605)
• 01e0556 fix(pg-query-stream): invoke this.callback on cursor end/error (#2810)
• e6e3692 Pass connection parameters to password callback (#3602)
• d80d883 test: Fix TLS connection test ending too early
• f332f28 fix: Connection timeout handling for native clients in connected state (#3512)
• b2e9cb1 Remove testAsync - its redundant (#3588)
• Additional commits viewable in compare view

Updates react from 18.3.1 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.