Merge pull request #28 from Dargon789/Dargon789-patch-2

[Dargon789]

Summary by Sourcery

Update project dependencies to newer stable and beta releases across runtime and tooling packages.

Build:

• Bump Next.js, React, NextAuth, and related UI/form libraries to newer versions in package.json.
• Upgrade Playwright test runner, Sass, and React type definitions in development dependencies.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
arcjet-example	Error		Feb 7, 2026 3:47am
arcjet-example-pvhg	Error		Feb 7, 2026 3:47am

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR updates various runtime and dev-time dependencies to newer minor/patch/beta versions, aligning Next/React, Arcjet-related packages, form/validation libraries, and tooling versions, with corresponding lockfile changes.

Flow diagram for build and test tooling after dependency updates

flowchart TD
  Dev["Developer"] --> NpmInstall["npm install (uses updated package-lock.json)"]

  NpmInstall --> Ts["TypeScript 5.9.3"]
  NpmInstall --> Sass["sass 1.97.3"]
  NpmInstall --> TypesReact["@types/react 19.2.13"]
  NpmInstall --> TypesReactDOM["@types/react-dom 19.2.3"]
  NpmInstall --> TypesNode["@types/node 22.16.3"]
  NpmInstall --> Playwright["@playwright/test 1.58.2"]

  Dev --> BuildCmd["npm run build"]
  BuildCmd --> NextBuild["next build (16.1.6)"]
  NextBuild --> Ts
  NextBuild --> Sass

  Dev --> TestCmd["npm run test:run"]
  TestCmd --> Playwright

Loading

File-Level Changes

Change	Details	Files
Upgrade Arcjet and related Next integration packages to the 1.1.0 release line.	Bump @arcjet/decorate from 1.0.0-beta.9 to 1.1.0. Bump @arcjet/env from 1.0.0-beta.9 to 1.1.0. Bump @arcjet/ip from 1.0.0-beta.9 to 1.1.0. Bump @arcjet/next from 1.0.0-beta.9 to 1.1.0. Bump @nosecone/next from 1.0.0-beta.9 to 1.1.0.	package.json package-lock.json
Refresh core framework and UI-related dependencies to newer compatible versions.	Bump next from 16.0.10 to 16.1.6. Bump next-auth from 5.0.0-beta.29 to 5.0.0-beta.30. Bump react from 19.2.0 to 19.2.4. Bump react-dom from 19.1.0 to 19.2.4. Update font packages (@fontsource-variable/figtree and @fontsource/ibm-plex-mono) to latest 5.2.x releases. Bump @oddbird/css-anchor-positioning from 0.6.1 to 0.8.0.	package.json package-lock.json
Update form handling, validation, and related types/tooling to newer minor/patch versions.	Bump @hookform/resolvers from 5.1.1 to 5.2.2. Bump react-hook-form from 7.60.0 to 7.71.1. Bump zod from 4.2.1 to 4.3.6. Bump @playwright/test from 1.55.1 to 1.58.2. Bump @types/react from 19.1.8 to 19.2.13. Bump @types/react-dom from 19.1.6 to 19.2.3. Bump sass from 1.89.2 to 1.97.3.	package.json package-lock.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request primarily focuses on updating and synchronizing project dependencies. It brings several key libraries like Next.js, React, and various Arcjet packages to their latest versions, ensuring the project benefits from the newest features, performance improvements, and security patches. Additionally, it introduces new modules and streamlines the dependency graph by removing unused packages.

Highlights

• Core Dependency Updates: Key libraries such as Next.js, React, React DOM, React Hook Form, and Zod have been updated to their latest versions, bringing new features and improvements.
• Arcjet Ecosystem Upgrade: All @arcjet related packages have been upgraded to version 1.1.0, and their minimum Node.js engine requirement has been raised from >=18 to >=20.
• New Dependencies: The project now includes @arcjet/body and baseline-browser-mapping as new dependencies.
• Dependency Streamlining: The undici and @fastify/busboy packages have been removed from the dependency tree, simplifying the project's dependencies.

Changelog

• package-lock.json
  • Synchronized all dependency versions with package.json updates.
  • Added new package @arcjet/body version 1.1.0.
  • Added new package baseline-browser-mapping version 2.9.19.
  • Updated Node.js engine requirement for several @arcjet packages from >=18 to >=20.
  • Updated @bufbuild/protobuf to 2.11.0.
  • Updated @connectrpc/connect to 2.1.1.
  • Removed @fastify/busboy and undici packages.
  • Updated @floating-ui/core to 1.7.4.
  • Updated @floating-ui/dom to 1.7.5.
  • Updated @types/css-tree to 2.3.11.
  • Updated nanoid to 5.1.6.
  • Updated scheduler to 0.27.0.
  • Removed peer: true and dev: true flags for various dependencies, streamlining lock file entries.
• package.json
  • Updated @arcjet/decorate, @arcjet/env, @arcjet/ip, @arcjet/next, @nosecone/next to 1.1.0.
  • Updated @fontsource-variable/figtree to 5.2.10.
  • Updated @fontsource/ibm-plex-mono to 5.2.7.
  • Updated @hookform/resolvers to 5.2.2.
  • Updated @oddbird/css-anchor-positioning to 0.8.0.
  • Updated next to 16.1.6.
  • Updated next-auth to 5.0.0-beta.30.
  • Updated react to 19.2.4.
  • Updated react-dom to 19.2.4.
  • Updated react-hook-form to 7.71.1.
  • Updated zod to 4.3.6.
  • Updated @playwright/test to 1.58.2.
  • Updated @types/react to 19.2.13.
  • Updated @types/react-dom to 19.2.3.
  • Updated sass to 1.97.3.

Activity

• No specific human activity (comments, reviews, approvals) was recorded for this pull request. It appears to be an automated dependency update.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request updates many dependencies to newer versions, including moving some from beta to stable releases, which is great. However, I've noticed some potentially problematic changes in package-lock.json that appear to be side effects of the update process, possibly due to a change in the npm version used to generate the lockfile. Specifically, "dev": true flags have been removed from many transitive development dependencies, which could lead to them being included in production builds. Also, "peer": true flags have been removed for several packages that are peer dependencies, such as react, react-dom, and sass, which could affect dependency resolution. I've added specific comments on these points in package-lock.json.

[gemini-code-assist]

The "peer": true flag has been removed for react. react is a peer dependency for many other packages in this project (e.g., react-dom, next, react-hook-form). Removing this flag from the lockfile can lead to dependency resolution issues or multiple versions of React being installed, which causes hard-to-debug errors. The lockfile should be corrected to reflect that react is a peer dependency.

[gemini-code-assist]

Similar to react, the "peer": true flag has been removed for react-dom. This is also a peer dependency for other packages and should be kept in sync with react. This change can cause issues. The lockfile should be corrected to mark react-dom as a peer dependency.