deps(example): bump the dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dependencies group with 5 updates in the /examples/nextjs-clerk-shield directory:

Package	From	To
@clerk/nextjs	6.12.12	6.14.1
@tailwindcss/postcss	4.0.17	4.1.3
@types/react	19.0.12	19.1.0
@types/react-dom	19.0.4	19.1.1
eslint-config-next	15.2.4	15.2.5

Updates @clerk/nextjs from 6.12.12 to 6.14.1

Release notes

Sourced from @​clerk/nextjs's releases.

@​clerk/nextjs@​6.14.1

Patch Changes

• Updated dependencies [f6f275d]:
  • @​clerk/backend@​1.27.1
  • @​clerk/types@​4.51.1
  • @​clerk/clerk-react@​5.26.1
  • @​clerk/shared@​3.4.1

@​clerk/nextjs@​6.14.0

Minor Changes

• Update useAuth to handle pending sessions as signed-out by default, with opt-out via useAuth({ treatPendingAsSignedOut: false }) or <ClerkProvider treatPendingAsSignedOut={false} /> (#5507) by @​LauraBeatris

• • Introduce auth().redirectToSignUp() that can be used in API routes and pages. Originally effort by @​sambarnes (#5533) by @​panteliselef

  import { clerkMiddleware } from '@clerk/nextjs/server';
  export default clerkMiddleware(async auth => {
  const { userId, redirectToSignUp } = await auth();
  if (!userId) {
  return redirectToSignUp();
  }
  });

• Added Content Security Policy (CSP) header generation functionality to clerkMiddleware with support for both standard and strict-dynamic modes. Key features: (#5493) by @​jacekradko

  • Automatic generation of CSP headers with default security policies compatible with Clerk requirements
  • Support for both standard and strict-dynamic CSP modes
  • Automatic nonce generation for strict-dynamic mode
  • Ability to add custom directives to match project requirements

  Example

  export default clerkMiddleware(
    async (auth, request) => {
      if (!isPublicRoute(request)) {
        await auth.protect();
      }
    },
    {
      contentSecurityPolicy: {
        mode: "strict-dynamic",
        directives: {
          "connect-src": ["external.api.com"],
          "script-src": ["external.scripts.com"]
        }
  

... (truncated)

Changelog

Sourced from @​clerk/nextjs's changelog.

6.14.1

Patch Changes

• Updated dependencies [f6f275d]:
  • @​clerk/backend@​1.27.1
  • @​clerk/types@​4.51.1
  • @​clerk/clerk-react@​5.26.1
  • @​clerk/shared@​3.4.1

6.14.0

Minor Changes

• Update useAuth to handle pending sessions as signed-out by default, with opt-out via useAuth({ treatPendingAsSignedOut: false }) or <ClerkProvider treatPendingAsSignedOut={false} /> (#5507) by @​LauraBeatris

• • Introduce auth().redirectToSignUp() that can be used in API routes and pages. Originally effort by @​sambarnes (#5533) by @​panteliselef

  import { clerkMiddleware } from '@clerk/nextjs/server';
  export default clerkMiddleware(async auth => {
  const { userId, redirectToSignUp } = await auth();
  if (!userId) {
  return redirectToSignUp();
  }
  });

• Added Content Security Policy (CSP) header generation functionality to clerkMiddleware with support for both standard and strict-dynamic modes. Key features: (#5493) by @​jacekradko

  • Automatic generation of CSP headers with default security policies compatible with Clerk requirements
  • Support for both standard and strict-dynamic CSP modes
  • Automatic nonce generation for strict-dynamic mode
  • Ability to add custom directives to match project requirements

  Example

  export default clerkMiddleware(
    async (auth, request) => {
      if (!isPublicRoute(request)) {
        await auth.protect();
      }
    },
    {
      contentSecurityPolicy: {
        mode: "strict-dynamic",
        directives: {
  

... (truncated)

Commits

• 64e0d55 ci(repo): Version packages (#5559)
• 9b0faec ci(repo): Version packages (#5524)
• 4e0dfdb feat(nextjs): Support auth().redirectToSignUp() (#5533)
• 2cceeba feat(nextjs): Add CSP in middleware (#5493)
• 6112420 chore(shared,vue,nextjs,astro,clerk-react): Update useAuth to handle pendin...
• f95de07 ci(repo): Version packages (#5466)
• fe065a9 feat(nextjs,astro,backend): Redirect to tasks on auth.protect and `auth.red...
• cd6ee92 feat(backend,react-router,nuxt,astro,nextjs,tanstack-react-start,express,fast...
• 7d5e361 chore(nextjs): Remove telemetry event from clerkMiddleware() (#5501)
• 747fd01 chore(nextjs): Update dependency next to v14.2.26 (#5477)
• Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.0.17 to 4.1.3

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.1.3

Fixed

• Show warning when using unsupported bare value data type in --value(…) (#17464)
• PostCSS: Ensure changes to the input CSS file don't generate stale output when using Turbopack (#17554)
• Ensure classes are detected in Ruby's %w syntax in Slim templates (#17557)

v4.1.2

Fixed

• Don't rely on the presence of @layer base to polyfill @property (#17506)
• Support setting multiple inset shadows as arbitrary values (#17523)
• Fix drop-shadow-* utilities that are defined with multiple shadows (#17515)
• PostCSS: Fix race condition when two changes are queued concurrently (#17514)
• PostCSS: Ensure files containing @tailwind utilities are processed (#17514)
• Ensure the color-mix(…) polyfill creates fallbacks even when using colors that cannot be statically analyzed (#17513)
• Fix slow incremental builds with @tailwindcss/vite and @tailwindcss/postscss (especially on Windows) (#17511)
• Vite: Fix missing CSS file in Qwik setups (#17533)

v4.1.1

Fixed

• Disable padding in @source inline(…) brace expansion (#17491)
• Inject polyfills after @import and body-less @layer (#17493)
• Ensure @tailwindcss/cli does not contain an import for jiti (#17502)

v4.1.0

Added

• Add details-content variant (#15319)
• Add inverted-colors variant (#11693)
• Add noscript variant (#11929, #17431)
• Add items-baseline-last and self-baseline-last utilities (#13888, #17476)
• Add pointer-none, pointer-coarse, and pointer-fine variants (#16946)
• Add any-pointer-none, any-pointer-coarse, and any-pointer-fine variants (#16941)
• Add safe alignment utilities (#14607)
• Add user-valid and user-invalid variants (#12370)
• Add wrap-anywhere, wrap-break-word, and wrap-normal utilities (#12128)
• Add @source inline(…) and @source not inline(…) (#17147)
• Add @source not "…" (#17255)
• Add text-shadow-* utilities (#17389)
• Add mask-* utilities (#17134)
• Add bg-{position,size}-* utilities for arbitrary values (#17432)
• Add shadow-*/<alpha>, inset-shadow-*/<alpha>, drop-shadow-*/<alpha>, and text-shadow-*/<alpha> utilities to control shadow opacity (#17398, #17434)
• Add drop-shadow-<color> utilities (#17434)
• Improve compatibility with older versions of Safari and Firefox (#17435)

Fixed

• Follow symlinks when resolving @source directives (#17391)

... (truncated)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.1.3] - 2025-04-04

Fixed

• Show warning when using unsupported bare value data type in --value(…) (#17464)
• PostCSS: Ensure changes to the input CSS file don't generate stale output when using Turbopack (#17554)
• Ensure classes are detected in Ruby's %w syntax in Slim templates (#17557)

[4.1.2] - 2025-04-03

Fixed

• Don't rely on the presence of @layer base to polyfill @property (#17506)
• Support setting multiple inset shadows as arbitrary values (#17523)
• Fix drop-shadow-* utilities that are defined with multiple shadows (#17515)
• PostCSS: Fix race condition when two changes are queued concurrently (#17514)
• PostCSS: Ensure files containing @tailwind utilities are processed (#17514)
• Ensure the color-mix(…) polyfill creates fallbacks even when using colors that cannot be statically analyzed (#17513)
• Fix slow incremental builds with @tailwindcss/vite and @tailwindcss/postscss (especially on Windows) (#17511)
• Vite: Fix missing CSS file in Qwik setups (#17533)

[4.1.1] - 2025-04-02

Fixed

• Disable padding in @source inline(…) brace expansion (#17491)
• Inject polyfills after @import and body-less @layer (#17493)
• Ensure @tailwindcss/cli does not contain an import for jiti (#17502)

[4.1.0] - 2025-04-01

Added

• Add details-content variant (#15319)
• Add inverted-colors variant (#11693)
• Add noscript variant (#11929, #17431)
• Add items-baseline-last and self-baseline-last utilities (#13888, #17476)
• Add pointer-none, pointer-coarse, and pointer-fine variants (#16946)
• Add any-pointer-none, any-pointer-coarse, and any-pointer-fine variants (#16941)
• Add safe alignment utilities (#14607)
• Add user-valid and user-invalid variants (#12370)
• Add wrap-anywhere, wrap-break-word, and wrap-normal utilities (#12128)
• Add @source inline(…) and @source not inline(…) (#17147)
• Add @source not "…" (#17255)
• Add text-shadow-* utilities (#17389)
• Add mask-* utilities (#17134)
• Add bg-{position,size}-* utilities for arbitrary values (#17432)
• Add shadow-*/<alpha>, inset-shadow-*/<alpha>, drop-shadow-*/<alpha>, and text-shadow-*/<alpha> utilities to control shadow opacity (#17398, #17434)
• Add drop-shadow-<color> utilities (#17434)
• Improve compatibility with older versions of Safari and Firefox (#17435)

... (truncated)

Commits

• 5a77c9d Prepare v4.1.3 release (#17563)
• e085977 PostCSS: Fix Turbopack 'one-revision-behind' bug (#17554)
• 4c99367 Prepare release v4.1.2 (#17530)
• 5a9d1f4 Fix test that relies on mtimes (#17529)
• 60b0da9 Polyfill: Fall back to first color value when color-mix(…) contains unresol...
• 81a676f Fix race condition in Next.js with --turbopack (#17514)
• 3e41e9f Replace currentColor with currentcolor (lowercase) (#17510)
• 4484192 Use @layer properties for @property polyfills (#17506)
• 6a0a3ec Prepare release v4.1.1 (#17503)
• 3c937ec Inject polyfills after @import and body-less @layer (#17493)
• Additional commits viewable in compare view

Updates @types/react from 19.0.12 to 19.1.0

Commits

• See full diff in compare view

Updates @types/react-dom from 19.0.4 to 19.1.1

Commits

• See full diff in compare view

Updates eslint-config-next from 15.2.4 to 15.2.5

Release notes

Sourced from eslint-config-next's releases.

v15.2.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Update swc_core and use rayon instead of chili (#77338)
• Update swc_core to v16.6.2 (#77194)
• Update swc_core to v16.6.0 (#77155)
• [og] fix vercel og build issue on windows (#77650)
• clean up useReducer code re dev indicator (#77354)
• [dev-overlay] ensure stripping overlay bundle in prod build (#76976)

Credits

Huge thanks to @​huozhi, @​gaojude and @​kdy1 for helping!

Commits

• 98a17f1 v15.2.5
• See full diff in compare view

Updates tailwindcss from 4.0.17 to 4.1.3

Release notes

Sourced from tailwindcss's releases.

v4.1.3

Fixed

• Show warning when using unsupported bare value data type in --value(…) (#17464)
• PostCSS: Ensure changes to the input CSS file don't generate stale output when using Turbopack (#17554)
• Ensure classes are detected in Ruby's %w syntax in Slim templates (#17557)

v4.1.2

Fixed

• Don't rely on the presence of @layer base to polyfill @property (#17506)
• Support setting multiple inset shadows as arbitrary values (#17523)
• Fix drop-shadow-* utilities that are defined with multiple shadows (#17515)
• PostCSS: Fix race condition when two changes are queued concurrently (#17514)
• PostCSS: Ensure files containing @tailwind utilities are processed (#17514)
• Ensure the color-mix(…) polyfill creates fallbacks even when using colors that cannot be statically analyzed (#17513)
• Fix slow incremental builds with @tailwindcss/vite and @tailwindcss/postscss (especially on Windows) (#17511)
• Vite: Fix missing CSS file in Qwik setups (#17533)

v4.1.1

Fixed

• Disable padding in @source inline(…) brace expansion (#17491)
• Inject polyfills after @import and body-less @layer (#17493)
• Ensure @tailwindcss/cli does not contain an import for jiti (#17502)

v4.1.0

Added

• Add details-content variant (#15319)
• Add inverted-colors variant (#11693)
• Add noscript variant (#11929, #17431)
• Add items-baseline-last and self-baseline-last utilities (#13888, #17476)
• Add pointer-none, pointer-coarse, and pointer-fine variants (#16946)
• Add any-pointer-none, any-pointer-coarse, and any-pointer-fine variants (#16941)
• Add safe alignment utilities (#14607)
• Add user-valid and user-invalid variants (#12370)
• Add wrap-anywhere, wrap-break-word, and wrap-normal utilities (#12128)
• Add @source inline(…) and @source not inline(…) (#17147)
• Add @source not "…" (#17255)
• Add text-shadow-* utilities (#17389)
• Add mask-* utilities (#17134)
• Add bg-{position,size}-* utilities for arbitrary values (#17432)
• Add shadow-*/<alpha>, inset-shadow-*/<alpha>, drop-shadow-*/<alpha>, and text-shadow-*/<alpha> utilities to control shadow opacity (#17398, #17434)
• Add drop-shadow-<color> utilities (#17434)
• Improve compatibility with older versions of Safari and Firefox (#17435)

Fixed

• Follow symlinks when resolving @source directives (#17391)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.1.3] - 2025-04-04

Fixed

• Show warning when using unsupported bare value data type in --value(…) (#17464)
• PostCSS: Ensure changes to the input CSS file don't generate stale output when using Turbopack (#17554)
• Ensure classes are detected in Ruby's %w syntax in Slim templates (#17557)

[4.1.2] - 2025-04-03

Fixed

• Don't rely on the presence of @layer base to polyfill @property (#17506)
• Support setting multiple inset shadows as arbitrary values (#17523)
• Fix drop-shadow-* utilities that are defined with multiple shadows (#17515)
• PostCSS: Fix race condition when two changes are queued concurrently (#17514)
• PostCSS: Ensure files containing @tailwind utilities are processed (#17514)
• Ensure the color-mix(…) polyfill creates fallbacks even when using colors that cannot be statically analyzed (#17513)
• Fix slow incremental builds with @tailwindcss/vite and @tailwindcss/postscss (especially on Windows) (#17511)
• Vite: Fix missing CSS file in Qwik setups (#17533)

[4.1.1] - 2025-04-02

Fixed

• Disable padding in @source inline(…) brace expansion (#17491)
• Inject polyfills after @import and body-less @layer (#17493)
• Ensure @tailwindcss/cli does not contain an import for jiti (#17502)

[4.1.0] - 2025-04-01

Added

• Add details-content variant (#15319)
• Add inverted-colors variant (#11693)
• Add noscript variant (#11929, #17431)
• Add items-baseline-last and self-baseline-last utilities (#13888, #17476)
• Add pointer-none, pointer-coarse, and pointer-fine variants (#16946)
• Add any-pointer-none, any-pointer-coarse, and any-pointer-fine variants (#16941)
• Add safe alignment utilities (#14607)
• Add user-valid and user-invalid variants (#12370)
• Add wrap-anywhere, wrap-break-word, and wrap-normal utilities (#12128)
• Add @source inline(…) and @source not inline(…) (#17147)
• Add @source not "…" (#17255)
• Add text-shadow-* utilities (#17389)
• Add mask-* utilities (#17134)
• Add bg-{position,size}-* utilities for arbitrary values (#17432)
• Add shadow-*/<alpha>, inset-shadow-*/<alpha>, drop-shadow-*/<alpha>, and text-shadow-*/<alpha> utilities to control shadow opacity (#17398, #17434)
• Add drop-shadow-<color> utilities (#17434)
• Improve compatibility with older versions of Safari and Firefox (#17435)

... (truncated)

Commits

• 5a77c9d Prepare v4.1.3 release (#17563)
• 2fd7c8d Show warning when using unsupported bare value data type (#17464)
• 4c99367 Prepare release v4.1.2 (#17530)
• 60b0da9 Polyfill: Fall back to first color value when color-mix(…) contains unresol...
• e45302b Fix drop shadow filters with multiple shadows (#17515)
• 3e41e9f Replace currentColor with currentcolor (lowercase) (#17510)
• 80f9578 Fix multi-value arbitrary inset shadow (#17523)
• 4484192 Use @layer properties for @property polyfills (#17506)
• 6a0a3ec Prepare release v4.1.1 (#17503)
• 3c937ec Inject polyfills after @import and body-less @layer (#17493)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[trunk-io]

😎 Merged successfully - details.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​clerk/​nextjs@​6.15.0

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report