chore(deps): bump the production-dependencies group with 5 updates

[dependabot]

Bumps the production-dependencies group with 5 updates:

Package	From	To
@octokit/rest	21.1.1	22.0.1
better-sqlite3	12.10.0	12.10.1
lucide-react	1.17.0	1.18.0
react-hook-form	7.78.0	7.79.0
sharp	0.34.5	0.35.1

Updates @octokit/rest from 21.1.1 to 22.0.1

Release notes

Sourced from @​octokit/rest's releases.

v22.0.1

22.0.1 (2025-10-31)

Bug Fixes

• deps: update octokit monorepo (major) (#538) (ded2f17)

v22.0.0

22.0.0 (2025-05-25)

Bug Fixes

• deps: update octokit monorepo (major) (#504) (77530ab)

BREAKING CHANGES

• deps: Drop support for NodeJS v18
• deps: Remove deprecated Projects endpoints
• deps: Remove deprecated Copilot usage metrics endpoints

Commits

• daa3ec9 ci(action): update actions/setup-node action to v6 (#534)
• 1dec0c7 ci(action): update peter-evans/create-or-update-comment action to v5 (#531)
• ded2f17 fix(deps): update octokit monorepo (major) (#538)
• 0e0eaea chore(deps): update dependency @​types/node to v24 (#537)
• c04acc8 chore(deps): update vitest monorepo to v4 (major) (#536)
• e6dd306 chore(deps): update dependency undici to v7 (#474)
• 5f380d0 build(deps-dev): Bump form-data from 4.0.2 to 4.0.4 in /docs (#520)
• dc6827d build(deps-dev): Bump tar-fs from 2.1.2 to 2.1.3 in /docs (#516)
• 77530ab fix(deps): update octokit monorepo (major) (#504)
• d07b719 build(deps): Bump vite from 6.2.5 to 6.3.4 (#509)
• Additional commits viewable in compare view

Updates better-sqlite3 from 12.10.0 to 12.10.1

Release notes

Sourced from better-sqlite3's releases.

v12.10.1

What's Changed

• Bump the github-actions group across 1 directory with 4 updates by @​dependabot[bot] in WiseLibs/better-sqlite3#1451
• Fix V8 external API usage for Electron 42 by @​tstone-1 in WiseLibs/better-sqlite3#1475

Full Changelog: WiseLibs/better-sqlite3@v12.10.0...v12.10.1

Commits

• da6152c 12.10.1
• 5bb63a2 Fix V8 external API usage for Electron 42 (#1475)
• ca60e36 Bump the github-actions group across 1 directory with 4 updates (#1451)
• f93f490 Update SQLite to version 3.53.2 (#1483)
• See full diff in compare view

Updates lucide-react from 1.17.0 to 1.18.0

Release notes

Sourced from lucide-react's releases.

Version 1.18.0

What's Changed

• chore(site): Remove survey from site by @​ericfennis in lucide-icons/lucide#4417
• feat(icons): added play-off icon by @​Ahmed-Dghaies in lucide-icons/lucide#4412
• fix(metadata): add missing use-cases prop on play-off.json by @​karsa-mistmere in lucide-icons/lucide#4423
• fix(docs): force hide #bb-banner, if html.has-bb-banner is missing by @​karsa-mistmere in lucide-icons/lucide#4422
• fix(docs): Remove @next from installation instructions for@lucide/svelte by @​alecglassford in lucide-icons/lucide#4432
• feat(packages/angular): add support for Angular v22 and onwards by @​karsa-mistmere in lucide-icons/lucide#4450
• fix(ci): add check to skip release if latest tag was created today by @​ericfennis in lucide-icons/lucide#4085
• feat(icons): added webcam-off icon by @​jordan-burnett in lucide-icons/lucide#4242

New Contributors

• @​alecglassford made their first contribution in lucide-icons/lucide#4432
• @​jordan-burnett made their first contribution in lucide-icons/lucide#4242

Full Changelog: lucide-icons/lucide@1.17.0...1.18.0

Commits

• See full diff in compare view

Updates react-hook-form from 7.78.0 to 7.79.0

Release notes

Sourced from react-hook-form's releases.

Version 7.79.0

🚷 feat: use field array disabled (#13520)

useFieldArray({ disabled, name: 'test' })

🐞 fix controller onChange promise (#13518) 🐞 fix: track visited pairs in deepEqual to avoid false positives with shared object references (#13515) 🐞 fix #12651 issue: field validation with shouldUseNativeValidation does not behave native like for radio groups (#13512) 🐞 fix #12754 createFormControl breaks with fast refresh in dev mode (#13511) 🐞 close #12709 #12750 StrictMode would remove field value & get mounted again (#13508) 🐞 fix #13505 issue: In v8 with React compiler, a change in formState errors does not cause child components to re-render (#13510)

thanks to @​DucMinhNe & @​louzhedong

Changelog

Sourced from react-hook-form's changelog.

[7.79.0] - 2026-06-13

Added

• disabled option to useFieldArray

Fixed

• Controller onChange promise return type
• deepEqual false positives with shared object references
• shouldUseNativeValidation behavior for radio groups
• createFormControl stability with fast refresh in dev mode
• StrictMode value preservation during remount
• formState.errors reactivity with React compiler

Commits

• 3f1d2bd 7.79.0
• c344c4f 📖 update changelog v7.78.0
• 351a958 🏟️ build(deps): bump joi from 17.13.3 to 18.2.1 in /app (#13521)
• e3d8172 🚷 feat: use field array disabled (#13520)
• 00f6c28 🐞 fix controller onChange promise (#13518)
• a338076 🚷 feat: add disabled option to useFieldArray (#13519)
• a2a3c9c 🐞 fix: track visited pairs in deepEqual to avoid false positives with shared ...
• 1e00a1b 🐞 fix #12651 issue: field validation with shouldUseNativeValidation does not ...
• bb2ce17 🐞 fix #12754 createFormControl breaks with fast refresh in dev mode (#13511)
• b377376 🐞 close #12709 #12750 StrictMode would remove field value & get mounted again...
• Additional commits viewable in compare view

Updates sharp from 0.34.5 to 0.35.1

Release notes

Sourced from sharp's releases.

v0.35.1

• TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.1

• TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.0

• TypeScript: Ensure type definitions are published #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.0

• Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

• Breaking: Remove install script from package.json file. Compiling from source is now opt-in via the build script.

• Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

• Breaking: Add limitInputChannels with a default value of 5.

• Breaking: Remove deprecated failOnError constructor property.

• Breaking: Remove deprecated paletteBitDepth from metadata response.

• Breaking: Remove deprecated properties from sharpen operation.

• Breaking: Rename format.jp2k as format.jp2 for API consistency.

• Upgrade to libvips v8.18.3 for upstream bug fixes.

• Remove experimental status from WebAssembly binaries.

• Add prebuilt binaries for FreeBSD (WebAssembly).

• Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

• Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

• Add AVIF/HEIF tune option for control over quality metrics.

... (truncated)

Commits

• d781a2d Release v0.35.1
• 84fa853 Prerelease v0.35.1-rc.1
• 21263c3 TypeScript: Switch type defs to ESM, convert back to CJS #4537
• 8deceb4 Docs: fix link in changelog (#4541)
• c9f08eb Revert "Docs: Highlight that Windows ARM64 support is experimental" (#4540)
• 3ec892f Prerelease v0.35.1-rc.0
• fbdeac5 CI: Run packaging linter on sub-packages
• 1da92b3 WebAssembly: Ensure wrapper file is published #4538
• 32c029e Add packaging linter to help prevent regression e.g. #4537
• 98dc1df TypeScript: Ensure type definitions are published #4537
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Docker Build Test 🐳

⚠️ 1 critical vulnerabilities found

📋 Build Steps

• TypeScript compilation: ✅
• Application build: ✅
• Docker image build: ✅
• Container smoke test: ✅

🔍 Security Scan Summary

🔴 1 Critical 🟠 1 High 🟡 2 Medium

📋 View full vulnerability report in Actions log

📦 Build Artifacts

The following artifacts are available for download:

• Docker Image: docker-image-pr-178 (7 days retention)
• Application Snapshot: app-snapshot-bfdaf7d613507abc03272d848dfcc48ecc423a4a (7 days retention)

---

📊 View detailed results • 🔒 Security tab • Pushed by @dependabot[bot]

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.