Merge branch 'next' into feat/registry

Author: I-3B

.github/workflows/analyse-nextjs-release.yml

@@ -1,11 +1,11 @@
-name: 'Analyse Next.js release'
-run-name: 'Analyse Next.js ${{ inputs.version }}'
+name: "Analyse Next.js release"
+run-name: "Analyse Next.js ${{ inputs.version }}"
 
 on:
   workflow_dispatch:
     inputs:
       version:
-        description: 'Next.js version to test against'
+        description: "Next.js version to test against"
         required: true
         type: string
 
@@ -31,15 +31,15 @@ jobs:
             console.log(\`Version '\${version}' is valid SemVer\`);
           "
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
       - name: Install dependencies
         run: pnpm install
       - name: Check for changes in app router
-        run: ./next-release-analyser.mjs --version "${{ env.VERSION }}"
+        run: ./next-release-analyser.ts --version "${{ env.VERSION }}"
         working-directory: packages/scripts
         env:
           MAILPACE_API_TOKEN: ${{ secrets.MAILPACE_API_TOKEN }}

.github/workflows/ci-cd.yml

@@ -19,8 +19,8 @@ jobs:
     runs-on: ubuntu-24.04-arm
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -49,8 +49,8 @@ jobs:
     needs: [ci-core]
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -74,8 +74,8 @@ jobs:
     runs-on: ubuntu-24.04-arm
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -94,8 +94,8 @@ jobs:
     needs: [ci-core]
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -161,8 +161,8 @@ jobs:
             react-compiler: true
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -180,7 +180,7 @@ jobs:
           TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
           E2E_NO_CACHE_ON_RERUN: ${{ github.run_attempt }}
       - name: Save Cypress artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
         if: failure()
         with:
           path: packages/e2e/next/cypress/screenshots
@@ -204,8 +204,8 @@ jobs:
         full-page-nav-on-shallow-false: [false, true]
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -219,7 +219,7 @@ jobs:
           E2E_NO_CACHE_ON_RERUN: ${{ github.run_attempt }}
           FULL_PAGE_NAV_ON_SHALLOW_FALSE: ${{ matrix.full-page-nav-on-shallow-false }}
       - name: Save Cypress artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
         if: failure()
         with:
           path: packages/e2e/react/cypress/screenshots
@@ -245,8 +245,8 @@ jobs:
           - "v7"
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -259,7 +259,7 @@ jobs:
           TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
           E2E_NO_CACHE_ON_RERUN: ${{ github.run_attempt }}
       - name: Save Cypress artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
         if: failure()
         with:
           path: packages/e2e/react-router/${{ matrix.react-router-version }}/cypress/screenshots
@@ -279,8 +279,8 @@ jobs:
     needs: [ci-core]
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -293,7 +293,7 @@ jobs:
           TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
           E2E_NO_CACHE_ON_RERUN: ${{ github.run_attempt }}
       - name: Save Cypress artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
         if: failure()
         with:
           path: packages/e2e/remix/cypress/screenshots
@@ -313,8 +313,8 @@ jobs:
     needs: [ci-core]
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -327,7 +327,7 @@ jobs:
           TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
           E2E_NO_CACHE_ON_RERUN: ${{ github.run_attempt }}
       - name: Save Cypress artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
         if: failure()
         with:
           path: packages/e2e/tanstack-router/cypress/screenshots
@@ -369,7 +369,7 @@ jobs:
       contents: write # to be able to publish a GitHub release
       issues: write # to be able to comment on released issues
       pull-requests: write # to be able to comment on released pull requests
-      id-token: write # to enable use of OIDC for NPM provenance
+      id-token: write # to enable use of OIDC for NPM provenance / trusted publishing
     needs:
       - docs
       - lint
@@ -383,25 +383,59 @@ jobs:
     if: ${{ github.ref_name == 'master' || github.ref_name == 'beta' }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
       # Note: we do not use an external Turbo cache for publishing
       # to prevent against possible cache collision attacks.
+      - name: Update npm # Ensure npm 11.5.1 or later is installed for OIDC trusted publishing
+        run: npm install -g npm@latest
       - name: Install dependencies
         run: pnpm install --ignore-scripts --frozen-lockfile --filter nuqs...
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: npm audit signatures
       - name: Build package
         run: pnpm build --filter nuqs
       - name: Semantic Release
         run: ../../node_modules/.bin/semantic-release
         working-directory: packages/nuqs
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-      - name: Invalidate ISR cache for NPM in the docs
-        run: curl -s "https://nuqs.dev/api/isr?tag=npm&token=${{ secrets.ISR_TOKEN }}"
-      - name: Invalidate ISR cache for contributors in the docs
-        if: ${{ github.ref_name == 'next' && github.event_name == 'push' }}
-        run: curl -s "https://nuqs.dev/api/isr?tag=contributors&token=${{ secrets.ISR_TOKEN }}"
+      - name: Read package version
+        id: package-version
+        run: |
+          VERSION=$(jq -r '.version' package.json)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Released version: $VERSION"
+        working-directory: packages/nuqs
+      - name: Invalidate contributors ISR cache in the docs
+        if: ${{ github.event_name == 'push' && github.ref_name == 'master' }}
+        run: |
+          curl -s "https://nuqs.dev/api/isr?tag=contributors&token=${{ secrets.ISR_TOKEN }}"
+      - name: Install dependencies
+        if: ${{ github.event_name == 'push' && steps.package-version.outputs.version != '0.0.0-semantically-released' }}
+        run: pnpm install --ignore-scripts --frozen-lockfile --filter scripts
+      - name: Generate release notes
+        id: release-notes
+        if: ${{ github.event_name == 'push' && steps.package-version.outputs.version != '0.0.0-semantically-released' }}
+        run: |
+          NOTES=$(./release-notes-automation.ts)
+          echo "$NOTES" >> $GITHUB_STEP_SUMMARY
+          {
+            echo 'notes<<EOF'
+            echo "$NOTES"
+            echo 'EOF'
+          } >> $GITHUB_OUTPUT
+        working-directory: packages/scripts
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Update GitHub release notes
+        if: ${{ github.event_name == 'push' && steps.package-version.outputs.version != '0.0.0-semantically-released' }}
+        run: |
+          echo "${{ steps.release-notes.outputs.notes }}" | \
+           gh release edit "v${{ steps.package-version.outputs.version }}" \
+            --notes-file -
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/clear-shipping-next.yml

@@ -0,0 +1,53 @@
+name: Clear "Shipping Next"
+
+on:
+  workflow_dispatch:
+
+env:
+  SHIPPING_NEXT_MILESTONE_ID: 2 # ID for "Shipping Next" milestone
+
+permissions:
+  pull-requests: write
+  issues: write
+
+jobs:
+  clear_shipping_next:
+    name: Clear "Shipping Next" Milestone
+    runs-on: ubuntu-24.04-arm
+
+    steps:
+      - name: Get issues & PRs in "Shipping Next" milestone
+        id: get_issues
+        run: |
+          # Fetch issues with titles
+          response=$(gh api -X GET \
+            repos/${{ github.repository }}/issues \
+            -f milestone=${{ env.SHIPPING_NEXT_MILESTONE_ID }} \
+            -f state=all \
+            -f labels=released)
+
+          # Extract just the numbers for the output
+          issues=$(echo "$response" | jq -r '[.[].number] | join(" ")')
+          echo "issues=$issues" >> $GITHUB_OUTPUT
+
+          # Add step summary with titles
+          if [ -n "$issues" ]; then
+            echo "## Issues & PRs to clear from 'Shipping Next' milestone" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "$response" | jq -r '.[] | "- [#\(.number)](https://github.com/${{ github.repository }}/issues/\(.number)) \(.title)"' >> $GITHUB_STEP_SUMMARY
+          else
+            echo "No issues or PRs found in the 'Shipping Next' milestone with the 'released' label." >> $GITHUB_STEP_SUMMARY
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Clear milestone from issues & PRs
+        if: steps.get_issues.outputs.issues != ''
+        run: |
+          for issue_number in ${{ steps.get_issues.outputs.issues }}; do
+            gh api -X PATCH \
+              repos/${{ github.repository }}/issues/$issue_number \
+              -F milestone=null
+          done
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pkg.pr.new.yml

@@ -18,8 +18,8 @@ jobs:
     runs-on: ubuntu-24.04-arm
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm

.github/workflows/pr-lint.yml

@@ -12,8 +12,8 @@ jobs:
     runs-on: ubuntu-24.04-arm
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm

.github/workflows/test-against-nextjs-release.yml

@@ -36,8 +36,8 @@ jobs:
             console.log(\`Version '\${version}' is valid SemVer\`);
           "
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version-file: .node-version
           cache: pnpm
@@ -54,7 +54,7 @@ jobs:
           TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
           E2E_NO_CACHE_ON_RERUN: ${{ github.run_attempt }}
       - name: Save Cypress artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
         if: failure()
         with:
           path: packages/e2e-next/cypress/screenshots

.node-version

@@ -1 +1 @@
-24.6.0
+24.11.0

CONTRIBUTING.md

@@ -26,6 +26,7 @@ When running `next dev`, this will:
   - http://localhost:3002 - [React SPA](./packages/e2e/react)
   - http://localhost:3003 - [Remix](./packages/e2e/remix)
   - http://localhost:3004 - [TanStack Router](./packages/e2e/tanstack-router)
+  - http://localhost:3005 - [React Router v5](./packages/e2e/react-router/v5)
   - http://localhost:3006 - [React Router v6](./packages/e2e/react-router/v6)
   - http://localhost:3007 - [React Router v7](./packages/e2e/react-router/v7)
 - Start the examples:

package.json

@@ -22,20 +22,17 @@
     "lint:sherif": "sherif"
   },
   "devDependencies": {
-    "@commitlint/config-conventional": "^19.8.1",
-    "commitlint": "^19.8.1",
+    "@commitlint/config-conventional": "^20.0.0",
+    "commitlint": "^20.1.0",
     "husky": "^9.1.7",
     "prettier": "3.6.2",
     "publint": "^0.3.12",
-    "semantic-release": "^24.2.7",
+    "semantic-release": "^25.0.1",
     "sherif": "^1.6.1",
     "turbo": "^2.5.6",
     "typescript": "^5.9.2"
   },
-  "packageManager": "[email protected]",
-  "resolutions": {
-    "@semantic-release/github": "^11.0.5"
-  },
+  "packageManager": "[email protected]",
   "prettier": {
     "arrowParens": "avoid",
     "semi": false,

packages/docs/.gitignore

@@ -30,4 +30,5 @@ next-env.d.ts
 .sentryclirc
 
 # shadcn registry output
+registry.json
 public/r