Commit Graph

552 Commits

Author SHA1 Message Date
dependabot[bot] 388efc6c62 build(deps): bump softprops/action-gh-release
Bumps the patch-deps-updates group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `softprops/action-gh-release` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/718ea10b132b3b2eba29c1007bb80653f286566b...3d0d9888cb7fd7b750713d6e236d1fcb99157228)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-deps-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-15 03:59:13 +00:00
langsmith-fleet[bot] a8c190cfd5 ci: cover example Dockerfile with Dependabot (#681)
## Summary

- Add Dependabot Docker coverage for the maintained async subagent
server example Dockerfile.
- Leave npm coverage unchanged because the root pnpm workspace entry
already covers workspace package manifests through the root lockfile.
- Do not add release/N-1 `target-branch` entries; that policy applies
only to `langchainplus` and `langgraph-api`.

## Test Plan

- [x] Compared dependency roots on `main` against
`.github/dependabot.yml` coverage.
- [x] Parsed `.github/dependabot.yml` with Ruby YAML.
- [x] Ran `git diff --check`.

Co-authored-by: Langster <john@langchain.dev>
2026-07-14 20:58:17 -07:00
John Kennedy 64c91addfe chore: apply Socket optimized package overrides (#682)
## Summary
- apply Socket Optimize curated `@socketregistry` pnpm overrides
- retain existing vulnerability-pinning overrides
- update the pnpm lockfile with the optimized dependency graph

## Validation
- `socket optimize .` completed and added 10 overrides
- `git diff --check` passed
- `CI=true sfw pnpm install --frozen-lockfile` confirmed the lockfile
was current, then could not complete because the existing
`vercel-labs/node-vfs-polyfill` GitHub tarball failed local certificate
validation (`UNABLE_TO_GET_ISSUER_CERT_LOCALLY`)
- `pnpm format:check` could not run afterward because the incomplete
reinstall left `oxfmt` unavailable
- `npm audit --package-lock-only --omit=dev` is not applicable: this
pnpm repo has no npm `package-lock.json`
2026-07-14 20:54:09 -07:00
Hunter Lovell cc26c41df2 fix(deepagents): merge custom middleware by name (#672)
## Summary

Adds middleware override behavior to replace default middleware by
`.name` instead of always being appended.

## Changes

- Add name-keyed middleware merging so custom middleware replaces
matching default middleware in-place and appends novel middleware after
the core stack.
- Apply default-slot middleware overrides consistently when constructing
main-agent and subagent middleware stacks, while preventing parent-only
middleware from propagating unless it matches a subagent default slot.
- Move harness tool exclusion into a private `_ToolExclusionMiddleware`
helper so excluded tools are stripped after tool-injecting middleware
has run.
- Add coverage for main-agent replacement, subagent/default override
propagation, parent-only middleware isolation, profile exclusions,
tool-exclusion ordering, and merge precedence.
2026-07-14 19:08:52 -07:00
Hunter Lovell f09bc61d7a feat(deepagents): implement delete across backends (#680)
## Summary

Implements the optional backend `delete` protocol across the built-in
backend implementations now that the delete protocol surface is
available. This keeps delete behavior backend-local and does not expose
a new filesystem tool to agents.

## Changes

### deepagents

- Implements `delete(filePath)` for filesystem, store, composite,
context hub, and sandbox backends.
- Uses backend-specific safety semantics: filesystem deletion goes
through existing path resolution and only unlinks files, store deletion
treats paths as exact keys, context hub deletion commits null entries,
and sandbox deletion uses shell-quoted `rm -f`.
- Adds tests covering successful deletion, missing paths, directory
rejection where applicable, composite route path restoration, store
wildcard literal behavior, and context hub cache updates/failure
handling.

### @langchain/node-vfs

- Implements `delete(filePath)` for the VFS backend.
- Adds tests for file deletion, missing paths, directory rejection, and
preserving non-target files.
2026-07-14 17:31:16 -07:00
Hunter Lovell 6ae9d1eab9 feat(deepagents): add filesystem tool allowlist (#671)
## Summary

Adds a `tools` allowlist option to `createFilesystemMiddleware` so
callers can restrict which built-in filesystem tools are exposed to the
model. The middleware now builds the filesystem system prompt from the
tools that are actually visible on the request, avoiding instructions
for tools that were filtered by the allowlist or backend capability
checks.

## Changes

- Adds a public `FsToolName` type and `tools` option to
`FilesystemMiddlewareOptions`.
- Filters filesystem middleware tools at construction time when an
explicit allowlist is provided, while preserving existing `execute`
backend capability filtering.
- Requires `read_file` in explicit allowlists because it is needed for
filesystem workflows and large-result recovery.
- Generates the filesystem tool prompt dynamically from visible
filesystem tools, and only appends execute-specific instructions when
`execute` is actually available.
- Adds unit and integration coverage for allowlist behavior, prompt
filtering, unsupported `execute`, and user-provided non-filesystem
tools.
2026-07-14 13:42:55 -07:00
Hunter Lovell eb18c70d8d feat(deepagents): add delete protocol support (#673)
## Summary

Adds protocol-level delete support for deepagents backends.

## Changes

### deepagents

- Adds `DeleteResult` to the backend protocol exports.
- Adds optional `delete(filePath)` support to v1 and v2 backend
protocols.
- Preserves optional delete implementations when adapting backends to
the v2 protocol.
- Implements `StateBackend.delete()` for zero-argument StateBackend
instances by sending `{ [filePath]: null }` through `__pregel_send`.
- Adds a changeset for the new backend protocol capability.
2026-07-14 10:20:08 -07:00
John Kennedy 4894f65f1e fix(deps): resolve open Dependabot alerts (#677)
## Summary
- Update pnpm overrides for axios, protobufjs, @opentelemetry/core, and
js-yaml to their minimum safe versions.
- Regenerate the lockfile to remove the vulnerable transitive
resolutions.
- Resolves the 32 Dependabot alerts currently open on the default branch
(18 high, 14 moderate).

## Validation
- `pnpm test`
2026-07-14 01:11:44 -07:00
Hunter Lovell 4643148e8b feat(deepagents): add structured system prompt configuration (#669)
## Summary

Ports the system prompt configuration in langchain-ai/deepagents#4437
2026-07-13 16:24:56 -07:00
github-actions[bot] 4507acd92e chore: version packages (#670)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## deepagents-acp@0.1.18

### Patch Changes

- Updated dependencies
[[`7c8a770`](https://github.com/langchain-ai/deepagentsjs/commit/7c8a770fac90fd50dfe08af67a0ce073a33e4ef7)]:
  - deepagents@1.10.8
## deepagents@1.10.8

### Patch Changes

- [#668](https://github.com/langchain-ai/deepagentsjs/pull/668)
[`7c8a770`](https://github.com/langchain-ai/deepagentsjs/commit/7c8a770fac90fd50dfe08af67a0ce073a33e4ef7)
Thanks [@colifran](https://github.com/colifran)! - fix(deepagents):
fast-glob follows directory symlink cycles leading to ELOOP crashes
## @deepagents/evals@0.0.17

### Patch Changes

- Updated dependencies
[[`7c8a770`](https://github.com/langchain-ai/deepagentsjs/commit/7c8a770fac90fd50dfe08af67a0ce073a33e4ef7)]:
  - deepagents@1.10.8

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
deepagents-acp@0.1.18 deepagents@1.10.8
2026-07-13 12:50:19 -07:00
Colin Francis 7c8a770fac fix(deepagents): fast-glob follows directory symlink cycles leading to ELOOP crashes (#668)
### Summary

`fast-glob` follows symbolic links by default so the `glob`/`grep` tools
in `FilesystemBackend` and `LocalShellBackend` walked directory symlink
cycles recursively causing `ELOOP` crashes. and aborted the run over a
target repo.

This PR fixes by adding`followSymbolicLinks: false` to all four
`fast-glob` calls. Bonus: this keeps traversal inside the search root.

### Tests
Unit tests in `filesystem.test.ts` and `local-shell.test.ts` verifying
that a `sub/sub -> .` cycle now traverses cleanly without traversing
symlinks.

This is an upstream fix for:
https://github.com/langchain-ai/openwiki/issues/72
2026-07-13 12:41:34 -07:00
langsmith-fleet[bot] 2d1b39bd29 fix: Deno sandbox file path shell injection (#664)
## Summary

Fixes the Deno sandbox file-operation shell injection findings from
Corridor category 2:

- `67480dc4-15f8-48fc-925d-4b0e144832c1` — `DenoSandbox.uploadFiles()`
interpolated `parentDir` into `mkdir -p "${parentDir}"` through
`/bin/bash -c`
- `7d707e16-90a6-4231-974f-d2831971687b` — `DenoSandbox.downloadFiles()`
interpolated `path` into `cat "${path}"` through `/bin/bash -c`

## Changes

- Replace shell-interpreted `mkdir -p` with direct argv execution:
`/bin/mkdir`, `args: ["-p", parentDir]`
- Replace shell-interpreted `cat` with direct argv execution:
`/bin/cat`, `args: [path]`
- Add regression tests covering paths containing `$()` to ensure
file-operation paths are passed as literal argv values and not routed
through `/bin/bash`

## Security notes

This removes command substitution / shell metacharacter interpretation
from Deno `uploadFiles()` and `downloadFiles()` paths. It does not
attempt to solve broader path containment findings in the filesystem
category; those should remain a separate hardening patch.

## Test plan

- `git diff --check` 
- Verified the vulnerable Deno patterns are removed from
`libs/providers/deno/src` 
- `pnpm --dir /tmp/deepagentsjs --filter "@langchain/deno" test:unit` ⚠️
could not run locally because this sandbox has no `node_modules`;
dependency install was blocked by Socket Firewall failing to fetch its
GitHub release binary with HTTP 502. The repo also requires Node >=22.13
for the pinned pnpm, so I used a temporary Node 22.13.1 binary for the
attempted test run.

CI should run the full Deno provider unit tests.

Co-authored-by: Langster <john@langchain.dev>
2026-07-09 04:07:26 +00:00
corridor-security[bot] 1b8528ba92 fix: Permission gate (requestToolPermission) is defined but never called — all tool executions bypass permission checks (#663)
## Summary
This PR was generated by [Corridor](https://corridor.dev) to fix:

- Permission gate (requestToolPermission) is defined but never called —
all tool executions bypass permission checks

## Changes
To close the missing authorization gap (CWE-862), the fix wires a call
to requestToolPermission() into the tool execution path inside
handleAIMessage(), awaiting a user decision before moving from the
in_progress state. Depending on the decision, the tool call is rejected
(marked failed, updated to the client, removed from active calls, and
the prompt/stream aborted), cancelled (similar cleanup and abort), or
allowed to proceed as before; the existing allow_always/reject_always
caching is preserved via the session’s permissionDecisions. The change
is narrowly scoped to the for loop in handleAIMessage() and does not
alter interfaces, semantics, or other code paths.

---
Generated by Corridor

Co-authored-by: corridor-security[bot] <203152403+corridor-security[bot]@users.noreply.github.com>
2026-07-09 03:07:21 +00:00
github-actions[bot] 3eab2cad6f chore: version packages (#660)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## deepagents-acp@0.1.17

### Patch Changes

- Updated dependencies
[[`8efde93`](https://github.com/langchain-ai/deepagentsjs/commit/8efde93792dfc324e70b441eacbb810532f347c4)]:
  - deepagents@1.10.7
## deepagents@1.10.7

### Patch Changes

- [#659](https://github.com/langchain-ai/deepagentsjs/pull/659)
[`8efde93`](https://github.com/langchain-ai/deepagentsjs/commit/8efde93792dfc324e70b441eacbb810532f347c4)
Thanks [@Kowshik4593](https://github.com/Kowshik4593)! - Fix: Normalize
`path` to `file_path` in filesystem tools (`read_file`, `write_file`,
and `edit_file`) and align the prompt documentation examples to prevent
validation schema failures on weaker/custom models.
## @deepagents/evals@0.0.16

### Patch Changes

- Updated dependencies
[[`8efde93`](https://github.com/langchain-ai/deepagentsjs/commit/8efde93792dfc324e70b441eacbb810532f347c4)]:
  - deepagents@1.10.7

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Colin Francis <colin.francis@langchain.dev>
deepagents-acp@0.1.17 deepagents@1.10.7
2026-07-08 14:04:15 -07:00
Kowshik Padala 8efde93792 feat(deepagents): implement filesystem state management middleware with atomic update support and testing (#659)
## Problem
Addresses #658.

When using weaker or custom LLMs (e.g., smaller open-source models) in
`deepagents` and consumers like `openwiki`, the agent immediately
crashes with a schema validation error on the first filesystem tool
call:


This occurs because:
1. `ls` defines its directory argument as `path`, but `read_file`,
`write_file`, and `edit_file` expect `file_path`. Models often default
to `path` across all filesystem tools.
2. The description prompt examples in `fs.ts` and `skills.ts` show
`read_file(path, ...)`, instructing models to use the wrong parameter
name.

## Proposed Changes
This PR solves both prompt inconsistencies and schema validation
failures with a fully backward-compatible input normalization helper:

1. **Prompt Alignment**: Fixed references in `fs.ts` and `skills.ts` to
instruct the model to use `file_path` (aligned with the prompt fixes in
#644).
2. **Schema Input Normalization**: Added a `normalizeFilePathInput`
preprocessor helper to the `read_file`, `write_file`, and `edit_file`
Zod schemas using `z.preprocess`. This dynamically maps the `path` key
to `file_path` if the model still passes `path`.

## Verification & Tests
- Added unit tests in `fs.test.ts` to assert that:
- `path` parameter normalization maps correctly to `file_path` for
`read_file`, `write_file`, and `edit_file`.
  - All instruction examples contain only valid schema fields.
- Verified that `zod-to-json-schema` unwraps the `z.preprocess` layer
perfectly, preserving the original schema descriptions and definitions
sent to the LLM.
- Ran all filesystem tests successfully (`npx vitest run
src/middleware/fs.test.ts` passes).
2026-07-08 13:20:36 -07:00
github-actions[bot] ff8cc5c4b4 chore: version packages (#607)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @langchain/quickjs@0.6.0

### Minor Changes

- [#606](https://github.com/langchain-ai/deepagentsjs/pull/606)
[`3c8f8b2`](https://github.com/langchain-ai/deepagentsjs/commit/3c8f8b2ea6f0204353c63bf49c3fdc6655bf1069)
Thanks [@colifran](https://github.com/colifran)! - chore(quickjs):
disallow task as a configurable ptc tool
## deepagents-acp@0.1.16

### Patch Changes

- Updated dependencies
[[`d7ecab2`](https://github.com/langchain-ai/deepagentsjs/commit/d7ecab2d9f9d41321a043eed6edc3366a1381a67),
[`1a2b2df`](https://github.com/langchain-ai/deepagentsjs/commit/1a2b2df5528f0f61870b054fff8291355f6a2a0b),
[`42f34b6`](https://github.com/langchain-ai/deepagentsjs/commit/42f34b65ededf4a1fbf3cd4bbff486ddfeb320e9),
[`0ae10d7`](https://github.com/langchain-ai/deepagentsjs/commit/0ae10d7e26c84203a5273939c9ad7a9c8c8661c6)]:
  - deepagents@1.10.6
## deepagents@1.10.6

### Patch Changes

- [#608](https://github.com/langchain-ai/deepagentsjs/pull/608)
[`d7ecab2`](https://github.com/langchain-ai/deepagentsjs/commit/d7ecab2d9f9d41321a043eed6edc3366a1381a67)
Thanks [@aolsenjazz](https://github.com/aolsenjazz)! - fix(deepagents):
forward subagent results as text

Fixed a 400 `invalid_request_error` that occurred when a subagent used
an Anthropic server-side tool (web search, web fetch, or code
execution): the subagent's `server_tool_use`/`*_tool_result` blocks were
forwarded to the parent agent as `tool_result` content, which the API
rejects. Subagent results are now passed back to the parent as their
text content (matching the Python implementation), which resolves the
error and also handles a trailing empty `end_turn` message.

- [#656](https://github.com/langchain-ai/deepagentsjs/pull/656)
[`1a2b2df`](https://github.com/langchain-ai/deepagentsjs/commit/1a2b2df5528f0f61870b054fff8291355f6a2a0b)
Thanks [@colifran](https://github.com/colifran)! - fix(deepagents):
default unknown file extensions to text/plain

- [#611](https://github.com/langchain-ai/deepagentsjs/pull/611)
[`42f34b6`](https://github.com/langchain-ai/deepagentsjs/commit/42f34b65ededf4a1fbf3cd4bbff486ddfeb320e9)
Thanks [@aolsenjazz](https://github.com/aolsenjazz)! - feat(deepagents):
add bedrockPromptCachingMiddleware to default stack

Add bedrockPromptCachingMiddleware to default middleware stack. This
automatically opts-in to Bedrock prompt caching for Nova and Anthropic
models

- [#613](https://github.com/langchain-ai/deepagentsjs/pull/613)
[`0ae10d7`](https://github.com/langchain-ai/deepagentsjs/commit/0ae10d7e26c84203a5273939c9ad7a9c8c8661c6)
Thanks [@christian-bromann](https://github.com/christian-bromann)! -
fix(deepagents): declare LangChain runtime packages as peer dependencies

Move `@langchain/core`, `@langchain/langgraph`,
`@langchain/langgraph-sdk`, and
`langchain` from `dependencies` to `peerDependencies`, and also declare
`@langchain/langgraph-checkpoint` as a peer (its
`BaseCheckpointSaver`/`BaseStore`
types are part of the public API), so they resolve to a single shared
instance in
  the consumer's tree. Previously they were bundled as regular
dependencies, which let a consumer end up with two copies of
`@langchain/core`
(e.g. `1.2.0` vs `1.2.1`). Because these packages ship classes with
private/
protected fields, the duplicate copies are treated as nominally distinct
types,
producing errors like passing a `ChatOpenAI` model to `createDeepAgent`
or a
compiled graph to the local protocol helpers. As peers, the app controls
the
version and bumping `@langchain/core` no longer requires a `deepagents`
release.
## @langchain/daytona@0.2.1

### Patch Changes

- [#614](https://github.com/langchain-ai/deepagentsjs/pull/614)
[`5b462f2`](https://github.com/langchain-ai/deepagentsjs/commit/5b462f2ab2400fba52906e8f1485a500ec5b6e17)
Thanks [@christian-bromann](https://github.com/christian-bromann)! -
Replace deprecated `@daytonaio/sdk` dependency with `@daytona/sdk`.
## @langchain/modal@0.1.5

### Patch Changes

- [#657](https://github.com/langchain-ai/deepagentsjs/pull/657)
[`5f93c11`](https://github.com/langchain-ai/deepagentsjs/commit/5f93c114759399002a3981a93e3df13981514b1d)
Thanks [@colifran](https://github.com/colifran)! - fix(modal): modal low
level file handle api `sandbox.open` has been removed
## @deepagents/evals@0.0.15

### Patch Changes

- Updated dependencies
[[`d7ecab2`](https://github.com/langchain-ai/deepagentsjs/commit/d7ecab2d9f9d41321a043eed6edc3366a1381a67),
[`1a2b2df`](https://github.com/langchain-ai/deepagentsjs/commit/1a2b2df5528f0f61870b054fff8291355f6a2a0b),
[`42f34b6`](https://github.com/langchain-ai/deepagentsjs/commit/42f34b65ededf4a1fbf3cd4bbff486ddfeb320e9),
[`0ae10d7`](https://github.com/langchain-ai/deepagentsjs/commit/0ae10d7e26c84203a5273939c9ad7a9c8c8661c6)]:
  - deepagents@1.10.6

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Colin Francis <colin.francis@langchain.dev>
@langchain/daytona@0.2.1 @langchain/modal@0.1.5 @langchain/quickjs@0.6.0 deepagents-acp@0.1.16 deepagents@1.10.6
2026-07-08 09:16:25 -07:00
Colin Francis 1a2b2df552 fix(deepagents): default unknown file extensions to text/plain (#656)
### Summary

`read_file` couldn't read many common text files and with Anthropic it
crashes the whole run. `getMimeType()` mapped any unrecognized extension
to `application/octet-stream`, which `isTextMimeType()` treats as
binary, so the file got base64-encoded into a document block.

This defaults unknown extensions to `text/plain` instead. Known binaries
(images, audio, video, PDF/PPT) stay explicitly mapped, so image and PDF
handling is unchanged. Files like `.properties`, `.scss`, `.tf`,
`.lock`, and extension-less files like `Dockerfile` now read as text.

  ### Tests
  
Flipped the unknown-extension unit test to expect `text/plain`.
2026-07-08 09:04:32 -07:00
Colin Francis 5f93c11475 fix(modal): modal sandboxes fail to upload files (#657)
### Summary

Modal v0.8.0 released the following breaking change:
```
Breaking: Removed the deprecated low-level file-handle API: Sandbox.Open / SandboxFile (Go), and sandbox.open / SandboxFile (JS). Use the Sandbox Filesystem API instead: sandbox.Filesystem() (Go) / sandbox.filesystem (JS).
```
Ref:
https://github.com/modal-labs/modal-client/blob/main/CHANGELOG_GO_JS.md

This PR updates our implementation to use the sandbox filesystem api

### Tests

Updated `sandbox.test.ts` mocks to model `sandbox.filesystem`
2026-07-08 08:52:34 -07:00
dependabot[bot] ff7d82a791 build(deps): bump the minor-deps-updates-main group with 8 updates (#640)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps the minor-deps-updates-main group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [globals](https://github.com/sindresorhus/globals) | `17.6.0` |
`17.7.0` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) |
`0.53.0` | `0.57.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) |
`1.70.0` | `1.72.0` |
| [@daytona/sdk](https://github.com/daytona/clients) | `0.184.0` |
`0.192.0` |
| [modal](https://github.com/modal-labs/modal-client) | `0.7.6` |
`0.8.2` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) |
`8.21.0` | `8.22.0` |
|
[lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)
| `1.21.0` | `1.23.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) |
`8.0.16` | `8.1.2` |

Updates `globals` from 17.6.0 to 17.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sindresorhus/globals/releases">globals's
releases</a>.</em></p>
<blockquote>
<h2>v17.7.0</h2>
<ul>
<li>Update globals (2026-06-22) (<a
href="https://redirect.github.com/sindresorhus/globals/issues/345">#345</a>)
33b75f9</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/globals/compare/v17.6.0...v17.7.0">https://github.com/sindresorhus/globals/compare/v17.6.0...v17.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sindresorhus/globals/commit/a19670cc86c1218e915657c55ea02ba3e7623834"><code>a19670c</code></a>
17.7.0</li>
<li><a
href="https://github.com/sindresorhus/globals/commit/9611620bad0ea45531ae0261b986ce694374e42c"><code>9611620</code></a>
Update actions (<a
href="https://redirect.github.com/sindresorhus/globals/issues/346">#346</a>)</li>
<li><a
href="https://github.com/sindresorhus/globals/commit/33b75f9ddeb6f9ddd81251b043667eb8104a8d15"><code>33b75f9</code></a>
Update globals (2026-06-22) (<a
href="https://redirect.github.com/sindresorhus/globals/issues/345">#345</a>)</li>
<li><a
href="https://github.com/sindresorhus/globals/commit/887dd529bde24486b7f9e31d1b2c515df2b7cf5c"><code>887dd52</code></a>
Fix build script (<a
href="https://redirect.github.com/sindresorhus/globals/issues/344">#344</a>)</li>
<li>See full diff in <a
href="https://github.com/sindresorhus/globals/compare/v17.6.0...v17.7.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `oxfmt` from 0.53.0 to 0.57.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oxc-project/oxc/commit/5306f24d9e82ae36ad9c3c964f33075bc589c799"><code>5306f24</code></a>
release(apps): oxlint v1.72.0 &amp;&amp; oxfmt v0.57.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23935">#23935</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/c4be770f24adc4026efa96fb82182f743c55e423"><code>c4be770</code></a>
release(apps): oxlint v1.71.0 &amp;&amp; oxfmt v0.56.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23707">#23707</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/aa79b5be9915068f60bc361febf2e7496b92fc24"><code>aa79b5b</code></a>
release(apps): oxlint v1.70.0 &amp;&amp; oxfmt v0.55.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23442">#23442</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/9a2788b3ae60c033a969fbba63733748f8c6130a"><code>9a2788b</code></a>
feat(linter/unicorn): implement <code>prefer-export-from</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22935">#22935</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/44ae845fe19d3700128e50e7e61d98c7a85f3f47"><code>44ae845</code></a>
release(apps): oxlint v1.69.0 &amp;&amp; oxfmt v0.54.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23116">#23116</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/dadafe3e0874b2b75775d265b24d19d7f446e2bf"><code>dadafe3</code></a>
docs(oxlint, oxfmt): mention migrate skills in npm READMEs (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22965">#22965</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/f88961ae2968ae2a12035111d07c72797812d2fd"><code>f88961a</code></a>
docs(oxfmt): annotate each config option with supported languages (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22953">#22953</a>)</li>
<li>See full diff in <a
href="https://github.com/oxc-project/oxc/commits/oxfmt_v0.57.0/npm/oxfmt">compare
view</a></li>
</ul>
</details>
<br />

Updates `oxlint` from 1.70.0 to 1.72.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oxc-project/oxc/releases">oxlint's
releases</a>.</em></p>
<blockquote>
<h2>oxlint v1.27.0 &amp;&amp; oxfmt v0.12.0</h2>
<h1>Oxlint v1.27.0</h1>
<h3>🚀 Features</h3>
<ul>
<li>222a8f0 linter/plugins: Implement
<code>SourceCode#isSpaceBetween</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15498">#15498</a>)
(overlookmotel)</li>
<li>2f9735d linter/plugins: Implement
<code>context.languageOptions</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15486">#15486</a>)
(overlookmotel)</li>
<li>bc731ff linter/plugins: Stub out all <code>Context</code> APIs (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15479">#15479</a>)
(overlookmotel)</li>
<li>5822cb4 linter/plugins: Add <code>extend</code> method to
<code>FILE_CONTEXT</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15477">#15477</a>)
(overlookmotel)</li>
<li>7b1e6f3 apps: Add pure rust binaries and release to github (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15469">#15469</a>)
(Boshen)</li>
<li>2a89b43 linter: Introduce debug assertions after fixes to assert
validity (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15389">#15389</a>)
(camc314)</li>
<li>ad3c45a editor: Add <code>oxc.path.node</code> option (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15040">#15040</a>)
(Sysix)</li>
</ul>
<h3>🐛 Bug Fixes</h3>
<ul>
<li>6f3cd77 linter/no-var: Incorrect warning for blocks (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15504">#15504</a>)
(Hamir Mahal)</li>
<li>6957fb9 linter/plugins: Do not allow access to
<code>Context#id</code> in <code>createOnce</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15489">#15489</a>)
(overlookmotel)</li>
<li>7409630 linter/plugins: Allow access to <code>cwd</code> in
<code>createOnce</code> in ESLint interop mode (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15488">#15488</a>)
(overlookmotel)</li>
<li>732205e parser: Reject <code>using</code> / <code>await using</code>
in a switch <code>case</code> / <code>default</code> clause (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15225">#15225</a>)
(sapphi-red)</li>
<li>a17ca32 linter/plugins: Replace <code>Context</code> class (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15448">#15448</a>)
(overlookmotel)</li>
<li>ecf2f7b language_server: Fail gracefully when tsgolint executable
not found (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15436">#15436</a>)
(camc314)</li>
<li>3c8d3a7 lang-server: Improve logging in failure case for tsgolint
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15299">#15299</a>)
(camc314)</li>
<li>ef71410 linter: Use jsx if source type is JS in fix debug assertion
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15434">#15434</a>)
(camc314)</li>
<li>e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15426">#15426</a>)
(camc314)</li>
<li>6565dbe linter/switch-case-braces: Skip comments when searching for
<code>:</code> token (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15425">#15425</a>)
(camc314)</li>
<li>85bd19a linter/prefer-class-fields: Insert value after type
annotation in fixer (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15423">#15423</a>)
(camc314)</li>
<li>fde753e linter/plugins: Block access to
<code>context.settings</code> in <code>createOnce</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15394">#15394</a>)
(overlookmotel)</li>
<li>ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper
in invalid positions (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15388">#15388</a>)
(camc314)</li>
<li>dac2a9c linter/no-template-curly-in-string: Remove fixer (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15387">#15387</a>)
(camc314)</li>
<li>989b8e3 linter/no-var: Only fix to <code>const</code> if the var has
an initializer (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15385">#15385</a>)
(camc314)</li>
<li>cc403f5 linter/plugins: Return empty object for unimplemented
parserServices (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15364">#15364</a>)
(magic-akari)</li>
</ul>
<h3> Performance</h3>
<ul>
<li>25d577e language_server: Start tools in parallel (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15500">#15500</a>)
(Sysix)</li>
<li>3c57291 linter/plugins: Optimize loops (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15449">#15449</a>)
(overlookmotel)</li>
<li>3166233 linter/plugins: Remove <code>Arc</code>s (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15431">#15431</a>)
(overlookmotel)</li>
<li>9de1322 linter/plugins: Lazily deserialize settings JSON (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15395">#15395</a>)
(overlookmotel)</li>
<li>3049ec2 linter/plugins: Optimize <code>deepFreezeSettings</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15392">#15392</a>)
(overlookmotel)</li>
<li>444ebfd linter/plugins: Use single object for
<code>parserServices</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15378">#15378</a>)
(overlookmotel)</li>
</ul>
<h3>📚 Documentation</h3>
<ul>
<li>97d2104 linter: Update comment in lint.rs about default value for
tsconfig path (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15530">#15530</a>)
(Connor Shea)</li>
<li>2c6bd9e linter: Always refer as &quot;ES2015&quot; instead of
&quot;ES6&quot; (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15411">#15411</a>)
(sapphi-red)</li>
<li>a0c5203 linter/import/named: Update &quot;ES7&quot; comment in
examples (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15410">#15410</a>)
(sapphi-red)</li>
<li>3dc24b5 linter,minifier: Always refer as &quot;ES Modules&quot;
instead of &quot;ES6 Modules&quot; (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15409">#15409</a>)
(sapphi-red)</li>
<li>2ad77fb linter/no-this-before-super: Correct &quot;Why is this
bad?&quot; section (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15408">#15408</a>)
(sapphi-red)</li>
<li>57f0ce1 linter: Add backquotes where appropriate (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15407">#15407</a>)
(sapphi-red)</li>
</ul>
<h1>Oxfmt v0.12.0</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md">oxlint's
changelog</a>.</em></p>
<blockquote>
<h2>[1.72.0] - 2026-06-29</h2>
<h3>🚀 Features</h3>
<ul>
<li>1c8f50c linter: Add schema for
<code>eslint/no-restricted-import</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23642">#23642</a>)
(Sysix)</li>
</ul>
<h3>🐛 Bug Fixes</h3>
<ul>
<li>742be36 refactor/node/handle-callback-err: Reject invalid regex
config (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23740">#23740</a>)
(camc314)</li>
</ul>
<h2>[1.71.0] - 2026-06-22</h2>
<h3>🚀 Features</h3>
<ul>
<li>0dc2405 linter: Add schema for
<code>eslint/no-restricted-properties</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23619">#23619</a>)
(Sysix)</li>
<li>b638d0e linter: Add schema for <code>node/callback-return</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23615">#23615</a>)
(Sysix)</li>
<li>eb8bedc linter: Add schema for <code>import/extensions</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23557">#23557</a>)
(WaterWhisperer)</li>
<li>46f3625 linter: Implement node/no-sync rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23589">#23589</a>)
(fujitani sora)</li>
<li>b01739a linter: Add schema for
<code>unicorn/numeric-separators-style</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23554">#23554</a>)
(Mikhail Baev)</li>
<li>68afd2a linter/node: Implement <code>no-mixed-requires</code> rule
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23539">#23539</a>)
(fujitani sora)</li>
<li>a421215 linter: Add schema for
<code>eslint/prefer-destructuring</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23410">#23410</a>)
(WaterWhisperer)</li>
<li>84438be linter/jsdoc: Added missing options to
<code>require-param-description</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23416">#23416</a>)
(kapobajza)</li>
<li>51910df linter/jsdoc: Add missing options to
<code>require-param-type</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23418">#23418</a>)
(kapobajza)</li>
<li>e90925f linter/unicorn: Implement prefer-number-coercion rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23497">#23497</a>)
(Shekhu☺️)</li>
<li>dd1c866 linter/vue: Implement no-async-in-computed-properties rule
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23493">#23493</a>)
(bab)</li>
<li>b02444e linter: Add schema for <code>react/jsx-no-script-url</code>
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23475">#23475</a>)
(WaterWhisperer)</li>
<li>a8dce46 linter/unicorn: Implement <code>max-nested-calls</code> rule
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23461">#23461</a>)
(arieleli01212)</li>
</ul>
<h3>🐛 Bug Fixes</h3>
<ul>
<li>a303c23 linter/jsx-a11y: Align <code>anchor-is-valid</code> config
with upstream (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23446">#23446</a>)
(camc314)</li>
</ul>
<h3>📚 Documentation</h3>
<ul>
<li>b50bf4d linter: Remove manually written options doc for
<code>eslint/arrow-body-style</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23490">#23490</a>)
(Mikhail Baev)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oxc-project/oxc/commit/5306f24d9e82ae36ad9c3c964f33075bc589c799"><code>5306f24</code></a>
release(apps): oxlint v1.72.0 &amp;&amp; oxfmt v0.57.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23935">#23935</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/742be3616fc8df27053b09bdf9ff166e16761838"><code>742be36</code></a>
fix(refactor/node/handle-callback-err): reject invalid regex config (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23740">#23740</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/1c8f50c67ff636b9d8193d3d7be1511a7960f25d"><code>1c8f50c</code></a>
feat(linter): add schema for <code>eslint/no-restricted-import</code>
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23642">#23642</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/c4be770f24adc4026efa96fb82182f743c55e423"><code>c4be770</code></a>
release(apps): oxlint v1.71.0 &amp;&amp; oxfmt v0.56.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23707">#23707</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/0dc24054119b22247c6a7b9bdb20cc6e589f267a"><code>0dc2405</code></a>
feat(linter): add schema for
<code>eslint/no-restricted-properties</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23619">#23619</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/b638d0ee1df63487e7c04e031b4b71ab10d592ce"><code>b638d0e</code></a>
feat(linter): add schema for <code>node/callback-return</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23615">#23615</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/6d355ab8b3644505c4491da5fc4ec88695de50f7"><code>6d355ab</code></a>
refactor(linter): remove <code>number_as_object_schema</code> helper (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23614">#23614</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/eb8bedc2fba9cead8632a75bb7936205fae7dcf0"><code>eb8bedc</code></a>
feat(linter): add schema for <code>import/extensions</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23557">#23557</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/46f362530da1c2c5e868613e339999314b9f3a72"><code>46f3625</code></a>
feat(linter): implement node/no-sync rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23589">#23589</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/953c7b3f1c9e2c80ee1b782f1540d277cc22ed99"><code>953c7b3</code></a>
refactor(linter): make <code>unicorn/numeric-separators-style</code>
options <code>u32</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23558">#23558</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/oxc-project/oxc/commits/oxlint_v1.72.0/npm/oxlint">compare
view</a></li>
</ul>
</details>
<br />

Updates `@daytona/sdk` from 0.184.0 to 0.192.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/daytona/clients/releases">@​daytona/sdk's
releases</a>.</em></p>
<blockquote>
<h2>v0.192.0</h2>
<h2>0.192.0 (2026-06-26)</h2>
<h3>🚀 Features</h3>
<ul>
<li>secrets (<a
href="https://redirect.github.com/daytona/clients/pull/10">#10</a>)</li>
</ul>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>release:</strong> scope nx release to packages with
package.json (<a
href="https://github.com/daytona/clients/commit/8571c8693">8571c8693</a>)</li>
</ul>
<h3>Refactor</h3>
<ul>
<li>flatten repo structure, relicense to Apache-2.0, prep Go SDK release
pipeline (<a
href="https://redirect.github.com/daytona/clients/pull/6">#6</a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li>align replace directives with sdk-go v0.191.0 requires (<a
href="https://redirect.github.com/daytona/clients/pull/11">#11</a>)</li>
<li>fix release action (CLI build secrets, nx manifest, sync_gosum PR)
(<a
href="https://redirect.github.com/daytona/clients/pull/12">#12</a>)</li>
<li>clarify Apache-2.0/AGPL-3.0 split and add REUSE LICENSES/ (<a
href="https://github.com/daytona/clients/commit/7273f5be4">7273f5be4</a>)</li>
<li>fall back to disk version for release + make Go tagging idempotent
(<a
href="https://redirect.github.com/daytona/clients/pull/16">#16</a>)</li>
<li>changelog automaticFromRef for releases without a reachable base tag
(<a
href="https://redirect.github.com/daytona/clients/pull/17">#17</a>)</li>
<li><strong>cli:</strong> restore CLI AGPL-3.0 headers, LICENSE, and
checker (<a
href="https://redirect.github.com/daytona/clients/pull/14">#14</a>)</li>
<li><strong>sdk-go:</strong> bump to v0.191.0 (<a
href="https://redirect.github.com/daytona/clients/pull/9">#9</a>)</li>
<li><strong>sdk-go:</strong> bump to v0.192.0 (<a
href="https://redirect.github.com/daytona/clients/pull/15">#15</a>)</li>
<li><strong>sdk-go:</strong> migrate module paths from go.daytona.io to
github.com/daytona/clients (<a
href="https://redirect.github.com/daytona/clients/pull/18">#18</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>MDzaja <a
href="https://github.com/MDzaja"><code>@​MDzaja</code></a></li>
<li>Mirko Džaja <a
href="https://github.com/MDzaja"><code>@​MDzaja</code></a></li>
<li>Toma Puljak <a
href="https://github.com/Tpuljak"><code>@​Tpuljak</code></a></li>
</ul>
<h2>v0.191.0</h2>
<h2>0.191.0 (2026-06-25)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>release:</strong> scope nx release to packages with
package.json (<a
href="https://github.com/daytona/clients/commit/8571c8693">8571c8693</a>)</li>
</ul>
<h3>Refactor</h3>
<ul>
<li>flatten repo structure, relicense to Apache-2.0, prep Go SDK release
pipeline (<a
href="https://redirect.github.com/daytona/clients/pull/6">#6</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>MDzaja <a
href="https://github.com/MDzaja"><code>@​MDzaja</code></a></li>
<li>Mirko Džaja <a
href="https://github.com/MDzaja"><code>@​MDzaja</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/daytona/clients/commits/v0.192.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `modal` from 0.7.6 to 0.8.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/modal-labs/modal-client/blob/main/CHANGELOG_GO_JS.md">modal's
changelog</a>.</em></p>
<blockquote>
<h2>js/v0.8.2, go/v0.8.2</h2>
<ul>
<li>Added <code>Sandbox.updateNetworkPolicy</code> (JS) and
<code>Sandbox.UpdateNetworkPolicy</code> (Go) to update the outbound
network policy of a running Sandbox. Both
<code>outboundCidrAllowlist</code> and
<code>outboundDomainAllowlist</code> must be provided.</li>
</ul>
<h2>js/v0.8.1, go/v0.8.1</h2>
<ul>
<li>(Go, JS) <code>Sandbox.CreateConnectToken</code> (Go) /
<code>Sandbox.createConnectToken</code> (JS) now accept an optional
<code>Port</code> / <code>port</code> parameter on their params struct,
controlling which container port requests are routed to when using the
token. Defaults to 8080.</li>
<li>(Go) Fixed a bug in <code>Function.Spawn</code> such that results
are now accessible via <code>FunctionCall.Get</code> for up to 7 days
after completion.</li>
</ul>
<h2>js/v0.8.0, go/v0.8.0</h2>
<p>This release primarily contains a number of breaking changes as we
continue working towards 1.0 in the JS and Go SDKs.</p>
<ul>
<li>Added support for named Images, akin to a Modal-native Image
registry, decoupling Image builds from App deployment or Sandbox
creation:
<ul>
<li>(Go) <code>Image.Publish</code> and <code>Image.FromName</code></li>
<li>(JS) <code>Image.publish</code> and <code>Image.fromName</code></li>
</ul>
</li>
<li>Added support for restricting the <em>domains</em> that processes
inside of a Sandbox can connect to:
<ul>
<li>(Go) <code>OutboundDomainAllowlist</code> in
<code>SandboxCreateParams</code></li>
<li>(JS) <code>outboundDomainAllowlist</code> in
<code>Sandbox.create</code></li>
</ul>
</li>
<li>Added support for dynamic configuration of Functions:
<ul>
<li>(Go) <code>Function.WithOptions</code>,
<code>Function.WithConcurrency</code>,
<code>Function.WithBatching</code>, <code>Function.Instance</code></li>
<li>(JS) <code>Function_.withOptions</code>,
<code>Function_.withConcurrency</code>,
<code>Function_.withBatching</code>,
<code>Function_.instance</code></li>
</ul>
</li>
<li>Improved reliability when uploading or downloading large data
payloads for Function calls.</li>
<li>Fixed a bug where adding Dockerfile commands to an Image loaded with
<code>Image.FromID</code> (Go) / <code>Image.fromId</code> (JS) could
fail to use the resolved Image as the base.</li>
<li><code>Sandbox.exec</code> (JS) / <code>Sandbox.Exec</code> (Go) now
reject a relative <code>Workdir</code> client-side with
<code>InvalidError</code>. In JS, an empty-string <code>workdir</code>
is also rejected (pass <code>undefined</code> to use the image
default).</li>
<li>(Go) <code>Sandbox.Create</code> and <code>Sandbox.Exec</code> now
return an <code>InvalidError</code> if any <code>Secrets</code> entry is
nil.</li>
<li><strong>Breaking:</strong> The Go and JS SDKs now read the <a
href="https://modal.com/docs/guide/images#image-builder-updates">Image
Builder Version</a> from your <a
href="https://modal.com/settings/image-config">Modal workspace
settings</a>, like the Python SDK. Previously, the Go and JS SDKs were
hardcoded to use version <code>2024.10</code>. If your workspace
configuration uses a different version, your Images will rebuild once
(then be cached as usual), so beware that the first run after upgrading
may take longer than usual. Note that version <code>2025.06</code> has a
number of improvements that are specifically oriented towards Sandbox
workflows. Accordingly, the fixed
<code>ModalClient.imageBuilderVersion</code> (JS) attribute has been
removed in favor of
<code>ModalClient.getImageBuilderVersion</code>.</li>
<li><strong>Breaking:</strong> <code>Sandbox.SnapshotFilesystem</code>
(Go) / <code>Sandbox.snapshotFilesystem</code> (JS) no longer take a
positional <code>timeout</code> / <code>timeoutMs</code> argument. The
timeout now lives on the params structs as <code>Timeout
time.Duration</code> (Go) / <code>timeoutMs?: number</code> (JS),
bringing the methods to parity with
<code>Sandbox.SnapshotDirectory</code>. Migrate
<code>sb.SnapshotFilesystem(ctx, 30*time.Second, params)</code> to
<code>sb.SnapshotFilesystem(ctx,
&amp;SandboxSnapshotFilesystemParams{Timeout: 30*time.Second,
...})</code>, and <code>sb.snapshotFilesystem(30000, params)</code> to
<code>sb.snapshotFilesystem({ timeoutMs: 30000, ...params
})</code>.</li>
<li><strong>Breaking:</strong> <code>Sandbox.SnapshotFilesystem</code>
(Go) / <code>Sandbox.snapshotFilesystem</code> (JS) and
<code>Sandbox.SnapshotDirectory</code> (Go) /
<code>Sandbox.snapshotDirectory</code> (JS) now accept an explicit
<code>TTL</code> (Go, a <code>time.Duration</code>) / <code>ttlMs</code>
(JS, in milliseconds) field on their params struct, controlling how long
the resulting Image is retained. Both methods default to 30 days. This
is a change of default for <code>snapshotFilesystem</code> which
previously kept Images indefinitely. Pass <code>TTL:
modal.NoExpiryTTL</code> (Go) or <code>ttlMs: null</code> (JS) to opt
out of expiry.</li>
<li><strong>Breaking:</strong> <code>Sandbox.SnapshotDirectory</code>
(Go) / <code>Sandbox.snapshotDirectory</code> (JS) now also have a
<code>Timeout</code> (Go) / <code>timeoutMs</code> (JS) field on their
params structs with a default of 55s, which brings them to parity with
filesystem snapshots. If the snapshot does not return within that
window, a <code>TimeoutError</code> is raised. The timeout can be set
arbitrarily high to preserve the old behavior of not timing out.</li>
<li><strong>Breaking:</strong> (Go) <code>Sandbox.Filesystem</code> is
now a field rather than a method. Migrate
<code>sb.Filesystem().ReadText(...)</code> to
<code>sb.Filesystem.ReadText(...)</code>.</li>
<li><strong>Breaking:</strong> <code>Sandbox.FromID</code> (Go) /
<code>Sandbox.fromId</code> (JS) no longer checks if the sandbox ID
exists. You can run <code>Poll</code> (Go) or <code>poll</code> (JS) to
get the status of your sandbox.</li>
<li><strong>Breaking:</strong> Removed the deprecated low-level
file-handle API: <code>Sandbox.Open</code> / <code>SandboxFile</code>
(Go), and <code>sandbox.open</code> / <code>SandboxFile</code> (JS). Use
the Sandbox Filesystem API instead: <code>sandbox.Filesystem()</code>
(Go) / <code>sandbox.filesystem</code> (JS).</li>
<li><strong>Breaking:</strong> Removed the deprecated
<code>Volume.ReadOnly</code> / <code>Volume.IsReadOnly</code> (Go) and
<code>volume.readOnly</code> / <code>volume.isReadOnly</code> (JS). Use
<code>WithMountOptions(&amp;VolumeMountOptions{ReadOnly: &amp;t})</code>
/ <code>withMountOptions({ readOnly: true })</code> instead.</li>
<li><strong>Breaking:</strong> (JS) Removed the deprecated
<code>cidrAllowlist</code> parameter from <code>sandboxes.create</code>.
Use <code>outboundCidrAllowlist</code> instead.</li>
<li><strong>Breaking:</strong> (JS) Removed the entire deprecated v0.5.0
backwards-compatibility surface: the global
<code>initializeClient()</code> / <code>close()</code> functions and the
<code>ClientOptions</code> type; the deprecated static factories
<code>App.lookup</code>, <code>Function_.lookup</code>,
<code>Cls.lookup</code>, <code>Queue.lookup</code> /
<code>Queue.ephemeral</code> / <code>Queue.delete</code>,
<code>Volume.fromName</code> / <code>Volume.ephemeral</code>,
<code>Secret.fromName</code> / <code>Secret.fromObject</code>,
<code>Sandbox.fromId</code> / <code>Sandbox.fromName</code> /
<code>Sandbox.list</code>, <code>Image.fromId</code> /
<code>Image.fromRegistry</code> / <code>Image.fromAwsEcr</code> /
<code>Image.fromGcpArtifactRegistry</code> / <code>Image.delete</code>,
<code>Proxy.fromName</code>, and <code>FunctionCall.fromId</code>. the
instance shims <code>app.createSandbox</code>,
<code>app.imageFromRegistry</code> / <code>imageFromAwsEcr</code> /
<code>imageFromGcpArtifactRegistry</code>, the public
<code>CloudBucketMount</code> constructor, and the deprecated
<code>LookupOptions</code> / <code>DeleteOptions</code> /
<code>EphemeralOptions</code> type aliases. See <a
href="https://github.com/modal-labs/modal-client/blob/main/MIGRATION-GUIDE.md"><code>MIGRATION-GUIDE.md</code></a>.</li>
<li><strong>Breaking:</strong> (Go) All public methods now end with a
<code>*XxxParams</code> pointer argument, enabling forward-compatibility
for future options without additional signature churn. Pass
<code>nil</code> to accept
defaults. Affected methods:
<ul>
<li><code>FunctionCall.FromID</code> → <code>FromID(ctx, id,
*FunctionCallFromIDParams)</code></li>
<li><code>Image.FromID</code> → <code>FromID(ctx, id,
*ImageFromIDParams)</code></li>
<li><code>Image.FromRegistry</code> → <code>FromRegistry(tag,
*ImageFromRegistryParams)</code>, the <code>*Secret</code> field remains
inside <code>ImageFromRegistryParams</code> (signature unchanged)</li>
<li><code>Image.FromAwsEcr</code> → <code>FromAwsEcr(tag, secret,
*ImageFromAwsEcrParams)</code> — the
<code>*Secret</code> argument is now a positional parameter preceding
the params struct</li>
<li><code>Image.FromGcpArtifactRegistry</code> →
<code>FromGcpArtifactRegistry(tag, secret,
*ImageFromGcpArtifactRegistryParams)</code> —
the <code>*Secret</code> argument is now a positional parameter
preceding the params struct</li>
<li><code>Image.Build</code> → <code>Build(ctx, app,
*ImageBuildParams)</code></li>
<li><code>Function.GetCurrentStats</code> → <code>GetCurrentStats(ctx,
*FunctionGetCurrentStatsParams)</code></li>
<li><code>ContainerProcess.Wait</code> → <code>Wait(ctx,
*ContainerProcessWaitParams)</code></li>
<li><code>Sandbox.FromID</code> → <code>FromID(ctx, id,
*SandboxFromIDParams)</code></li>
<li><code>Sandbox.Wait</code> → <code>Wait(ctx,
*SandboxWaitParams)</code></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/modal-labs/modal-client/commit/464b3ec94b79b2f02a270fb98b4ed85d9c85f962"><code>464b3ec</code></a>
Release 0.8.2 go/js SDK (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/46779">#46779</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/3f83306e23bec27bf9734912c14c40ff054e6914"><code>3f83306</code></a>
Add Sandbox.UpdateNetworkPolicy to Go SDK (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/46709">#46709</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/bb3972100c45f83d58dc04af52f6b46955b58f18"><code>bb39721</code></a>
client: [typescript] Add <code>reload_volumes</code> support for v2
sandboxes (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/46763">#46763</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/4982be8007ecc9e32f99a57eb8258575bea1c51b"><code>4982be8</code></a>
client: [go] Add <code>reload_volume</code> support for v2 sandboxes (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/46765">#46765</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/60507cfcf7f268c4197ed9a6b93d638b8538f0d6"><code>60507cf</code></a>
Add Sandbox.updateNetworkPolicy to JS SDK (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/46751">#46751</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/575b37543df238c6449b9501714dde270cc1d05a"><code>575b375</code></a>
client: [python] Enable reload_volumes for v2 sandboxes (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/46615">#46615</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/709e8319c119c2de2135c097439f8e48e1f07761"><code>709e831</code></a>
Fix typo - content manager instead of context manager (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/46600">#46600</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/0f0a0ccd0ff438a906aa3dac8d7c65a4ad0c47a7"><code>0f0a0cc</code></a>
API changes for sidecar volumes (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/45342">#45342</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/52427413700930739bd1e9d852ca836645687d70"><code>5242741</code></a>
[IO-71] Expose routing_region as an option to .with_options() in the
modal cl...</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/38db96fdbdd006129c0d6d7779c079c38c7d4b85"><code>38db96f</code></a>
Pin protoc and codegen plugin versions for Go proto generation (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/45919">#45919</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/modal-labs/modal-client/compare/go/v0.7.6...go/v0.8.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `pg` from 8.21.0 to 8.22.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md">pg's
changelog</a>.</em></p>
<blockquote>
<h2>pg@8.22.0</h2>
<ul>
<li>Add support for <a
href="https://redirect.github.com/brianc/node-postgres/pull/3688">sslnegotiation=direct</a>
for PostgreSQL 17+.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/brianc/node-postgres/commit/b617619f9fb6fbd231731823e2732a2927ded4be"><code>b617619</code></a>
Publish</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/d80b2612fbe83ed8234637f20b943d85e4331094"><code>d80b261</code></a>
Update docs &amp; changelog</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/835fb83ab9e1cf30fa8367ba42bd633720d71832"><code>835fb83</code></a>
Fix error handling for exceptions on values parsing. (<a
href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3574">#3574</a>)</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/f49ab4a9795ae0866409f9bfe52a68b4f65ef024"><code>f49ab4a</code></a>
fix: correct spelling mistakes across codebase (<a
href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3692">#3692</a>)</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/d7175a4aa0347b7416109e9ecc61d4d235486d0e"><code>d7175a4</code></a>
Expand CI matrix of PG versions and add direct SSL test (<a
href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3693">#3693</a>)</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/882fc308cce7bf136cd1448e00395f760dad3e00"><code>882fc30</code></a>
Add support for sslnegotiation=direct (PostgreSQL 17) (<a
href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3688">#3688</a>)</li>
<li>See full diff in <a
href="https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg">compare
view</a></li>
</ul>
</details>
<br />

Updates `lucide-react` from 1.21.0 to 1.23.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lucide-icons/lucide/releases">lucide-react's
releases</a>.</em></p>
<blockquote>
<h2>Version 1.23.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(docs): prevent scrollbar layout shift on icons page by <a
href="https://github.com/g30r93g"><code>@​g30r93g</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4500">lucide-icons/lucide#4500</a></li>
<li>chore(docs): Remove certificates banner by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4504">lucide-icons/lucide#4504</a></li>
<li>ci(repo-journal.yml): GH copilot repo summary by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4505">lucide-icons/lucide#4505</a></li>
<li>ci(repo-journal.yml): Small fix in the workflow by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4508">lucide-icons/lucide#4508</a></li>
<li>ci(repo-journal.yml): Switch to token by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4509">lucide-icons/lucide#4509</a></li>
<li>feat(icons): added <code>paper-bag</code> icon by <a
href="https://github.com/dkast"><code>@​dkast</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4023">lucide-icons/lucide#4023</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/g30r93g"><code>@​g30r93g</code></a> made
their first contribution in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4500">lucide-icons/lucide#4500</a></li>
<li><a href="https://github.com/dkast"><code>@​dkast</code></a> made
their first contribution in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4023">lucide-icons/lucide#4023</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/lucide-icons/lucide/compare/1.22.0...1.23.0">https://github.com/lucide-icons/lucide/compare/1.22.0...1.23.0</a></p>
<h2>Version 1.22.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(icons): add 6 database variant icons by <a
href="https://github.com/Barakudum"><code>@​Barakudum</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4336">lucide-icons/lucide#4336</a></li>
<li>ci(release.yml): Remove concurrency field to prevent release mess by
<a href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in
<a
href="https://redirect.github.com/lucide-icons/lucide/pull/4485">lucide-icons/lucide#4485</a></li>
<li>fix(docs): fix color input clipping by <a
href="https://github.com/Hsiii"><code>@​Hsiii</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4488">lucide-icons/lucide#4488</a></li>
<li>docs(site): add Deno to installation instructions by <a
href="https://github.com/bartlomieju"><code>@​bartlomieju</code></a> in
<a
href="https://redirect.github.com/lucide-icons/lucide/pull/4486">lucide-icons/lucide#4486</a></li>
<li>chore(deps): bump esbuild from 0.25.12 to 0.28.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4459">lucide-icons/lucide#4459</a></li>
<li>fix(docs): prevent private analytics token from blocking local dev
by <a href="https://github.com/Hsiii"><code>@​Hsiii</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4481">lucide-icons/lucide#4481</a></li>
<li>docs(installation.md): Remove outdate next tag in installation by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4495">lucide-icons/lucide#4495</a></li>
<li>fix(lucide-react-native): Fix context provider export by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4497">lucide-icons/lucide#4497</a></li>
<li>fix(astro): add Astro v7 compatibility by <a
href="https://github.com/iseraph-dev"><code>@​iseraph-dev</code></a> in
<a
href="https://redirect.github.com/lucide-icons/lucide/pull/4491">lucide-icons/lucide#4491</a></li>
<li>fix(icons): changed <code>carrot</code> icon by <a
href="https://github.com/jguddas"><code>@​jguddas</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4010">lucide-icons/lucide#4010</a></li>
<li>fix(icons): changed <code>ungroup</code> icon by <a
href="https://github.com/jguddas"><code>@​jguddas</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/3969">lucide-icons/lucide#3969</a></li>
<li>feat(icons): added <code>phi</code> icon also used as
<code>golden-ratio</code> by <a
href="https://github.com/whoisBugsbunny"><code>@​whoisBugsbunny</code></a>
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4218">lucide-icons/lucide#4218</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/bartlomieju"><code>@​bartlomieju</code></a>
made their first contribution in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4486">lucide-icons/lucide#4486</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/lucide-icons/lucide/compare/1.21.0...1.22.0">https://github.com/lucide-icons/lucide/compare/1.21.0...1.22.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react">compare
view</a></li>
</ul>
</details>
<br />

Updates `vite` from 8.0.16 to 8.1.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v8.1.2</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.1.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.1.1</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.1.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@8.1.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@8.1.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>plugin-legacy@8.1.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/plugin-legacy@8.1.0/packages/plugin-legacy/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.1.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.1.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>plugin-legacy@8.1.0-beta.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/plugin-legacy@8.1.0-beta.0/packages/plugin-legacy/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.1.0-beta.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.1.0-beta.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v8.1.1...v8.1.2">8.1.2</a>
(2026-06-30)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> revert es-module-lexer to 2.1.0 (<a
href="https://redirect.github.com/vitejs/vite/issues/22827">#22827</a>)
(<a
href="https://github.com/vitejs/vite/commit/0d3bd7c4111b8345cfc353c7bbb2c30601752e26">0d3bd7c</a>)</li>
<li>restore, &quot;fix: resolve pnpm .modules.yaml from workspace root
instead of cwd (<a
href="https://redirect.github.com/vitejs/vite/issues/22757">#22757</a>)&quot;
(<a
href="https://redirect.github.com/vitejs/vite/issues/22825">#22825</a>)
(<a
href="https://github.com/vitejs/vite/commit/efb98cce73f3f89c4f03936ab7741cd5b0636f5c">efb98cc</a>)</li>
<li>revert, &quot;fix: escape ids with multiple null bytes (<a
href="https://redirect.github.com/vitejs/vite/issues/22687">#22687</a>)&quot;
(<a
href="https://github.com/vitejs/vite/commit/cccef55dfaa6253929d2cb58d3af53f217efc877">cccef55</a>)</li>
<li>revert, &quot;fix: resolve pnpm .modules.yaml from workspace root
instead of cwd (<a
href="https://redirect.github.com/vitejs/vite/issues/22757">#22757</a>)&quot;
(<a
href="https://github.com/vitejs/vite/commit/cf97711963ddcdcfac3e4fcd00771d7a55e92141">cf97711</a>)</li>
</ul>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v8.1.0...v8.1.1">8.1.1</a>
(2026-06-30)<!-- raw HTML omitted --></h2>
<h3>Features</h3>
<ul>
<li>update dynamic import warning to link to Vite docs (<a
href="https://redirect.github.com/vitejs/vite/issues/22823">#22823</a>)
(<a
href="https://github.com/vitejs/vite/commit/62bd7afd27ec0507bf528a135165dda3a44ebc21">62bd7af</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>bundled-dev:</strong> avoid stack overflow on
<code>import.meta.hot.invalidate()</code> (<a
href="https://redirect.github.com/vitejs/vite/issues/22797">#22797</a>)
(<a
href="https://github.com/vitejs/vite/commit/709eb8ee03d3c46269755334f59b7e9a353fc522">709eb8e</a>)</li>
<li><strong>bundled-dev:</strong> serve assets emitted during HMR/lazy
compile (<a
href="https://redirect.github.com/vitejs/vite/issues/22745">#22745</a>)
(<a
href="https://github.com/vitejs/vite/commit/5876b2cc2e1a01df9363e1e3d1d19f474ba68285">5876b2c</a>)</li>
<li><strong>bundledDev:</strong> skip plugin transform hooks for
rolldown-lazy stub modules (<a
href="https://redirect.github.com/vitejs/vite/issues/22778">#22778</a>)
(<a
href="https://github.com/vitejs/vite/commit/8f925e2e496f4d313d860acb53880245b07ce6f7">8f925e2</a>)</li>
<li><strong>css:</strong> preserve dollar signs in external
<code>@import</code> urls with lightningcss (<a
href="https://redirect.github.com/vitejs/vite/issues/22718">#22718</a>)
(<a
href="https://github.com/vitejs/vite/commit/9fa7ab4990f4fe74597d0a37a16d84af1c1e3544">9fa7ab4</a>)</li>
<li><strong>css:</strong> resolve tsconfig paths in CSS and Sass <a
href="https://github.com/import"><code>@​import</code></a> (<a
href="https://redirect.github.com/vitejs/vite/issues/22775">#22775</a>)
(<a
href="https://github.com/vitejs/vite/commit/ef0b8916160c4d2a677decc062f6faa48fbf1578">ef0b891</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/22734">#22734</a>)
(<a
href="https://github.com/vitejs/vite/commit/e635f493faa24930ae637318d6564539bc668e89">e635f49</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/22804">#22804</a>)
(<a
href="https://github.com/vitejs/vite/commit/8837400a676a633af1ad6d3746b584d13cf90ecc">8837400</a>)</li>
<li><strong>deps:</strong> update rolldown-related dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/22591">#22591</a>)
(<a
href="https://github.com/vitejs/vite/commit/2ce6677a151c53a019baec32859b646267f9d320">2ce6677</a>)</li>
<li>escape ids with multiple null bytes (<a
href="https://redirect.github.com/vitejs/vite/issues/22687">#22687</a>)
(<a
href="https://github.com/vitejs/vite/commit/833fc302f3f4a5030f49207b5fbf10422f3247a2">833fc30</a>)</li>
<li>hide console window when running 'net use' on Windows (<a
href="https://redirect.github.com/vitejs/vite/issues/22698">#22698</a>)
(<a
href="https://github.com/vitejs/vite/commit/92b63f219f6c1872f35461aa75e9e9aec79bb01c">92b63f2</a>)</li>
<li>ignore bundled config temp dir (<a
href="https://redirect.github.com/vitejs/vite/issues/22800">#22800</a>)
(<a
href="https://github.com/vitejs/vite/commit/043a81096ddf8c6f9077c8e3e12362c83f9ed089">043a810</a>)</li>
<li>invert <code>esbuild.jsxSideEffects</code> when converting to
<code>oxc.jsx.pure</code> (<a
href="https://redirect.github.com/vitejs/vite/issues/22809">#22809</a>)
(<a
href="https://github.com/vitejs/vite/commit/33895ba4faa0a46d5bd7b3eb53d02255113c8b5d">33895ba</a>)</li>
<li><strong>optimize-deps:</strong> ignore
<code>ERR_CLOSED_SERVER</code> in scanner (<a
href="https://redirect.github.com/vitejs/vite/issues/22784">#22784</a>)
(<a
href="https://github.com/vitejs/vite/commit/085a0ab704bf1a698d459d625a5c955d27b73134">085a0ab</a>)</li>
<li><strong>optimizer:</strong> scanner should resolve
<code>input</code> from <code>root</code> (<a
href="https://redirect.github.com/vitejs/vite/issues/22769">#22769</a>)
(<a
href="https://github.com/vitejs/vite/commit/9722b0795b68602597ddd53e3d3c7ed9f00cb831">9722b07</a>)</li>
<li>resolve pnpm .modules.yaml from workspace root instead of cwd (<a
href="https://redirect.github.com/vitejs/vite/issues/22757">#22757</a>)
(<a
href="https://github.com/vitejs/vite/commit/2531ac7ccd1d581df5febe4a3814226ba8939a20">2531ac7</a>)</li>
<li>return sourcemap field from some plugins that were lacking (<a
href="https://redirect.github.com/vitejs/vite/issues/22782">#22782</a>)
(<a
href="https://github.com/vitejs/vite/commit/7e18bf802bdde7a386eb3b407c87a67f89a895ca">7e18bf8</a>)</li>
<li><strong>server:</strong> handle malformed URI in indexHtmlMiddleware
(<a
href="https://redirect.github.com/vitejs/vite/issues/22781">#22781</a>)
(<a
href="https://github.com/vitejs/vite/commit/84f5cccc7574c740c46f5cb2a09f29cde8380701">84f5ccc</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li>improve dependency optimizer messages (<a
href="https://redirect.github.com/vitejs/vite/issues/22549">#22549</a>)
(<a
href="https://github.com/vitejs/vite/commit/092cb3b4247a06ba176c094a9a743d335adc6574">092cb3b</a>)</li>
</ul>
<h3>Code Refactoring</h3>
<ul>
<li><strong>css:</strong> remove lightningcss null byte bug workaround
(<a
href="https://redirect.github.com/vitejs/vite/issues/22822">#22822</a>)
(<a
href="https://github.com/vitejs/vite/commit/2dafd3bb7f8b265037e216f50afaa890ae2e2875">2dafd3b</a>)</li>
<li>use pre-defined environments variable to avoid duplicate
<code>Object.values</code> calls (<a
href="https://redirect.github.com/vitejs/vite/issues/22790">#22790</a>)
(<a
href="https://github.com/vitejs/vite/commit/1113acf6cff711196b3443f7126804847c1d4e1e">1113acf</a>)</li>
</ul>
<h3>Tests</h3>
<ul>
<li>enable &quot;manual chunk path&quot; test and remove
&quot;worker.format error&quot; test (<a
href="https://redirect.github.com/vitejs/vite/issues/22824">#22824</a>)
(<a
href="https://github.com/vitejs/vite/commit/c088511f34a01f13e21498a492df8554bf332cdf">c088511</a>)</li>
</ul>
<h2><a
href="https://github.com/vitejs/vite/compare/v8.1.0-beta.0...v8.1.0">8.1.0</a>
(2026-06-23)</h2>
<h3>Features</h3>
<ul>
<li>extend <code>server.fs.deny</code> list with common files (<a
href="https://redirect.github.com/vitejs/vite/issues/22707">#22707</a>)
(<a
href="https://github.com/vitejs/vite/commit/61ba8fdc6500e8aa668021833ae5e6ebd200466d">61ba8fd</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitejs/vite/commit/ba3119397d0110952f29965774c627a3017d7292"><code>ba31193</code></a>
release: v8.1.2</li>
<li><a
href="https://github.com/vitejs/vite/commit/0d3bd7c4111b8345cfc353c7bbb2c30601752e26"><code>0d3bd7c</code></a>
fix(deps): revert es-module-lexer to 2.1.0 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22827">#22827</a>)</li>
<li><a
href="https://github.com/vitejs/vite/commit/efb98cce73f3f89c4f03936ab7741cd5b0636f5c"><code>efb98cc</code></a>
fix: restore, &quot;fix: resolve pnpm .modules.yaml from workspace root
instead of...</li>
<li><a
href="https://github.com/vitejs/vite/commit/cf97711963ddcdcfac3e4fcd00771d7a55e92141"><code>cf97711</code></a>
fix: revert, &quot;fix: resolve pnpm .modules.yaml from workspace root
instead of ...</li>
<li><a
href="https://github.com/vitejs/vite/commit/cccef55dfaa6253929d2cb58d3af53f217efc877"><code>cccef55</code></a>
fix: revert, &quot;fix: escape ids with multiple null bytes (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22687">#22687</a>)&quot;</li>
<li><a
href="https://github.com/vitejs/vite/commit/4ae9e14f2c4db0706b2e9d815656e050accbd2bf"><code>4ae9e14</code></a>
release: v8.1.1</li>
<li><a
href="https://github.com/vitejs/vite/commit/8f925e2e496f4d313d860acb53880245b07ce6f7"><code>8f925e2</code></a>
fix(bundledDev): skip plugin transform hooks for rolldown-lazy stub
modules (...</li>
<li><a
href="https://github.com/vitejs/vite/commit/c088511f34a01f13e21498a492df8554bf332cdf"><code>c088511</code></a>
test: enable &quot;manual chunk path&quot; test and remove
&quot;worker.format error&quot; test (...</li>
<li><a
href="https://github.com/vitejs/vite/commit/62bd7afd27ec0507bf528a135165dda3a44ebc21"><code>62bd7af</code></a>
feat: update dynamic import warning to link to Vite docs (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22823">#22823</a>)</li>
<li><a
href="https://github.com/vitejs/vite/commit/2dafd3bb7f8b265037e216f50afaa890ae2e2875"><code>2dafd3b</code></a>
refactor(css): remove lightningcss null byte bug workaround (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22822">#22822</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v8.1.2/packages/vite">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-02 05:15:37 +00:00
dependabot[bot] 88986a2417 build(deps): bump the major-deps-updates-main group with 3 updates (#641)
Bumps the major-deps-updates-main group with 3 updates:
[@agentclientprotocol/sdk](https://github.com/agentclientprotocol/typescript-sdk),
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
and [p-queue](https://github.com/sindresorhus/p-queue).

Updates `@agentclientprotocol/sdk` from 0.24.0 to 1.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/agentclientprotocol/typescript-sdk/releases">@​agentclientprotocol/sdk's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.0</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v1.0.0...v1.1.0">1.1.0</a>
(2026-06-29)</h2>
<h3>Features</h3>
<ul>
<li>Expose request ids in handler contexts (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/202">#202</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/eda849ca7894f32e4ed11df81eb5b024e5512e5b">eda849c</a>)</li>
</ul>
<h2>v1.0.0</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.29.0...v1.0.0">1.0.0</a>
(2026-06-24)</h2>
<h3>Features</h3>
<ul>
<li><strong>schema:</strong> Update to v1.16.0 of the schema (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/199">#199</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/de5879100c1bb5e2fdaebc957c1ca01364eb33cc">de58791</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 1.0.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/201">#201</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/008fc2861adc3f87edc4daa12eb78b81a6fd7161">008fc28</a>)</li>
</ul>
<h2>v0.29.0</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.28.1...v0.29.0">0.29.0</a>
(2026-06-22)</h2>
<h3>Features</h3>
<ul>
<li><strong>unstable:</strong> Add support for request cancellation (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/195">#195</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/d5197f9f6346a4b57084552e0bdf3c71ccf64412">d5197f9</a>)</li>
</ul>
<h2>v0.28.1</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.28.0...v0.28.1">0.28.1</a>
(2026-06-19)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Expose peer contexts from app connections (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/190">#190</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/d6573109fd7c27170cd970aa9b28e7e6054e993e">d657310</a>)</li>
</ul>
<h2>v0.28.0</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.27.1...v0.28.0">0.28.0</a>
(2026-06-18)</h2>
<h3>Features</h3>
<ul>
<li><strong>schema:</strong> Update to schema v1.14.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/185">#185</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/3c619a737120bbd4ccc6282b893e94152125562c">3c619a7</a>)</li>
</ul>
<h2>v0.27.1</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.27.0...v0.27.1">0.27.1</a>
(2026-06-18)</h2>
<h3>Bug Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/agentclientprotocol/typescript-sdk/blob/main/CHANGELOG.md">@​agentclientprotocol/sdk's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v1.0.0...v1.1.0">1.1.0</a>
(2026-06-29)</h2>
<h3>Features</h3>
<ul>
<li>Expose request ids in handler contexts (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/202">#202</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/eda849ca7894f32e4ed11df81eb5b024e5512e5b">eda849c</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.29.0...v1.0.0">1.0.0</a>
(2026-06-24)</h2>
<h3>Features</h3>
<ul>
<li><strong>schema:</strong> Update to v1.16.0 of the schema (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/199">#199</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/de5879100c1bb5e2fdaebc957c1ca01364eb33cc">de58791</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 1.0.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/201">#201</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/008fc2861adc3f87edc4daa12eb78b81a6fd7161">008fc28</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.28.1...v0.29.0">0.29.0</a>
(2026-06-22)</h2>
<h3>Features</h3>
<ul>
<li><strong>unstable:</strong> Add support for request cancellation (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/195">#195</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/d5197f9f6346a4b57084552e0bdf3c71ccf64412">d5197f9</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.28.0...v0.28.1">0.28.1</a>
(2026-06-19)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Expose peer contexts from app connections (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/190">#190</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/d6573109fd7c27170cd970aa9b28e7e6054e993e">d657310</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.27.1...v0.28.0">0.28.0</a>
(2026-06-18)</h2>
<h3>Features</h3>
<ul>
<li><strong>schema:</strong> Update to schema v1.14.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/185">#185</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/3c619a737120bbd4ccc6282b893e94152125562c">3c619a7</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.27.0...v0.27.1">0.27.1</a>
(2026-06-18)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>node-adapter:</strong> Cap HTTP request body size (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/186">#186</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/3832d4ce69d9f44c5f886c9b3ff24169d6119236">3832d4c</a>)</li>
<li><strong>node-adapter:</strong> harden Node adapter request parsing
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/220eae660e459ac648fe352b756b586f39f9aa1e">220eae6</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.26.0...v0.27.0">0.27.0</a>
(2026-06-18)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/78023d41520d693fcc79aed9c9c635b7bc3e58e8"><code>78023d4</code></a>
chore(main): release 1.1.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/203">#203</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/eda849ca7894f32e4ed11df81eb5b024e5512e5b"><code>eda849c</code></a>
feat: Expose request ids in handler contexts (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/202">#202</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/f8bf32c6be943e59969f31c65f338914fe25420e"><code>f8bf32c</code></a>
chore(main): release 1.0.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/200">#200</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/008fc2861adc3f87edc4daa12eb78b81a6fd7161"><code>008fc28</code></a>
chore: release 1.0.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/201">#201</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/de5879100c1bb5e2fdaebc957c1ca01364eb33cc"><code>de58791</code></a>
feat(schema): Update to v1.16.0 of the schema (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/199">#199</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/bdc626790d26470324a68f26df9d3b6c152cec4c"><code>bdc6267</code></a>
chore(main): release 0.29.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/196">#196</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/675ecbab8fde8054b621dd7c1ead758230d0c653"><code>675ecba</code></a>
chore: Update Hey API OpenAPI TS to 0.99 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/197">#197</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/d5197f9f6346a4b57084552e0bdf3c71ccf64412"><code>d5197f9</code></a>
feat(unstable): Add support for request cancellation (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/195">#195</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/06c932a22a5f8dc3cf691b20f4cc9d312d6e26a1"><code>06c932a</code></a>
chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/192">#192</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/ffdbaac36004d9623a6ed8f37030650e5c8f409e"><code>ffdbaac</code></a>
chore(deps-dev): bump <code>@​types/node</code> from 25.9.3 to 26.0.0
(<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/193">#193</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.24.0...v1.1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/node` from 25.9.3 to 26.1.0
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />

Updates `p-queue` from 8.1.1 to 9.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sindresorhus/p-queue/releases">p-queue's
releases</a>.</em></p>
<blockquote>
<h2>v9.3.0</h2>
<ul>
<li>Add <code>timeoutRemaining</code> to <code>runningTasks</code>
57d0a1a</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/p-queue/compare/v9.2.0...v9.3.0">https://github.com/sindresorhus/p-queue/compare/v9.2.0...v9.3.0</a></p>
<h2>v9.2.0</h2>
<ul>
<li>Improve performance (<a
href="https://redirect.github.com/sindresorhus/p-queue/issues/244">#244</a>)
87077d0</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/p-queue/compare/v9.1.2...v9.2.0">https://github.com/sindresorhus/p-queue/compare/v9.1.2...v9.2.0</a></p>
<h2>v9.1.2</h2>
<ul>
<li>Fix: Export <code>PriorityQueue</code> type (<a
href="https://redirect.github.com/sindresorhus/p-queue/issues/242">#242</a>)
a20e1f3</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/p-queue/compare/v9.1.1...v9.1.2">https://github.com/sindresorhus/p-queue/compare/v9.1.1...v9.1.2</a></p>
<h2>v9.1.1</h2>
<ul>
<li>Fix <code>signal</code> option not rejecting when task is aborted
while queued a64b316
<ul>
<li>If you use a custom queue class, you will have to add a
<code>remove()</code> method. See the built-in class.</li>
</ul>
</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/p-queue/compare/v9.1.0...v9.1.1">https://github.com/sindresorhus/p-queue/compare/v9.1.0...v9.1.1</a></p>
<h2>v9.1.0</h2>
<ul>
<li>Add <a
href="https://github.com/sindresorhus/p-queue?tab=readme-ov-file#strict"><code>strict</code></a>
option for sliding window rate limiting 03b8156</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/p-queue/compare/v9.0.1...v9.1.0">https://github.com/sindresorhus/p-queue/compare/v9.0.1...v9.1.0</a></p>
<h2>v9.0.1</h2>
<ul>
<li>Fix: Remove abort listener when operation completes (<a
href="https://redirect.github.com/sindresorhus/p-queue/issues/235">#235</a>)
e9074f0</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/p-queue/compare/v9.0.0...v9.0.1">https://github.com/sindresorhus/p-queue/compare/v9.0.0...v9.0.1</a></p>
<h2>v9.0.0</h2>
<h3>Breaking</h3>
<ul>
<li>Require Node.js 20  b2600d5</li>
<li>Remove <code>throwOnTimeout</code> option - timeouts now always
throw e48716f
<ul>
<li>It was a mistake to not throw on timeouts and the option made it
complicated to handle types.</li>
<li>If you really need the old behavior back:</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/cfa917af261fb6db9eb1281221ba21093eb49e3d"><code>cfa917a</code></a>
9.3.0</li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/b5a483f2b76f977f89e0968afcbd5e61643dff11"><code>b5a483f</code></a>
Fix docs</li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/57d0a1a3ef683c3491aff71e03a4e3dfb4ed95a2"><code>57d0a1a</code></a>
Add <code>timeoutRemaining</code> to <code>runningTasks</code></li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/fc4b7369d915ade31416d603fd35fd26c1885851"><code>fc4b736</code></a>
9.2.0</li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/ea65ce3659cb3e3be2fbe7049e69e280f04c8378"><code>ea65ce3</code></a>
Tweaks</li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/87077d0214c203f38d0f36c4efee8172e67bf1c4"><code>87077d0</code></a>
Improve performance (<a
href="https://redirect.github.com/sindresorhus/p-queue/issues/244">#244</a>)</li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/53848611d103e16f39e94cba8c70a36f0ec791a0"><code>5384861</code></a>
Fix CI</li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/55d306ba03479dcc531a8e06deab24d3f60feacd"><code>55d306b</code></a>
9.1.2</li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/a20e1f34b5c82e4e91e5d2e0c8b663e831dc16ab"><code>a20e1f3</code></a>
Export <code>PriorityQueue</code> type (<a
href="https://redirect.github.com/sindresorhus/p-queue/issues/242">#242</a>)</li>
<li><a
href="https://github.com/sindresorhus/p-queue/commit/9eec7efb433c33f66799d9dec41aa56d43f3435a"><code>9eec7ef</code></a>
9.1.1</li>
<li>Additional commits viewable in <a
href="https://github.com/sindresorhus/p-queue/compare/v8.1.1...v9.3.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-02 05:08:05 +00:00
dependabot[bot] 9217edd307 build(deps): bump the patch-deps-updates-main group with 15 updates (#639)
Bumps the patch-deps-updates-main group with 15 updates:

| Package | From | To |
| --- | --- | --- |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.7` |
`17.0.8` |
| [@langchain/core](https://github.com/langchain-ai/langchainjs) |
`1.2.0` | `1.2.1` |
|
[@langchain/langgraph](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core)
| `1.4.4` | `1.4.7` |
|
[@langchain/langgraph-checkpoint](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint)
| `1.1.2` | `1.1.3` |
| [@langchain/anthropic](https://github.com/langchain-ai/langchainjs) |
`1.5.0` | `1.5.1` |
|
[@langchain/langgraph-sdk](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk)
| `1.9.23` | `1.9.25` |
| [@langchain/openai](https://github.com/langchain-ai/langchainjs) |
`1.5.1` | `1.5.3` |
| [langchain](https://github.com/langchain-ai/langchainjs) | `1.5.0` |
`1.5.2` |
| [node-vfs-polyfill](https://github.com/vercel-labs/node-vfs-polyfill)
| ``1227fb0`` | ``ef76f90`` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.7.10`
| `0.7.14` |
| [hono](https://github.com/honojs/hono) | `4.12.26` | `4.12.27` |
| [@hono/node-server](https://github.com/honojs/node-server) | `2.0.5` |
`2.0.6` |
|
[@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite)
| `4.3.1` | `4.3.2` |
|
[@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react)
| `6.0.2` | `6.0.3` |
|
[tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss)
| `4.3.1` | `4.3.2` |

Updates `lint-staged` from 17.0.7 to 17.0.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lint-staged/lint-staged/releases">lint-staged's
releases</a>.</em></p>
<blockquote>
<h2>v17.0.8</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1809">#1809</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a>
- Fix <em>lint-staged</em> discarding the ongoing merge conflict status
(<code>.git/MERGE_HEAD</code>) when using the
<code>--hide-unstaged</code> or <code>--hide-all</code> options.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1811">#1811</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a>
- Fix issues with Git commands that are successful but also emit
warnings to <code>stderr</code>, by ignoring the <code>stderr</code>
output completely when the process exits with code 0. This was the
behavior when using <code>nano-spawn</code> and <code>execa</code>, but
when switching to <code>tinyexec</code> in 16.3.0 both
<code>stdout</code> and <code>stderr</code> were used as interleaved
output.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md">lint-staged's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.8</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1809">#1809</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a>
- Fix <em>lint-staged</em> discarding the ongoing merge conflict status
(<code>.git/MERGE_HEAD</code>) when using the
<code>--hide-unstaged</code> or <code>--hide-all</code> options.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1811">#1811</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a>
- Fix issues with Git commands that are successful but also emit
warnings to <code>stderr</code>, by ignoring the <code>stderr</code>
output completely when the process exits with code 0. This was the
behavior when using <code>nano-spawn</code> and <code>execa</code>, but
when switching to <code>tinyexec</code> in 16.3.0 both
<code>stdout</code> and <code>stderr</code> were used as interleaved
output.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/5f3b8f28e895972bd5a2cdba733327b49859b91f"><code>5f3b8f2</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1812">#1812</a>
from lint-staged/changeset-release/main</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/43a9b8d759443d3c313514b8a54af37108b19ac5"><code>43a9b8d</code></a>
chore(changeset): release</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/630e2f60abc9e3964cf62f3f833594a19cdaf3cd"><code>630e2f6</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1809">#1809</a>
from lint-staged/restore-merge-status</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a>
fix: restore Git merge status after creating backup stash</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/6bae2e2aac7fd2981cf0b24e266631191760186c"><code>6bae2e2</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1811">#1811</a>
from lint-staged/exec-git-ignore-stderr</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/b82a83099ddef36fccc26937761f184dfbe7c370"><code>b82a830</code></a>
ci: run npm audit omitting dev, including prod dependencies</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/0b19b80233efc83b8e7c6df3f117d87fe760752c"><code>0b19b80</code></a>
build(deps): update dependencies</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a>
fix: ignore stderr when doing Git operations</li>
<li>See full diff in <a
href="https://github.com/lint-staged/lint-staged/compare/v17.0.7...v17.0.8">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/core` from 1.2.0 to 1.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchainjs/releases">@​langchain/core's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/core</code><a
href="https://github.com/1"><code>@​1</code></a>.2.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10674">#10674</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix: classify provider 429s before retrying</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/11092">#11092</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/7918bbdd2eaf8d9aff736b122f359a555267e1e7"><code>7918bbd</code></a>
Thanks <a
href="https://github.com/aolsenjazz"><code>@​aolsenjazz</code></a>! -
fix(core): only treat arrays of content blocks as ToolMessage
content</p>
<p>Fix tool outputs that are arrays of plain objects being forwarded as
malformed message content. An array is now only treated as message
content blocks when every element is an object with a <code>type</code>;
otherwise it is JSON-stringified.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/1ee0df0c49335104968f6c5130dbdb7e777f85d7"><code>1ee0df0</code></a>
chore: version packages (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11097">#11097</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a>
fix(core): better 429 error handling (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/10674">#10674</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a>
fix(openai): omit empty reasoning item id in Responses API input (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11045">#11045</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a>
fix(openai): route standard url file blocks to native input_file in
Responses...</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a>
fix(openai): stream built-in tool progress events (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11090">#11090</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/d2e6afcf17b269aa11a2f18444c208bc8a4b2520"><code>d2e6afc</code></a>
fix(groq): require <code>@​langchain/core</code> &gt;= 1.1.30 in peer
dependency (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11072">#11072</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/c66870ea8ebf9e3b0794ab8d969b25dfb189f2de"><code>c66870e</code></a>
feat(weaviate): add X-Weaviate-Client-Integration telemetry header (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11088">#11088</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/baa57ba7cdce2046ba3dd40e9e8cf3c93c9c1ac4"><code>baa57ba</code></a>
fix(anthropic): omit default disabled thinking from requests (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11073">#11073</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/04edb8d0fa3c408adbc6e4c277d1f3aaf5b40161"><code>04edb8d</code></a>
docs(ibm): fix &quot;Recieved&quot; typo in tool_choice error message
(<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11066">#11066</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/2b7f368c2baa3f2916a207bf099a437adce2179c"><code>2b7f368</code></a>
chore(deps): bump uuid from 14.0.0 to 14.0.1 (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11094">#11094</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchainjs/compare/@langchain/core@1.2.0...@langchain/core@1.2.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/langgraph` from 1.4.4 to 1.4.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/releases">@​langchain/langgraph's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/langgraph</code><a
href="https://github.com/1"><code>@​1</code></a>.4.7</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2571">#2571</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/85ba859b6f60f4bf193d3313fa24149efe05491b"><code>85ba859</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph): drop unused zod-to-json-schema peer dependency</p>
<p>Remove the vestigial <code>zod-to-json-schema</code> (and its
<code>peerDependenciesMeta</code>/dev) declarations. JSON Schema
generation now flows through <code>@langchain/core</code>'s Zod v3/v4
interop (<code>toJsonSchema</code>), so the old
<code>zod-to-json-schema@^3.x</code> peer (which pins
<code>zod@^3.24.1</code>) is no longer needed and was the last source of
install-time peer conflicts with Zod v4. Closes <a
href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1706">#1706</a>.</p>
</li>
</ul>
<h2><code>@​langchain/langgraph</code><a
href="https://github.com/1"><code>@​1</code></a>.4.6</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://github.com/langchain-ai/langgraphjs/commit/03a0d8b8632082e6dbf4a96fcf37f8f67151b74f"><code>03a0d8b</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph): emit valid UUIDs for exit-mode delta task_ids</p>
<p>Exit-mode DeltaChannel writes used a step-prefixed synthetic task id
that produced a 6-segment string Postgres rejects for
<code>checkpoint_writes.task_id uuid</code> in LangGraph API. Embed the
superstep in the first UUID group instead, matching <a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8165">langchain-ai/langgraph#8165</a>.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a>,
<a
href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.25</li>
<li><code>@​langchain/langgraph-checkpoint</code><a
href="https://github.com/1"><code>@​1</code></a>.1.3</li>
</ul>
</li>
</ul>
<h2><code>@​langchain/langgraph</code><a
href="https://github.com/1"><code>@​1</code></a>.4.5</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2557">#2557</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(sdk): apply state update and goto alongside interrupt resume</p>
<p><code>respond(decision, { update, goto })</code> now maps to
LangGraph's
<code>Command(resume, update, goto)</code>, so a human-in-the-loop UI
can commit a state
update (e.g. push the interrupt card into state) in the <strong>same
superstep</strong> as
the resume — one checkpoint, no separate <code>updateState</code> write,
no flicker.
<code>@langchain/langgraph-api</code> forwards
<code>update</code>/<code>goto</code> through
<code>input.respond</code>,
and <code>@langchain/core</code> message instances in
<code>update</code> are serialized to dicts
before transport, exactly like <code>submit()</code>. Bumps
<code>@langchain/protocol</code> to
<code>^0.0.18</code> for the <code>Goto</code> type.</p>
<p><code>respond</code>/<code>respondAll</code> also apply
<code>update</code> <strong>optimistically</strong> (mirroring
<code>submit()</code>): the pushed messages paint immediately, with
stable ids minted so
the resumed run's echo reconciles them in place. Without this the
interrupt is
cleared the instant <code>respond()</code> dispatches while the pushed
card only reappears
a server round-trip later — so the card would flicker in that gap. The
optimistic state settles on the resumed run's terminal (pending → sent,
or
rolled back on a failure before any echo).</p>
<p>User-initiated optimistic writes (<code>submit()</code> /
<code>respond()</code> / <code>respondAll()</code>) now
commit to the store <strong>synchronously</strong>, in the same tick as
the triggering event,
instead of being coalesced onto the next macrotask. This lets a
framework render
the pushed message in the <strong>same commit</strong> as any local UI
state the caller flips
alongside it (e.g. a HITL form swapping its inputs for the resolved
card), so the
card no longer blinks out for the one-macrotask window before the flush
lands.
High-frequency streaming writes keep their macrotask coalescing.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.24</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/langgraph-core/CHANGELOG.md">@​langchain/langgraph's
changelog</a>.</em></p>
<blockquote>
<h2>1.4.7</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2571">#2571</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/85ba859b6f60f4bf193d3313fa24149efe05491b"><code>85ba859</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph): drop unused zod-to-json-schema peer dependency</p>
<p>Remove the vestigial <code>zod-to-json-schema</code> (and its
<code>peerDependenciesMeta</code>/dev) declarations. JSON Schema
generation now flows through <code>@langchain/core</code>'s Zod v3/v4
interop (<code>toJsonSchema</code>), so the old
<code>zod-to-json-schema@^3.x</code> peer (which pins
<code>zod@^3.24.1</code>) is no longer needed and was the last source of
install-time peer conflicts with Zod v4. Closes <a
href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1706">#1706</a>.</p>
</li>
</ul>
<h2>1.4.6</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://github.com/langchain-ai/langgraphjs/commit/03a0d8b8632082e6dbf4a96fcf37f8f67151b74f"><code>03a0d8b</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph): emit valid UUIDs for exit-mode delta task_ids</p>
<p>Exit-mode DeltaChannel writes used a step-prefixed synthetic task id
that produced a 6-segment string Postgres rejects for
<code>checkpoint_writes.task_id uuid</code> in LangGraph API. Embed the
superstep in the first UUID group instead, matching <a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8165">langchain-ai/langgraph#8165</a>.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a>,
<a
href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.25</li>
<li><code>@​langchain/langgraph-checkpoint</code><a
href="https://github.com/1"><code>@​1</code></a>.1.3</li>
</ul>
</li>
</ul>
<h2>1.4.5</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2557">#2557</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(sdk): apply state update and goto alongside interrupt resume</p>
<p><code>respond(decision, { update, goto })</code> now maps to
LangGraph's
<code>Command(resume, update, goto)</code>, so a human-in-the-loop UI
can commit a state
update (e.g. push the interrupt card into state) in the <strong>same
superstep</strong> as
the resume — one checkpoint, no separate <code>updateState</code> write,
no flicker.
<code>@langchain/langgraph-api</code> forwards
<code>update</code>/<code>goto</code> through
<code>input.respond</code>,
and <code>@langchain/core</code> message instances in
<code>update</code> are serialized to dicts
before transport, exactly like <code>submit()</code>. Bumps
<code>@langchain/protocol</code> to
<code>^0.0.18</code> for the <code>Goto</code> type.</p>
<p><code>respond</code>/<code>respondAll</code> also apply
<code>update</code> <strong>optimistically</strong> (mirroring
<code>submit()</code>): the pushed messages paint immediately, with
stable ids minted so
the resumed run's echo reconciles them in place. Without this the
interrupt is
cleared the instant <code>respond()</code> dispatches while the pushed
card only reappears
a server round-trip later — so the card would flicker in that gap. The
optimistic state settles on the resumed run's terminal (pending → sent,
or
rolled back on a failure before any echo).</p>
<p>User-initiated optimistic writes (<code>submit()</code> /
<code>respond()</code> / <code>respondAll()</code>) now
commit to the store <strong>synchronously</strong>, in the same tick as
the triggering event,
instead of being coalesced onto the next macrotask. This lets a
framework render
the pushed message in the <strong>same commit</strong> as any local UI
state the caller flips
alongside it (e.g. a HITL form swapping its inputs for the resolved
card), so the
card no longer blinks out for the one-macrotask window before the flush
lands.
High-frequency streaming writes keep their macrotask coalescing.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/217463762364134fdf0611349d53861a59d2708c"><code>2174637</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2572">#2572</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/85ba859b6f60f4bf193d3313fa24149efe05491b"><code>85ba859</code></a>
fix(langgraph): drop unused zod-to-json-schema dependency (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2571">#2571</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/86389fa3a64ec89e0cb26d97379efcc90c7a211f"><code>86389fa</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2567">#2567</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/03a0d8b8632082e6dbf4a96fcf37f8f67151b74f"><code>03a0d8b</code></a>
fix(langgraph): emit valid UUIDs for exit-mode delta task_ids</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/31261c3be539f0e41e13cf3e21283c55228bc545"><code>31261c3</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2558">#2558</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/5d279df5d524699e3824fdc7d8f9d8d0888edcc4"><code>5d279df</code></a>
chore(deps): bump langchain (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2564">#2564</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a>
feat(sdk): apply state update and goto alongside interrupt resume (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2557">#2557</a>)</li>
<li>See full diff in <a
href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph@1.4.7/libs/langgraph-core">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/langgraph-checkpoint` from 1.1.2 to 1.1.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/releases">@​langchain/langgraph-checkpoint's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/langgraph-checkpoint</code><a
href="https://github.com/1"><code>@​1</code></a>.1.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2566">#2566</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph-checkpoint-postgres): prevent createAgent failures with
PostgresSaver</p>
<p>Add BaseCheckpointSaver.toJSON() so ConfigurableModel can stringify
runnable config without traversing pg Pool timers, and default missing
checkpoint maps on load/copy so resume no longer crashes on undefined
versions_seen. Closes <a
href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1808">#1808</a>.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/checkpoint/CHANGELOG.md">@​langchain/langgraph-checkpoint's
changelog</a>.</em></p>
<blockquote>
<h2>1.1.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2566">#2566</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph-checkpoint-postgres): prevent createAgent failures with
PostgresSaver</p>
<p>Add BaseCheckpointSaver.toJSON() so ConfigurableModel can stringify
runnable config without traversing pg Pool timers, and default missing
checkpoint maps on load/copy so resume no longer crashes on undefined
versions_seen. Closes <a
href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1808">#1808</a>.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/86389fa3a64ec89e0cb26d97379efcc90c7a211f"><code>86389fa</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2567">#2567</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a>
fix(langgraph-checkpoint-postgres): prevent createAgent failures with
Postgre...</li>
<li>See full diff in <a
href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph-checkpoint@1.1.3/libs/checkpoint">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/anthropic` from 1.5.0 to 1.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchainjs/releases">@​langchain/anthropic's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/anthropic</code><a
href="https://github.com/1"><code>@​1</code></a>.5.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/11073">#11073</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/baa57ba7cdce2046ba3dd40e9e8cf3c93c9c1ac4"><code>baa57ba</code></a>
Thanks <a
href="https://github.com/archievi"><code>@​archievi</code></a>! - Stop
sending <code>thinking: { type: &quot;disabled&quot; }</code> on
<code>ChatAnthropic</code> requests when the user never configured
thinking. The disabled value is now only emitted when it is explicitly
set, so adaptive-only models (e.g. <code>claude-fable-5</code>) that
reject an explicit <code>thinking.type: &quot;disabled&quot;</code> no
longer fail with a 400 on a default <code>ChatAnthropic</code>
instance.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/1ee0df0c49335104968f6c5130dbdb7e777f85d7"><code>1ee0df0</code></a>
chore: version packages (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11097">#11097</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a>
fix(core): better 429 error handling (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/10674">#10674</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a>
fix(openai): omit empty reasoning item id in Responses API input (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11045">#11045</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a>
fix(openai): route standard url file blocks to native input_file in
Responses...</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a>
fix(openai): stream built-in tool progress events (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11090">#11090</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/d2e6afcf17b269aa11a2f18444c208bc8a4b2520"><code>d2e6afc</code></a>
fix(groq): require <code>@​langchain/core</code> &gt;= 1.1.30 in peer
dependency (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11072">#11072</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/c66870ea8ebf9e3b0794ab8d969b25dfb189f2de"><code>c66870e</code></a>
feat(weaviate): add X-Weaviate-Client-Integration telemetry header (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11088">#11088</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/baa57ba7cdce2046ba3dd40e9e8cf3c93c9c1ac4"><code>baa57ba</code></a>
fix(anthropic): omit default disabled thinking from requests (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11073">#11073</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/04edb8d0fa3c408adbc6e4c277d1f3aaf5b40161"><code>04edb8d</code></a>
docs(ibm): fix &quot;Recieved&quot; typo in tool_choice error message
(<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11066">#11066</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/2b7f368c2baa3f2916a207bf099a437adce2179c"><code>2b7f368</code></a>
chore(deps): bump uuid from 14.0.0 to 14.0.1 (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11094">#11094</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchainjs/compare/@langchain/anthropic@1.5.0...@langchain/anthropic@1.5.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/langgraph-sdk` from 1.9.23 to 1.9.25
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/releases">@​langchain/langgraph-sdk's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.25</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2565">#2565</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(sdk): bundle pure-ESM deps into CJS build to fix
ERR_REQUIRE_ESM</p>
<p>Bundle the pure-ESM dependencies <code>p-retry</code> and
<code>p-queue</code> (and their transitive ESM-only deps) into the build
output so the CJS artifact no longer does a top-level
<code>require()</code> of an ESM module. This fixes
<code>ERR_REQUIRE_ESM</code> for CommonJS consumers on Node versions
where <code>require(ESM)</code> is not enabled by default (&lt; 20.19 /
&lt; 22.12). Closes <a
href="https://redirect.github.com/langchain-ai/langgraphjs/issues/2562">#2562</a>.</p>
</li>
</ul>
<h2><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.24</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2557">#2557</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(sdk): apply state update and goto alongside interrupt resume</p>
<p><code>respond(decision, { update, goto })</code> now maps to
LangGraph's
<code>Command(resume, update, goto)</code>, so a human-in-the-loop UI
can commit a state
update (e.g. push the interrupt card into state) in the <strong>same
superstep</strong> as
the resume — one checkpoint, no separate <code>updateState</code> write,
no flicker.
<code>@langchain/langgraph-api</code> forwards
<code>update</code>/<code>goto</code> through
<code>input.respond</code>,
and <code>@langchain/core</code> message instances in
<code>update</code> are serialized to dicts
before transport, exactly like <code>submit()</code>. Bumps
<code>@langchain/protocol</code> to
<code>^0.0.18</code> for the <code>Goto</code> type.</p>
<p><code>respond</code>/<code>respondAll</code> also apply
<code>update</code> <strong>optimistically</strong> (mirroring
<code>submit()</code>): the pushed messages paint immediately, with
stable ids minted so
the resumed run's echo reconciles them in place. Without this the
interrupt is
cleared the instant <code>respond()</code> dispatches while the pushed
card only reappears
a server round-trip later — so the card would flicker in that gap. The
optimistic state settles on the resumed run's terminal (pending → sent,
or
rolled back on a failure before any echo).</p>
<p>User-initiated optimistic writes (<code>submit()</code> /
<code>respond()</code> / <code>respondAll()</code>) now
commit to the store <strong>synchronously</strong>, in the same tick as
the triggering event,
instead of being coalesced onto the next macrotask. This lets a
framework render
the pushed message in the <strong>same commit</strong> as any local UI
state the caller flips
alongside it (e.g. a HITL form swapping its inputs for the resolved
card), so the
card no longer blinks out for the one-macrotask window before the flush
lands.
High-frequency streaming writes keep their macrotask coalescing.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/sdk/CHANGELOG.md">@​langchain/langgraph-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>1.9.25</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2565">#2565</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(sdk): bundle pure-ESM deps into CJS build to fix
ERR_REQUIRE_ESM</p>
<p>Bundle the pure-ESM dependencies <code>p-retry</code> and
<code>p-queue</code> (and their transitive ESM-only deps) into the build
output so the CJS artifact no longer does a top-level
<code>require()</code> of an ESM module. This fixes
<code>ERR_REQUIRE_ESM</code> for CommonJS consumers on Node versions
where <code>require(ESM)</code> is not enabled by default (&lt; 20.19 /
&lt; 22.12). Closes <a
href="https://redirect.github.com/langchain-ai/langgraphjs/issues/2562">#2562</a>.</p>
</li>
</ul>
<h2>1.9.24</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2557">#2557</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(sdk): apply state update and goto alongside interrupt resume</p>
<p><code>respond(decision, { update, goto })</code> now maps to
LangGraph's
<code>Command(resume, update, goto)</code>, so a human-in-the-loop UI
can commit a state
update (e.g. push the interrupt card into state) in the <strong>same
superstep</strong> as
the resume — one checkpoint, no separate <code>updateState</code> write,
no flicker.
<code>@langchain/langgraph-api</code> forwards
<code>update</code>/<code>goto</code> through
<code>input.respond</code>,
and <code>@langchain/core</code> message instances in
<code>update</code> are serialized to dicts
before transport, exactly like <code>submit()</code>. Bumps
<code>@langchain/protocol</code> to
<code>^0.0.18</code> for the <code>Goto</code> type.</p>
<p><code>respond</code>/<code>respondAll</code> also apply
<code>update</code> <strong>optimistically</strong> (mirroring
<code>submit()</code>): the pushed messages paint immediately, with
stable ids minted so
the resumed run's echo reconciles them in place. Without this the
interrupt is
cleared the instant <code>respond()</code> dispatches while the pushed
card only reappears
a server round-trip later — so the card would flicker in that gap. The
optimistic state settles on the resumed run's terminal (pending → sent,
or
rolled back on a failure before any echo).</p>
<p>User-initiated optimistic writes (<code>submit()</code> /
<code>respond()</code> / <code>respondAll()</code>) now
commit to the store <strong>synchronously</strong>, in the same tick as
the triggering event,
instead of being coalesced onto the next macrotask. This lets a
framework render
the pushed message in the <strong>same commit</strong> as any local UI
state the caller flips
alongside it (e.g. a HITL form swapping its inputs for the resolved
card), so the
card no longer blinks out for the one-macrotask window before the flush
lands.
High-frequency streaming writes keep their macrotask coalescing.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/86389fa3a64ec89e0cb26d97379efcc90c7a211f"><code>86389fa</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2567">#2567</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a>
fix(sdk): bundle pure-ESM deps into CJS build to fix ERR_REQUIRE_ESM (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2565">#2565</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/31261c3be539f0e41e13cf3e21283c55228bc545"><code>31261c3</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2558">#2558</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/5d279df5d524699e3824fdc7d8f9d8d0888edcc4"><code>5d279df</code></a>
chore(deps): bump langchain (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2564">#2564</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a>
feat(sdk): apply state update and goto alongside interrupt resume (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2557">#2557</a>)</li>
<li>See full diff in <a
href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph-sdk@1.9.25/libs/sdk">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/openai` from 1.5.1 to 1.5.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchainjs/releases">@​langchain/openai's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/openai</code><a
href="https://github.com/1"><code>@​1</code></a>.5.3</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/11100">#11100</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/3205b35ac83037a2fff2998f16a66b5126b306f8"><code>3205b35</code></a>
Thanks <a
href="https://github.com/colifran"><code>@​colifran</code></a>! -
fix(langchain, openai): decouple strict tools from strict structured
output response</li>
</ul>
<h2><code>@​langchain/openai</code><a
href="https://github.com/1"><code>@​1</code></a>.5.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/11045">#11045</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a>
Thanks <a
href="https://github.com/jackjin1997"><code>@​jackjin1997</code></a>! -
fix(openai): omit empty id and content on reasoning items in Responses
API input</p>
<p>Reasoning blocks reassembled from streaming chunks (e.g. via
<code>streamEvents</code>) never carry an id, since OpenAI's streaming
protocol only includes it in non-streaming responses. When such a
message was replayed as Responses API input on the next turn, the
reasoning item was emitted with <code>id: &quot;&quot;</code>, which
OpenAI rejects with <code>400 Invalid 'input[n].id': ''</code>. The
<code>id</code> field is now omitted when absent.</p>
<p>A second error surfaced immediately after that fix: the same
converter set a populated <code>content</code> array on the reasoning
input item, which the Responses API also rejects (<code>400 Invalid
'input[n].content': array too long. Expected an array with maximum
length 0</code>). Reasoning input items only carry <code>summary</code>,
so <code>content</code> is no longer forwarded. Thanks to <a
href="https://github.com/csrujanreddy"><code>@​csrujanreddy</code></a>
for catching the second issue and verifying both fixes against the live
API.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/11065">#11065</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a>
Thanks <a href="https://github.com/rxits"><code>@​rxits</code></a>! -
fix(openai): route standard url file blocks to native input_file in
Responses API</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/11090">#11090</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a>
Thanks <a
href="https://github.com/nikhilpakhloo"><code>@​nikhilpakhloo</code></a>!
- fix(openai): stream built-in tool progress events</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/f1d64ff8d6076fb6656c1f327b7b58eac520314b"><code>f1d64ff</code></a>
chore: version packages (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11101">#11101</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/72ffc4bf17dc6dca390546c0e6c9503607198f26"><code>72ffc4b</code></a>
fix(aws): add Bedrock stream idle timeout (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11098">#11098</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/3205b35ac83037a2fff2998f16a66b5126b306f8"><code>3205b35</code></a>
fix(langchain, openai): decouple strict tools from strict structured
output r...</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/1ee0df0c49335104968f6c5130dbdb7e777f85d7"><code>1ee0df0</code></a>
chore: version packages (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11097">#11097</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a>
fix(core): better 429 error handling (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/10674">#10674</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a>
fix(openai): omit empty reasoning item id in Responses API input (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11045">#11045</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a>
fix(openai): route standard url file blocks to native input_file in
Responses...</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a>
fix(openai): stream built-in tool progress events (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11090">#11090</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/d2e6afcf17b269aa11a2f18444c208bc8a4b2520"><code>d2e6afc</code></a>
fix(groq): require <code>@​langchain/core</code> &gt;= 1.1.30 in peer
dependency (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11072">#11072</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/c66870ea8ebf9e3b0794ab8d969b25dfb189f2de"><code>c66870e</code></a>
feat(weaviate): add X-Weaviate-Client-Integration telemetry header (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11088">#11088</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchainjs/compare/@langchain/openai@1.5.1...@langchain/openai@1.5.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `langchain` from 1.5.0 to 1.5.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchainjs/releases">langchain's
releases</a>.</em></p>
<blockquote>
<h2>langchain@1.5.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/11100">#11100</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/3205b35ac83037a2fff2998f16a66b5126b306f8"><code>3205b35</code></a>
Thanks <a
href="https://github.com/colifran"><code>@​colifran</code></a>! -
fix(langchain, openai): decouple strict tools from strict structured
output response</li>
</ul>
<h2>langchain@1.5.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/11087">#11087</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/534b43a0719c89e3fb4ab7052d3f39797660aa43"><code>534b43a</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langchain): keep tool call streams pending across any tool
interrupt</p>
<p>A raw <code>interrupt()</code> raised from inside a tool surfaced as
a <code>tool-error</code> and
rejected the call's un-awaited <code>output</code> promise, producing an
unhandled
rejection that crashed HITL runs. The tool-call stream transformer now
treats
any serialized graph interrupt as control flow (the call stays pending
and
resumes), not just <code>humanInTheLoopMiddleware</code> interrupts.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/f1d64ff8d6076fb6656c1f327b7b58eac520314b"><code>f1d64ff</code></a>
chore: version packages (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11101">#11101</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/72ffc4bf17dc6dca390546c0e6c9503607198f26"><code>72ffc4b</code></a>
fix(aws): add Bedrock stream idle timeout (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11098">#11098</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/3205b35ac83037a2fff2998f16a66b5126b306f8"><code>3205b35</code></a>
fix(langchain, openai): decouple strict tools from strict structured
output r...</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/1ee0df0c49335104968f6c5130dbdb7e777f85d7"><code>1ee0df0</code></a>
chore: version packages (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11097">#11097</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a>
fix(core): better 429 error handling (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/10674">#10674</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a>
fix(openai): omit empty reasoning item id in Responses API input (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11045">#11045</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a>
fix(openai): route standard url file blocks to native input_file in
Responses...</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a>
fix(openai): stream built-in tool progress events (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11090">#11090</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/d2e6afcf17b269aa11a2f18444c208bc8a4b2520"><code>d2e6afc</code></a>
fix(groq): require <code>@​langchain/core</code> &gt;= 1.1.30 in peer
dependency (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11072">#11072</a>)</li>
<li><a
href="https://github.com/langchain-ai/langchainjs/commit/c66870ea8ebf9e3b0794ab8d969b25dfb189f2de"><code>c66870e</code></a>
feat(weaviate): add X-Weaviate-Client-Integration telemetry header (<a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/11088">#11088</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchainjs/compare/langchain@1.5.0...langchain@1.5.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `node-vfs-polyfill` from `1227fb0` to `ef76f90`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel-labs/node-vfs-polyfill/commit/ef76f903d052d915395336dbf3498e3f5311a852"><code>ef76f90</code></a>
Update README.md</li>
<li>See full diff in <a
href="https://github.com/vercel-labs/node-vfs-polyfill/compare/1227fb028a26eb0d65e565c11b0a28e7b49b990f...ef76f903d052d915395336dbf3498e3f5311a852">compare
view</a></li>
</ul>
</details>
<br />

Updates `langsmith` from 0.7.10 to 0.7.14
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.14</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: sum Anthropic cache tokens into input_tokens for correct cost
calculation by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2519">langchain-ai/langsmith-sdk#2519</a></li>
<li>chore(py): Bump version: 0.7.13 → 0.7.14 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2535">langchain-ai/langsmith-sdk#2535</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.13...v0.7.14">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.13...v0.7.14</a></p>
<h2>v0.7.13</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: initialize otel exporter before background thread by <a
href="https://github.com/ericdong-langchain"><code>@​ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2526">langchain-ai/langsmith-sdk#2526</a></li>
<li>fix: convert non primitive types to JSON strings by <a
href="https://github.com/ericdong-langchain"><code>@​ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2527">langchain-ai/langsmith-sdk#2527</a></li>
<li>fix: missing await by <a
href="https://github.com/ericdong-langchain"><code>@​ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2528">langchain-ai/langsmith-sdk#2528</a></li>
<li>fix: bump minimatch to resolve CVE-2026-27903 by <a
href="https://github.com/jkennedyvz"><code>@​jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2502">langchain-ai/langsmith-sdk#2502</a></li>
<li>feat(py): add experiment-level metadata to pytest integration by <a
href="https://github.com/baskaryan"><code>@​baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2524">langchain-ai/langsmith-sdk#2524</a></li>
<li>Bump version: 0.7.12 → 0.7.13 by <a
href="https://github.com/baskaryan"><code>@​baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2531">langchain-ai/langsmith-sdk#2531</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13</a></p>
<h2>v0.7.12</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: sample before transform in ingest by <a
href="https://github.com/ericdong-langchain"><code>@​ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2488">langchain-ai/langsmith-sdk#2488</a></li>
<li>chore: bump version by <a
href="https://github.com/ericdong-langchain"><code>@​ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2521">langchain-ai/langsmith-sdk#2521</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12</a></p>
<h2>v0.7.11</h2>
<h2>What's Changed</h2>
<ul>
<li>add get insights reports with runs by <a
href="https://github.com/Palashio"><code>@​Palashio</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517">langchain-ai/langsmith-sdk#2517</a></li>
<li>bump version for insights sdk changes by <a
href="https://github.com/Palashio"><code>@​Palashio</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2520">langchain-ai/langsmith-sdk#2520</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Palashio"><code>@​Palashio</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517">langchain-ai/langsmith-sdk#2517</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/f099beb36228b2ce008e56262ab6a5846d2dbdd1"><code>f099beb</code></a>
chore(py): Bump version: 0.7.13 → 0.7.14 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2535">#2535</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/27f1b8312c39b7acda31ac9a850fd74fb99a4e29"><code>27f1b83</code></a>
fix: sum Anthropic cache tokens into input_tokens for correct cost
calculatio...</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/22c21bff7d1e429d0dfa7800adf95ef971ef2458"><code>22c21bf</code></a>
Bump version: 0.7.12 → 0.7.13 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2531">#2531</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/5d17205b854377bf1c8c59f2c40923c295e2c127"><code>5d17205</code></a>
feat(py): add experiment-level metadata to pytest integration (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2524">#2524</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/1412ad4bfe5294e5d6407962162b2fbfcd75202d"><code>1412ad4</code></a>
fix: bump minimatch to resolve CVE-2026-27903 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2502">#2502</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/da0d6e3f137ff375d787c4ba773c8b8d7832d0d8"><code>da0d6e3</code></a>
fix: missing await (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2528">#2528</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/9f587d5f45ead3f19a61bd12743827fd84541657"><code>9f587d5</code></a>
fix: convert non primitive types to JSON strings (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2527">#2527</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/0efa7fb188a451857790d0066edd5e5cf28dca2f"><code>0efa7fb</code></a>
fix: initialize otel exporter before background thread (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2526">#2526</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/51d4e0b867cab82fa95468099e6b2ec3fbb21644"><code>51d4e0b</code></a>
chore: bump version (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2521">#2521</a>)</li>
<li><a
href="https://github.com/langchain-ai/langsmith-sdk/commit/f8db5d1542703c388ccf7d506cbdbff5786c9d6f"><code>f8db5d1</code></a>
fix: sample before transform in ingest (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2488">#2488</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.14">compare
view</a></li>
</ul>
</details>
<br />

Updates `hono` from 4.12.26 to 4.12.27
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/hono/releases">hono's
releases</a>.</em></p>
<blockquote>
<h2>v4.12.27</h2>
<h2>Security fixes</h2>
<p>This release includes fixes for the following security issues:</p>
<h3>hono/jsx does not isolate context per request</h3>
<p>Affects: <code>hono/jsx</code>, <code>hono/jsx-renderer</code>.
During SSR, context was stored process-wide instead of per request, so
<code>useContext()</code>/<code>useRequestContext()</code> read after an
<code>await</code> in an async component could return another concurrent
request's value — leading to cross-request data disclosure or
authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj</p>
<h3>Server-Side XSS via JSX escaping bypass in cx()</h3>
<p>Affects: <code>hono/css</code>. <code>cx()</code> marked its composed
class name as already-escaped without escaping the input, so untrusted
input passed as a class name could break out of the JSX
<code>class</code> attribute during SSR and inject markup (XSS).
GHSA-w62v-xxxg-mg59</p>
<h3>API Gateway v1 adapter can drop a repeated request header value</h3>
<p>Affects: <code>hono/aws-lambda</code>. The API Gateway v1 (and VPC
Lattice) adapter de-duplicated repeated header values by substring
instead of exact match, dropping a value that is a substring of another
(e.g. <code>203.0.113.1</code> dropped when <code>203.0.113.10</code> is
present) — affecting logic such as <code>X-Forwarded-For</code>-based IP
restriction. GHSA-xgm2-5f3f-mvvc</p>
<hr />
<p>Users of <code>hono/jsx</code>/<code>hono/jsx-renderer</code>,
<code>hono/css</code> (<code>cx()</code>), or the
<code>hono/aws-lambda</code> API Gateway v1 / VPC Lattice adapters are
encouraged to upgrade.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/honojs/hono/commit/97c6fe1f12298c715eb7b2da65b4b6e0d81682bb"><code>97c6fe1</code></a>
4.12.27</li>
<li><a
href="https://github.com/honojs/hono/commit/aa921770d09bc35970362d5a2630a878f6d982fd"><code>aa92177</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/cd3f6f7194f0e5c9d4b26ae0cf232018d0f388fc"><code>cd3f6f7</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/d4853a8f2794ce982818783f123e388a6dedd966"><code>d4853a8</code></a>
fix(jsx): make merged context-isolation tests pass tsc type check (<a
href="https://redirect.github.com/honojs/hono/issues/5037">#5037</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/6735fea78db8ca72e8606001f57b10ee6a96b349"><code>6735fea</code></a>
fix(jsx): cast awaitedFallback through unknown to fix Deno type check
(<a
href="https://redirect.github.com/honojs/hono/issues/5036">#5036</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/fab3b13639339cbd5ba1166a5b23d9ac30c5f64f"><code>fab3b13</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/9f0dadf141a3242a6c3b77462c7d33c6ce0f599d"><code>9f0dadf</code></a>
ci: use npm Staged publishing (<a
href="https://redirect.github.com/honojs/hono/issues/5035">#5035</a>)</li>
<li>See full diff in <a
href="https://github.com/honojs/hono/compare/v4.12.26...v4.12.27">compare
view</a></li>
</ul>
</details>
<br />

Updates `@hono/node-server` from 2.0.5 to 2.0.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/node-server/releases">@​hono/node-server's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>ci: publish to npm from CI with OIDC trusted publishing and bump
<code>np</code> by <a
href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a
href="https://redirect.github.com/honojs/node-server/pull/361">honojs/node-server#361</a></li>
<li>ci: use npm Staged publishing by <a
href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a
href="https://redirect.github.com/honojs/node-server/pull/364">honojs/node-server#364</a></li>
<li>fix: preserve status and statusText when cloning a Response with
liveheaders by <a
href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a
href="https://redirect.github.com/honojs/node-server/pull/363">honojs/node-server#363</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/node-server/compare/v2.0.5...v2.0.6">https://github.com/honojs/node-server/compare/v2.0.5...v2.0.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/honojs/node-server/commit/ff75c611b248da710553d7a2d38ee474b82ac544"><code>ff75c61</code></a>
2.0.6</li>
<li><a
href="https://github.com/honojs/node-server/commit/814720fc36debc336d09300581df614fb31dfdce"><code>814720f</code></a>
fix: preserve status and statusText when cloning a Response with live
headers...</li>
<li><a
href="https://github.com/honojs/node-server/commit/a76209a4fa863eb449d9b61041330cae92a108ed"><code>a76209a</code></a>
ci: use npm Staged publishing (<a
href="https://redirect.github.com/honojs/node-server/issues/364">#364</a>)</li>
<li><a
href="https://github.com/honojs/node-server/commit/44c365a1b136a3eb66ad307a3c3224f7be51cb23"><code>44c365a</code></a>
ci: publish to npm from CI with OIDC trusted publishing and bump
<code>np</code> (<a
href="https://redirect.github.com/honojs/node-server/issues/361">#361</a>)</li>
<li>See full diff in <a
href="https://github.com/honojs/node-server/compare/v2.0.5...v2.0.6">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for <code>@​hono/node-server</code> since your current
version.</p>
</details>
<br />

Updates `@tailwindcss/vite` from 4.3.1 to 4.3.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">@​tailwindcss/vite's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.2</h2>
<h3>Fixed</h3>
<ul>
<li>Support bare spacing values for <code>auto-rows-*</code> and
<code>auto-cols-*</code> utilities (e.g. <code>auto-rows-12</code> and
<code>auto-cols-16</code>) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20229">#20229</a>)</li>
<li>Prevent <code>@tailwindcss/cli</code> in <code>--watch</code> mode
from crashing on Windows when <code>@source</code> points to a directory
that doesn't exist (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20242">#20242</a>)</li>
<li>Prevent <code>@tailwindcss/vite</code> from crashing in Deno v2.8.x
when <code>context.parentURL</code> is not a valid URL (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20245">#20245</a>)</li>
<li>Ensure <code>@tailwindcss/cli</code> in <code>--watch</code> mode
rebuilds when the input CSS file changes in an ignored directory (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20246">#20246</a>)</li>
<li>Allow <code>@variant</code> rules used in <code>addBase(…)</code> to
use custom variants defined later (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20247">#20247</a>)</li>
<li>Prevent <code>@tailwindcss/vite</code> from crashing during HMR when
scanned files or directories are deleted (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20259">#20259</a>)</li>
<li>Generate <code>font-size</code> instead of <code>color</code>
declarations for <code>text-[--spacing(…)]</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20260">#20260</a>)</li>
<li>Prevent <code>@source</code> patterns from scanning unrelated
sibling files and folders (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20263">#20263</a>)</li>
<li>Extract class candidates adjacent to Template Toolkit delimiters
like <code>%]…[%</code> in <code>.tt</code>, <code>.tt2</code>, and
<code>.tx</code> files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20269">#20269</a>)</li>
<li>Extract class candidates from conditional Maud syntax like
<code>p.text-black[condition]</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20269">#20269</a>)</li>
<li>Prevent <code>@position-try</code> rules from triggering unknown
at-rule warnings when optimizing CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20277">#20277</a>)</li>
<li>Support class suggestions for named opacity modifiers from
<code>--opacity</code> theme values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20287">#20287</a>)</li>
<li>Prevent type errors in <code>@tailwindcss/postcss</code> when used
with newer PostCSS patch releases (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20289">#20289</a>)</li>
</ul>
</blockquote...

_Description has been truncated_

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 22:01:54 -07:00
dependabot[bot] 4f1b6cfd71 build(deps): bump actions/checkout from 6.0.1 to 7.0.0 in the major-deps-updates group (#638)
Bumps the major-deps-updates group with 1 update:
[actions/checkout](https://github.com/actions/checkout).

Updates `actions/checkout` from 6.0.1 to 7.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>block checking out fork pr for pull_request_target and workflow_run
by <a href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li>
<li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the
minor-actions-dependencies group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li>
<li>Bump flatted from 3.3.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li>
<li>Bump js-yaml from 4.1.0 to 4.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li>
<li>Bump <code>@​actions/core</code> and
<code>@​actions/tool-cache</code> and Remove uuid by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li>
<li>upgrade module to esm and update dependencies by <a
href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li>
<li>Bump the minor-npm-dependencies group across 1 directory with 3
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li>
<li>getting ready for checkout v7 release by <a
href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2464">actions/checkout#2464</a></li>
<li>update error wording by <a
href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2467">actions/checkout#2467</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6.0.3...v7.0.0">https://github.com/actions/checkout/compare/v6.0.3...v7.0.0</a></p>
<h2>v6.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update changelog by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
<li>Fix checkout init for SHA-256 repositories by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>Update changelog for v6.0.3 by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yaananth"><code>@​yaananth</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p>
<h2>v6.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID
is set by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2355">actions/checkout#2355</a></li>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v7.0.0</h2>
<ul>
<li>Block checking out fork PR for pull_request_target and workflow_run
by <a href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li>
<li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the
minor-actions-dependencies group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li>
<li>Bump flatted from 3.3.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li>
<li>Bump js-yaml from 4.1.0 to 4.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li>
<li>Bump <code>@​actions/core</code> and
<code>@​actions/tool-cache</code> and Remove uuid by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li>
<li>upgrade module to esm and update dependencies by <a
href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li>
<li>Bump the minor-npm-dependencies group across 1 directory with 3
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li>
</ul>
<h2>v6.0.3</h2>
<ul>
<li>Fix checkout init for SHA-256 repositories by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<h2>v6.0.2</h2>
<ul>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<h2>v6.0.1</h2>
<ul>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
</ul>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0"><code>9c091bb</code></a>
update error wording (<a
href="https://redirect.github.com/actions/checkout/issues/2467">#2467</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a"><code>1044a6d</code></a>
getting ready for checkout v7 release (<a
href="https://redirect.github.com/actions/checkout/issues/2464">#2464</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f"><code>f028218</code></a>
Bump the minor-npm-dependencies group across 1 directory with 3 updates
(<a
href="https://redirect.github.com/actions/checkout/issues/2462">#2462</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d"><code>d914b26</code></a>
upgrade module to esm and update dependencies (<a
href="https://redirect.github.com/actions/checkout/issues/2463">#2463</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d"><code>537c7ef</code></a>
Bump <code>@​actions/core</code> and <code>@​actions/tool-cache</code>
and Remove uuid (<a
href="https://redirect.github.com/actions/checkout/issues/2459">#2459</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6"><code>130a169</code></a>
Bump js-yaml from 4.1.0 to 4.2.0 (<a
href="https://redirect.github.com/actions/checkout/issues/2461">#2461</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3"><code>7d09575</code></a>
Bump flatted from 3.3.1 to 3.4.2 (<a
href="https://redirect.github.com/actions/checkout/issues/2460">#2460</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e"><code>0f9f3aa</code></a>
Bump actions/publish-immutable-action (<a
href="https://redirect.github.com/actions/checkout/issues/2458">#2458</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7"><code>f9e715a</code></a>
block checking out fork pr for pull_request_target and workflow_run (<a
href="https://redirect.github.com/actions/checkout/issues/2454">#2454</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10"><code>df4cb1c</code></a>
Update changelog for v6.0.3 (<a
href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=6.0.1&new-version=7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 22:01:44 -07:00
dependabot[bot] 1cca3d32bb build(deps): bump actions/setup-python from 6.2.0 to 6.3.0 in the minor-deps-updates group (#637)
Bumps the minor-deps-updates group with 1 update:
[actions/setup-python](https://github.com/actions/setup-python).

Updates `actions/setup-python` from 6.2.0 to 6.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.0</h2>
<h2>What's Changed</h2>
<h3>Enhancement</h3>
<ul>
<li>Add RHEL support and include Linux distro in cache keys by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1323">actions/setup-python#1323</a></li>
<li>Fix pip cache error handling on Windows by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1040">actions/setup-python#1040</a></li>
</ul>
<h3>Dependency update</h3>
<ul>
<li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1281">actions/setup-python#1281</a></li>
<li>Upgrade actions dependencies by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a>
with <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in
<a
href="https://redirect.github.com/actions/setup-python/pull/1303">actions/setup-python#1303</a></li>
<li>Upgrade <code>@​actions/cache</code> to 5.1.0, log cache write
denied by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1324">actions/setup-python#1324</a></li>
<li>Upgrade dependency versions and test workflow configuration by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1322">actions/setup-python#1322</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Update advanced-usage.md by <a
href="https://github.com/Dunky-Z"><code>@​Dunky-Z</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/811">actions/setup-python#811</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a>
with <a href="https://github.com/Copilot"><code>@​Copilot</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/1303">actions/setup-python#1303</a></li>
<li><a href="https://github.com/jasongin"><code>@​jasongin</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/1324">actions/setup-python#1324</a></li>
<li><a href="https://github.com/Dunky-Z"><code>@​Dunky-Z</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/811">actions/setup-python#811</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v6...v6.3.0">https://github.com/actions/setup-python/compare/v6...v6.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-python/commit/ece7cb06caefa5fff74198d8649806c4678c61a1"><code>ece7cb0</code></a>
Fix pip cache error handling on Windows. (<a
href="https://redirect.github.com/actions/setup-python/issues/1040">#1040</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/1d18d7af5f767c1259ede05a0a5bcc30f3dcf1cf"><code>1d18d7a</code></a>
Update advanced-usage.md (<a
href="https://redirect.github.com/actions/setup-python/issues/811">#811</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/d2b357a6a3a3687dd6781a416c0d24fcfd68660e"><code>d2b357a</code></a>
Update dependency versions and test workflow configuration (<a
href="https://redirect.github.com/actions/setup-python/issues/1322">#1322</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/8f639b1e75c1048640734b2bb46e22cecf136982"><code>8f639b1</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-python/issues/1324">#1324</a>
from jasongin/update-actions-cache-5.1.0</li>
<li><a
href="https://github.com/actions/setup-python/commit/6731c2ba87f530c26324d128c8fdd53499a4d4b0"><code>6731c2b</code></a>
Resolve high-severity audit issues</li>
<li><a
href="https://github.com/actions/setup-python/commit/0cb1a84326b90186fcd211036c65b42819794c87"><code>0cb1a84</code></a>
Add RHEL support and include Linux distro in cache keys (<a
href="https://redirect.github.com/actions/setup-python/issues/1323">#1323</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/dc6eab6194394e0119523369788b507096f923e2"><code>dc6eab6</code></a>
Update dist</li>
<li><a
href="https://github.com/actions/setup-python/commit/6f4b74bfa2f520a380a620de3615c0dac427f4d3"><code>6f4b74b</code></a>
Strict equality</li>
<li><a
href="https://github.com/actions/setup-python/commit/fa8bde1a9cc6347d06948d66bcd68c598b79eaea"><code>fa8bde1</code></a>
Bump <code>@​actions/cache</code> to 5.1.0, log cache write denied</li>
<li><a
href="https://github.com/actions/setup-python/commit/c8813ba1bc76ebf779b911ad8ffccbf2e449cb48"><code>c8813ba</code></a>
Upgrade <a href="https://github.com/actions"><code>@​actions</code></a>
dependencies and update licenses (<a
href="https://redirect.github.com/actions/setup-python/issues/1303">#1303</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/setup-python/compare/a309ff8b426b58ec0e2a45f0f869d46889d02405...ece7cb06caefa5fff74198d8649806c4678c61a1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=6.2.0&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 22:01:38 -07:00
dependabot[bot] 331b80f8d0 build(deps): bump the patch-deps-updates group with 2 updates (#636)
Bumps the patch-deps-updates group with 2 updates:
[pnpm/action-setup](https://github.com/pnpm/action-setup) and
[softprops/action-gh-release](https://github.com/softprops/action-gh-release).

Updates `pnpm/action-setup` from 6.0.8 to 6.0.9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pnpm/action-setup/releases">pnpm/action-setup's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.9</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: update pnpm to v11.7.0 by <a
href="https://github.com/zkochan"><code>@​zkochan</code></a> in <a
href="https://redirect.github.com/pnpm/action-setup/pull/267">pnpm/action-setup#267</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pnpm/action-setup/compare/v6...v6.0.9">https://github.com/pnpm/action-setup/compare/v6...v6.0.9</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pnpm/action-setup/commit/0ebf47130e4866e96fce0953f49152a61190b271"><code>0ebf471</code></a>
fix: update pnpm to v11.7.0 (<a
href="https://redirect.github.com/pnpm/action-setup/issues/267">#267</a>)</li>
<li>See full diff in <a
href="https://github.com/pnpm/action-setup/compare/0e279bb959325dab635dd2c09392533439d90093...0ebf47130e4866e96fce0953f49152a61190b271">compare
view</a></li>
</ul>
</details>
<br />

Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.1</h2>
<h2>3.0.1</h2>
<ul>
<li>maintenance release with updated dependencies</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's
changelog</a>.</em></p>
<blockquote>
<h2>3.0.1</h2>
<ul>
<li>maintenance release with updated dependencies</li>
</ul>
<h2>3.0.0</h2>
<p><code>3.0.0</code> is a major release that moves the action runtime
from Node 20 to Node 24.
Use <code>v3</code> on GitHub-hosted runners and self-hosted fleets that
already support the
Node 24 Actions runtime. If you still need the last Node 20-compatible
line, stay on
<code>v2.6.2</code>.</p>
<h2>What's Changed</h2>
<h3>Other Changes 🔄</h3>
<ul>
<li>Move the action runtime and bundle target to Node 24</li>
<li>Update <code>@types/node</code> to the Node 24 line and allow future
Dependabot updates</li>
<li>Keep the floating major tag on <code>v3</code>; <code>v2</code>
remains pinned to the latest <code>2.x</code> release</li>
</ul>
<h2>2.6.2</h2>
<h2>What's Changed</h2>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): bump picomatch from 4.0.3 to 4.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/775">softprops/action-gh-release#775</a></li>
<li>chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/777">softprops/action-gh-release#777</a></li>
<li>chore(deps): bump vite from 8.0.0 to 8.0.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/781">softprops/action-gh-release#781</a></li>
</ul>
<h2>2.6.1</h2>
<p><code>2.6.1</code> is a patch release focused on restoring linked
discussion thread creation when
<code>discussion_category_name</code> is set. It fixes
<code>[#764](https://github.com/softprops/action-gh-release/issues/764)</code>,
where the draft-first publish flow
stopped carrying the discussion category through the final publish
step.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<h2>What's Changed</h2>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix: preserve discussion category on publish by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/765">softprops/action-gh-release#765</a></li>
</ul>
<h2>2.6.0</h2>
<p><code>2.6.0</code> is a minor release centered on
<code>previous_tag</code> support for
<code>generate_release_notes</code>,
which lets workflows pin GitHub's comparison base explicitly instead of
relying on the default range.
It also includes the recent concurrent asset upload recovery fix, a
<code>working_directory</code> docs sync,
a checked-bundle freshness guard for maintainers, and clearer
immutable-prerelease guidance where
GitHub platform behavior imposes constraints on how prerelease asset
uploads can be published.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/softprops/action-gh-release/commit/718ea10b132b3b2eba29c1007bb80653f286566b"><code>718ea10</code></a>
release 3.0.1</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/f1a938b9d84ca9b770d0d8dfeb3e7285fe261e63"><code>f1a938b</code></a>
chore(deps): bump esbuild from 0.28.0 to 0.28.1 (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/802">#802</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/0066ead0de7252b4876b36b5357fc3974619d36a"><code>0066ead</code></a>
chore(deps): bump vite from 8.0.14 to 8.0.16 (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/806">#806</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/dc643cac6252aaa00c9b0b6c940d489cd7bf6b23"><code>dc643ca</code></a>
chore(deps): bump the npm group with 3 updates (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/805">#805</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/85ee99b6b20742a3823a8a289ee5e6ceab44e8aa"><code>85ee99b</code></a>
chore(deps): bump actions/checkout in the github-actions group (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/804">#804</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/9ed3cf9a6863b31f005d951c8d19de20628cf4eb"><code>9ed3cf9</code></a>
chore(deps): bump the npm group with 2 updates (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/800">#800</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/3efcac8951299998593f871640ea8059d6818655"><code>3efcac8</code></a>
chore(deps): bump the npm group with 3 updates (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/798">#798</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/05d6b9164aa74958de40b0179d6a773112fcdc7f"><code>05d6b91</code></a>
chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/797">#797</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/403a5240f3837fa857f642062e05aad6bb3391ca"><code>403a524</code></a>
chore(deps): bump <code>@​types/node</code> from 24.12.2 to 24.12.3 in
the npm group (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/796">#796</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/437e073e786973c6b6af97d9e445c41ae43b1d29"><code>437e073</code></a>
chore(deps): bump the npm group with 4 updates (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/792">#792</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/softprops/action-gh-release/compare/b4309332981a82ec1c5618f44dd2e27cc8bfbfda...718ea10b132b3b2eba29c1007bb80653f286566b">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 22:01:33 -07:00
Christian Bromann 5b462f2ab2 fix: migrate Daytona SDK dependency [closes #609] (#614)
## Description
Closes #609 by updating `@langchain/daytona` to the maintained
`@daytona/sdk` at `^0.184.0` while preserving the same SDK API usage.
Added a patch changeset; `@daytona/sdk` is Apache-2.0 and maintained by
Daytona as the direct replacement for deprecated `@daytonaio/sdk`.

## Self-Hosted Release Note
`@langchain/daytona` now depends on `@daytona/sdk` instead of deprecated
`@daytonaio/sdk`.

## Test Plan
- [ ] Verify package publish metadata resolves `@daytona/sdk`
`^0.184.0`.

Made by [Open
SWE](https://openswe.vercel.app/agents/d6f434c5-39c6-eef7-6cc6-670cf092bb67)

Co-authored-by: Christian Bromann <731337+christian-bromann@users.noreply.github.com>
Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
2026-06-29 08:25:57 -07:00
John Kennedy 9a9fce9429 ci: enforce sha-pinned github actions (#628)
## Summary
- add PR linting that rejects external GitHub Actions not pinned to a
40-character commit SHA
- keep existing action refs pinned and align stale version comments with
their pinned SHAs
- extend .gitignore coverage for local env, key/cert, Python cache, and
virtualenv files

## Testing
- local SHA-pin check over .github/workflows/*.yml and *.yaml
- ruby YAML parse for .github/workflows/*.yml
- git diff --cached --check
2026-06-25 13:43:21 -07:00
Christian Bromann 0ae10d7e26 fix(deepagents): declare LangChain runtime packages as peer dependencies (#613)
Updates to `@langchain/core` can cause downstream friction with
TypeScript:

```
Type 'ChatOpenAI<ChatOpenAICallOptions>' is not assignable to type 'string | BaseLanguageModel<any, BaseLanguageModelCallOptions> | undefined'.
  Type 'ChatOpenAI<ChatOpenAICallOptions>' is not assignable to type 'BaseLanguageModel<any, BaseLanguageModelCallOptions>'.
    Types of property 'getGraph' are incompatible.
      Type '(_?: import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>> | undefined) => import("/Users/christian.bromann/Sites/L...' is not assignable to type '(_?: import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>> | undefined) => import("/Users/christian.bromann/Sites/L...'.
        Types of parameters '_' and '_' are incompatible.
          Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>> | undefined' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>> | undefined'.
            Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>>' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>>'.
              Types of property 'callbacks' are incompatible.
                Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").Callbacks | undefined' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").Callbacks | undefined'.
                  Type 'CallbackManager' is not assignable to type 'Callbacks | undefined'.
                    Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManager' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManager'.
                      The types returned by 'handleLLMStart(...)' are incompatible between these types.
                        Type 'Promise<import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun[]>' is not assignable to type 'Promise<import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun[]>'.
                          Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun[]' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun[]'.
                            Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun'.
                              Property 'inheritableHandlers' is protected but type 'BaseRunManager' is not a class derived from 'BaseRunManager'.ts(2322)
```

to avoid this we should move the LangChain dependency to become peer
deps.

- Moved `@langchain/core`, `@langchain/langgraph`,
`@langchain/langgraph-sdk`, and `langchain` from `dependencies` to
`peerDependencies` in `libs/deepagents`, keeping dev copies for isolated
build/test.
- Lets consumers bump `@langchain/core` without requiring a new
`deepagents` release; a release is only needed to widen the peer range
across a major.
- Note on install contract: npm 7+ and pnpm 8+ auto-install peers; Yarn
only warns, so Yarn users must add the four packages explicitly (worth a
README follow-up).

---------

Signed-off-by: Christian Bromann <git@bromann.dev>
Co-authored-by: open-swe[bot] <215916821+open-swe[bot]@users.noreply.github.com>
2026-06-22 17:25:00 -07:00
Alexander Olsen d7ecab2d9f fix(deepagents): forward subagent results as text (#608)
## Summary

A deep agent that delegates to a subagent 400s when that subagent uses
an Anthropic server-side tool (web search, web fetch, code execution,
MCP). The subagent's final-message content blocks e.g.
server_tool_use/..._tool_result were forwarded verbatim as the task
ToolMessage content. On the parent agent's next request they serialize
into a tool_result, which Anthropic rejects:

`400 invalid_request_error
messages.N.content.0.tool_result.content.0: Input tag 'server_tool_use'
found using 'type'
does not match any of the expected tags:
'document','image','search_result','text','tool_reference'`

## Solution

Now matches the Python impl: forward only the subagent's text answer.
returnCommandWithStateUpdate now walks back to the last AIMessage with
non-empty text and uses that text (a string) as the ToolMessage content.

- Confirmed the Python deepagents impl is not affected (it forwards
.text); this aligns JS with Python.
- Reproduced the 400 across {web_search, code_execution, web_fetch} ×
{claude-haiku-4-5, claude-sonnet-4-6} on the latest published packages;
all green after the fix.

## Tests
- New: subagent server-tool blocks are filtered from forwarded content.
- New: walk-back uses the last non-empty AIMessage, skipping a trailing
empty message.
- Updated the #239/#245 tests to assert the (now string) ToolMessage
content.
- No regressions in subagent-related tests in the evals suite

---------

Signed-off-by: Alexander Olsen <aolsenjazz@gmail.com>
Co-authored-by: Christian Bromann <git@bromann.dev>
2026-06-22 11:43:03 -04:00
Alexander Olsen 42f34b65ed feat(deepagents): add bedrockPromptCachingMiddleware to default stack (#611)
## Summary

- Adds `bedrockPromptCachingMiddleware` to the default middleware stack
- Adds unit tests for the Bedrock model detection util function covering
the different formats of model strings/`ChatModel`s
2026-06-22 11:12:59 -04:00
Colin Francis 3c8f8b2ea6 chore(quickjs): disallow task as a configurable ptc tool (#606)
### Summary

The code interpreter now comes with a global `task` tool out of the box.
As a result, we should disallow specifying the `task` tool for ptc. This
PR implements logic that forbids the task tool as in ptc and throws with
a detailed error message if found. This PR also updates the RLM agent
example and READMEs.

### Tests

Unit tests validating expected behavior for task by name and tool
instance with "task" name.
2026-06-18 15:07:53 -07:00
github-actions[bot] a9e1ba1b89 chore: version packages (#605)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## deepagents-acp@0.1.15

### Patch Changes

- Updated dependencies
[[`7c4a11e`](https://github.com/langchain-ai/deepagentsjs/commit/7c4a11eacc11c3720b70d802068300ac3b4d8651)]:
  - deepagents@1.10.5
## deepagents@1.10.5

### Patch Changes

- [#598](https://github.com/langchain-ai/deepagentsjs/pull/598)
[`7c4a11e`](https://github.com/langchain-ai/deepagentsjs/commit/7c4a11eacc11c3720b70d802068300ac3b4d8651)
Thanks [@christian-bromann](https://github.com/christian-bromann)! -
refactor(stream): use langchain `run.subagents` instead of bespoke
transformer

Remove deepagents' custom `createSubagentTransformer` and rely on the
native
  subagent stream that `createAgent` registers (langchain#37739). Keep
`DeepAgentRunStream` as a compile-time overlay that narrows
`run.subagents` to
declared subagent specs. Update streaming tests for `cause` and
per-subagent
  message coverage.
## @langchain/quickjs@0.5.1

### Patch Changes

- [#602](https://github.com/langchain-ai/deepagentsjs/pull/602)
[`204cb27`](https://github.com/langchain-ai/deepagentsjs/commit/204cb27414c82c34a0c681c7e5a5336e1834f058)
Thanks [@colifran](https://github.com/colifran)! - chore(quickjs):
refine dynamic subagent prompt to trigger on workflow keyword and to
improve iterative eval behavior

- [#604](https://github.com/langchain-ai/deepagentsjs/pull/604)
[`0971007`](https://github.com/langchain-ai/deepagentsjs/commit/0971007ab2491e73eb1a78c5426ab934470d5620)
Thanks [@colifran](https://github.com/colifran)! - fix(quickjs): unwrap
Command/ToolMessage envelopes from tool and subagent results
## @deepagents/evals@0.0.14

### Patch Changes

- Updated dependencies
[[`7c4a11e`](https://github.com/langchain-ai/deepagentsjs/commit/7c4a11eacc11c3720b70d802068300ac3b4d8651)]:
  - deepagents@1.10.5

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@langchain/quickjs@0.5.1 deepagents-acp@0.1.15 deepagents@1.10.5
2026-06-18 09:38:18 -07:00
Christian Bromann 7c4a11eacc fix(deepagents): use langchain run.subagents instead of bespoke transformer (#598)
## Summary
- Remove deepagents' bespoke `createSubagentTransformer` (~460 lines)
and wire `createDeepAgent` to langchain's native `run.subagents`
projection from `createAgent` (langchain#37739).
- Slim `stream.ts` to type-only exports: re-export `SubagentRunStream`
from langchain and keep `DeepAgentRunStream` as a compile-time narrowing
over declared subagent specs.
- Update streaming tests for `sub.cause` (replacing `taskInput`), add
single-subagent `sub.messages` coverage, and document parallel-subagent
streaming behavior.
- Pin `langchain@1.4.6-dev-1781497519109` and `@langchain/langgraph` /
`@langchain/langgraph-checkpoint` to `d2312cf` dev builds (root
`pnpm.overrides`) for end-to-end verification until published releases
are available.
- Clarify `streamTransformers` docs: custom transformers surface on
`run.extensions`; built-in streams like `run.subagents` and
`run.toolCalls` are separate.

fixes #560
2026-06-18 09:36:50 -07:00
dependabot[bot] 9ecb176109 build(deps): bump hono from 4.12.23 to 4.12.25 (#603)
Bumps [hono](https://github.com/honojs/hono) from 4.12.23 to 4.12.25.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/hono/releases">hono's
releases</a>.</em></p>
<blockquote>
<h2>v4.12.25</h2>
<h2>Security fixes</h2>
<p>This release includes fixes for the following security issues:</p>
<h3>CORS Middleware reflects any Origin with credentials when
<code>origin</code> defaults to the wildcard</h3>
<p>Affects: <code>hono/cors</code>. Fixes the wildcard origin reflecting
the request <code>Origin</code> and sending
<code>Access-Control-Allow-Credentials: true</code> when
<code>credentials: true</code> is set without an explicit
<code>origin</code>, where any site a logged-in user visited could make
credentialed cross-origin requests and read responses from
cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc</p>
<h3>Body Limit Middleware can be bypassed on AWS Lambda by understating
<code>Content-Length</code></h3>
<p>Affects: <code>hono/body-limit</code> on AWS Lambda
(<code>hono/aws-lambda</code>, <code>hono/lambda-edge</code>). Fixes the
request being built with the client-declared <code>Content-Length</code>
while the body is delivered fully buffered, where a client could declare
a small <code>Content-Length</code> with a much larger body and slip
past the configured size limit. GHSA-rv63-4mwf-qqc2</p>
<h3>Path traversal in <code>serve-static</code> on Windows via encoded
backslash (<code>%5C</code>)</h3>
<p>Affects: <code>serveStatic</code> on Windows (Node, Bun, Deno
adapters). Fixes the path guard allowing a lone backslash, where an
encoded backslash (<code>%5C</code>) decoded to <code>\</code> was
treated as a separator by the Windows path resolver, letting a single
URL segment escape into a middleware-guarded subtree.
GHSA-wwfh-h76j-fc44</p>
<h3>AWS Lambda adapter merges multiple <code>Set-Cookie</code> headers
into one value, dropping cookies on ALB single-header and Lattice</h3>
<p>Affects: <code>hono/aws-lambda</code>. Fixes multiple
<code>Set-Cookie</code> response headers being joined into one
comma-separated value for ALB single-header responses and VPC Lattice
v2, where the value could not be split back into individual cookies and
clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf</p>
<h3>Lambda@Edge adapter keeps only the last value of a repeated request
header, dropping the rest</h3>
<p>Affects: <code>hono/lambda-edge</code>. Fixes repeated request
headers being written with overwrite instead of append, where only the
last value of a header such as <code>X-Forwarded-For</code> reached the
application and the remaining values were silently dropped.
GHSA-wgpf-jwqj-8h8p</p>
<h2>v4.12.24</h2>
<h2>What's Changed</h2>
<ul>
<li>docs(contribution): simplifyAI Usage Policy by <a
href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4972">honojs/hono#4972</a></li>
<li>chore: remove <code>@​types/glob</code> by <a
href="https://github.com/rtritto"><code>@​rtritto</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4978">honojs/hono#4978</a></li>
<li>fix(bearer-auth): mention verifyToken in missing-options error
message by <a
href="https://github.com/tan7vir"><code>@​tan7vir</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4987">honojs/hono#4987</a></li>
<li>refactor(language): Test/improve tests on languages middleware by <a
href="https://github.com/iNeoO"><code>@​iNeoO</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4980">honojs/hono#4980</a></li>
<li>fix(utils/ipaddr): expand &quot;::&quot; to eight zero groups by <a
href="https://github.com/youcefzemmar"><code>@​youcefzemmar</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4973">honojs/hono#4973</a></li>
<li>fix: clean up config files trailing comma, stale excludes,
typesVersions gaps, jsr paths by <a
href="https://github.com/Mohammad-Faiz-Cloud-Engineer"><code>@​Mohammad-Faiz-Cloud-Engineer</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4982">honojs/hono#4982</a></li>
<li>refactor(timing): Test/add test for middleware timing by <a
href="https://github.com/iNeoO"><code>@​iNeoO</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4991">honojs/hono#4991</a></li>
<li>fix(utils/ipaddr): render the unspecified address binary as
&quot;::&quot; by <a
href="https://github.com/sarathfrancis90"><code>@​sarathfrancis90</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4998">honojs/hono#4998</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/hono/compare/v4.12.23...v4.12.24">https://github.com/honojs/hono/compare/v4.12.23...v4.12.24</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/honojs/hono/commit/fce483e11466b72d27e61d44523c7e6edeb19e50"><code>fce483e</code></a>
4.12.25</li>
<li><a
href="https://github.com/honojs/hono/commit/751ba41ba26dff20351a13964c07627ddcf382b6"><code>751ba41</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/f0b094db8474696344d98e5665a4ac2a6d5f346e"><code>f0b094d</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/fa5f9bfcc25d65e08af85211cc2e5ecd0e0ea24b"><code>fa5f9bf</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/3892a6c2b54f974505de41013fcac88a71908e3d"><code>3892a6c</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/74c2cf8ef4f5cc29a876380df1ba230ff7128b3f"><code>74c2cf8</code></a>
test(aws-lambda): update integration tests (<a
href="https://redirect.github.com/honojs/hono/issues/5012">#5012</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/7ae7cbae5d0ed8a40e8b9cc353e13175b9d7e3e1"><code>7ae7cba</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/1b1384815485f9d6590c6966e23a06fd07166cb7"><code>1b13848</code></a>
chore(ci): bump codecov-action to v7.0.0 (<a
href="https://redirect.github.com/honojs/hono/issues/5011">#5011</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/5fdde5ab5a7d7c89eba4d1ceab76f4a7c011cd3b"><code>5fdde5a</code></a>
4.12.24</li>
<li><a
href="https://github.com/honojs/hono/commit/c78932d745cdf6284ae131a156479ac930da0262"><code>c78932d</code></a>
fix(utils/ipaddr): render the unspecified address binary as
&quot;::&quot; (<a
href="https://redirect.github.com/honojs/hono/issues/4998">#4998</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/honojs/hono/compare/v4.12.23...v4.12.25">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hono&package-manager=npm_and_yarn&previous-version=4.12.23&new-version=4.12.25)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/deepagentsjs/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-18 09:19:13 -07:00
Colin Francis 0971007ab2 fix(quickjs): unwrap Command/ToolMessage envelopes from tool and subagent results (#604)
### Summary

The deepagents `task` tool resolves to a LangGraph `Command` (and some
tools return a `ToolMessage` or a list of messages), but the quickjs
bridges passed these envelopes straight to the REPL so `task(...)` and
PTC `tools.*` calls handed the model the wrapper instead of the
subagent's actual output, breaking the contract that a `responseSchema`
dispatch resolves to a typed value.

This PR adds `unwrapToolEnvelope`: a duck-typed unwrap of `Command` /
`ToolMessage` / message-list shapes that reverse-scans `update.messages`
for the last message with content and reads both live and serialized
forms. Non-envelope values pass through unchanged.

`unwrapToolEnvelope` is wired into both bridges, i.e., the `task()`
dispatch and the PTC `tools.*` bridge.

Inspired by the Python's
[`coerce_tool_output_for_ptc`](https://github.com/langchain-ai/deepagents/blob/4c347603162e181c721e5e2a5ca8bbff6828e23c/libs/partners/quickjs/langchain_quickjs/_format.py#L93-L119).

### Tests

- `coerce.test.ts` provide unit test coverage for `unwrapToolEnvelope`:
string/null/undefined passthrough, `Command` (single + multi-message),
reverse-scan past empty trailing messages, serialized `kwargs.content`,
bare `ToolMessage`, message lists, content-block arrays and plain `{
content }` objects left untouched.
- `middleware.test.ts` provides an integration test that the `task()`
bridge returns the parsed structured value from a `Command` result.
2026-06-18 06:27:35 -07:00
Colin Francis 204cb27414 chore(quickjs): refine dynamic subagent prompt to trigger on workflow keyword and to improve iterative eval behavior (#602)
### Summary

Prompt change only, no runtime behavior change.

Reworks the quickjs code-interpreter subagent prompt to steer the
orchestrator toward an explore-then-distribute workflow. It explores
with its own tools first, hands subagents file paths instead of pasted
contents, reuses persisted REPL variables rather than re-pasting prior
eval output, and returns results via the last expression instead of
`console.log`. Also gates the REPL sandbox note so it only mentions the
`tools.*` namespace when PTC is actually exposed.

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-18 06:27:18 -07:00
github-actions[bot] 750d69c024 chore: version packages (#568)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @langchain/node-vfs@0.2.0

### Minor Changes

- [#575](https://github.com/langchain-ai/deepagentsjs/pull/575)
[`5d266a2`](https://github.com/langchain-ai/deepagentsjs/commit/5d266a213d8d3d15c2281e2e00ab71ee30ca3ffe)
Thanks [@hntrl](https://github.com/hntrl)! - BREAKING: remove shell
execution from the VFS provider

`VfsBackend` now operates as a filesystem-only `BackendProtocolV2`
implementation and no longer exposes command execution.

The provider now implements `read`, `ls`, `grep`, and `glob` directly
against the in-memory VFS, path resolution is confined to the virtual
workspace root, and legacy `VfsSandbox` / `createVfsSandboxFactory*`
aliases are removed.
## @langchain/quickjs@0.5.0

### Minor Changes

- [#590](https://github.com/langchain-ai/deepagentsjs/pull/590)
[`7ee3feb`](https://github.com/langchain-ai/deepagentsjs/commit/7ee3feb674c361305b2a031db9132253e3d0543b)
Thanks [@colifran](https://github.com/colifran)! - chore(quickjs):
remove skills backend and associated plumbing

- [#592](https://github.com/langchain-ai/deepagentsjs/pull/592)
[`72cfb0c`](https://github.com/langchain-ai/deepagentsjs/commit/72cfb0c0384b30059b5e8028139a2e167c1be882)
Thanks [@colifran](https://github.com/colifran)! - feat(quickjs):
implement default subagent primitive in code interpreter for
programmatic subagent calling

### Patch Changes

- [#594](https://github.com/langchain-ai/deepagentsjs/pull/594)
[`61db938`](https://github.com/langchain-ai/deepagentsjs/commit/61db9381494f61b4548cd80b715e5af72fdde381)
Thanks [@colifran](https://github.com/colifran)! - chore(quickjs):
remove configurable concurrency and add subagents option with true
default

- [#546](https://github.com/langchain-ai/deepagentsjs/pull/546)
[`b7a5f26`](https://github.com/langchain-ai/deepagentsjs/commit/b7a5f26fd9cba992b11e1a4cf18607d64533503b)
Thanks [@open-swe](https://github.com/apps/open-swe)! - fix(quickjs):
scope `CodeInterpreterMiddleware` REPL prompt sandbox bullet to the
runtime
## deepagents-acp@0.1.14

### Patch Changes

- Updated dependencies
[[`18557db`](https://github.com/langchain-ai/deepagentsjs/commit/18557db7bbdf92052ed5f994512fb70e11989e69),
[`773cac5`](https://github.com/langchain-ai/deepagentsjs/commit/773cac5dc7efc7843dd882642d91f7d64d6fde81),
[`1ca6dc9`](https://github.com/langchain-ai/deepagentsjs/commit/1ca6dc92fd40a6d845d24b95ba14b8f2643db394),
[`03df237`](https://github.com/langchain-ai/deepagentsjs/commit/03df237385fbdfefd862076c5588eb39cb6e43c3),
[`84f3c0c`](https://github.com/langchain-ai/deepagentsjs/commit/84f3c0c2f1cad271191bcc138b84ba5b9c9205c9),
[`72cfb0c`](https://github.com/langchain-ai/deepagentsjs/commit/72cfb0c0384b30059b5e8028139a2e167c1be882),
[`04cc3fc`](https://github.com/langchain-ai/deepagentsjs/commit/04cc3fc26001ee566ed94de44c2dda2cf6adecc4),
[`18fbb48`](https://github.com/langchain-ai/deepagentsjs/commit/18fbb4839050e98ae3cfd36ec69b11f0725ad6d6),
[`e3d4b53`](https://github.com/langchain-ai/deepagentsjs/commit/e3d4b5367b1825df56c919b483ec4a3e117d631f)]:
  - deepagents@1.10.4
## deepagents@1.10.4

### Patch Changes

- [#551](https://github.com/langchain-ai/deepagentsjs/pull/551)
[`18557db`](https://github.com/langchain-ai/deepagentsjs/commit/18557db7bbdf92052ed5f994512fb70e11989e69)
Thanks [@antonnak](https://github.com/antonnak)! - fix(deepagents): gate
cache_control writes on per-call request.model

`createCacheBreakpointMiddleware` and `createMemoryMiddleware` were
gating
the Anthropic-specific `cache_control` write at agent-creation time
only.
When `modelFallbackMiddleware` swapped `request.model` to a
non-Anthropic
  provider mid-flight (e.g. on Anthropic 5xx), the marker leaked through
  and the fallback provider rejected the request with
  `400 Unknown parameter: 'cache_control'`. Both middlewares now also
check `isAnthropicModel(request.model)` inside `wrapModelCall`. Fixes
[#550](https://github.com/langchain-ai/deepagentsjs/issues/550).

- [#591](https://github.com/langchain-ai/deepagentsjs/pull/591)
[`773cac5`](https://github.com/langchain-ai/deepagentsjs/commit/773cac5dc7efc7843dd882642d91f7d64d6fde81)
Thanks [@colifran](https://github.com/colifran)! - chore(deepagents):
expose createSubAgent

- [#541](https://github.com/langchain-ai/deepagentsjs/pull/541)
[`1ca6dc9`](https://github.com/langchain-ai/deepagentsjs/commit/1ca6dc92fd40a6d845d24b95ba14b8f2643db394)
Thanks [@ixchio](https://github.com/ixchio)! - fix getMimeType to return
application/octet-stream for unknown file extensions instead of
text/plain

- [#572](https://github.com/langchain-ai/deepagentsjs/pull/572)
[`03df237`](https://github.com/langchain-ai/deepagentsjs/commit/03df237385fbdfefd862076c5588eb39cb6e43c3)
Thanks [@hntrl](https://github.com/hntrl)! - fix: scope CompositeBackend
grep/glob route fanout by search path

CompositeBackend now limits fallback route fanout to routes mounted
under the requested search path, instead of querying all routed backends
unconditionally.

This avoids unrelated routed backend calls (and side-effect errors) for
scoped searches like `path="/workspace"`, while preserving full fanout
behavior at root (`path="/"`).

- [#574](https://github.com/langchain-ai/deepagentsjs/pull/574)
[`84f3c0c`](https://github.com/langchain-ai/deepagentsjs/commit/84f3c0c2f1cad271191bcc138b84ba5b9c9205c9)
Thanks [@hntrl](https://github.com/hntrl)! - fix(deepagents): add
explicit browser and node entrypoints
  - add `deepagents/browser` and `deepagents/node` subpath exports
- route browser bundlers to the browser-safe bundle via the root
`browser` export condition
- avoid named Node builtin imports in backend utils that can break
browser builds
  - document browser guidance to import from `deepagents/browser`

- [#592](https://github.com/langchain-ai/deepagentsjs/pull/592)
[`72cfb0c`](https://github.com/langchain-ai/deepagentsjs/commit/72cfb0c0384b30059b5e8028139a2e167c1be882)
Thanks [@colifran](https://github.com/colifran)! - feat(quickjs):
implement default subagent primitive in code interpreter for
programmatic subagent calling

- [#566](https://github.com/langchain-ai/deepagentsjs/pull/566)
[`04cc3fc`](https://github.com/langchain-ai/deepagentsjs/commit/04cc3fc26001ee566ed94de44c2dda2cf6adecc4)
Thanks [@hntrl](https://github.com/hntrl)! - fix(deepagents): propagate
subagent `lc_agent_name` during task delegation
- Ensure `task` tool subagent invocations override
`metadata.lc_agent_name` with the selected `subagent_type`.
- Add regression coverage for both compiled subagents (`runnable`) and
standard subagent specs to verify tool-time metadata reflects the active
subagent.
- Update the `langsmith` peer dependency range in `deepagents` to
`^0.7.1`.

- [#595](https://github.com/langchain-ai/deepagentsjs/pull/595)
[`18fbb48`](https://github.com/langchain-ai/deepagentsjs/commit/18fbb4839050e98ae3cfd36ec69b11f0725ad6d6)
Thanks [@christian-bromann](https://github.com/christian-bromann)! -
fix(deepagents): count tokens once per model call in summarization
middleware

`createSummarizationMiddleware` counted tokens twice on every model
call—once
inside `truncateArgs` and again for the should-summarize check—even when
nothing was truncated or summarized. Count once and pass the total into
`truncateArgs`; recount only when truncation actually modifies messages.

- [#242](https://github.com/langchain-ai/deepagentsjs/pull/242)
[`e3d4b53`](https://github.com/langchain-ai/deepagentsjs/commit/e3d4b5367b1825df56c919b483ec4a3e117d631f)
Thanks [@alvedder](https://github.com/alvedder)! - feat(deepagents):
support direct skill paths as sources in createSkillsMiddleware
## @deepagents/evals@0.0.13

### Patch Changes

- Updated dependencies
[[`18557db`](https://github.com/langchain-ai/deepagentsjs/commit/18557db7bbdf92052ed5f994512fb70e11989e69),
[`773cac5`](https://github.com/langchain-ai/deepagentsjs/commit/773cac5dc7efc7843dd882642d91f7d64d6fde81),
[`1ca6dc9`](https://github.com/langchain-ai/deepagentsjs/commit/1ca6dc92fd40a6d845d24b95ba14b8f2643db394),
[`03df237`](https://github.com/langchain-ai/deepagentsjs/commit/03df237385fbdfefd862076c5588eb39cb6e43c3),
[`84f3c0c`](https://github.com/langchain-ai/deepagentsjs/commit/84f3c0c2f1cad271191bcc138b84ba5b9c9205c9),
[`72cfb0c`](https://github.com/langchain-ai/deepagentsjs/commit/72cfb0c0384b30059b5e8028139a2e167c1be882),
[`04cc3fc`](https://github.com/langchain-ai/deepagentsjs/commit/04cc3fc26001ee566ed94de44c2dda2cf6adecc4),
[`18fbb48`](https://github.com/langchain-ai/deepagentsjs/commit/18fbb4839050e98ae3cfd36ec69b11f0725ad6d6),
[`e3d4b53`](https://github.com/langchain-ai/deepagentsjs/commit/e3d4b5367b1825df56c919b483ec4a3e117d631f)]:
  - deepagents@1.10.4

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@langchain/node-vfs@0.2.0 @langchain/quickjs@0.5.0 deepagents-acp@0.1.14 deepagents@1.10.4
2026-06-17 15:05:26 -07:00
Mason Daugherty d879d1c979 ci(infra): pin actions/checkout to commit SHA in release workflow (#596)
The `build` job in the CLI release workflow referenced
`actions/checkout@v6` by tag while every other action across the repo's
workflows is pinned to a full commit SHA. Pinning it closes the one
remaining mutable-tag reference so CI can't silently pull a re-tagged
action.

## Changes
- Pin `actions/checkout` in the `cli-release.yml` `build` job to
`8e8c483…90e8` (`v6.0.1`) — the same SHA used by the repo's other
checkout steps.
2026-06-12 21:19:12 -04:00
Christian Bromann 18fbb48390 fix(deepagents): count tokens once per model call in summarization middleware (#595)
## Summary
- Port
[langchain-ai/deepagents#3877](https://github.com/langchain-ai/deepagents/pull/3877):
`createSummarizationMiddleware` now counts tokens once per model call
instead of twice on the common pass-through path.
- Pass the precomputed total into `truncateArgs` via an optional
`totalTokens` parameter; recount only when truncation modifies messages.
- Add a regression test asserting `countTokensApproximately` runs
exactly once when nothing is truncated or summarized.
2026-06-12 17:26:50 -07:00
Colin Francis 61db938149 chore(quickjs): remove configurable concurrency and add subagents option with true default (#594)
### Summary

This PR remove the configurable concurrency option from code interpreter
middleware options and adds a subagents option that is true by default
2026-06-11 16:10:15 -07:00
Colin Francis 72cfb0c038 feat(quickjs): implement default task primitive in code interpreter for programmatic subagent calling (#592)
### Summary

This PR adds a default task primitive to the code interpreter that
allows the agent to natively write code to programmatically dispatch
subagents. The task primitive supports passing response schemas for
dynamic structured output that helps with more complex orchestration
patterns.

This PR also removes the swarm task tool in favor of the task primitive.

---------

Co-authored-by: Hunter Lovell <40191806+hntrl@users.noreply.github.com>
2026-06-11 15:36:01 -07:00
Colin Francis 773cac5dc7 chore(deepagents): expose createSubAgent (#591)
### Summary

Exposes `createSubAgent` as a dedicated function which allows us to
reuse the inner subagent factory outside of the middleware (e.g. using
it as the single source of truth for defining subagents in quickjs).

Port of similar implementation from
https://github.com/langchain-ai/deepagents/pull/3846
2026-06-10 17:16:05 -07:00
Colin Francis 7ee3feb674 chore(quickjs): remove skills backend and associated plumbing (#590)
### Summary

Removes skills backend and associated plumbing from code interpreter
middleware and options
2026-06-10 11:53:13 -07:00
dependabot[bot] 7c47e66601 build(deps): bump the minor-deps-updates-main group across 1 directory with 19 updates (#581)
Bumps the minor-deps-updates-main group with 19 updates in the /
directory:

| Package | From | To |
| --- | --- | --- |
|
[@changesets/changelog-github](https://github.com/changesets/changesets)
| `0.6.0` | `0.7.0` |
| [globals](https://github.com/sindresorhus/globals) | `17.5.0` |
`17.6.0` |
| [jiti](https://github.com/unjs/jiti) | `2.6.1` | `2.7.0` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) |
`0.47.0` | `0.53.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) |
`1.62.0` | `1.68.0` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` |
|
[@agentclientprotocol/sdk](https://github.com/agentclientprotocol/typescript-sdk)
| `0.18.2` | `0.24.0` |
|
[@langchain/langgraph](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core)
| `1.2.9` | `1.3.4` |
|
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
| `25.6.0` | `25.9.1` |
| [tsdown](https://github.com/rolldown/tsdown) | `0.21.10` | `0.22.1` |
|
[@langchain/langgraph-sdk](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk)
| `1.8.10` | `1.9.15` |
| [langchain](https://github.com/langchain-ai/langchainjs) | `1.3.5` |
`1.4.4` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.3` | `2.9.0` |
| [@langchain/anthropic](https://github.com/langchain-ai/langchainjs) |
`1.3.28` | `1.4.0` |
| [@daytonaio/sdk](https://github.com/daytonaio/daytona) | `0.155.0` |
`0.184.0` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.6.1` |
`0.7.4` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) |
`8.20.0` | `8.21.0` |
|
[@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite)
| `4.2.4` | `4.3.0` |
|
[tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss)
| `4.2.4` | `4.3.0` |


Updates `@changesets/changelog-github` from 0.6.0 to 0.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/changesets/changesets/releases">@​changesets/changelog-github's
releases</a>.</em></p>
<blockquote>
<h2><code>@​changesets/changelog-github</code><a
href="https://github.com/0"><code>@​0</code></a>.7.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/changesets/changesets/pull/1255">#1255</a>
<a
href="https://github.com/changesets/changesets/commit/94578cf164aa7abcb12b97dd3a55d12a324f4fe8"><code>94578cf</code></a>
Thanks <a href="https://github.com/Kauhsa"><code>@​Kauhsa</code></a>! -
Added <code>disableThanks</code> option</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/changesets/changesets/commit/d1ef2d8cc11f86042a82f0cf7b125021e24dafc4"><code>d1ef2d8</code></a>
Version Packages (<a
href="https://redirect.github.com/changesets/changesets/issues/1950">#1950</a>)</li>
<li><a
href="https://github.com/changesets/changesets/commit/7af587636b8e793cc43fc6a52d32598193fcb68e"><code>7af5876</code></a>
Restrict <code>publish</code> job to the <code>npm</code> env (<a
href="https://redirect.github.com/changesets/changesets/issues/1972">#1972</a>)</li>
<li><a
href="https://github.com/changesets/changesets/commit/ff767d2da25173bcab643826702b2af74cbf08cf"><code>ff767d2</code></a>
Sync config-file-options documentation with schema.json and source code
(<a
href="https://redirect.github.com/changesets/changesets/issues/1683">#1683</a>)</li>
<li><a
href="https://github.com/changesets/changesets/commit/951094babb7c356536c243e9cca0faa3ec86360a"><code>951094b</code></a>
fix: pin 2 unpinned action(s) (<a
href="https://redirect.github.com/changesets/changesets/issues/1915">#1915</a>)</li>
<li><a
href="https://github.com/changesets/changesets/commit/94578cf164aa7abcb12b97dd3a55d12a324f4fe8"><code>94578cf</code></a>
Added <code>disableThanks</code> option (<a
href="https://redirect.github.com/changesets/changesets/issues/1255">#1255</a>)</li>
<li><a
href="https://github.com/changesets/changesets/commit/d87334df92a36788e778b21e2bc603beb754f0d5"><code>d87334d</code></a>
Support dark mode banner in readme (<a
href="https://redirect.github.com/changesets/changesets/issues/1943">#1943</a>)</li>
<li><a
href="https://github.com/changesets/changesets/commit/87472a757062402ca121bd168d693a1be866cf45"><code>87472a7</code></a>
Update .vscode/settings.json (<a
href="https://redirect.github.com/changesets/changesets/issues/1944">#1944</a>)</li>
<li><a
href="https://github.com/changesets/changesets/commit/317a373aef2639e4ca2804f20aeb4af5338c41ca"><code>317a373</code></a>
Disable <code>publish_pr</code> job</li>
<li><a
href="https://github.com/changesets/changesets/commit/9cce6db18ddecbf7f9cded45254b9905b19a7516"><code>9cce6db</code></a>
Version Packages (<a
href="https://redirect.github.com/changesets/changesets/issues/1897">#1897</a>)</li>
<li><a
href="https://github.com/changesets/changesets/commit/d2121dc3d86b55f76de6022ccfcde843ed4b884a"><code>d2121dc</code></a>
Fix npm auth for path-based registries during publish by preserving
configure...</li>
<li>Additional commits viewable in <a
href="https://github.com/changesets/changesets/compare/@changesets/changelog-github@0.6.0...@changesets/changelog-github@0.7.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `globals` from 17.5.0 to 17.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sindresorhus/globals/releases">globals's
releases</a>.</em></p>
<blockquote>
<h2>v17.6.0</h2>
<ul>
<li>Update globals (2026-05-01) (<a
href="https://redirect.github.com/sindresorhus/globals/issues/343">#343</a>)
00a4dd9</li>
</ul>
<hr />
<p><a
href="https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0">https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sindresorhus/globals/commit/6b15870f1c08b60b5b57afe45a703d9ed0be39bc"><code>6b15870</code></a>
17.6.0</li>
<li><a
href="https://github.com/sindresorhus/globals/commit/00a4dd9821830a9b044798120e86b1bb1a54648d"><code>00a4dd9</code></a>
Update globals (2026-05-01) (<a
href="https://redirect.github.com/sindresorhus/globals/issues/343">#343</a>)</li>
<li>See full diff in <a
href="https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `jiti` from 2.6.1 to 2.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/unjs/jiti/releases">jiti's
releases</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<p><a
href="https://github.com/unjs/jiti/compare/v2.6.1...v2.7.0">compare
changes</a></p>
<h3>🚀 Enhancements</h3>
<ul>
<li>Add explicit resource management (<code>using</code>/<code>await
using</code>) support (<a
href="https://redirect.github.com/unjs/jiti/pull/422">#422</a>)</li>
<li>Support opt-in <code>tsconfigPaths</code> (<a
href="https://redirect.github.com/unjs/jiti/pull/427">#427</a>)</li>
<li>Support virtual modules (<a
href="https://redirect.github.com/unjs/jiti/pull/428">#428</a>)</li>
<li>Add <code>jiti/static</code> subpath (<a
href="https://redirect.github.com/unjs/jiti/pull/430">#430</a>)</li>
</ul>
<h3>🔥 Performance</h3>
<ul>
<li><strong>interopDefault:</strong> Add caching to reduce proxy
overhead by ~2x (<a
href="https://redirect.github.com/unjs/jiti/pull/421">#421</a>)</li>
</ul>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>require:</strong> Passthrough resolve options (<a
href="https://redirect.github.com/unjs/jiti/pull/412">#412</a>)</li>
<li><strong>require:</strong> Fallback to transpilation when
<code>tryNative</code> fails (<a
href="https://redirect.github.com/unjs/jiti/pull/413">#413</a>)</li>
<li>Fallback for <code>ENAMETOOLONG</code> when evaluating esm (<a
href="https://redirect.github.com/unjs/jiti/pull/429">#429</a>)</li>
</ul>
<h3>📦 Build</h3>
<ul>
<li>Upgrade rspack to v2 (<a
href="https://github.com/unjs/jiti/commit/55194fb">55194fb</a>)</li>
<li>Experimental rolldown config (<a
href="https://github.com/unjs/jiti/commit/8c0243f">8c0243f</a>)</li>
</ul>
<h3> Tests</h3>
<ul>
<li>Ignore jsx test for bun/cjs (<a
href="https://github.com/unjs/jiti/commit/3a744ca">3a744ca</a>)</li>
</ul>
<h3>❤️ Contributors</h3>
<ul>
<li>Pooya Parsa (<a
href="https://github.com/pi0"><code>@​pi0</code></a>)</li>
<li>Kricsleo (<a
href="https://github.com/kricsleo"><code>@​kricsleo</code></a>)</li>
<li>Espen Hovlandsdal (<a
href="https://github.com/rexxars"><code>@​rexxars</code></a>)</li>
<li>Rintaro Itokawa (<a
href="https://github.com/re-taro"><code>@​re-taro</code></a>)</li>
<li>Matteo Collina (<a
href="https://github.com/mcollina"><code>@​mcollina</code></a>)</li>
<li>Mario Zechner (<a
href="https://github.com/badlogic"><code>@​badlogic</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/unjs/jiti/blob/main/CHANGELOG.md">jiti's
changelog</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<p><a
href="https://github.com/unjs/jiti/compare/v2.6.1...v2.7.0">compare
changes</a></p>
<h3>🚀 Enhancements</h3>
<ul>
<li>Add explicit resource management (using/await using) support (<a
href="https://redirect.github.com/unjs/jiti/pull/422">#422</a>)</li>
<li>Support opt-in <code>tsconfigPaths</code> (<a
href="https://redirect.github.com/unjs/jiti/pull/427">#427</a>)</li>
<li>Support virtual modules option (<a
href="https://redirect.github.com/unjs/jiti/pull/428">#428</a>)</li>
<li>Add <code>jiti/static</code> export (<a
href="https://redirect.github.com/unjs/jiti/pull/430">#430</a>)</li>
</ul>
<h3>🔥 Performance</h3>
<ul>
<li><strong>interopDefault:</strong> Add caching to reduce proxy
overhead by ~2x (<a
href="https://redirect.github.com/unjs/jiti/pull/421">#421</a>)</li>
</ul>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>require:</strong> Passthrough resolve options (<a
href="https://redirect.github.com/unjs/jiti/pull/412">#412</a>)</li>
<li><strong>ci:</strong> Skip <code>--coverage</code> flag for node 18
(<a href="https://github.com/unjs/jiti/commit/fe264b4">fe264b4</a>)</li>
<li><strong>require:</strong> Fallback to transpilation when
<code>tryNative</code> fails (<a
href="https://redirect.github.com/unjs/jiti/pull/413">#413</a>)</li>
<li>Fallback for <code>ENAMETOOLONG</code> when evaluating esm (<a
href="https://redirect.github.com/unjs/jiti/pull/429">#429</a>)</li>
</ul>
<h3>📦 Build</h3>
<ul>
<li>Upgrade rspack (<a
href="https://github.com/unjs/jiti/commit/55194fb">55194fb</a>)</li>
<li>Experimental rolldown config (<a
href="https://github.com/unjs/jiti/commit/8c0243f">8c0243f</a>)</li>
</ul>
<h3>🏡 Chore</h3>
<ul>
<li>Fix lint issues (<a
href="https://github.com/unjs/jiti/commit/4045c7a">4045c7a</a>)</li>
<li>Update deps (<a
href="https://github.com/unjs/jiti/commit/e88ac44">e88ac44</a>)</li>
<li>Update deps (<a
href="https://github.com/unjs/jiti/commit/498e8d7">498e8d7</a>)</li>
<li>Add missing prettier dep (<a
href="https://github.com/unjs/jiti/commit/650bc48">650bc48</a>)</li>
<li>Lint (<a
href="https://github.com/unjs/jiti/commit/058d91a">058d91a</a>)</li>
<li>Init agents.md (<a
href="https://github.com/unjs/jiti/commit/c49c54e">c49c54e</a>)</li>
<li>Update agents.md (<a
href="https://github.com/unjs/jiti/commit/4deba16">4deba16</a>)</li>
<li>Update deps (<a
href="https://github.com/unjs/jiti/commit/08fc868">08fc868</a>)</li>
<li>Update tsconfig (<a
href="https://github.com/unjs/jiti/commit/8c7822e">8c7822e</a>)</li>
<li>Update release script (<a
href="https://github.com/unjs/jiti/commit/27fe3f2">27fe3f2</a>)</li>
</ul>
<h3> Tests</h3>
<ul>
<li>Ignore jsx test for bun/cjs (<a
href="https://github.com/unjs/jiti/commit/3a744ca">3a744ca</a>)</li>
<li>Update (<a
href="https://github.com/unjs/jiti/commit/9ee314f">9ee314f</a>)</li>
</ul>
<h3>🤖 CI</h3>
<ul>
<li>Update node test matrix (<a
href="https://github.com/unjs/jiti/commit/0abda72">0abda72</a>)</li>
</ul>
<h3>❤️ Contributors</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/unjs/jiti/commit/fd3bb289b75ed207edfb686d671ed50144f7e90f"><code>fd3bb28</code></a>
chore(release): v2.7.0</li>
<li><a
href="https://github.com/unjs/jiti/commit/27fe3f2a496b712674061c767f21ceaf34d39d83"><code>27fe3f2</code></a>
chore: update release script</li>
<li><a
href="https://github.com/unjs/jiti/commit/4fcd2f23aa31d2e1ece4b307350b8c1d72a26870"><code>4fcd2f2</code></a>
fix: fallback for <code>ENAMETOOLONG</code> when evaluating esm (<a
href="https://redirect.github.com/unjs/jiti/issues/429">#429</a>)</li>
<li><a
href="https://github.com/unjs/jiti/commit/8c0243f14e65193fceb023b81aed5c9a820ee2cb"><code>8c0243f</code></a>
build: experimental rolldown config</li>
<li><a
href="https://github.com/unjs/jiti/commit/55194fbb97b56af50ae1c19735ee3b06110b3903"><code>55194fb</code></a>
build: upgrade rspack</li>
<li><a
href="https://github.com/unjs/jiti/commit/0abda72c11fa31654ae17f255f9a854e4b706018"><code>0abda72</code></a>
ci: update node test matrix</li>
<li><a
href="https://github.com/unjs/jiti/commit/8c7822ef2ff03669c31de2fedfcf6676970f5b2a"><code>8c7822e</code></a>
chore: update tsconfig</li>
<li><a
href="https://github.com/unjs/jiti/commit/08fc868c928d65fb615800e51b0ec1ac78f83a69"><code>08fc868</code></a>
chore: update deps</li>
<li><a
href="https://github.com/unjs/jiti/commit/5d552e3bebf9ffcd3fb9f176364fce7b4e35134d"><code>5d552e3</code></a>
feat: add <code>jiti/static</code> export (<a
href="https://redirect.github.com/unjs/jiti/issues/430">#430</a>)</li>
<li><a
href="https://github.com/unjs/jiti/commit/ae790b0214512857e40e8b3078b63a7d65f7f2c9"><code>ae790b0</code></a>
feat: support virtual modules option (<a
href="https://redirect.github.com/unjs/jiti/issues/428">#428</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/unjs/jiti/compare/v2.6.1...v2.7.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `oxfmt` from 0.47.0 to 0.53.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oxc-project/oxc/commit/964a7580840f394d67c149ea083e35a1e74c128f"><code>964a758</code></a>
release(apps): oxlint v1.68.0 &amp;&amp; oxfmt v0.53.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22883">#22883</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/68b455d84f0b18bd6646cfe4f9babb12ec4fc448"><code>68b455d</code></a>
release(apps): oxlint v1.67.0 &amp;&amp; oxfmt v0.52.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22735">#22735</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/16b8058cd6fd55472cb3a225852ca22db24bb461"><code>16b8058</code></a>
feat(oxfmt): Support <code>vite-plus/resolveConfig</code> for
vite.config.ts (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22454">#22454</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/557020642e27b948e46f73754b82bee452a82f32"><code>5570206</code></a>
release(apps): oxlint v1.66.0 &amp;&amp; oxfmt v0.51.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22528">#22528</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/25e5cbc76f887cf5c0c2bdfbef8d4a74fd1ce87d"><code>25e5cbc</code></a>
release(apps): oxlint v1.65.0 &amp;&amp; oxfmt v0.50.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22458">#22458</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/43b997847b76bfbc35e83738296330a9a33de4e4"><code>43b9978</code></a>
fix(formatter/sort_imports): Treat subpath imports as internal (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22440">#22440</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/d652a556196178515a3c1ea6d25a832c74961d02"><code>d652a55</code></a>
release(apps): oxlint v1.64.0 &amp;&amp; oxfmt v0.49.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22318">#22318</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/6e8e8185c0a3d653bb90dff051ec7d4558793752"><code>6e8e818</code></a>
feat(oxfmt): Experimental .svelte support (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/21700">#21700</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/330fe31f826b7d4ae11ae49ba50e2b2ab2bdc6f1"><code>330fe31</code></a>
refactor(config): Update doc comment for <code>GlobSet</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22197">#22197</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/fb3067ca2bafbbf7d75b058788202dc16d994f3e"><code>fb3067c</code></a>
refactor(oxfmt): use shared GlobSet for overrides (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22147">#22147</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/oxc-project/oxc/commits/oxfmt_v0.53.0/npm/oxfmt">compare
view</a></li>
</ul>
</details>
<br />

Updates `oxlint` from 1.62.0 to 1.68.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oxc-project/oxc/releases">oxlint's
releases</a>.</em></p>
<blockquote>
<h2>oxlint v1.27.0 &amp;&amp; oxfmt v0.12.0</h2>
<h1>Oxlint v1.27.0</h1>
<h3>🚀 Features</h3>
<ul>
<li>222a8f0 linter/plugins: Implement
<code>SourceCode#isSpaceBetween</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15498">#15498</a>)
(overlookmotel)</li>
<li>2f9735d linter/plugins: Implement
<code>context.languageOptions</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15486">#15486</a>)
(overlookmotel)</li>
<li>bc731ff linter/plugins: Stub out all <code>Context</code> APIs (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15479">#15479</a>)
(overlookmotel)</li>
<li>5822cb4 linter/plugins: Add <code>extend</code> method to
<code>FILE_CONTEXT</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15477">#15477</a>)
(overlookmotel)</li>
<li>7b1e6f3 apps: Add pure rust binaries and release to github (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15469">#15469</a>)
(Boshen)</li>
<li>2a89b43 linter: Introduce debug assertions after fixes to assert
validity (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15389">#15389</a>)
(camc314)</li>
<li>ad3c45a editor: Add <code>oxc.path.node</code> option (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15040">#15040</a>)
(Sysix)</li>
</ul>
<h3>🐛 Bug Fixes</h3>
<ul>
<li>6f3cd77 linter/no-var: Incorrect warning for blocks (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15504">#15504</a>)
(Hamir Mahal)</li>
<li>6957fb9 linter/plugins: Do not allow access to
<code>Context#id</code> in <code>createOnce</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15489">#15489</a>)
(overlookmotel)</li>
<li>7409630 linter/plugins: Allow access to <code>cwd</code> in
<code>createOnce</code> in ESLint interop mode (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15488">#15488</a>)
(overlookmotel)</li>
<li>732205e parser: Reject <code>using</code> / <code>await using</code>
in a switch <code>case</code> / <code>default</code> clause (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15225">#15225</a>)
(sapphi-red)</li>
<li>a17ca32 linter/plugins: Replace <code>Context</code> class (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15448">#15448</a>)
(overlookmotel)</li>
<li>ecf2f7b language_server: Fail gracefully when tsgolint executable
not found (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15436">#15436</a>)
(camc314)</li>
<li>3c8d3a7 lang-server: Improve logging in failure case for tsgolint
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15299">#15299</a>)
(camc314)</li>
<li>ef71410 linter: Use jsx if source type is JS in fix debug assertion
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15434">#15434</a>)
(camc314)</li>
<li>e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15426">#15426</a>)
(camc314)</li>
<li>6565dbe linter/switch-case-braces: Skip comments when searching for
<code>:</code> token (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15425">#15425</a>)
(camc314)</li>
<li>85bd19a linter/prefer-class-fields: Insert value after type
annotation in fixer (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15423">#15423</a>)
(camc314)</li>
<li>fde753e linter/plugins: Block access to
<code>context.settings</code> in <code>createOnce</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15394">#15394</a>)
(overlookmotel)</li>
<li>ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper
in invalid positions (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15388">#15388</a>)
(camc314)</li>
<li>dac2a9c linter/no-template-curly-in-string: Remove fixer (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15387">#15387</a>)
(camc314)</li>
<li>989b8e3 linter/no-var: Only fix to <code>const</code> if the var has
an initializer (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15385">#15385</a>)
(camc314)</li>
<li>cc403f5 linter/plugins: Return empty object for unimplemented
parserServices (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15364">#15364</a>)
(magic-akari)</li>
</ul>
<h3> Performance</h3>
<ul>
<li>25d577e language_server: Start tools in parallel (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15500">#15500</a>)
(Sysix)</li>
<li>3c57291 linter/plugins: Optimize loops (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15449">#15449</a>)
(overlookmotel)</li>
<li>3166233 linter/plugins: Remove <code>Arc</code>s (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15431">#15431</a>)
(overlookmotel)</li>
<li>9de1322 linter/plugins: Lazily deserialize settings JSON (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15395">#15395</a>)
(overlookmotel)</li>
<li>3049ec2 linter/plugins: Optimize <code>deepFreezeSettings</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15392">#15392</a>)
(overlookmotel)</li>
<li>444ebfd linter/plugins: Use single object for
<code>parserServices</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15378">#15378</a>)
(overlookmotel)</li>
</ul>
<h3>📚 Documentation</h3>
<ul>
<li>97d2104 linter: Update comment in lint.rs about default value for
tsconfig path (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15530">#15530</a>)
(Connor Shea)</li>
<li>2c6bd9e linter: Always refer as &quot;ES2015&quot; instead of
&quot;ES6&quot; (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15411">#15411</a>)
(sapphi-red)</li>
<li>a0c5203 linter/import/named: Update &quot;ES7&quot; comment in
examples (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15410">#15410</a>)
(sapphi-red)</li>
<li>3dc24b5 linter,minifier: Always refer as &quot;ES Modules&quot;
instead of &quot;ES6 Modules&quot; (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15409">#15409</a>)
(sapphi-red)</li>
<li>2ad77fb linter/no-this-before-super: Correct &quot;Why is this
bad?&quot; section (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15408">#15408</a>)
(sapphi-red)</li>
<li>57f0ce1 linter: Add backquotes where appropriate (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15407">#15407</a>)
(sapphi-red)</li>
</ul>
<h1>Oxfmt v0.12.0</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md">oxlint's
changelog</a>.</em></p>
<blockquote>
<h2>[1.68.0] - 2026-06-01</h2>
<h3>🚀 Features</h3>
<ul>
<li>e4b1f46 linter/typescript: Implement
<code>method-signature-style</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22679">#22679</a>)
(Mikhail Baev)</li>
<li>bc462ca linter/vue: Implement no-reserved-component-names rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22741">#22741</a>)
(bab)</li>
<li>ef9e751 linter/vue: Implement component-definition-name-casing rule
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22818">#22818</a>)
(bab)</li>
<li>d67f51a linter/vue: Implement require-prop-type-constructor rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22708">#22708</a>)
(bab)</li>
<li>8422e8b linter/jsdoc: Implement
<code>require-yields-description</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22805">#22805</a>)
(Mikhail Baev)</li>
<li>fe93f97 linter/eslint: Implement
<code>prefer-named-capture-group</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22759">#22759</a>)
(Sebastian Poxhofer)</li>
</ul>
<h2>[1.67.0] - 2026-05-26</h2>
<h3>🚀 Features</h3>
<ul>
<li>b84941e linter/vue: Implement no-expose-after-await rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22675">#22675</a>)
(bab)</li>
<li>98b98c1 linter/vue: Implement no-computed-properties-in-data rule
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22674">#22674</a>)
(bab)</li>
<li>2d4c919 oxlint: Support <code>vite-plus/resolveConfig</code> for
vite.config.ts (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22456">#22456</a>)
(leaysgur)</li>
<li>2a60012 linter/vue: Implement require-render-return rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22613">#22613</a>)
(bab)</li>
<li>9f227fd linter/vue: Implement no-deprecated-props-default-this rule
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/21892">#21892</a>)
(bab)</li>
<li>87f065e linter/vue: Implement return-in-emits-validator rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/21935">#21935</a>)
(bab)</li>
<li>ea0380c linter/unicorn: Implement <code>import-style</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22173">#22173</a>)
(Hao Chen)</li>
<li>dde40fe linter/vue: Implement no-watch-after-await rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22006">#22006</a>)
(bab)</li>
<li>a735eb0 linter/vue: Implement valid-next-tick rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22531">#22531</a>)
(bab)</li>
<li>6dc615d linter/vue: Implement no-shared-component-data rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/21842">#21842</a>)
(bab)</li>
<li>a656418 linter/vue: Implement valid-define-options rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22107">#22107</a>)
(bab)</li>
<li>bb6f1b2 linter/vue: Implement require-slots-as-functions rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22244">#22244</a>)
(bab)</li>
<li>5fa4774 linter/n: Implement <code>callback-return</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22470">#22470</a>)
(Mikhail Baev)</li>
</ul>
<h2>[1.66.0] - 2026-05-18</h2>
<h3>🚀 Features</h3>
<ul>
<li>0440b0f linter/eslint: Implement <code>id-match</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22379">#22379</a>)
(Vladislav Sayapin)</li>
<li>65bf119 linter: Implement react no-object-type-as-default-prop (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22481">#22481</a>)
(uhyo)</li>
<li>2a6ddce linter/eslint: Implement <code>no-implied-eval</code> rule
(<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22391">#22391</a>)
(Vladislav Sayapin)</li>
<li>625758a linter/vitest: Implement padding-around-after-all-blocks
rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/21788">#21788</a>)
(kapobajza)</li>
<li>37680b0 linter: Implement react no-unstable-nested-components (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22248">#22248</a>)
(Jovi De Croock)</li>
<li>d8d9c74 linter: Implement import/newline-after-import rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/19142">#19142</a>)
(Ryuya Yanagi)</li>
</ul>
<h2>[1.65.0] - 2026-05-15</h2>
<h3>🚀 Features</h3>
<ul>
<li>5478fb5 linter/jsdoc: Implement
<code>require-throws-description</code> rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22386">#22386</a>)
(Mikhail Baev)</li>
<li>c73225e linter/eslint: Implement <code>prefer-arrow-callback</code>
rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22312">#22312</a>)
(박천(Cheon Park))</li>
<li>de82b59 linter: Add support for
<code>eslint-plugin-jsx-a11y-x</code> (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22356">#22356</a>)
(mehm8128)</li>
<li>f44b6c8 linter: Fill schemas <code>DummyRuleMap</code> with built-in
rules (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22288">#22288</a>)
(Sysix)</li>
</ul>
<h2>[1.64.0] - 2026-05-11</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oxc-project/oxc/commit/964a7580840f394d67c149ea083e35a1e74c128f"><code>964a758</code></a>
release(apps): oxlint v1.68.0 &amp;&amp; oxfmt v0.53.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22883">#22883</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/3f05c5e1267c25daa1c90babd84427f59acf96be"><code>3f05c5e</code></a>
feat(linter): expose <code>override::exclude_files</code> option (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22884">#22884</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/e4b1f46bec95da661af72f513e769d729ff605c6"><code>e4b1f46</code></a>
feat(linter/typescript): implement <code>method-signature-style</code>
rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22679">#22679</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/bc462ca5a778c246d6185d9b8d2cbdf3919ed527"><code>bc462ca</code></a>
feat(linter/vue): implement no-reserved-component-names rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22741">#22741</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/ef9e75170dca39091e4aa8360f7d59dc5aa206eb"><code>ef9e751</code></a>
feat(linter/vue): implement component-definition-name-casing rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22818">#22818</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/d67f51aba16939ce33b21c7504e177a9ff1c6887"><code>d67f51a</code></a>
feat(linter/vue): implement require-prop-type-constructor rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22708">#22708</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/8422e8bc44db47033ce516f9375867624e265823"><code>8422e8b</code></a>
feat(linter/jsdoc): implement <code>require-yields-description</code>
rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22805">#22805</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/fe93f9718ac09bab79286eb6dbc90ad14f8270bd"><code>fe93f97</code></a>
feat(linter/eslint): implement <code>prefer-named-capture-group</code>
rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22759">#22759</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/68b455d84f0b18bd6646cfe4f9babb12ec4fc448"><code>68b455d</code></a>
release(apps): oxlint v1.67.0 &amp;&amp; oxfmt v0.52.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22735">#22735</a>)</li>
<li><a
href="https://github.com/oxc-project/oxc/commit/b84941e69e2e630e998fe6b1e90b0506608f7caa"><code>b84941e</code></a>
feat(linter/vue): implement no-expose-after-await rule (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22675">#22675</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/oxc-project/oxc/commits/oxlint_v1.68.0/npm/oxlint">compare
view</a></li>
</ul>
</details>
<br />

Updates `tsx` from 4.21.0 to 4.22.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/privatenumber/tsx/releases">tsx's
releases</a>.</em></p>
<blockquote>
<h2>v4.22.4</h2>
<h2><a
href="https://github.com/privatenumber/tsx/compare/v4.22.3...v4.22.4">4.22.4</a>
(2026-05-31)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>resolve CommonJS directory requires inside dependencies (<a
href="https://redirect.github.com/privatenumber/tsx/issues/803">#803</a>)
(<a
href="https://github.com/privatenumber/tsx/commit/1ce846335b7c445a3328c7d27f06424949356d97">1ce8463</a>)</li>
</ul>
<hr />
<p>This release is also available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/tsx/v/4.22.4"><code>npm
package (@​latest dist-tag)</code></a></li>
</ul>
<h2>v4.22.3</h2>
<h2><a
href="https://github.com/privatenumber/tsx/compare/v4.22.2...v4.22.3">4.22.3</a>
(2026-05-19)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>decode typed loader source (<a
href="https://github.com/privatenumber/tsx/commit/dce02fc3b8b64a58d24560714902b16f89332f1f">dce02fc</a>)</li>
<li>preserve entrypoint with TypeScript preload hooks (<a
href="https://github.com/privatenumber/tsx/commit/68f72f3304d8c3ff7048bde8571af9c163fcefa2">68f72f3</a>)</li>
</ul>
<hr />
<p>This release is also available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/tsx/v/4.22.3"><code>npm
package (@​latest dist-tag)</code></a></li>
</ul>
<h2>v4.22.2</h2>
<h2><a
href="https://github.com/privatenumber/tsx/compare/v4.22.1...v4.22.2">4.22.2</a>
(2026-05-18)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>preserve CJS JSON require in ESM hooks (<a
href="https://github.com/privatenumber/tsx/commit/35b700bd8620696df03827068af29dcd0d091a60">35b700b</a>)</li>
<li>preserve named exports from CommonJS TypeScript (<a
href="https://github.com/privatenumber/tsx/commit/11de737dae1fb9dae28db3716df5b1a7e1a6a089">11de737</a>)</li>
<li>support module.exports require(esm) interop (<a
href="https://github.com/privatenumber/tsx/commit/cf8f19918e4e0a0dc5ee5c52d8cc15e5e22d7c49">cf8f199</a>)</li>
</ul>
<hr />
<p>This release is also available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/tsx/v/4.22.2"><code>npm
package (@​latest dist-tag)</code></a></li>
</ul>
<h2>v4.22.1</h2>
<h2><a
href="https://github.com/privatenumber/tsx/compare/v4.22.0...v4.22.1">4.22.1</a>
(2026-05-17)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>resolve tsconfig path aliases containing a colon (<a
href="https://redirect.github.com/privatenumber/tsx/issues/780">#780</a>)
(<a
href="https://github.com/privatenumber/tsx/commit/6979f28810829dc79ec9baf406e162a18b65ab4b">6979f28</a>)</li>
</ul>
<hr />
<p>This release is also available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/tsx/v/4.22.1"><code>npm
package (@​latest dist-tag)</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/privatenumber/tsx/commit/1ce846335b7c445a3328c7d27f06424949356d97"><code>1ce8463</code></a>
fix: resolve CommonJS directory requires inside dependencies (<a
href="https://redirect.github.com/privatenumber/tsx/issues/803">#803</a>)</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/dce02fc3b8b64a58d24560714902b16f89332f1f"><code>dce02fc</code></a>
fix: decode typed loader source</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/68f72f3304d8c3ff7048bde8571af9c163fcefa2"><code>68f72f3</code></a>
fix: preserve entrypoint with TypeScript preload hooks</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/69455cfefbfe71100a3c58d3ce7cea42445d9113"><code>69455cf</code></a>
test: cover package exports for ambiguous ESM reexports</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/35b700bd8620696df03827068af29dcd0d091a60"><code>35b700b</code></a>
fix: preserve CJS JSON require in ESM hooks</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/ef807dba6832260fb4cafd78d81f5469a733966b"><code>ef807db</code></a>
chore: update testing dependencies</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/3917090d4f61863ea6ea16e4a9a3722a112cc3f7"><code>3917090</code></a>
test: document compatibility test taxonomy</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/de8113ffa8edbcd4e05fa218324c3e8c2a4afdbe"><code>de8113f</code></a>
refactor: centralize Node capability facts</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/c1f62db45ada60b24ceb3dfdf7f64173d9a15396"><code>c1f62db</code></a>
test: consolidate tsconfig path edge coverage</li>
<li><a
href="https://github.com/privatenumber/tsx/commit/4e08174ec10276ac71c9a69eb28426ad702d0c76"><code>4e08174</code></a>
test: consolidate loader hook coverage</li>
<li>Additional commits viewable in <a
href="https://github.com/privatenumber/tsx/compare/v4.21.0...v4.22.4">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for tsx since your current version.</p>
</details>
<br />

Updates `@agentclientprotocol/sdk` from 0.18.2 to 0.24.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/agentclientprotocol/typescript-sdk/releases">@​agentclientprotocol/sdk's
releases</a>.</em></p>
<blockquote>
<h2>v0.24.0</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.23.0...v0.24.0">0.24.0</a>
(2026-06-02)</h2>
<h3>Features</h3>
<ul>
<li>Add resilient schema deserialization (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/167">#167</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/5864e7306e0feb0852cef9aee2a5ba53a0a7f627">5864e73</a>)</li>
<li><strong>schema:</strong> Stabilize addl dirs and remove unstable
model selectors (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/165">#165</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/fa6e30280874ccd702cc4ab7577d402d2864f619">fa6e302</a>)</li>
</ul>
<h2>v0.23.0</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.22.1...v0.23.0">0.23.0</a>
(2026-06-01)</h2>
<h3>Features</h3>
<ul>
<li><strong>schema:</strong> Stabilize logout and update schema to
v0.13.4 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/163">#163</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/cfd900a981eb00dbcdee52db2b2b38847a957328">cfd900a</a>)</li>
</ul>
<h2>v0.22.1</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.22.0...v0.22.1">0.22.1</a>
(2026-05-18)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Event ordering (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/153">#153</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/7b632266f009865d0e8e64def5cd55367363845b">7b63226</a>)</li>
</ul>
<h2>v0.22.0</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.21.1...v0.22.0">0.22.0</a>
(2026-05-18)</h2>
<h3>Features</h3>
<ul>
<li><strong>unstable:</strong> Add session delete handling (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/152">#152</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/f9384f59008298b44fd1e22e5dde3f2e922fc7ec">f9384f5</a>)</li>
<li>Update schema to v0.13.2 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/150">#150</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/b15960b74667f9a582470d58c18ebb9054e5acfd">b15960b</a>)</li>
</ul>
<h2>v0.21.1</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.21.0...v0.21.1">0.21.1</a>
(2026-05-14)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>emit .js extensions in generated schema barrel for nodenext
consumers (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/146">#146</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/63b96db49d4826c02fe4afc62a7754db1f9f9ef7">63b96db</a>)</li>
</ul>
<h2>v0.21.0</h2>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.20.0...v0.21.0">0.21.0</a>
(2026-04-28)</h2>
<h3>Features</h3>
<ul>
<li><strong>unstable:</strong> Add <code>providers/*</code> support (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/138">#138</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/e234c213d362d2cd170f8215fa0758a62a59d54e">e234c21</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/agentclientprotocol/typescript-sdk/blob/main/CHANGELOG.md">@​agentclientprotocol/sdk's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.23.0...v0.24.0">0.24.0</a>
(2026-06-02)</h2>
<h3>Features</h3>
<ul>
<li>Add resilient schema deserialization (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/167">#167</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/5864e7306e0feb0852cef9aee2a5ba53a0a7f627">5864e73</a>)</li>
<li><strong>schema:</strong> Stabilize addl dirs and remove unstable
model selectors (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/165">#165</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/fa6e30280874ccd702cc4ab7577d402d2864f619">fa6e302</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.22.1...v0.23.0">0.23.0</a>
(2026-06-01)</h2>
<h3>Features</h3>
<ul>
<li><strong>schema:</strong> Stabilize logout and update schema to
v0.13.4 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/163">#163</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/cfd900a981eb00dbcdee52db2b2b38847a957328">cfd900a</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.22.0...v0.22.1">0.22.1</a>
(2026-05-18)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Event ordering (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/153">#153</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/7b632266f009865d0e8e64def5cd55367363845b">7b63226</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.21.1...v0.22.0">0.22.0</a>
(2026-05-18)</h2>
<h3>Features</h3>
<ul>
<li><strong>unstable:</strong> Add session delete handling (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/152">#152</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/f9384f59008298b44fd1e22e5dde3f2e922fc7ec">f9384f5</a>)</li>
<li>Update schema to v0.13.2 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/150">#150</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/b15960b74667f9a582470d58c18ebb9054e5acfd">b15960b</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.21.0...v0.21.1">0.21.1</a>
(2026-05-14)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>emit .js extensions in generated schema barrel for nodenext
consumers (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/146">#146</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/63b96db49d4826c02fe4afc62a7754db1f9f9ef7">63b96db</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.20.0...v0.21.0">0.21.0</a>
(2026-04-28)</h2>
<h3>Features</h3>
<ul>
<li><strong>unstable:</strong> Add <code>providers/*</code> support (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/138">#138</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/e234c213d362d2cd170f8215fa0758a62a59d54e">e234c21</a>)</li>
</ul>
<h2><a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.19.2...v0.20.0">0.20.0</a>
(2026-04-23)</h2>
<h3>Features</h3>
<ul>
<li>Stabilize <code>closeSession</code> and <code>resumeSession</code>
(<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/132">#132</a>)
(<a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/806d307ba92e824e859075f3f72fe1e9b35b8f0b">806d307</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/8966c11c6e88da3a4adfd16f1789ff71c723c530"><code>8966c11</code></a>
chore(main): release 0.24.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/166">#166</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/5864e7306e0feb0852cef9aee2a5ba53a0a7f627"><code>5864e73</code></a>
feat: Add resilient schema deserialization (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/167">#167</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/fa6e30280874ccd702cc4ab7577d402d2864f619"><code>fa6e302</code></a>
feat(schema): Stabilize addl dirs and remove unstable model selectors
(<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/165">#165</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/0c2e622a11d49da21b8abdd76ce4cd659ba8c74f"><code>0c2e622</code></a>
chore(main): release 0.23.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/164">#164</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/cfd900a981eb00dbcdee52db2b2b38847a957328"><code>cfd900a</code></a>
feat(schema): Stabilize logout and update schema to v0.13.4 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/163">#163</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/171a253ae61a243469f4cee547e447d7a7f3ddbf"><code>171a253</code></a>
chore(deps-dev): bump concurrently from 9.2.1 to 10.0.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/162">#162</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/0ecf00184fa194f2006e19d364befb0551fb7d58"><code>0ecf001</code></a>
chore(deps): bump the minor group with 19 updates (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/161">#161</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/ca74103730cf1c68bdcf89301847aadca8cfb797"><code>ca74103</code></a>
chore(deps): bump crate-ci/typos from 1.46.2 to 1.47.0 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/160">#160</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/c6a9c9487d64e884536a6c74d1190f5243796746"><code>c6a9c94</code></a>
chore(deps): bump crate-ci/typos from 1.46.1 to 1.46.2 (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/158">#158</a>)</li>
<li><a
href="https://github.com/agentclientprotocol/typescript-sdk/commit/c7256e7c5d7c8ff8ee888f447210829996a4da78"><code>c7256e7</code></a>
chore(deps): bump the minor group with 43 updates (<a
href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/159">#159</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.18.2...v0.24.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/langgraph` from 1.2.9 to 1.3.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/releases">@​langchain/langgraph's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/langgraph</code><a
href="https://github.com/1"><code>@​1</code></a>.3.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2035">#2035</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/7c3a98b23af29fee0d9f064942abb71044ed0e51"><code>7c3a98b</code></a>
Thanks <a
href="https://github.com/JadenKim-dev"><code>@​JadenKim-dev</code></a>!
- fix(core): prevent Zod schema defaults from overwriting checkpoint
state in Command.update</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/04915347128e40fc9617647cadba6b472a357d36"><code>0491534</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.12</li>
</ul>
</li>
</ul>
<h2><code>@​langchain/langgraph</code><a
href="https://github.com/1"><code>@​1</code></a>.3.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2037">#2037</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/9eb478ffeeda2ad9c3bff2cd0f0ac602b0a79f4f"><code>9eb478f</code></a>
Thanks <a
href="https://github.com/pawel-twardziak"><code>@​pawel-twardziak</code></a>!
- Decouple <code>ContextType</code> generic from
<code>configurable</code> in <code>PregelOptions</code> so that
providing a custom context type no longer incorrectly narrows the
configurable parameter.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2457">#2457</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/91a54947155b3fad3234001e63e20099a63ed999"><code>91a5494</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph): pass context with stateful RemoteGraph runs</p>
<p>Pop <code>thread_id</code> from run <code>config.configurable</code>
and forward <code>context</code> to the SDK so checkpointed remote runs
accept user context without a 400 from ambiguous parameters. Closes <a
href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1922">#1922</a>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/1988">#1988</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/6d4bf927e5cf3744034205528bcd09964949d6d7"><code>6d4bf92</code></a>
Thanks <a href="https://github.com/Axadali"><code>@​Axadali</code></a>!
- Fix race condition in IterableReadableWritableStream.push() that
caused ERR_INVALID_STATE errors when streaming with multiple parallel
nodes and aborting the stream.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2409">#2409</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/101b70aa8d7ec26ec1654ef814689b832f1e17f3"><code>101b70a</code></a>
Thanks <a
href="https://github.com/pragnyanramtha"><code>@​pragnyanramtha</code></a>!
- Preserve non-plain objects passed through <code>Send</code> and
<code>Command</code> argument deserialization.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>
Thanks <a
href="https://github.com/apps/dependabot"><code>@​dependabot</code></a>!
- chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering
stable</p>
<p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages.
Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances
the sub-millisecond time counter when an explicit <code>clockseq</code>
is passed, so checkpoint IDs created within the same millisecond were
ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted
lexicographically, this broke ordering — most visibly for the negative
<code>clockseq</code> used by the first (&quot;input&quot;) checkpoint,
which sorted as the newest.</p>
<p><code>uuid6()</code> now maintains its own monotonic <code>(msecs,
nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the
time component is always strictly increasing and checkpoint ordering no
longer depends on the <code>clockseq</code> value.
<code>emptyCheckpoint()</code> also uses a non-negative
<code>clockseq</code>.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/863b555346de02c2c0be290e877b7d260a3f8856"><code>863b555</code></a>,
<a
href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.11</li>
<li><code>@​langchain/langgraph-checkpoint</code><a
href="https://github.com/1"><code>@​1</code></a>.0.4</li>
</ul>
</li>
</ul>
<h2><code>@​langchain/langgraph-checkpoint-mongodb</code><a
href="https://github.com/1"><code>@​1</code></a>.3.3</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2260">#2260</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/4d03dcbc28bbfdf4c0f0ac065b9853652836d2f9"><code>4d03dcb</code></a>
Thanks <a
href="https://github.com/venkat22022202"><code>@​venkat22022202</code></a>!
- fix(mongodb): include pendingWrites in list() results</li>
</ul>
<h2><code>@​langchain/langgraph</code><a
href="https://github.com/1"><code>@​1</code></a>.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2415">#2415</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/9d3c9dd3182059f9eca9fd9b14d8f7466b4338c4"><code>9d3c9dd</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- Move <code>@langchain/core</code> from a runtime dependency back to a
required peer dependency so installing the SDK alone no longer pulls in
<code>@langchain/core</code> (and <code>js-tiktoken</code>, etc.).
Consumers that use streaming or message coercion must install
<code>@langchain/core</code> explicitly or via
<code>@langchain/langgraph</code>.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/9d3c9dd3182059f9eca9fd9b14d8f7466b4338c4"><code>9d3c9dd</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.4</li>
</ul>
</li>
</ul>
<h2><code>@​langchain/langgraph-checkpoint-mongodb</code><a
href="https://github.com/1"><code>@​1</code></a>.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2186">#2186</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/26c2e325f435a2c061d6b78a7bd6af089cb1e0e6"><code>26c2e32</code></a>
Thanks <a
href="https://github.com/jackjin1997"><code>@​jackjin1997</code></a>! -
fix: metadata filter in list() now works by querying a plain JSON shadow
copy instead of the serialized binary blob</li>
</ul>
<h2><code>@​langchain/langgraph</code><a
href="https://github.com/1"><code>@​1</code></a>.3.1</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/langgraph-core/CHANGELOG.md">@​langchain/langgraph's
changelog</a>.</em></p>
<blockquote>
<h2>1.3.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2035">#2035</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/7c3a98b23af29fee0d9f064942abb71044ed0e51"><code>7c3a98b</code></a>
Thanks <a
href="https://github.com/JadenKim-dev"><code>@​JadenKim-dev</code></a>!
- fix(core): prevent Zod schema defaults from overwriting checkpoint
state in Command.update</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/04915347128e40fc9617647cadba6b472a357d36"><code>0491534</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.12</li>
</ul>
</li>
</ul>
<h2>1.3.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2037">#2037</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/9eb478ffeeda2ad9c3bff2cd0f0ac602b0a79f4f"><code>9eb478f</code></a>
Thanks <a
href="https://github.com/pawel-twardziak"><code>@​pawel-twardziak</code></a>!
- Decouple <code>ContextType</code> generic from
<code>configurable</code> in <code>PregelOptions</code> so that
providing a custom context type no longer incorrectly narrows the
configurable parameter.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2457">#2457</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/91a54947155b3fad3234001e63e20099a63ed999"><code>91a5494</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph): pass context with stateful RemoteGraph runs</p>
<p>Pop <code>thread_id</code> from run <code>config.configurable</code>
and forward <code>context</code> to the SDK so checkpointed remote runs
accept user context without a 400 from ambiguous parameters. Closes <a
href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1922">#1922</a>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/1988">#1988</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/6d4bf927e5cf3744034205528bcd09964949d6d7"><code>6d4bf92</code></a>
Thanks <a href="https://github.com/Axadali"><code>@​Axadali</code></a>!
- Fix race condition in IterableReadableWritableStream.push() that
caused ERR_INVALID_STATE errors when streaming with multiple parallel
nodes and aborting the stream.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2409">#2409</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/101b70aa8d7ec26ec1654ef814689b832f1e17f3"><code>101b70a</code></a>
Thanks <a
href="https://github.com/pragnyanramtha"><code>@​pragnyanramtha</code></a>!
- Preserve non-plain objects passed through <code>Send</code> and
<code>Command</code> argument deserialization.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>
Thanks <a
href="https://github.com/apps/dependabot"><code>@​dependabot</code></a>!
- chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering
stable</p>
<p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages.
Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances
the sub-millisecond time counter when an explicit <code>clockseq</code>
is passed, so checkpoint IDs created within the same millisecond were
ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted
lexicographically, this broke ordering — most visibly for the negative
<code>clockseq</code> used by the first (&quot;input&quot;) checkpoint,
which sorted as the newest.</p>
<p><code>uuid6()</code> now maintains its own monotonic <code>(msecs,
nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the
time component is always strictly increasing and checkpoint ordering no
longer depends on the <code>clockseq</code> value.
<code>emptyCheckpoint()</code> also uses a non-negative
<code>clockseq</code>.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/863b555346de02c2c0be290e877b7d260a3f8856"><code>863b555</code></a>,
<a
href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.11</li>
<li><code>@​langchain/langgraph-checkpoint</code><a
href="https://github.com/1"><code>@​1</code></a>.0.4</li>
</ul>
</li>
</ul>
<h2>1.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2415">#2415</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/9d3c9dd3182059f9eca9fd9b14d8f7466b4338c4"><code>9d3c9dd</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- Move <code>@langchain/core</code> from a runtime dependency back to a
required peer dependency so installing the SDK alone no longer pulls in
<code>@langchain/core</code> (and <code>js-tiktoken</code>, etc.).
Consumers that use streaming or message coercion must install
<code>@langchain/core</code> explicitly or via
<code>@langchain/langgraph</code>.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/langchain-ai/langgraphjs/commit/9d3c9dd3182059f9eca9fd9b14d8f7466b4338c4"><code>9d3c9dd</code></a>]:</p>
<ul>
<li><code>@​langchain/langgraph-sdk</code><a
href="https://github.com/1"><code>@​1</code></a>.9.4</li>
</ul>
</li>
</ul>
<h2>1.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2339">#2339</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/2b88da497b2c6f8fbf8f4d901578a198824eb32f"><code>2b88da4</code></a>
Thanks <a
href="https://github.com/vigneshpatel14"><code>@​vigneshpatel14</code></a>!
- fix(langgraph): surface structuredResponse parse failures in
createReactAgent</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2406">#2406</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/e54ae901e119ccf81653b90d5a0db2485027a5a9"><code>e54ae90</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(langgraph-core): keep tool results out of v3 message streams</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/c6b29fb040963e3dcedb7e98ee3a3e3a728e5f82"><code>c6b29fb</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2465">#2465</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/7c3a98b23af29fee0d9f064942abb71044ed0e51"><code>7c3a98b</code></a>
fix(core): prevent Zod schema defaults from overwriting checkpoint state
in C...</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/d2ca90f8e2cfbba547a9645d81e7c5340d1e7ebf"><code>d2ca90f</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2453">#2453</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/101b70aa8d7ec26ec1654ef814689b832f1e17f3"><code>101b70a</code></a>
fix: preserve non-plain Send args (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2409">#2409</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>
chore(deps): bump uuid from 10.0.0 to 14.0.0 (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2344">#2344</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/91a54947155b3fad3234001e63e20099a63ed999"><code>91a5494</code></a>
fix(langgraph): pass context with stateful RemoteGraph runs (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2457">#2457</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/6d4bf927e5cf3744034205528bcd09964949d6d7"><code>6d4bf92</code></a>
fix(langgraph): StreamMessagesHandler throws &quot;Controller is already
closed&quot; e...</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/c5dcbd176dba4d7b76b8e2c27b4bc0ed0a9109ac"><code>c5dcbd1</code></a>
fix(langgraph): handle null thread checkpoint in RemoteGraph.getState
(<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2331">#2331</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/9eb478ffeeda2ad9c3bff2cd0f0ac602b0a79f4f"><code>9eb478f</code></a>
fix(langgraph): decouple ContextType from configurable in PregelOptions
(<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2037">#2037</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/4d12fe0233aa1283c1d7aa1790a7015df9856f66"><code>4d12fe0</code></a>
docs: more readme cleanups</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph@1.3.4/libs/langgraph-core">co...

_Description has been truncated_

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: John Kennedy <65985482+jkennedyvz@users.noreply.github.com>
2026-06-08 14:41:48 -07:00
Alexei Vedernikov e3d4b5367b feat(deepagents): support direct skill paths as sources in createSkillsMiddleware (#242)
## Description

Previously, sources had to be parent directories (e.g. `/skills/`) whose
subdirectories each contained a SKILL.md. Passing a direct skill path
(e.g. `/skills/my-skill/`) had no effect because `listSkillsFromBackend`
scanned for subdirectories inside the source, found none, and returned
an empty list.

## Real case

The motivating scenario is when a curated list of skills organised as
individual directories under a shared directory. Each skill has a clear
responsibility, and different skills are intentionally assigned to the
orchestrator agent vs. subagents:

```typescript
// Desired: pass individual skill paths — one per capability
const SHARED_SKILLS = ['/skills/web-research/'];

const ORCHESTRATOR_SKILLS = [
  '/skills/requirement-completeness-validator/',
  '/skills/diff-risk-analyzer/',
];

createDeepAgent({
  skills: [...SHARED_SKILLS, ...ORCHESTRATOR_SKILLS],
  subagents: subagentsConfig.map(agentConfig => ({
    skills: [
      ...SHARED_SKILLS,
      ...agentConfig.skills,
    ]
  }))
});
```

The workaround would be to create nested directories like this:
```
skills/
  web-research/
    web-research/
      SKILL.md
  equirement-completeness-validator/
    equirement-completeness-validator/
      SKILL.md
  ...and so on
```

## What's done

Detection is done by inspecting the lsInfo() result of the source
directory: if a SKILL.md file appears directly in the listing, the
source itself is treated as the skill directory. Otherwise the existing
parent-directory scan runs unchanged.

The two modes can be freely mixed in the sources array:
```ts
sources: [
  '/skills/',               // parent dir: all subdirs with SKILL.md
  '/skills/my-skill/',      // direct path: SKILL.md at its root
 ]
 ```

---------

Co-authored-by: Hunter Lovell <40191806+hntrl@users.noreply.github.com>
2026-06-07 14:08:52 -07:00
dependabot[bot] 82fc0aeeb0 build(deps): bump the patch-deps-updates-main group across 1 directory with 17 updates (#580)
Bumps the patch-deps-updates-main group with 17 updates in the /
directory:

| Package | From | To |
| --- | --- | --- |
| [@langchain/core](https://github.com/langchain-ai/langchainjs) |
`1.1.42` | `1.1.48` |
|
[@langchain/langgraph-checkpoint](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint)
| `1.0.1` | `1.0.4` |
|
[@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8)
| `4.1.5` | `4.1.8` |
|
[@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui)
| `4.1.5` | `4.1.8` |
|
[vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)
| `4.1.5` | `4.1.8` |
| [zod](https://github.com/colinhacks/zod) | `4.4.1` | `4.4.3` |
| [@langchain/openai](https://github.com/langchain-ai/langchainjs) |
`1.4.5` | `1.4.7` |
| [modal](https://github.com/modal-labs/modal-client) | `0.7.4` |
`0.7.6` |
|
[@sveltejs/acorn-typescript](https://github.com/sveltejs/acorn-typescript)
| `1.0.9` | `1.0.10` |
|
[@types/estree](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/estree)
| `1.0.8` | `1.0.9` |
| [hono](https://github.com/honojs/hono) | `4.12.18` | `4.12.23` |
| [@hono/node-server](https://github.com/honojs/node-server) | `2.0.1` |
`2.0.4` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) |
`19.2.5` | `19.2.7` |
|
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)
| `19.2.14` | `19.2.16` |
|
[react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom)
| `19.2.5` | `19.2.7` |
|
[@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react)
| `6.0.1` | `6.0.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) |
`8.0.10` | `8.0.16` |


Updates `@langchain/core` from 1.1.42 to 1.1.48
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchainjs/releases">@​langchain/core's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/core</code><a
href="https://github.com/1"><code>@​1</code></a>.1.48</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10832">#10832</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/1b24369a970ad6f56f1f428027f48601f87e62eb"><code>1b24369</code></a>
Thanks <a
href="https://github.com/info-arnav"><code>@​info-arnav</code></a>! -
fix(core, openrouter): make CJS default re-exports callable</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10666">#10666</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/2bb55b053f49f89e81e3252a7af08e86d71ddd95"><code>2bb55b0</code></a>
Thanks <a
href="https://github.com/hnustwjj"><code>@​hnustwjj</code></a>! -
feat(openrouter): surface reasoning content as v1 standard content
blocks</p>
<p><code>convertOpenRouterResponseToBaseMessage</code> and
<code>convertOpenRouterDeltaToBaseMessageChunk</code> now copy
OpenRouter's
<code>reasoning</code> (flat string) and <code>reasoning_details</code>
(structured array) fields
onto <code>additional_kwargs.reasoning_content</code> /
<code>additional_kwargs.reasoning_details</code>.
A new <code>ChatOpenRouterTranslator</code> is registered in
<code>@langchain/core</code> under
the <code>&quot;openrouter&quot;</code> provider key so
<code>AIMessage.contentBlocks</code> emits standard
<code>{type: &quot;reasoning&quot;}</code> blocks alongside text and
tool calls.</p>
<p>Previously, reasoning text returned by reasoning-capable models
routed
through OpenRouter (DeepSeek R1, Minimax M2, Claude extended thinking,
o-series, etc.) was silently dropped: only the
<code>reasoning_tokens</code> count
was preserved via <code>usage_metadata</code>. Consumers using standard
content blocks
(including the frontend agent UI patterns shown in the docs) could not
display the model's chain of thought.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10918">#10918</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/3999fab55870c6eea22d6d90c08aa472f9b2fac3"><code>3999fab</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(openai): stream custom tool calls through Responses API chunks</p>
</li>
</ul>
<h2><code>@​langchain/core</code><a
href="https://github.com/1"><code>@​1</code></a>.1.47</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10906">#10906</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/f61b3450f275831e47e69c08899b4a2b67b4bdb3"><code>f61b345</code></a>
Thanks <a href="https://github.com/hntrl"><code>@​hntrl</code></a>! -
feat(core): add uuid v6 utility support</p>
<p>Add <code>v6</code> UUID generation support to
<code>@langchain/core/utils/uuid</code> by vendoring the upstream uuidjs
<code>v6</code> implementation and its <code>v1ToV6</code> helper,
exporting <code>v6</code> from the UUID utils index, and adding tests
for deterministic generation, buffer/offset behavior,
validation/versioning, and ordering.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10872">#10872</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/a64007997a4940f51bba3c1c83dae89d1ccfb692"><code>a640079</code></a>
Thanks <a href="https://github.com/hntrl"><code>@​hntrl</code></a>! -
chore(deps): remove redundant <code>@​types/uuid</code> declarations</p>
<p>Remove <code>@types/uuid</code> from package manifests that rely on
<code>@langchain/core/utils/uuid</code> or do not require uuid type
stubs directly, and refresh the lockfile entries accordingly.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10792">#10792</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/3682268cd1844b2573b01f07bee367e21cb7bdc7"><code>3682268</code></a>
Thanks <a href="https://github.com/Genmin"><code>@​Genmin</code></a>! -
fix(core): apply v1 message casting after implicit streaming
aggregation</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10901">#10901</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/f26fc4a6f461d6d0f86d59bd00197ad510432c4a"><code>f26fc4a</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(testing): share fakeModel invocation state across bindTools
instances</p>
</li>
</ul>
<h2><code>@​langchain/core</code><a
href="https://github.com/1"><code>@​1</code></a>.1.46</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10847">#10847</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/1659e7d36e31e315c890fa98f43db887f7a2d52b"><code>1659e7d</code></a>
Thanks <a href="https://github.com/hntrl"><code>@​hntrl</code></a>! -
chore(core): reduce transitive dependency exposure and tighten release
hygiene</p>
<p>Remove direct runtime dependencies on <code>ansi-styles</code>,
<code>camelcase</code>, and <code>decamelize</code>
by inlining equivalent logic in core internals, and enable npm
provenance in the
release workflow.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10790">#10790</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/ef78bc6a21f9a8808ba95c98db2023f0a6b51bcc"><code>ef78bc6</code></a>
Thanks <a href="https://github.com/Genmin"><code>@​Genmin</code></a>! -
fix(core): keep different content block types separate when merging
chunks</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langchainjs/commits/@langchain/core@1.1.48">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/langgraph-checkpoint` from 1.0.1 to 1.0.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/releases">@​langchain/langgraph-checkpoint's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/langgraph-checkpoint</code><a
href="https://github.com/1"><code>@​1</code></a>.0.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>
Thanks <a
href="https://github.com/apps/dependabot"><code>@​dependabot</code></a>!
- chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering
stable</p>
<p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages.
Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances
the sub-millisecond time counter when an explicit <code>clockseq</code>
is passed, so checkpoint IDs created within the same millisecond were
ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted
lexicographically, this broke ordering — most visibly for the negative
<code>clockseq</code> used by the first (&quot;input&quot;) checkpoint,
which sorted as the newest.</p>
<p><code>uuid6()</code> now maintains its own monotonic <code>(msecs,
nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the
time component is always strictly increasing and checkpoint ordering no
longer depends on the <code>clockseq</code> value.
<code>emptyCheckpoint()</code> also uses a non-negative
<code>clockseq</code>.</p>
</li>
</ul>
<h2><code>@​langchain/langgraph-checkpoint</code><a
href="https://github.com/1"><code>@​1</code></a>.0.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2352">#2352</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a>
Thanks <a
href="https://github.com/Nagendhra-web"><code>@​Nagendhra-web</code></a>!
- fix(langgraph-checkpoint): block prototype pollution in MemorySaver
via reserved storage keys</p>
<p><code>MemorySaver</code> previously embedded <code>thread_id</code>,
<code>checkpoint_ns</code>,
<code>checkpoint_id</code>, and <code>task_id</code> directly into
property accesses on the
nested plain objects <code>this.storage</code> and
<code>this.writes</code>. A caller able to
shape any of those fields (every quickstart, tutorial, and test fixture
uses <code>MemorySaver</code> by default) could pass
<code>&quot;__proto__&quot;</code>,
<code>&quot;constructor&quot;</code>, or
<code>&quot;prototype&quot;</code> and have the subsequent assignment
mutate <code>Object.prototype</code>. From that point every plain object
in the
process inherits the injected property, breaking <code>for...in</code>
loops,
truthy short-circuits, and downstream serializers across unrelated code
paths. CWE-1321.</p>
<p>Adds an <code>assertSafeStorageKey</code> chokepoint applied at every
public entry
that touches <code>storage</code> or <code>writes</code>
(<code>put</code>, <code>putWrites</code>, <code>deleteThread</code>,
<code>getTuple</code>, <code>list</code>). The guard rejects non-string
values, the empty
string (unless explicitly opted-in for <code>checkpoint_ns</code>), and
the three
prototype-pollution keys. Behaviour for valid string identifiers is
unchanged.</p>
</li>
</ul>
<h2><code>@​langchain/langgraph-checkpoint-postgres</code><a
href="https://github.com/1"><code>@​1</code></a>.0.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2255">#2255</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/e82a50b961a9413dab1ad2248747d5c73a6a1e58"><code>e82a50b</code></a>
Thanks <a
href="https://github.com/leesta24"><code>@​leesta24</code></a>! -
fix(checkpoint-postgres): move serialization outside transaction in
put()</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/checkpoint/CHANGELOG.md">@​langchain/langgraph-checkpoint's
changelog</a>.</em></p>
<blockquote>
<h2>1.0.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>
Thanks <a
href="https://github.com/apps/dependabot"><code>@​dependabot</code></a>!
- chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering
stable</p>
<p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages.
Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances
the sub-millisecond time counter when an explicit <code>clockseq</code>
is passed, so checkpoint IDs created within the same millisecond were
ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted
lexicographically, this broke ordering — most visibly for the negative
<code>clockseq</code> used by the first (&quot;input&quot;) checkpoint,
which sorted as the newest.</p>
<p><code>uuid6()</code> now maintains its own monotonic <code>(msecs,
nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the
time component is always strictly increasing and checkpoint ordering no
longer depends on the <code>clockseq</code> value.
<code>emptyCheckpoint()</code> also uses a non-negative
<code>clockseq</code>.</p>
</li>
</ul>
<h2>1.0.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2352">#2352</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a>
Thanks <a
href="https://github.com/Nagendhra-web"><code>@​Nagendhra-web</code></a>!
- fix(langgraph-checkpoint): block prototype pollution in MemorySaver
via reserved storage keys</p>
<p><code>MemorySaver</code> previously embedded <code>thread_id</code>,
<code>checkpoint_ns</code>,
<code>checkpoint_id</code>, and <code>task_id</code> directly into
property accesses on the
nested plain objects <code>this.storage</code> and
<code>this.writes</code>. A caller able to
shape any of those fields (every quickstart, tutorial, and test fixture
uses <code>MemorySaver</code> by default) could pass
<code>&quot;__proto__&quot;</code>,
<code>&quot;constructor&quot;</code>, or
<code>&quot;prototype&quot;</code> and have the subsequent assignment
mutate <code>Object.prototype</code>. From that point every plain object
in the
process inherits the injected property, breaking <code>for...in</code>
loops,
truthy short-circuits, and downstream serializers across unrelated code
paths. CWE-1321.</p>
<p>Adds an <code>assertSafeStorageKey</code> chokepoint applied at every
public entry
that touches <code>storage</code> or <code>writes</code>
(<code>put</code>, <code>putWrites</code>, <code>deleteThread</code>,
<code>getTuple</code>, <code>list</code>). The guard rejects non-string
values, the empty
string (unless explicitly opted-in for <code>checkpoint_ns</code>), and
the three
prototype-pollution keys. Behaviour for valid string identifiers is
unchanged.</p>
</li>
</ul>
<h2>1.0.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2314">#2314</a>
<a
href="https://github.com/langchain-ai/langgraphjs/commit/085a07f569b6d7d79728eb7eb6eb3a0c67fcdefb"><code>085a07f</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- Improve <code>MemorySaver</code> diagnostics when checkpoint writes
are missing a
<code>thread_id</code>.</p>
<p>The in-memory checkpointer now explains why
<code>configurable.thread_id</code> is
required and includes a concrete <code>graph.stream(..., { configurable:
{ thread_id } })</code> example in the error message. This makes the new
thread-oriented event streaming flows easier to debug when an
application
forgets to provide durable thread configuration.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/d2ca90f8e2cfbba547a9645d81e7c5340d1e7ebf"><code>d2ca90f</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2453">#2453</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>
chore(deps): bump uuid from 10.0.0 to 14.0.0 (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2344">#2344</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/381a9f64d0e4b8627ee4ffb567ac10c6035ec438"><code>381a9f6</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2445">#2445</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a>
fix(langgraph-checkpoint): block prototype pollution in MemorySaver via
reser...</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/1f11df266824d56e20c69cbb12c8da8166390ae2"><code>1f11df2</code></a>
chore: version packages (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2364">#2364</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/085a07f569b6d7d79728eb7eb6eb3a0c67fcdefb"><code>085a07f</code></a>
feat(core): event based streaming (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2314">#2314</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/9102d526c858a4cdbe9b47dcdd062b93da93e49f"><code>9102d52</code></a>
fix(langgraph): propagate tracer metadata defaults from configurable (<a
href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2315">#2315</a>)</li>
<li><a
href="https://github.com/langchain-ai/langgraphjs/commit/d88f29ba2558579781e60307947dba47290d58a1"><code>d88f29b</code></a>
chore(repo): migrate linting and formatting from ESLint/Prettier to
oxlint/ox...</li>
<li>See full diff in <a
href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph-checkpoint@1.0.4/libs/checkpoint">compare
view</a></li>
</ul>
</details>
<br />

Updates `@vitest/coverage-v8` from 4.1.5 to 4.1.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitest-dev/vitest/releases">@​vitest/coverage-v8's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.8</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>browser</strong>:
<ul>
<li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec:
false</code> [backport to v4]  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> and
<strong>Codex</strong> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a>
<a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw
HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li>
<li>Remove orphaned Playwright route when same module is mocked via
multiple ids [backport to v4]  -  by <a
href="https://github.com/toxik"><code>@​toxik</code></a> and <a
href="https://github.com/Zelys-DFKH"><code>@​Zelys-DFKH</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a>
<a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw
HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li>
</ul>
</li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View
changes on GitHub</a></h5>
<h2>v4.1.7</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>runner</strong>: Limit concurrency per task branch in
addition to per leaf callbacks (backport)  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a>
<a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw
HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View
changes on GitHub</a></h5>
<h2>v4.1.6</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>browser</strong>: Provide project reference in
<code>ToMatchScreenshotResolvePath</code>  -  by <a
href="https://github.com/macarie"><code>@​macarie</code></a> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a>
<a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw
HTML omitted -->(31882)<!-- raw HTML omitted --></a></li>
<li>Global <code>sequence.concurrent: true</code> with top-level
<code>test(..., { concurrent: false })</code> + depreacte
<code>sequential</code> test API and options  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>,
<strong>Codex</strong> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a>
<a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw
HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li>
<li><strong>browser</strong>: Simplify orchestrator otel carrier  -  by
<a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a>
<a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw
HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li>
</ul>
<h3>   🏎 Performance</h3>
<ul>
<li>Stringify diff objects only once  -  by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a>
<a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw
HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View
changes on GitHub</a></h5>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a>
chore: release v4.1.8</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9"><code>e4067b3</code></a>
fix(browser): disable client <code>cdp</code> API when
<code>allowWrite/allowExec: false</code> [ba...</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a>
chore: release v4.1.7</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a>
chore: release v4.1.6</li>
<li>See full diff in <a
href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/coverage-v8">compare
view</a></li>
</ul>
</details>
<br />

Updates `@vitest/ui` from 4.1.5 to 4.1.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitest-dev/vitest/releases">@​vitest/ui's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.8</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>browser</strong>:
<ul>
<li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec:
false</code> [backport to v4]  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> and
<strong>Codex</strong> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a>
<a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw
HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li>
<li>Remove orphaned Playwright route when same module is mocked via
multiple ids [backport to v4]  -  by <a
href="https://github.com/toxik"><code>@​toxik</code></a> and <a
href="https://github.com/Zelys-DFKH"><code>@​Zelys-DFKH</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a>
<a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw
HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li>
</ul>
</li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View
changes on GitHub</a></h5>
<h2>v4.1.7</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>runner</strong>: Limit concurrency per task branch in
addition to per leaf callbacks (backport)  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a>
<a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw
HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View
changes on GitHub</a></h5>
<h2>v4.1.6</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>browser</strong>: Provide project reference in
<code>ToMatchScreenshotResolvePath</code>  -  by <a
href="https://github.com/macarie"><code>@​macarie</code></a> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a>
<a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw
HTML omitted -->(31882)<!-- raw HTML omitted --></a></li>
<li>Global <code>sequence.concurrent: true</code> with top-level
<code>test(..., { concurrent: false })</code> + depreacte
<code>sequential</code> test API and options  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>,
<strong>Codex</strong> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a>
<a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw
HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li>
<li><strong>browser</strong>: Simplify orchestrator otel carrier  -  by
<a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a>
<a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw
HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li>
</ul>
<h3>   🏎 Performance</h3>
<ul>
<li>Stringify diff objects only once  -  by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a>
<a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw
HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View
changes on GitHub</a></h5>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a>
chore: release v4.1.8</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a>
chore: release v4.1.7</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a>
chore: release v4.1.6</li>
<li>See full diff in <a
href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/ui">compare
view</a></li>
</ul>
</details>
<br />

Updates `vitest` from 4.1.5 to 4.1.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitest-dev/vitest/releases">vitest's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.8</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>browser</strong>:
<ul>
<li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec:
false</code> [backport to v4]  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> and
<strong>Codex</strong> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a>
<a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw
HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li>
<li>Remove orphaned Playwright route when same module is mocked via
multiple ids [backport to v4]  -  by <a
href="https://github.com/toxik"><code>@​toxik</code></a> and <a
href="https://github.com/Zelys-DFKH"><code>@​Zelys-DFKH</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a>
<a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw
HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li>
</ul>
</li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View
changes on GitHub</a></h5>
<h2>v4.1.7</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>runner</strong>: Limit concurrency per task branch in
addition to per leaf callbacks (backport)  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a>
<a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw
HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View
changes on GitHub</a></h5>
<h2>v4.1.6</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>browser</strong>: Provide project reference in
<code>ToMatchScreenshotResolvePath</code>  -  by <a
href="https://github.com/macarie"><code>@​macarie</code></a> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a>
<a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw
HTML omitted -->(31882)<!-- raw HTML omitted --></a></li>
<li>Global <code>sequence.concurrent: true</code> with top-level
<code>test(..., { concurrent: false })</code> + depreacte
<code>sequential</code> test API and options  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>,
<strong>Codex</strong> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a>
<a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw
HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li>
<li><strong>browser</strong>: Simplify orchestrator otel carrier  -  by
<a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a>
<a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw
HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li>
</ul>
<h3>   🏎 Performance</h3>
<ul>
<li>Stringify diff objects only once  -  by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a>
<a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw
HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View
changes on GitHub</a></h5>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a>
chore: release v4.1.8</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9"><code>e4067b3</code></a>
fix(browser): disable client <code>cdp</code> API when
<code>allowWrite/allowExec: false</code> [ba...</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a>
chore: release v4.1.7</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a>
chore: release v4.1.6</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06"><code>18af98c</code></a>
fix(browser): simplify orchestrator otel carrier (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10285">#10285</a>)</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/31882607cc67c7bf52ead13a606321ffdb06a857"><code>3188260</code></a>
feat(browser): provide project reference in
<code>ToMatchScreenshotResolvePath</code> (#...</li>
<li>See full diff in <a
href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest">compare
view</a></li>
</ul>
</details>
<br />

Updates `zod` from 4.4.1 to 4.4.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/colinhacks/zod/releases">zod's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.3</h2>
<h2>Commits:</h2>
<ul>
<li>4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary
wordmark for gold sponsor logo</li>
<li>2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold
sponsors and rebalance logo sizing</li>
<li>7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed
silver/bronze sponsors and add active ones</li>
<li>2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze
sponsor logos to github avatar pattern</li>
<li>9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from
bronze sponsors (churned)</li>
<li>b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and
Speakeasy (2+ missed monthly cycles)</li>
<li>1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch
handling for absent object keys (<a
href="https://redirect.github.com/colinhacks/zod/issues/5937">#5937</a>)
(<a
href="https://redirect.github.com/colinhacks/zod/issues/5939">#5939</a>)</li>
<li>c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize
optin/fallback to transform; restore preprocess on absent keys (<a
href="https://redirect.github.com/colinhacks/zod/issues/5941">#5941</a>)</li>
<li>f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3</li>
<li>1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release
procedure in AGENTS.md</li>
</ul>
<h2>v4.4.2</h2>
<h2>Commits:</h2>
<ul>
<li>0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation
and stale labels (<a
href="https://redirect.github.com/colinhacks/zod/issues/5901">#5901</a>)</li>
<li>20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy
and refresh tooling deps</li>
<li>6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor
links now include the hash so it doesnt scoll all the way up, follows
navbar logic (<a
href="https://redirect.github.com/colinhacks/zod/issues/5791">#5791</a>)</li>
<li>4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union
option typing</li>
<li>bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for
agents</li>
<li>cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking
branch 'origin/main' into fix-discriminated-union-key-constraint</li>
<li>292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold
sponsor</li>
<li>1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec
inversion</li>
<li>1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure
guidance</li>
<li>e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage
notes</li>
<li>e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab
code heights</li>
<li>905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess
input type narrowing</li>
<li>bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test
guidance in AGENTS.md</li>
<li>8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts
scratch</li>
<li>02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer
optionality to inner schema (<a
href="https://redirect.github.com/colinhacks/zod/issues/5929">#5929</a>)</li>
<li>88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated
<code>baseUrl</code> from tsconfig</li>
<li>c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/colinhacks/zod/commit/1fb56a5c18c27102dbc92260a4007c7732a0ccca"><code>1fb56a5</code></a>
docs: document release procedure in AGENTS.md</li>
<li><a
href="https://github.com/colinhacks/zod/commit/f3c9ec03ba7a28ae72d25cc295f38674bee0f559"><code>f3c9ec0</code></a>
4.4.3</li>
<li><a
href="https://github.com/colinhacks/zod/commit/c2be4f819064eed62c7c350a2d399b5faecd15f8"><code>c2be4f8</code></a>
fix(v4): generalize optin/fallback to transform; restore preprocess on
absent...</li>
<li><a
href="https://github.com/colinhacks/zod/commit/1cab69383fcdeae2a366d5e2a2fc4d8fc765d168"><code>1cab693</code></a>
fix(v4): restore catch handling for absent object keys (<a
href="https://redirect.github.com/colinhacks/zod/issues/5937">#5937</a>)
(<a
href="https://redirect.github.com/colinhacks/zod/issues/5939">#5939</a>)</li>
<li><a
href="https://github.com/colinhacks/zod/commit/b8dffe9e62f17e6571e6249d05cc5102b54d94e4"><code>b8dffe9</code></a>
docs: remove Numeric and Speakeasy (2+ missed monthly cycles)</li>
<li><a
href="https://github.com/colinhacks/zod/commit/9195250cab0e7950efe39c3926d6c203b4b0a170"><code>9195250</code></a>
docs: remove Mintlify from bronze sponsors (churned)</li>
<li><a
href="https://github.com/colinhacks/zod/commit/2c703322a21b4e2b12f33f49ea8430c451a68b4f"><code>2c70332</code></a>
docs: normalize bronze sponsor logos to github avatar pattern</li>
<li><a
href="https://github.com/colinhacks/zod/commit/7391be88ac1ee5cd02057f5ccc012a1f5df4efd0"><code>7391be8</code></a>
docs: prune lapsed silver/bronze sponsors and add active ones</li>
<li><a
href="https://github.com/colinhacks/zod/commit/2aeec83eb135e3a83756e973ef44845fc5a455d2"><code>2aeec83</code></a>
docs: prune lapsed gold sponsors and rebalance logo sizing</li>
<li><a
href="https://github.com/colinhacks/zod/commit/4c2fa95ce3f3390fbc522324e406b4e9e89b88f9"><code>4c2fa95</code></a>
docs: use Zernio primary wordmark for gold sponsor logo</li>
<li>Additional commits viewable in <a
href="https://github.com/colinhacks/zod/compare/v4.4.1...v4.4.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `@langchain/openai` from 1.4.5 to 1.4.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchainjs/releases">@​langchain/openai's
releases</a>.</em></p>
<blockquote>
<h2><code>@​langchain/openai</code><a
href="https://github.com/1"><code>@​1</code></a>.4.7</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10918">#10918</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/3999fab55870c6eea22d6d90c08aa472f9b2fac3"><code>3999fab</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(openai): stream custom tool calls through Responses API chunks</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10791">#10791</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/fce9ab418901323618fdfaaa9fc350fa1c0d50e0"><code>fce9ab4</code></a>
Thanks <a href="https://github.com/Genmin"><code>@​Genmin</code></a>! -
fix(openai): preserve top-level Responses API ids on AI messages</p>
</li>
</ul>
<h2><code>@​langchain/openai</code><a
href="https://github.com/1"><code>@​1</code></a>.4.6</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10902">#10902</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/229a7ad67b9a7ebd8df3ca451e0b8195bea0190e"><code>229a7ad</code></a>
Thanks <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>!
- fix(openai): preserve v1 assistant tool calls</p>
</li>
<li>
<p><a
href="https://redirect.github.com/langchain-ai/langchainjs/pull/10895">#10895</a>
<a
href="https://github.com/langchain-ai/langchainjs/commit/36fb0ef1dc76c096dcfa0c777e10c9f9365a5240"><code>36fb0ef</code></a>
Thanks <a href="https://github.com/BertBR"><code>@​BertBR</code></a>! -
fix(openai): guard bare <code>JSON.parse</code> in Responses API
converter against trailing non-whitespace characters</p>
<p><code>convertResponsesDeltaToChatGenerationChunk</code> previously
called <code>JSON.parse(msg.text)</code> directly when
<code>response.text.format.type === &quot;json_schema&quot;</code>. Some
models (observed with <code>gpt-5-mini</code> on <code>service_tier:
&quot;auto&quot;</code>) intermittently emit trailing non-whitespace
characters (extra tokens, control characters) after a valid JSON object,
causing a <code>SyntaxError</code> that propagates as an unhandled
exception and kills the entire streaming response mid-flight. The parse
is now wrapped in a <code>try</code>/<code>catch</code>: on failure,
<code>additional_kwargs.parsed</code> is left undefined, the stream
completes normally, and the existing <code>withStructuredOutput</code>
pipeline handles the typed failure — <code>includeRaw: true</code>
returns <code>{ raw, parsed: null }</code> via its
<code>withFallbacks</code> wrapper, <code>includeRaw: false</code>
throws a typed <code>OutputParserException</code> that the caller can
catch and retry. Closes <a
href="https://redirect.github.com/langchain-ai/langchainjs/issues/10894">#10894</a>.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langchainjs/commits/@langchain/openai@1.4.7">compare
view</a></li>
</ul>
</details>
<br />

Updates `modal` from 0.7.4 to 0.7.6
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/modal-labs/modal-client/blob/main/CHANGELOG_GO_JS.md">modal's
changelog</a>.</em></p>
<blockquote>
<h2>js/v0.7.6, go/v0.7.6</h2>
<ul>
<li>Added Sandbox Filesystem API in the Go SDK with
<code>sandbox.Filesystem()</code> and in the JS SDK with
<code>sandbox.filesystem</code>. The filesystem API contains methods:
<ul>
<li><code>fs.WriteText</code> (Go) / <code>fs.writeText</code> (JS):
Write UTF-8 to a file in the Sandbox.</li>
<li><code>fs.WriteBytes</code> (Go) / <code>fs.writeBytes</code> (JS):
Write binary content to a file in the Sandbox.</li>
<li><code>fs.ReadText</code> (Go) / <code>fs.readText</code> (JS): Read
a file from the Sandbox and return its contents as a UTF-8 string.</li>
<li><code>fs.ReadBytes</code> (Go) / <code>fs.readBytes</code> (JS):
Read a file from the Sandbox and return its contents as bytes.</li>
<li><code>fs.MakeDirectory</code> (Go) / <code>fs.makeDirectory</code>
(JS): Create a new directory in the Sandbox.</li>
<li><code>fs.ListFiles</code> (Go) / <code>fs.listFiles</code> (JS):
List files and directories in a Sandbox directory.</li>
<li><code>fs.Stat</code> (Go) / <code>fs.stat</code> (JS): Return
metadata for a single file, directory, or symlink in the Sandbox.</li>
<li><code>fs.CopyFromLocal</code> (Go) / <code>fs.copyFromLocal</code>
(JS): Copy a local file into the Sandbox.</li>
<li><code>fs.CopyToLocal</code> (Go) / <code>fs.copyToLocal</code> (JS):
Copy a file from the Sandbox to a local path.</li>
<li><code>fs.Remove</code> (Go) / <code>fs.remove</code> (JS): Remove a
file or directory in the Sandbox.</li>
</ul>
</li>
<li>Added <code>Volume.WithMountOptions</code> (Go) and
<code>volume.withMountOptions</code> (JS) to configure mount-time
options (<code>ReadOnly</code> / <code>readOnly</code> and
<code>SubPath</code> / <code>subPath</code>) when attaching a Volume to
a Function or Sandbox. The <code>SubPath</code> / <code>subPath</code>
option mounts a subdirectory of the Volume instead of its root. Calling
<code>withMountOptions</code> multiple times on the same Volume stacks:
fields left unset preserve their previous value.</li>
<li>Deprecated <code>Volume.ReadOnly</code> (Go) and
<code>Volume.readOnly</code> (JS) in favor of
<code>WithMountOptions({ReadOnly: &amp;t})</code> /
<code>withMountOptions({readOnly: true})</code>. The old methods still
work but will be removed in a future release.</li>
<li>Deprecated <code>Volume.IsReadOnly</code> (Go) and
<code>Volume.isReadOnly</code> (JS); track configured mount options at
the call site that configured them instead.</li>
</ul>
<h2>js/v0.7.5, go/v0.7.5</h2>
<ul>
<li>We've improved the reliability of the
<code>Sandbox.SnapshotFilesystem</code> (Go) and
<code>Sandbox.snapshotFilesystem</code> (JS) operation, especially for
large snapshots, and we now support setting a <code>timeout</code> (Go)
or <code>timeoutMs</code> (JS) longer than 55s when necessary.</li>
<li>Added <code>Sandbox.UnmountImage</code> (Go) and
<code>sandbox.unmountImage</code> (JS) to remove an image mount from a
path in the Sandbox filesystem and reveal the underlying directory
again.</li>
<li><code>Sandboxes.Create</code> (Go) and <code>sandboxes.create</code>
(JS) now accept a <code>Tags</code> / <code>tags</code> parameter to
attach key-value tags to the Sandbox at creation time.</li>
<li><code>Sandboxes.Create</code> (Go) and <code>sandboxes.create</code>
(JS) now accept an <code>InboundCIDRAllowlist</code> /
<code>inboundCidrAllowlist</code> parameter to restrict which source IPs
can connect inbound to a sandbox's tunnels and connection tokens.</li>
<li>Renamed <code>cidrAllowlist</code> to
<code>outboundCidrAllowlist</code> (JS) and <code>CIDRAllowlist</code>
to <code>OutboundCIDRAllowlist</code> (Go) to distinguish from the
corresponding inbound allowlists.</li>
<li>The Go and JS SDKs can now respond more gracefully to server
throttling (e.g., rate limiting) by backing off and automatically
retrying.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/modal-labs/modal-client/commit/d08dce98adbce70d259e3db717da9a7ca43ff2a4"><code>d08dce9</code></a>
Release 0.7.6 for Go/JS SDK (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/42155">#42155</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/f58831da34ae94987a733aea1ec942b5515b5517"><code>f58831d</code></a>
Add EnvironmentVariables to Sandbox proto (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/40287">#40287</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/21db34b97778961116e0cc20a366fdbe7e7301f9"><code>21db34b</code></a>
Sandboxes [new FS API]: translate new FS API to JS Client (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/40848">#40848</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/686261e4fc02ebdeff81d9576471a2c6c57cb45c"><code>686261e</code></a>
Sandboxes [new FS API]: translate new FS API to Go Client (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/40969">#40969</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/fb1f5644a2c9a52c037bed920fdbbb8693c65ecb"><code>fb1f564</code></a>
Add Volume subdirectory mount and mount options to Go and JS SDKs (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/40893">#40893</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/c4c29e21d008ac72aa0dc1ebf16bc5d086e3a4be"><code>c4c29e2</code></a>
client: [Go] Add sandbox v2 <code>from_id</code> (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/41977">#41977</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/c7aae182b2a9440e2b0427b47549310efcfb60ef"><code>c7aae18</code></a>
client: [typescript] Add sandbox v2 <code>from_id</code> (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/41918">#41918</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/4fd50761bb82d9336c34ff5217ad5b0b454bac0a"><code>4fd5076</code></a>
Client: Change task command router tests to use mock grpc servicer (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/41937">#41937</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/7e27cb0206d6d97d904961fe921b0e3c42fc5f1b"><code>7e27cb0</code></a>
[FLASH-103] Add flash endpoint stop protobuf (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/42040">#42040</a>)</li>
<li><a
href="https://github.com/modal-labs/modal-client/commit/61ba55ec223a2e6652fbb5fd6ff42b33ea606086"><code>61ba55e</code></a>
client: [Python] Add sandbox v2 <code>from_id</code> (<a
href="https://redirect.github.com/modal-labs/modal-client/issues/41916">#41916</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/modal-labs/modal-client/compare/go/v0.7.4...go/v0.7.6">compare
view</a></li>
</ul>
</details>
<br />

Updates `@sveltejs/acorn-typescript` from 1.0.9 to 1.0.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/acorn-typescript/releases">@​sveltejs/acorn-typescript's
releases</a>.</em></p>
<blockquote>
<h2><code>@​sveltejs/acorn-typescript</code><a
href="https://github.com/1"><code>@​1</code></a>.0.10</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: use user-provided acorn-copy for ts plugin (<a
href="https://redirect.github.com/sveltejs/acorn-typescript/pull/42">#42</a>)</p>
</li>
<li>
<p>fix: support namespace declaration merging (<a
href="https://redirect.github.com/sveltejs/acorn-typescript/pull/34">#34</a>)</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/acorn-typescript/blob/main/CHANGELOG.md">@​sveltejs/acorn-typescript's
changelog</a>.</em></p>
<blockquote>
<h2>1.0.10</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: use user-provided acorn-copy for ts plugin (<a
href="https://redirect.github.com/sveltejs/acorn-typescript/pull/42">#42</a>)</p>
</li>
<li>
<p>fix: support namespace declaration merging (<a
href="https://redirect.github.com/sveltejs/acorn-typescript/pull/34">#34</a>)</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sveltejs/acorn-typescript/commit/53ed12a418322a5545b61ad46e8f4f1381e7da25"><code>53ed12a</code></a>
Version Packages (<a
href="https://redirect.github.com/sveltejs/acorn-typescript/issues/43">#43</a>)</li>
<li><a
href="https://github.com/sveltejs/acorn-typescript/commit/c46396a6ab28dfb4c845438875e38efe10d8bdaa"><code>c46396a</code></a>
fix: generateAcornTypeScript breaks when two acorn copies exist (<a
href="https://redirect.github.com/sveltejs/acorn-typescript/issues/42">#42</a>)</li>
<li><a
href="https://github.com/sveltejs/acorn-typescript/commit/e9b347f620cea555bcee035da000eb104648ffa5"><code>e9b347f</code></a>
fix: support namespace declaration merging (<a
href="https://redirect.github.com/sveltejs/acorn-typescript/issues/34">#34</a>)</li>
<li><a
href="https://github.com/sveltejs/acorn-typescript/commit/fab62a1500a156fb4ec018cc9f22a515a9457975"><code>fab62a1</code></a>
docs: add missing changelog entry for PR <a
href="https://redirect.github.com/sveltejs/acorn-typescript/issues/38">#38</a>
(<a
href="https://redirect.github.com/sveltejs/acorn-typescript/issues/40">#40</a>)</li>
<li>See full diff in <a
href="https://github.com/sveltejs/acorn-typescript/compare/v1.0.9...@sveltejs/acorn-typescript@1.0.10">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/estree` from 1.0.8 to 1.0.9
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/estree">compare
view</a></li>
</ul>
</details>
<br />

Updates `hono` from 4.12.18 to 4.12.23
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/hono/releases">hono's
releases</a>.</em></p>
<blockquote>
<h2>v4.12.23</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(serve-static): normalize all backslashes in file paths, not just
the first in <a
href="https://redirect.github.com/honojs/hono/pull/4962">honojs/hono#4962</a></li>
<li>feat(context): export the Context class publicly by <a
href="https://github.com/BlankParticle"><code>@​BlankParticle</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4543">honojs/hono#4543</a></li>
<li>docs(contribution): add AI Usage Policy by <a
href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4970">honojs/hono#4970</a></li>
<li>feat(compress): add contentTypeFilter option and
<code>COMPRESSIBLE_CONTENT_TYPE_REGEX</code> re-export by <a
href="https://github.com/na-trium-144"><code>@​na-trium-144</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4961">honojs/hono#4961</a></li>
<li>fix(utils/ipaddr): do not compress a single 0 group to
<code>::</code> by <a
href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4971">honojs/hono#4971</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/hono/compare/v4.12.22...v4.12.23">https://github.com/honojs/hono/compare/v4.12.22...v4.12.23</a></p>
<h2>v4.12.22</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: update vitest to v4 and cleanups by <a
href="https://github.com/BlankParticle"><code>@​BlankParticle</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4952">honojs/hono#4952</a></li>
<li>fix(mime): specify charset parameter per MIME type instead of
mechanical detection by <a
href="https://github.com/renatograsso10"><code>@​renatograsso10</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4912">honojs/hono#4912</a></li>
<li>fix(compress): respect Accept-Encoding when encoding option is set
by <a href="https://github.com/LeSingh1"><code>@​LeSingh1</code></a> in
<a
href="https://redirect.github.com/honojs/hono/pull/4951">honojs/hono#4951</a></li>
<li>fix(deno): echo negotiated WebSocket subprotocol in upgrade response
by <a href="https://github.com/ATOM00blue"><code>@​ATOM00blue</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4955">honojs/hono#4955</a></li>
<li>feat: add msgpack as a compressible content type by <a
href="https://github.com/na-trium-144"><code>@​na-trium-144</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4957">honojs/hono#4957</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/renatograsso10"><code>@​renatograsso10</code></a>
made their first contribution in <a
href="https://redirect.github.com/honojs/hono/pull/4912">honojs/hono#4912</a></li>
<li><a href="https://github.com/LeSingh1"><code>@​LeSingh1</code></a>
made their first contribution in <a
href="https://redirect.github.com/honojs/hono/pull/4951">honojs/hono#4951</a></li>
<li><a
href="https://github.com/ATOM00blue"><code>@​ATOM00blue</code></a> made
their first contribution in <a
href="https://redirect.github.com/honojs/hono/pull/4955">honojs/hono#4955</a></li>
<li><a
href="https://github.com/na-trium-144"><code>@​na-trium-144</code></a>
made their first contribution in <a
href="https://redirect.github.com/honojs/hono/pull/4957">honojs/hono#4957</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/hono/compare/v4.12.21...v4.12.22">https://github.com/honojs/hono/compare/v4.12.21...v4.12.22</a></p>
<h2>v4.12.21</h2>
<h2>Security fixes</h2>
<p>This release includes fixes for the following security issues:</p>
<h3>app.mount() strips mount prefix using undecoded path, causing
incorrect routing for percent-encoded paths</h3>
<p>Affects: <code>app.mount()</code>. Fixes prefix stripping using the
raw URL pathname instead of the decoded path, where percent-encoded
characters in the mount prefix or path could cause the prefix to be
removed at the wrong position, resulting in the sub-application
receiving an incorrect path. GHSA-2gcr-mfcq-wcc3</p>
<h3>IP Restriction bypasses static deny rules for non-canonical
IPv6</h3>
<p>Affects: <code>hono/ip-restriction</code>. Fixes IP address
comparison using string equality, where non-canonical IPv6
representations of a denied address — such as compressed forms or
hex-notation IPv4-mapped addresses — could bypass static deny rules.
GHSA-xrhx-7g5j-rcj5</p>
<h3>Cookie helper does not sanitize sameSite and priority, allowing
Set-Cookie injection</h3>
<p>Affects: <code>hono/cookie</code>. Fixes missing validation of
<code>sameSite</code> and <code>priority</code> options against
injection characters (<code>;</code>, <code>\r</code>, <code>\n</code>),
where user-controlled input passed to either option could inject
additional attributes into the Set-Cookie response header.
GHSA-3hrh-pfw6-9m5x</p>
<h3>JWT middleware accepts any Authorization scheme, not only
Bearer</h3>
<p>Affects: <code>hono/jwt</code>, <code>hono/jwk</code>. Fixes missing
scheme validation in the Authorization header, where any two-part header
value was accepted regardless of the scheme name, allowing non-Bearer
schemes to pass JWT authentication. GHSA-f577-qrjj-4474</p>
<hr />
<p>Users who use <code>app.mount()</code>,
<code>hono/ip-restriction</code>, <code>hono/cookie</code>, or
<code>hono/jwt</code>/<code>hono/jwk</code> are encouraged to upgrade to
this version.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/honojs/hono/commit/83bfb3bb4a12c1d92c163a39e907df5d662ff78d"><code>83bfb3b</code></a>
4.12.23</li>
<li><a
href="https://github.com/honojs/hono/commit/bcd290a64c0b392fd06d2bd1f256c5dc9835e4a4"><code>bcd290a</code></a>
fix(utils/ipaddr): do not compress a single 0 group to <code>::</code>
(<a
href="https://redirect.github.com/honojs/hono/issues/4971">#4971</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/c968177d9c11ddc7c7cca57c384497f11a6d60ae"><code>c968177</code></a>
feat(compress): add contentTypeFilter option and
`COMPRESSIBLE_CONTENT_TYPE_R...</li>
<li><a
href="https://github.com/honojs/hono/commit/0265a5453a7c272417eaa22b93d3fb319d2188ed"><code>0265a54</code></a>
docs(contribution): add AI Usage Policy (<a
href="https://redirect.github.com/honojs/hono/issues/4970">#4970</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/c84c5d2d46ca6a78c316529491d42ab7bb956368"><code>c84c5d2</code></a>
feat(context): export the Context class publicly (<a
href="https://redirect.github.com/honojs/hono/issues/4543">#4543</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/82dad6297c90c33c41bf48b4530509a21588ad06"><code>82dad62</code></a>
fix(serve-static): normalize all backslashes in file paths, not just the
firs...</li>
<li><a
href="https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e"><code>2f01b77</code></a>
4.12.22</li>
<li><a
href="https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99"><code>6bc0dff</code></a>
feat: add msgpack as a compressible content type (<a
href="https://redirect.github.com/honojs/hono/issues/4957">#4957</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9"><code>7e0555d</code></a>
fix(deno): echo negotiated WebSocket subprotocol in upgrade response (<a
href="https://redirect.github.com/honojs/hono/issues/4955">#4955</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6"><code>f0ed246</code></a>
fix(compress): respect Accept-Encoding when encoding option is set (<a
href="https://redirect.github.com/honojs/hono/issues/4951">#4951</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/honojs/hono/compare/v4.12.18...v4.12.23">compare
view</a></li>
</ul>
</details>
<br />

Updates `@hono/node-server` from 2.0.1 to 2.0.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/node-server/releases">@​hono/node-server's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.4</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: stub ws types to prevent them leaking in public types by <a
href="https://github.com/BlankParticle"><code>@​BlankParticle</code></a>
in <a
href="https://redirect.github.com/honojs/node-server/pull/359">honojs/node-server#359</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/node-server/compare/v2.0.3...v2.0.4">https://github.com/honojs/node-server/compare/v2.0.3...v2.0.4</a></p>
<h2>v2.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(ci): update GitHub Actions versions by <a
href="https://github.com/BlankParticle"><code>@​BlankParticle</code></a>
in <a
href="https://redirect.github.com/honojs/node-server/pull/352">honojs/node-server#352</a></li>
<li>docs: Align the <code>ServeStaticOptions</code> comment with the
current spec by <a
href="https://github.com/kakkokari-gtyih"><code>@​kakkokari-gtyih</code></a>
in <a
href="https://redirect.github.com/honojs/node-server/pull/356">honojs/node-server#356</a></li>
<li>fix: preserve headers mutated after raw Response construction by <a
href="https://github.com/abdulmunimjemal"><code>@​abdulmunimjemal</code></a>
in <a
href="https://redirect.github.com/honojs/node-server/pull/357">honojs/node-server#357</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/kakkokari-gtyih"><code>@​kakkokari-gtyih</code></a>
made their first contribution in <a
href="https://redirect.github.com/honojs/node-server/pull/356">honojs/node-server#356</a></li>
<li><a
href="https://github.com/abdulmunimjemal"><code>@​abdulmunimjemal</code></a>
made their first contribution in <a
href="https://redirect.github.com/honojs/node-server/pull/357">honojs/node-server#357</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/node-server/compare/v2.0.2...v2.0.3">https://github.com/honojs/node-server/compare/v2.0.2...v2.0.3</a></p>
<h2>v2.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(serve-static): stop using file birthtime for Date header by <a
href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a
href="https://redirect.github.com/honojs/node-server/pull/350">honojs/node-server#350</a></li>
<li>fix: handle serveStatic stream fallback backpressure by <a
href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a
href="https://redirect.github.com/honojs/node-server/pull/351">honojs/node-server#351</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/node-server/compare/v2.0.1...v2.0.2">https://github.com/honojs/node-server/compare/v2.0.1...v2.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/honojs/node-server/commit/9e1cdee836baeb13f33e857a582b29546185c324"><code>9e1cdee</code></a>
2.0.4</li>
<li><a
href="https://github.com/honojs/node-server/commit/b4ca62216c9b537f1e56e0282bc8b5ee5b953b26"><code>b4ca622</code></a>
fix: stub ws types to prevent them leaking in public types (<a
href="https://redirect.github.com/honojs/node-server/issues/359">#359</a>)</li>
<li><a
href="https://github.com/honojs/node-server/commit/9d879875a3d6b87a53e31ce6c0de080f9a7a30dc"><code>9d87987</code></a>
2.0.3</li>
<li><a
href="https://github.com/honojs/node-server/commit/9463250257b3d430d3cf71cb7d9fd847a7930427"><code>9463250</code></a>
fix: preserve headers mutated after raw Response construction (<a
href="https://redirect.github.com/honojs/node-server/issues/357">#357</a>)</li>
<li><a
href="https://github.com/honojs/node-server/commit/cee5e812087cd80ef0f08741a390b37a8e2ea45d"><code>cee5e81</code></a>
docs: Align the <code>ServeStaticOption</code> command with the current
specification (#...</li>
<li><a
href="https://github.com/honojs/node-server/commit/4aa0650744858993d1770d64aa4826b436304bfd"><code>4aa0650</code></a>
chore(ci): update GitHub Actions versions (<a
href="https://redirect.github.com/honojs/node-server/issues/352">#352</a>)</li>
<li><a
href="https://github.com/honojs/node-server/commit/808159c4d2ab71064b9d00f2723078ac1b8324d5"><code>808159c</code></a>
2.0.2</li>
<li><a
href="https://github.com/honojs/node-server/commit/1a9748edd8da1b2829744ca8a199785fb095a4f2"><code>1a9748e</code></a>
fix: handle serveStatic stream fallback backpressure (<a
href="https://redirect.github.com/honojs/node-server/issues/351">#351</a>)</li>
<li><a
href="https://github.com/honojs/node-server/commit/54d1bcd11e2bd3dc334f0d0d3d77604acb17f602"><code>54d1bcd</code></a>
fix(serve-static): stop using file birthtime for Date header (<a
href="https://redirect.github.com/honojs/node-server/issues/350">#350</a>)</li>
<li>See full diff in <a
href="https://github.com/honojs/node-server/compare/v2.0.1...v2.0.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `react` from 19.2.5 to 19.2.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react's
releases</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1st, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6
(<a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>
by <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.6 (May 6th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Type hardening and performance improvements
(<a href="https://redirect.github.com/faceb...

_Description has been truncated_

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-03 20:56:55 -07:00
dependabot[bot] 147fec9b19 build(deps): bump the major-deps-updates-main group with 2 updates (#582)
Bumps the major-deps-updates-main group with 2 updates:
[lint-staged](https://github.com/lint-staged/lint-staged) and
[lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react).

Updates `lint-staged` from 16.4.0 to 17.0.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lint-staged/lint-staged/releases">lint-staged's
releases</a>.</em></p>
<blockquote>
<h2>v17.0.7</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1806">#1806</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/e692e58ced9eae65b2077435b7e799c632f3db07"><code>e692e58</code></a>
- Update dependency <code>tinyexec@^1.2.4</code>.</li>
</ul>
<h2>v17.0.6</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1803">#1803</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/bdf27700a6e25b40333672eef4d438984a2d0383"><code>bdf2770</code></a>
- Run all tests with <a href="https://deno.com">Deno</a>, in addition to
Node.js and Bun.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1796">#1796</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/75082727cdd070adb59d62c9040515da3bbbb2f9"><code>7508272</code></a>
- Fix performance regression of <em>lint-staged</em> v17 by going back
to using <code>git add</code> to stage task modifications. This was
changed to <code>git update-index --again</code> in v17 for less manual
work, but unfortunately the <code>update-index</code> command gets
slower in very large Git repos.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1797">#1797</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/7b2505a1f8fb8735e6306c7dabdd5295632f8c1a"><code>7b2505a</code></a>
- This version of <em>lint-staged</em> uses the new <a
href="https://docs.npmjs.com/staged-publishing">staged publishing for
npm packages</a> feature. Releases are already published from GitHub
Actions with <a href="https://docs.npmjs.com/trusted-publishers">trusted
publishing</a>, but now an additional approval with two-factor
authentication is also required.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1802">#1802</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/321b0a972a434006f5b5fac18867974ef040d037"><code>321b0a9</code></a>
- Downgrade dependency <code>tinyexec@1.2.2</code> to avoid issues in
version 1.2.3.</p>
</li>
</ul>
<h2>v17.0.5</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1792">#1792</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/1f672718b6fa67e0f00aafe107cb9f084f4d9102"><code>1f67271</code></a>
- Correctly set the <code>--max-arg-length</code> default value based on
the running platform. This controls how very long lists of staged files
are split into multiple chunks.</li>
</ul>
<h2>v17.0.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1788">#1788</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/f95c1f8df3368758c44c2052e568aac1b3d4c767"><code>f95c1f8</code></a>
- Another fix for making sure <em>lint-staged</em> adds task
modifications correctly to the commit in the following cases:</p>
<ul>
<li>after editing <code>&lt;file&gt;</code> it is staged with <code>git
add &lt;file&gt;</code>, and then committed with <code>git
commit</code></li>
<li>after editing <code>&lt;file&gt;</code> it is committed with
<code>git commit --all</code> without explicit <code>git add</code></li>
<li>after editing <code>&lt;file&gt;</code> it is committed with
<code>git commit &lt;pathspec&gt;</code> without explicit <code>git
add</code></li>
</ul>
<p>There's new test cases which actually setup the Git
<code>pre_commit</code> hook to run <em>lint-staged</em> and verify
them. These issues started in <strong>v17.0.0</strong> when trying to
improve support for committig without having explicitly staged
files.</p>
</li>
</ul>
<h2>v17.0.3</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1782">#1782</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/06813f9ab661db987e7720086ef9ec3f552ee097"><code>06813f9</code></a>
Thanks <a href="https://github.com/iiroj"><code>@​iiroj</code></a>! -
Fix <em>lint-staged</em> behavior when implicitly committing files
without using <code>git add</code> by either:
<ul>
<li><code>git commit -am &quot;my commit message&quot;</code> where
<code>-a</code> (<code>--all</code>) means to automatically stage all
tracked modified and deleted files</li>
<li><code>git commit -m &quot;my commit message&quot; .</code> where
<code>.</code> is an example of a <a
href="https://git-scm.com/docs/git-commit#Documentation/git-commit.txt-pathspec"><em>pathspec</em></a>
where matching files will be staged</li>
</ul>
</li>
</ul>
<h2>v17.0.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1779">#1779</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/88670ca2278200f6348ed663358895ddc4bfff3c"><code>88670ca</code></a>
Thanks <a href="https://github.com/iiroj"><code>@​iiroj</code></a>! -
Enable immutable GitHub releases</li>
</ul>
<h2>v17.0.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1776">#1776</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/4a5664be63af19590ec37940f705dad870ac5cfb"><code>4a5664b</code></a>
Thanks <a href="https://github.com/iiroj"><code>@​iiroj</code></a>! -
Adjust GitHub Actions workflow so that automatic publishing works with
signed commits.</li>
</ul>
<h2>v17.0.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md">lint-staged's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.7</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1806">#1806</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/e692e58ced9eae65b2077435b7e799c632f3db07"><code>e692e58</code></a>
- Update dependency <code>tinyexec@^1.2.4</code>.</li>
</ul>
<h2>17.0.6</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1803">#1803</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/bdf27700a6e25b40333672eef4d438984a2d0383"><code>bdf2770</code></a>
- Run all tests with <a href="https://deno.com">Deno</a>, in addition to
Node.js and Bun.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1796">#1796</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/75082727cdd070adb59d62c9040515da3bbbb2f9"><code>7508272</code></a>
- Fix performance regression of <em>lint-staged</em> v17 by going back
to using <code>git add</code> to stage task modifications. This was
changed to <code>git update-index --again</code> in v17 for less manual
work, but unfortunately the <code>update-index</code> command gets
slower in very large Git repos.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1797">#1797</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/7b2505a1f8fb8735e6306c7dabdd5295632f8c1a"><code>7b2505a</code></a>
- This version of <em>lint-staged</em> uses the new <a
href="https://docs.npmjs.com/staged-publishing">staged publishing for
npm packages</a> feature. Releases are already published from GitHub
Actions with <a href="https://docs.npmjs.com/trusted-publishers">trusted
publishing</a>, but now an additional approval with two-factor
authentication is also required.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1802">#1802</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/321b0a972a434006f5b5fac18867974ef040d037"><code>321b0a9</code></a>
- Downgrade dependency <code>tinyexec@1.2.2</code> to avoid issues in
version 1.2.3.</p>
</li>
</ul>
<h2>17.0.5</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1792">#1792</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/1f672718b6fa67e0f00aafe107cb9f084f4d9102"><code>1f67271</code></a>
- Correctly set the <code>--max-arg-length</code> default value based on
the running platform. This controls how very long lists of staged files
are split into multiple chunks.</li>
</ul>
<h2>17.0.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1788">#1788</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/f95c1f8df3368758c44c2052e568aac1b3d4c767"><code>f95c1f8</code></a>
- Another fix for making sure <em>lint-staged</em> adds task
modifications correctly to the commit in the following cases:</p>
<ul>
<li>after editing <code>&lt;file&gt;</code> it is staged with <code>git
add &lt;file&gt;</code>, and then committed with <code>git
commit</code></li>
<li>after editing <code>&lt;file&gt;</code> it is committed with
<code>git commit --all</code> without explicit <code>git add</code></li>
<li>after editing <code>&lt;file&gt;</code> it is committed with
<code>git commit &lt;pathspec&gt;</code> without explicit <code>git
add</code></li>
</ul>
<p>There's new test cases which actually setup the Git
<code>pre_commit</code> hook to run <em>lint-staged</em> and verify
them. These issues started in <strong>v17.0.0</strong> when trying to
improve support for committig without having explicitly staged
files.</p>
</li>
</ul>
<h2>17.0.3</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1782">#1782</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/06813f9ab661db987e7720086ef9ec3f552ee097"><code>06813f9</code></a>
Thanks <a href="https://github.com/iiroj"><code>@​iiroj</code></a>! -
Fix <em>lint-staged</em> behavior when implicitly committing files
without using <code>git add</code> by either:
<ul>
<li><code>git commit -am &quot;my commit message&quot;</code> where
<code>-a</code> (<code>--all</code>) means to automatically stage all
tracked modified and deleted files</li>
<li><code>git commit -m &quot;my commit message&quot; .</code> where
<code>.</code> is an example of a <a
href="https://git-scm.com/docs/git-commit#Documentation/git-commit.txt-pathspec"><em>pathspec</em></a>
where matching files will be staged</li>
</ul>
</li>
</ul>
<h2>17.0.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1779">#1779</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/88670ca2278200f6348ed663358895ddc4bfff3c"><code>88670ca</code></a>
Thanks <a href="https://github.com/iiroj"><code>@​iiroj</code></a>! -
Enable immutable GitHub releases</li>
</ul>
<h2>17.0.1</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/cd11fec419c59b4900aab194f288adf6bb4afdd1"><code>cd11fec</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1807">#1807</a>
from lint-staged/changeset-release/main</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/15a8ee0df4ffb4c6fc65ea6828133cc32740c9c4"><code>15a8ee0</code></a>
chore(changeset): release</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/797bbd943a7adab888640915449c09b8a67cc11d"><code>797bbd9</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1808">#1808</a>
from lint-staged/add-stashing-faq</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/504e307c819a8b2decdf6c791d5350c4db0b15ed"><code>504e307</code></a>
docs: add FAQ entry on how stashing works</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/eff5cd19633ce51ca62ac17a9e66d972a2aaf104"><code>eff5cd1</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1806">#1806</a>
from lint-staged/update-tinyexec</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/e692e58ced9eae65b2077435b7e799c632f3db07"><code>e692e58</code></a>
build(deps): update <code>tinyexec@^1.2.4</code></li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/a2dd4ea97b1ff36486d88d9bad285834acef7ea6"><code>a2dd4ea</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1805">#1805</a>
from lint-staged/update-github-templates</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/c92851945ff4fa604841e53fe044b47177b159b8"><code>c928519</code></a>
docs: update GitHub templates</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/094ba56a3caeeda2cf83ad0a0c83df38ab2f6d06"><code>094ba56</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1798">#1798</a>
from lint-staged/changeset-release/main</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/88e19fe3d81b8e1516564e7afaf6681f09f83b16"><code>88e19fe</code></a>
chore(changeset): release</li>
<li>Additional commits viewable in <a
href="https://github.com/lint-staged/lint-staged/compare/v16.4.0...v17.0.7">compare
view</a></li>
</ul>
</details>
<br />

Updates `lucide-react` from 0.477.0 to 1.17.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lucide-icons/lucide/releases">lucide-react's
releases</a>.</em></p>
<blockquote>
<h2>Version 1.17.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove
deprecated packages by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4376">lucide-icons/lucide#4376</a></li>
<li>chore(repo): Update issue templates and documentation for package
ren… by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4379">lucide-icons/lucide#4379</a></li>
<li>feat(site): Adds survey overlay to website by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4380">lucide-icons/lucide#4380</a></li>
<li>feat(site): Certificate dev links by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4390">lucide-icons/lucide#4390</a></li>
<li>fix(icons): changed <code>martini</code> icon by <a
href="https://github.com/jamiemlaw"><code>@​jamiemlaw</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4335">lucide-icons/lucide#4335</a></li>
<li>chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4386">lucide-icons/lucide#4386</a></li>
<li>chore(deps): bump <code>@​tootallnate/once</code> from 2.0.0 to
2.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4404">lucide-icons/lucide#4404</a></li>
<li>chore(deps): bump devalue from 5.8.0 to 5.8.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4391">lucide-icons/lucide#4391</a></li>
<li>chore(deps): bump ws from 8.18.0 to 8.20.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4392">lucide-icons/lucide#4392</a></li>
<li>fix(gh-icon): limit icon size to a maximum of 256 pixels by <a
href="https://github.com/jguddas"><code>@​jguddas</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4398">lucide-icons/lucide#4398</a></li>
<li>chore(dependencies): Update dependencies by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4377">lucide-icons/lucide#4377</a></li>
<li>feat(copilot): Adding copilot instructions by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4407">lucide-icons/lucide#4407</a></li>
<li>feat(icons): add <code>globe-check</code> by <a
href="https://github.com/Barakudum"><code>@​Barakudum</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4342">lucide-icons/lucide#4342</a></li>
<li>feat(metadata): Require use-cases in meta json by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4321">lucide-icons/lucide#4321</a></li>
<li>feat(icons): added <code>parasol</code> icon by <a
href="https://github.com/karsa-mistmere"><code>@​karsa-mistmere</code></a>
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4347">lucide-icons/lucide#4347</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/lucide-icons/lucide/compare/1.16.0...1.17.0">https://github.com/lucide-icons/lucide/compare/1.16.0...1.17.0</a></p>
<h2>Version 1.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(icons): added <code>blender</code> icon by <a
href="https://github.com/rrod497"><code>@​rrod497</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/3884">lucide-icons/lucide#3884</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/lucide-icons/lucide/compare/1.15.0...1.16.0">https://github.com/lucide-icons/lucide/compare/1.15.0...1.16.0</a></p>
<h2>Version 1.15.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: remove 'less' from brand stopwords by <a
href="https://github.com/jguddas"><code>@​jguddas</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4331">lucide-icons/lucide#4331</a></li>
<li>fix(<code>@​lucide/vue</code>): Clone slots before passing to icon
by <a href="https://github.com/axtho"><code>@​axtho</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4339">lucide-icons/lucide#4339</a></li>
<li>fix(icons): changed <code>text-cursor</code> icon by <a
href="https://github.com/jamiemlaw"><code>@​jamiemlaw</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4340">lucide-icons/lucide#4340</a></li>
<li>fix(icons): changed <code>landmark</code> icon by <a
href="https://github.com/jamiemlaw"><code>@​jamiemlaw</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4334">lucide-icons/lucide#4334</a></li>
<li>chore(deps-dev): bump nitropack from 2.13.1 to 2.13.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4352">lucide-icons/lucide#4352</a></li>
<li>chore(deps-dev): bump simple-git from 3.33.0 to 3.36.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4349">lucide-icons/lucide#4349</a></li>
<li>fix(icons): changed <code>candy-cane</code> icon by <a
href="https://github.com/jguddas"><code>@​jguddas</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4148">lucide-icons/lucide#4148</a></li>
<li>fix(icons): changed <code>volleyball</code> icon by <a
href="https://github.com/jamiemlaw"><code>@​jamiemlaw</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4338">lucide-icons/lucide#4338</a></li>
<li>fix(icons): changed <code>chart-no-axes-combined</code> icon by <a
href="https://github.com/jguddas"><code>@​jguddas</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/3567">lucide-icons/lucide#3567</a></li>
<li>feat(icon): added broccoli icon by <a
href="https://github.com/swastik7805"><code>@​swastik7805</code></a> in
<a
href="https://redirect.github.com/lucide-icons/lucide/pull/4263">lucide-icons/lucide#4263</a></li>
<li>chore(site): Updates to site and updated carbon ads by <a
href="https://github.com/ericfennis"><code>@​ericfennis</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4359">lucide-icons/lucide#4359</a></li>
<li>feat(icons): added sticky note variants by <a
href="https://github.com/Barakudum"><code>@​Barakudum</code></a> in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4348">lucide-icons/lucide#4348</a></li>
<li>chore(deps-dev): bump astro from 6.1.6 to 6.1.10 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4361">lucide-icons/lucide#4361</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/axtho"><code>@​axtho</code></a> made
their first contribution in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4339">lucide-icons/lucide#4339</a></li>
<li><a href="https://github.com/Barakudum"><code>@​Barakudum</code></a>
made their first contribution in <a
href="https://redirect.github.com/lucide-icons/lucide/pull/4348">lucide-icons/lucide#4348</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/lucide-icons/lucide/compare/1.14.0...1.15.0">https://github.com/lucide-icons/lucide/compare/1.14.0...1.15.0</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lucide-icons/lucide/commit/07c885e6c1f9952965ba388b7fd2bb7c4d416a67"><code>07c885e</code></a>
fix(docs): fix zephyr-cloud URL in readmes</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/50d8af5a1012e188f3d71ac8f1fc0fba1aab5357"><code>50d8af5</code></a>
docs(readme): Update readme files (<a
href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4320">#4320</a>)</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/653e44b83293567ff24dcb90ca1094a9cf0a042a"><code>653e44b</code></a>
feat(packages): use .mjs for ESM bundles (<a
href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4285">#4285</a>)</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/7623e23f787fe78e5075a613fd22da2cecbb9b1b"><code>7623e23</code></a>
feat(docs): add Zephyr Cloud to Hero Backers tier &amp; rework
updateSponsors scr...</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/dada0a82970d3733d1d716e2089591c538272a39"><code>dada0a8</code></a>
fix(lucide-react): Fix dynamic imports (<a
href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4210">#4210</a>)</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/a6e648a66ff470c2255d3666765fd73cfcc185ff"><code>a6e648a</code></a>
fix(lucide-react): correct client directives in RSC files (<a
href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4189">#4189</a>)</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/1f010a357a21c7a8c5e1f92dd90f09d76a04e2dd"><code>1f010a3</code></a>
fix(lucide-react): Fixes provider export and RSC render issues (<a
href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4175">#4175</a>)</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/484f2c9cd377dbeb536f63d4b183ecfd26947014"><code>484f2c9</code></a>
docs(version-1): Version 1 website (<a
href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4142">#4142</a>)</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/a0e202d759da95c243b541f8d3c1c26eada32b2e"><code>a0e202d</code></a>
feat(packages/angular): add new <code>@​lucide/angular</code> package
(<a
href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/3897">#3897</a>)</li>
<li><a
href="https://github.com/lucide-icons/lucide/commit/c5b155ec37f0217bfd85e309873029379df473ac"><code>c5b155e</code></a>
Merge branch 'main' of <a
href="https://github.com/lucide-icons/lucide">https://github.com/lucide-icons/lucide</a>
into next</li>
<li>Additional commits viewable in <a
href="https://github.com/lucide-icons/lucide/commits/1.17.0/packages/lucide-react">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for lucide-react since your current version.</p>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-03 20:28:01 -07:00
dependabot[bot] e21688b444 build(deps): bump the minor-deps-updates group with 2 updates (#579)
Bumps the minor-deps-updates group with 2 updates:
[actions/stale](https://github.com/actions/stale) and
[changesets/action](https://github.com/changesets/action).

Updates `actions/stale` from 10.2.0 to 10.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/stale/releases">actions/stale's
releases</a>.</em></p>
<blockquote>
<h2>v10.3.0</h2>
<h2>What's Changed</h2>
<h3>Bug Fix</h3>
<ul>
<li>Enhancement: ignore stale labeling events by <a
href="https://github.com/shamoon"><code>@​shamoon</code></a> in <a
href="https://redirect.github.com/actions/stale/pull/1311">actions/stale#1311</a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Upgrade dependencies (<code>@​actions/core</code>,
<code>@​octokit/plugin-retry</code>, <a
href="https://github.com/typescript-eslint"><code>@​typescript-eslint</code></a>)
by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/actions/stale/pull/1335">actions/stale#1335</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/shamoon"><code>@​shamoon</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/stale/pull/1311">actions/stale#1311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/stale/compare/v10...v10.3.0">https://github.com/actions/stale/compare/v10...v10.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/stale/commit/eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899"><code>eb5cf3a</code></a>
chore: upgrade dependencies and bump version to 10.3.0 (<a
href="https://redirect.github.com/actions/stale/issues/1335">#1335</a>)</li>
<li><a
href="https://github.com/actions/stale/commit/db5d06a4c82d5e94513c09c406638111df61f63e"><code>db5d06a</code></a>
Enhancement: ignore stale labeling events (<a
href="https://redirect.github.com/actions/stale/issues/1311">#1311</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/stale/compare/b5d41d4e1d5dceea10e7104786b73624c18a190f...eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899">compare
view</a></li>
</ul>
</details>
<br />

Updates `changesets/action` from 1.7.0 to 1.9.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/changesets/action/releases">changesets/action's
releases</a>.</em></p>
<blockquote>
<h2>v1.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/636">#636</a>
<a
href="https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1"><code>b072bcc</code></a>
Thanks <a href="https://github.com/bluwy"><code>@​bluwy</code></a>! -
Add a new <code>@changesets/action/pr-comment</code> sub-action to
comment on PRs</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/625">#625</a>
<a
href="https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6"><code>8795eee</code></a>
Thanks <a href="https://github.com/bluwy"><code>@​bluwy</code></a>! -
Add a new <code>@changesets/action/pr-status</code> sub-action to
generate the changeset status comment for PRs as an alternative to the
<a href="https://github.com/apps/changeset-bot">Changesets Bot</a>.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/535">#535</a>
<a
href="https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520"><code>34f64f6</code></a>
Thanks <a
href="https://github.com/Andarist"><code>@​Andarist</code></a>! - Fixed
an issue with GitHub releases not being created for successfully
published packages when <em>some</em> packages failed to be published to
the registry.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/632">#632</a>
<a
href="https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4"><code>1d54b9e</code></a>
Thanks <a href="https://github.com/bluwy"><code>@​bluwy</code></a>! -
Simplify internal implementation to get changelog entries for a package
version</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/629">#629</a>
<a
href="https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50"><code>e0c90aa</code></a>
Thanks <a href="https://github.com/bluwy"><code>@​bluwy</code></a>! -
Fix custom version and publish command argument parsing</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/645">#645</a>
<a
href="https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf"><code>f9585d9</code></a>
Thanks <a
href="https://github.com/Andarist"><code>@​Andarist</code></a>! -
Improved force-push handling when using <code>commitMode:
&quot;github-api&quot;</code> so updating an existing branch no longer
temporarily resets the target branch to the base commit, avoiding cases
where GitHub closes open pull requests during the update. This should
remove a possibility of a GitHub state race that caused the force-pushed
PRs not being reopened.</p>
</li>
</ul>
<h2>v1.8.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/changesets/action/pull/258">#258</a>
<a
href="https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d"><code>f5dbf72</code></a>
Thanks <a
href="https://github.com/tom-sherman"><code>@​tom-sherman</code></a>! -
Support draft version PR modes with a new <code>prDraft</code> input.
Use <code>create</code> to create new version PRs as drafts, or
<code>always</code> to also convert existing version PRs back to draft
when updating them.</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/502">#502</a>
<a
href="https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977"><code>6002dbd</code></a>
Thanks <a
href="https://github.com/oshytiko"><code>@​oshytiko</code></a>! - Fixed
initial <code>.changeset</code> state being picked up, when
<code>cwd</code> parameter is provided</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/536">#536</a>
<a
href="https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2"><code>81b3f61</code></a>
Thanks <a href="https://github.com/radnan"><code>@​radnan</code></a>! -
Fixed <code>.changeset</code> state being picked for the version command
when <code>cwd</code> parameter is provided</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/changesets/action/blob/main/CHANGELOG.md">changesets/action's
changelog</a>.</em></p>
<blockquote>
<h1><code>@​changesets/action</code></h1>
<h2>1.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/636">#636</a>
<a
href="https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1"><code>b072bcc</code></a>
Thanks <a href="https://github.com/bluwy"><code>@​bluwy</code></a>! -
Add a new <code>@changesets/action/pr-comment</code> sub-action to
comment on PRs</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/625">#625</a>
<a
href="https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6"><code>8795eee</code></a>
Thanks <a href="https://github.com/bluwy"><code>@​bluwy</code></a>! -
Add a new <code>@changesets/action/pr-status</code> sub-action to
generate the changeset status comment for PRs as an alternative to the
<a href="https://github.com/apps/changeset-bot">Changesets Bot</a>.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/535">#535</a>
<a
href="https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520"><code>34f64f6</code></a>
Thanks <a
href="https://github.com/Andarist"><code>@​Andarist</code></a>! - Fixed
an issue with GitHub releases not being created for successfully
published packages when <em>some</em> packages failed to be published to
the registry.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/632">#632</a>
<a
href="https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4"><code>1d54b9e</code></a>
Thanks <a href="https://github.com/bluwy"><code>@​bluwy</code></a>! -
Simplify internal implementation to get changelog entries for a package
version</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/629">#629</a>
<a
href="https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50"><code>e0c90aa</code></a>
Thanks <a href="https://github.com/bluwy"><code>@​bluwy</code></a>! -
Fix custom version and publish command argument parsing</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/645">#645</a>
<a
href="https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf"><code>f9585d9</code></a>
Thanks <a
href="https://github.com/Andarist"><code>@​Andarist</code></a>! -
Improved force-push handling when using <code>commitMode:
&quot;github-api&quot;</code> so updating an existing branch no longer
temporarily resets the target branch to the base commit, avoiding cases
where GitHub closes open pull requests during the update. This should
remove a possibility of a GitHub state race that caused the force-pushed
PRs not being reopened.</p>
</li>
</ul>
<h2>1.8.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/changesets/action/pull/258">#258</a>
<a
href="https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d"><code>f5dbf72</code></a>
Thanks <a
href="https://github.com/tom-sherman"><code>@​tom-sherman</code></a>! -
Support draft version PR modes with a new <code>prDraft</code> input.
Use <code>create</code> to create new version PRs as drafts, or
<code>always</code> to also convert existing version PRs back to draft
when updating them.</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/502">#502</a>
<a
href="https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977"><code>6002dbd</code></a>
Thanks <a
href="https://github.com/oshytiko"><code>@​oshytiko</code></a>! - Fixed
initial <code>.changeset</code> state being picked up, when
<code>cwd</code> parameter is provided</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/536">#536</a>
<a
href="https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2"><code>81b3f61</code></a>
Thanks <a href="https://github.com/radnan"><code>@​radnan</code></a>! -
Fixed <code>.changeset</code> state being picked for the version command
when <code>cwd</code> parameter is provided</p>
</li>
</ul>
<h2>1.7.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/changesets/action/pull/564">#564</a>
<a
href="https://github.com/changesets/action/commit/935fe876b0054dfc962ac86bcddf028460040d46"><code>935fe87</code></a>
Thanks <a
href="https://github.com/Andarist"><code>@​Andarist</code></a>! -
Automatically use the GitHub-provided token to allow most users to avoid
explicit <code>GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}</code>
configuration.</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/545">#545</a>
<a
href="https://github.com/changesets/action/commit/54220dd92c06e7da112b139f95d8beb933e4cdde"><code>54220dd</code></a>
Thanks <a
href="https://github.com/ryanbas21"><code>@​ryanbas21</code></a>! - The
<code>.npmrc</code> generation now intelligently handles both
traditional NPM token authentication and trusted publishing scenarios by
only appending the auth token when <code>NPM_TOKEN</code> is defined.
This prevents 'undefined' from being written to the registry
configuration when using OIDC tokens from GitHub Actions trusted
publishing.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/changesets/action/pull/563">#563</a>
<a
href="https://github.com/changesets/action/commit/6af4a7ec080d23ac6b304f69b67fd0aa92e089e7"><code>6af4a7e</code></a>
Thanks <a
href="https://github.com/Andarist"><code>@​Andarist</code></a>! - Don't
error on already committed symlinks and executables that stay
untouched</p>
</li>
</ul>
<h2>1.6.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/changesets/action/pull/558">#558</a>
<a
href="https://github.com/changesets/action/commit/342005d41242bccd9dd9ae8d3679efce96af48ae"><code>342005d</code></a>
Thanks <a
href="https://github.com/harsha-venugopal-ledn"><code>@​harsha-venugopal-ledn</code></a>!
- Upgrade from Node.js 20 to Node.js 24 LTS</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/changesets/action/commit/a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d"><code>a45c4d5</code></a>
v1.9.0</li>
<li><a
href="https://github.com/changesets/action/commit/b459b1eaa0a3889b4eea8af244304a64da6331ce"><code>b459b1e</code></a>
Version Packages (<a
href="https://redirect.github.com/changesets/action/issues/637">#637</a>)</li>
<li><a
href="https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf"><code>f9585d9</code></a>
Update <code>@changesets/ghcommit</code> (<a
href="https://redirect.github.com/changesets/action/issues/645">#645</a>)</li>
<li><a
href="https://github.com/changesets/action/commit/020e8cc600a1e7e7b8b843654902f043f32387ea"><code>020e8cc</code></a>
Use internal bot for versioning (<a
href="https://redirect.github.com/changesets/action/issues/643">#643</a>)</li>
<li><a
href="https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1"><code>b072bcc</code></a>
Add simple PR comment sub-action (<a
href="https://redirect.github.com/changesets/action/issues/636">#636</a>)</li>
<li><a
href="https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6"><code>8795eee</code></a>
Comment changeset status in PRs (<a
href="https://redirect.github.com/changesets/action/issues/625">#625</a>)</li>
<li><a
href="https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520"><code>34f64f6</code></a>
Fixed an issue with GitHub releases not being created for successfully
publis...</li>
<li><a
href="https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4"><code>1d54b9e</code></a>
Simplify getChangelogEntry (<a
href="https://redirect.github.com/changesets/action/issues/632">#632</a>)</li>
<li><a
href="https://github.com/changesets/action/commit/031358f743b5a6199bd7a39bdc8b469280983df9"><code>031358f</code></a>
Update to typescript v6 (<a
href="https://redirect.github.com/changesets/action/issues/633">#633</a>)</li>
<li><a
href="https://github.com/changesets/action/commit/a0c05f7a4b1df776543903d7dca8e39cd787b30a"><code>a0c05f7</code></a>
Bump <code>@​changesets/changelog-github</code> from 0.5.2 to 0.7.0 (<a
href="https://redirect.github.com/changesets/action/issues/620">#620</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/changesets/action/compare/6a0a831ff30acef54f2c6aa1cbbc1096b066edaf...a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-03 20:27:48 -07:00
dependabot[bot] 0563823693 build(deps): bump pnpm/action-setup from 6.0.5 to 6.0.8 in the patch-deps-updates group (#578)
Bumps the patch-deps-updates group with 1 update:
[pnpm/action-setup](https://github.com/pnpm/action-setup).

Updates `pnpm/action-setup` from 6.0.5 to 6.0.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pnpm/action-setup/releases">pnpm/action-setup's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.8</h2>
<h2>What's Changed</h2>
<ul>
<li>docs(README): fix <code>cache_dependency_path</code> type by <a
href="https://github.com/haines"><code>@​haines</code></a> in <a
href="https://redirect.github.com/pnpm/action-setup/pull/257">pnpm/action-setup#257</a></li>
<li>fix: drop patchPnpmEnv so standalone+self-update works on Windows by
<a href="https://github.com/zkochan"><code>@​zkochan</code></a> in <a
href="https://redirect.github.com/pnpm/action-setup/pull/258">pnpm/action-setup#258</a></li>
<li>fix: update pnpm to 11.1.1 by <a
href="https://github.com/mungodewar"><code>@​mungodewar</code></a> in <a
href="https://redirect.github.com/pnpm/action-setup/pull/248">pnpm/action-setup#248</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mungodewar"><code>@​mungodewar</code></a> made
their first contribution in <a
href="https://redirect.github.com/pnpm/action-setup/pull/248">pnpm/action-setup#248</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pnpm/action-setup/compare/v6.0.7...v6.0.8">https://github.com/pnpm/action-setup/compare/v6.0.7...v6.0.8</a></p>
<h2>v6.0.7</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: honor devEngines.packageManager.onFail=error (<a
href="https://redirect.github.com/pnpm/action-setup/issues/252">#252</a>)
by <a href="https://github.com/zkochan"><code>@​zkochan</code></a> in <a
href="https://redirect.github.com/pnpm/action-setup/pull/254">pnpm/action-setup#254</a></li>
<li>fix: restore inputs from state in post by <a
href="https://github.com/haines"><code>@​haines</code></a> in <a
href="https://redirect.github.com/pnpm/action-setup/pull/255">pnpm/action-setup#255</a></li>
<li>fix: self-update bootstrap to packageManager-pinned version (<a
href="https://redirect.github.com/pnpm/action-setup/issues/233">#233</a>)
by <a href="https://github.com/zkochan"><code>@​zkochan</code></a> in <a
href="https://redirect.github.com/pnpm/action-setup/pull/256">pnpm/action-setup#256</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/haines"><code>@​haines</code></a> made
their first contribution in <a
href="https://redirect.github.com/pnpm/action-setup/pull/255">pnpm/action-setup#255</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pnpm/action-setup/compare/v6.0.6...v6.0.7">https://github.com/pnpm/action-setup/compare/v6.0.6...v6.0.7</a></p>
<h2>v6.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: bin_dest output points to self-updated pnpm, not bootstrap by
<a href="https://github.com/zkochan"><code>@​zkochan</code></a> in <a
href="https://redirect.github.com/pnpm/action-setup/pull/249">pnpm/action-setup#249</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pnpm/action-setup/compare/v6.0.5...v6.0.6">https://github.com/pnpm/action-setup/compare/v6.0.5...v6.0.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pnpm/action-setup/commit/0e279bb959325dab635dd2c09392533439d90093"><code>0e279bb</code></a>
fix: update pnpm to 11.1.1 (<a
href="https://redirect.github.com/pnpm/action-setup/issues/248">#248</a>)</li>
<li><a
href="https://github.com/pnpm/action-setup/commit/3e835812ef01165f4f8ae08ade56da44427ed4e0"><code>3e83581</code></a>
fix: drop patchPnpmEnv so standalone+self-update works on Windows (<a
href="https://redirect.github.com/pnpm/action-setup/issues/258">#258</a>)</li>
<li><a
href="https://github.com/pnpm/action-setup/commit/551b42e879e37e74d986effdd2a1647d2b02d464"><code>551b42e</code></a>
docs(README): fix <code>cache_dependency_path</code> type (<a
href="https://redirect.github.com/pnpm/action-setup/issues/257">#257</a>)</li>
<li><a
href="https://github.com/pnpm/action-setup/commit/739bfe42ca9233c5e6aca07c1a25a9d34aca49b0"><code>739bfe4</code></a>
fix: self-update bootstrap to packageManager-pinned version (<a
href="https://redirect.github.com/pnpm/action-setup/issues/233">#233</a>)
(<a
href="https://redirect.github.com/pnpm/action-setup/issues/256">#256</a>)</li>
<li><a
href="https://github.com/pnpm/action-setup/commit/f61705d907761b3b5209e83910fafd1fea50c5a1"><code>f61705d</code></a>
chore: add CODEOWNERS</li>
<li><a
href="https://github.com/pnpm/action-setup/commit/7a5507b117647ab83e96e9db317ba2234056ebf3"><code>7a5507b</code></a>
fix: restore inputs from state in post (<a
href="https://redirect.github.com/pnpm/action-setup/issues/255">#255</a>)</li>
<li><a
href="https://github.com/pnpm/action-setup/commit/1155470f3e5fb872accd4d104b8dfcda41f676ce"><code>1155470</code></a>
fix: honor devEngines.packageManager.onFail=error (<a
href="https://redirect.github.com/pnpm/action-setup/issues/252">#252</a>)
(<a
href="https://redirect.github.com/pnpm/action-setup/issues/254">#254</a>)</li>
<li><a
href="https://github.com/pnpm/action-setup/commit/91ab88e2619ed1f46221f0ba42d1492c02baf788"><code>91ab88e</code></a>
fix: bin_dest output points to self-updated pnpm, not bootstrap (<a
href="https://redirect.github.com/pnpm/action-setup/issues/249">#249</a>)</li>
<li><a
href="https://github.com/pnpm/action-setup/commit/e578e19d19d31b011b841ba2aca34731a5f706a5"><code>e578e19</code></a>
fix: update pnpm to 11.0.4</li>
<li>See full diff in <a
href="https://github.com/pnpm/action-setup/compare/v6.0.5...0e279bb959325dab635dd2c09392533439d90093">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pnpm/action-setup&package-manager=github_actions&previous-version=6.0.5&new-version=6.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-03 20:27:42 -07:00
Hunter Lovell 27ebdc3fea chore(deepagents): clarify LocalShellBackend virtualMode behavior (#577)
## Summary

Fixes #544.

Clarifies `LocalShellBackend` path semantics without introducing a
breaking default change. This keeps legacy behavior intact while making
the bounded-workspace setup explicit in docs and examples.

## Changes

### deepagents (`LocalShellBackend`)

- Clarified `LocalShellBackendOptions` docs to explicitly note that
`rootDir` does not bound filesystem paths when `virtualMode` is `false`.
- Updated `LocalShellBackend` examples to use `virtualMode: true` when
bounded path semantics are intended.
- Added unit coverage to assert legacy behavior is preserved: with
`virtualMode: false`, absolute writes can resolve outside `rootDir`.
2026-06-02 15:44:34 -07:00
Anton Nak 18557db7bb fix(deepagents): gate cache_control writes on per-call request.model (#551)
Fixes #550.

## Problem

`createCacheBreakpointMiddleware` and `createMemoryMiddleware` write
Anthropic-specific `cache_control: { type: "ephemeral" }` markers into
the request payload. Both gate the write at **agent-creation time** in
`createDeepAgent` (whether the *primary* model is Anthropic). When
`modelFallbackMiddleware` swaps `request.model` to a non-Anthropic
provider at request time, the markers leak through and the fallback
provider rejects the request:

```
400 Unknown parameter: 'messages[0].content[N].cache_control'
```

Full root-cause writeup, production trace, and reproduction in #550.

## Fix

Move the model classification from boot-time to **per-call**, using the
existing `isAnthropicModel` helper (`src/utils.ts:9`).

- **`src/middleware/cache.ts`** — bail at the top of `wrapModelCall`
when `request.model` isn't Anthropic.
- **`src/middleware/memory.ts`** — AND the existing `addCacheControl`
flag with the same per-call check. `addCacheControl` keeps its current
public meaning (opt-in switch); the per-call gate is an additional
safety net.
- **`src/agent.ts`** — left untouched. The boot-time install gate stays
(small perf win when primary is non-Anthropic — middleware isn't
installed at all). The new per-call check handles the fallback case
where the middleware *is* installed but the model has been swapped.

## Tests

Each middleware's `.test.ts` got a `per-call provider gating` block.
They build a request with a `ChatAnthropic`-shaped stub vs a
`ChatOpenAI`-shaped stub on `request.model`, run `wrapModelCall`, and
assert `cache_control` is/isn't written. Also covers `ConfigurableModel`
with `modelProvider: "anthropic"` and the string forms
(`"anthropic:claude-..."`, `"openai:gpt-5"`).

Existing fixtures that didn't set `request.model` now pass a
`ChatAnthropic` stub so they keep exercising the write path — they were
previously relying on the unconditional behavior. No behavioral
assertions changed; only the fixture got more explicit.

31/31 tests pass on `libs/deepagents` (`cache.test.ts` +
`memory.test.ts`).

## Compatibility

- **No public API change.** `addCacheControl?: boolean` on
`MemoryMiddlewareOptions` keeps its existing semantics.
- **Anthropic-primary happy path unchanged** — same writes, same cache
hits.
- **Per-call cost:** one `getName()` / string check inside
`wrapModelCall`. Sub-microsecond.
- **Failure mode improvement:** users running `createDeepAgent` with an
Anthropic primary + non-Anthropic fallback no longer get a 400 from the
fallback provider on swap.

## Changeset

`patch` bump on `deepagents`.

## Out of scope

`request.modelSettings.cache_control` (written by LangChain core's
`anthropicPromptCachingMiddleware`) can also leak across the swap.
Mentioned in #550 for tracking — that's a LangChain-side fix, not
deepagents.

---------

Co-authored-by: Anton Nakaliuzhnyi <anakaliuzhnyi@gipartners.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-02 14:04:23 -07:00