mirror of
https://github.com/langchain-ai/deepagentsjs.git
synced 2026-07-18 16:04:44 -04:00
dependabot/github_actions/patch-deps-updates-00a0d7aaea
552 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
388efc6c62 |
build(deps): bump softprops/action-gh-release
Bumps the patch-deps-updates group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `softprops/action-gh-release` from 3.0.1 to 3.0.2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/718ea10b132b3b2eba29c1007bb80653f286566b...3d0d9888cb7fd7b750713d6e236d1fcb99157228) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-deps-updates ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
|
a8c190cfd5 |
ci: cover example Dockerfile with Dependabot (#681)
## Summary - Add Dependabot Docker coverage for the maintained async subagent server example Dockerfile. - Leave npm coverage unchanged because the root pnpm workspace entry already covers workspace package manifests through the root lockfile. - Do not add release/N-1 `target-branch` entries; that policy applies only to `langchainplus` and `langgraph-api`. ## Test Plan - [x] Compared dependency roots on `main` against `.github/dependabot.yml` coverage. - [x] Parsed `.github/dependabot.yml` with Ruby YAML. - [x] Ran `git diff --check`. Co-authored-by: Langster <john@langchain.dev> |
||
|
|
64c91addfe |
chore: apply Socket optimized package overrides (#682)
## Summary - apply Socket Optimize curated `@socketregistry` pnpm overrides - retain existing vulnerability-pinning overrides - update the pnpm lockfile with the optimized dependency graph ## Validation - `socket optimize .` completed and added 10 overrides - `git diff --check` passed - `CI=true sfw pnpm install --frozen-lockfile` confirmed the lockfile was current, then could not complete because the existing `vercel-labs/node-vfs-polyfill` GitHub tarball failed local certificate validation (`UNABLE_TO_GET_ISSUER_CERT_LOCALLY`) - `pnpm format:check` could not run afterward because the incomplete reinstall left `oxfmt` unavailable - `npm audit --package-lock-only --omit=dev` is not applicable: this pnpm repo has no npm `package-lock.json` |
||
|
|
cc26c41df2 |
fix(deepagents): merge custom middleware by name (#672)
## Summary Adds middleware override behavior to replace default middleware by `.name` instead of always being appended. ## Changes - Add name-keyed middleware merging so custom middleware replaces matching default middleware in-place and appends novel middleware after the core stack. - Apply default-slot middleware overrides consistently when constructing main-agent and subagent middleware stacks, while preventing parent-only middleware from propagating unless it matches a subagent default slot. - Move harness tool exclusion into a private `_ToolExclusionMiddleware` helper so excluded tools are stripped after tool-injecting middleware has run. - Add coverage for main-agent replacement, subagent/default override propagation, parent-only middleware isolation, profile exclusions, tool-exclusion ordering, and merge precedence. |
||
|
|
f09bc61d7a |
feat(deepagents): implement delete across backends (#680)
## Summary Implements the optional backend `delete` protocol across the built-in backend implementations now that the delete protocol surface is available. This keeps delete behavior backend-local and does not expose a new filesystem tool to agents. ## Changes ### deepagents - Implements `delete(filePath)` for filesystem, store, composite, context hub, and sandbox backends. - Uses backend-specific safety semantics: filesystem deletion goes through existing path resolution and only unlinks files, store deletion treats paths as exact keys, context hub deletion commits null entries, and sandbox deletion uses shell-quoted `rm -f`. - Adds tests covering successful deletion, missing paths, directory rejection where applicable, composite route path restoration, store wildcard literal behavior, and context hub cache updates/failure handling. ### @langchain/node-vfs - Implements `delete(filePath)` for the VFS backend. - Adds tests for file deletion, missing paths, directory rejection, and preserving non-target files. |
||
|
|
6ae9d1eab9 |
feat(deepagents): add filesystem tool allowlist (#671)
## Summary Adds a `tools` allowlist option to `createFilesystemMiddleware` so callers can restrict which built-in filesystem tools are exposed to the model. The middleware now builds the filesystem system prompt from the tools that are actually visible on the request, avoiding instructions for tools that were filtered by the allowlist or backend capability checks. ## Changes - Adds a public `FsToolName` type and `tools` option to `FilesystemMiddlewareOptions`. - Filters filesystem middleware tools at construction time when an explicit allowlist is provided, while preserving existing `execute` backend capability filtering. - Requires `read_file` in explicit allowlists because it is needed for filesystem workflows and large-result recovery. - Generates the filesystem tool prompt dynamically from visible filesystem tools, and only appends execute-specific instructions when `execute` is actually available. - Adds unit and integration coverage for allowlist behavior, prompt filtering, unsupported `execute`, and user-provided non-filesystem tools. |
||
|
|
eb18c70d8d |
feat(deepagents): add delete protocol support (#673)
## Summary
Adds protocol-level delete support for deepagents backends.
## Changes
### deepagents
- Adds `DeleteResult` to the backend protocol exports.
- Adds optional `delete(filePath)` support to v1 and v2 backend
protocols.
- Preserves optional delete implementations when adapting backends to
the v2 protocol.
- Implements `StateBackend.delete()` for zero-argument StateBackend
instances by sending `{ [filePath]: null }` through `__pregel_send`.
- Adds a changeset for the new backend protocol capability.
|
||
|
|
4894f65f1e |
fix(deps): resolve open Dependabot alerts (#677)
## Summary - Update pnpm overrides for axios, protobufjs, @opentelemetry/core, and js-yaml to their minimum safe versions. - Regenerate the lockfile to remove the vulnerable transitive resolutions. - Resolves the 32 Dependabot alerts currently open on the default branch (18 high, 14 moderate). ## Validation - `pnpm test` |
||
|
|
4643148e8b |
feat(deepagents): add structured system prompt configuration (#669)
## Summary Ports the system prompt configuration in langchain-ai/deepagents#4437 |
||
|
|
4507acd92e |
chore: version packages (#670)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## deepagents-acp@0.1.18 ### Patch Changes - Updated dependencies [[`7c8a770`](https://github.com/langchain-ai/deepagentsjs/commit/7c8a770fac90fd50dfe08af67a0ce073a33e4ef7)]: - deepagents@1.10.8 ## deepagents@1.10.8 ### Patch Changes - [#668](https://github.com/langchain-ai/deepagentsjs/pull/668) [`7c8a770`](https://github.com/langchain-ai/deepagentsjs/commit/7c8a770fac90fd50dfe08af67a0ce073a33e4ef7) Thanks [@colifran](https://github.com/colifran)! - fix(deepagents): fast-glob follows directory symlink cycles leading to ELOOP crashes ## @deepagents/evals@0.0.17 ### Patch Changes - Updated dependencies [[`7c8a770`](https://github.com/langchain-ai/deepagentsjs/commit/7c8a770fac90fd50dfe08af67a0ce073a33e4ef7)]: - deepagents@1.10.8 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>deepagents-acp@0.1.18 deepagents@1.10.8 |
||
|
|
7c8a770fac |
fix(deepagents): fast-glob follows directory symlink cycles leading to ELOOP crashes (#668)
### Summary `fast-glob` follows symbolic links by default so the `glob`/`grep` tools in `FilesystemBackend` and `LocalShellBackend` walked directory symlink cycles recursively causing `ELOOP` crashes. and aborted the run over a target repo. This PR fixes by adding`followSymbolicLinks: false` to all four `fast-glob` calls. Bonus: this keeps traversal inside the search root. ### Tests Unit tests in `filesystem.test.ts` and `local-shell.test.ts` verifying that a `sub/sub -> .` cycle now traverses cleanly without traversing symlinks. This is an upstream fix for: https://github.com/langchain-ai/openwiki/issues/72 |
||
|
|
2d1b39bd29 |
fix: Deno sandbox file path shell injection (#664)
## Summary
Fixes the Deno sandbox file-operation shell injection findings from
Corridor category 2:
- `67480dc4-15f8-48fc-925d-4b0e144832c1` — `DenoSandbox.uploadFiles()`
interpolated `parentDir` into `mkdir -p "${parentDir}"` through
`/bin/bash -c`
- `7d707e16-90a6-4231-974f-d2831971687b` — `DenoSandbox.downloadFiles()`
interpolated `path` into `cat "${path}"` through `/bin/bash -c`
## Changes
- Replace shell-interpreted `mkdir -p` with direct argv execution:
`/bin/mkdir`, `args: ["-p", parentDir]`
- Replace shell-interpreted `cat` with direct argv execution:
`/bin/cat`, `args: [path]`
- Add regression tests covering paths containing `$()` to ensure
file-operation paths are passed as literal argv values and not routed
through `/bin/bash`
## Security notes
This removes command substitution / shell metacharacter interpretation
from Deno `uploadFiles()` and `downloadFiles()` paths. It does not
attempt to solve broader path containment findings in the filesystem
category; those should remain a separate hardening patch.
## Test plan
- `git diff --check` ✅
- Verified the vulnerable Deno patterns are removed from
`libs/providers/deno/src` ✅
- `pnpm --dir /tmp/deepagentsjs --filter "@langchain/deno" test:unit` ⚠️
could not run locally because this sandbox has no `node_modules`;
dependency install was blocked by Socket Firewall failing to fetch its
GitHub release binary with HTTP 502. The repo also requires Node >=22.13
for the pinned pnpm, so I used a temporary Node 22.13.1 binary for the
attempted test run.
CI should run the full Deno provider unit tests.
Co-authored-by: Langster <john@langchain.dev>
|
||
|
|
1b8528ba92 |
fix: Permission gate (requestToolPermission) is defined but never called — all tool executions bypass permission checks (#663)
## Summary This PR was generated by [Corridor](https://corridor.dev) to fix: - Permission gate (requestToolPermission) is defined but never called — all tool executions bypass permission checks ## Changes To close the missing authorization gap (CWE-862), the fix wires a call to requestToolPermission() into the tool execution path inside handleAIMessage(), awaiting a user decision before moving from the in_progress state. Depending on the decision, the tool call is rejected (marked failed, updated to the client, removed from active calls, and the prompt/stream aborted), cancelled (similar cleanup and abort), or allowed to proceed as before; the existing allow_always/reject_always caching is preserved via the session’s permissionDecisions. The change is narrowly scoped to the for loop in handleAIMessage() and does not alter interfaces, semantics, or other code paths. --- Generated by Corridor Co-authored-by: corridor-security[bot] <203152403+corridor-security[bot]@users.noreply.github.com> |
||
|
|
3eab2cad6f |
chore: version packages (#660)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## deepagents-acp@0.1.17 ### Patch Changes - Updated dependencies [[`8efde93`](https://github.com/langchain-ai/deepagentsjs/commit/8efde93792dfc324e70b441eacbb810532f347c4)]: - deepagents@1.10.7 ## deepagents@1.10.7 ### Patch Changes - [#659](https://github.com/langchain-ai/deepagentsjs/pull/659) [`8efde93`](https://github.com/langchain-ai/deepagentsjs/commit/8efde93792dfc324e70b441eacbb810532f347c4) Thanks [@Kowshik4593](https://github.com/Kowshik4593)! - Fix: Normalize `path` to `file_path` in filesystem tools (`read_file`, `write_file`, and `edit_file`) and align the prompt documentation examples to prevent validation schema failures on weaker/custom models. ## @deepagents/evals@0.0.16 ### Patch Changes - Updated dependencies [[`8efde93`](https://github.com/langchain-ai/deepagentsjs/commit/8efde93792dfc324e70b441eacbb810532f347c4)]: - deepagents@1.10.7 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Colin Francis <colin.francis@langchain.dev>deepagents-acp@0.1.17 deepagents@1.10.7 |
||
|
|
8efde93792 |
feat(deepagents): implement filesystem state management middleware with atomic update support and testing (#659)
## Problem Addresses #658. When using weaker or custom LLMs (e.g., smaller open-source models) in `deepagents` and consumers like `openwiki`, the agent immediately crashes with a schema validation error on the first filesystem tool call: This occurs because: 1. `ls` defines its directory argument as `path`, but `read_file`, `write_file`, and `edit_file` expect `file_path`. Models often default to `path` across all filesystem tools. 2. The description prompt examples in `fs.ts` and `skills.ts` show `read_file(path, ...)`, instructing models to use the wrong parameter name. ## Proposed Changes This PR solves both prompt inconsistencies and schema validation failures with a fully backward-compatible input normalization helper: 1. **Prompt Alignment**: Fixed references in `fs.ts` and `skills.ts` to instruct the model to use `file_path` (aligned with the prompt fixes in #644). 2. **Schema Input Normalization**: Added a `normalizeFilePathInput` preprocessor helper to the `read_file`, `write_file`, and `edit_file` Zod schemas using `z.preprocess`. This dynamically maps the `path` key to `file_path` if the model still passes `path`. ## Verification & Tests - Added unit tests in `fs.test.ts` to assert that: - `path` parameter normalization maps correctly to `file_path` for `read_file`, `write_file`, and `edit_file`. - All instruction examples contain only valid schema fields. - Verified that `zod-to-json-schema` unwraps the `z.preprocess` layer perfectly, preserving the original schema descriptions and definitions sent to the LLM. - Ran all filesystem tests successfully (`npx vitest run src/middleware/fs.test.ts` passes). |
||
|
|
ff8cc5c4b4 |
chore: version packages (#607)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @langchain/quickjs@0.6.0 ### Minor Changes - [#606](https://github.com/langchain-ai/deepagentsjs/pull/606) [`3c8f8b2`](https://github.com/langchain-ai/deepagentsjs/commit/3c8f8b2ea6f0204353c63bf49c3fdc6655bf1069) Thanks [@colifran](https://github.com/colifran)! - chore(quickjs): disallow task as a configurable ptc tool ## deepagents-acp@0.1.16 ### Patch Changes - Updated dependencies [[`d7ecab2`](https://github.com/langchain-ai/deepagentsjs/commit/d7ecab2d9f9d41321a043eed6edc3366a1381a67), [`1a2b2df`](https://github.com/langchain-ai/deepagentsjs/commit/1a2b2df5528f0f61870b054fff8291355f6a2a0b), [`42f34b6`](https://github.com/langchain-ai/deepagentsjs/commit/42f34b65ededf4a1fbf3cd4bbff486ddfeb320e9), [`0ae10d7`](https://github.com/langchain-ai/deepagentsjs/commit/0ae10d7e26c84203a5273939c9ad7a9c8c8661c6)]: - deepagents@1.10.6 ## deepagents@1.10.6 ### Patch Changes - [#608](https://github.com/langchain-ai/deepagentsjs/pull/608) [`d7ecab2`](https://github.com/langchain-ai/deepagentsjs/commit/d7ecab2d9f9d41321a043eed6edc3366a1381a67) Thanks [@aolsenjazz](https://github.com/aolsenjazz)! - fix(deepagents): forward subagent results as text Fixed a 400 `invalid_request_error` that occurred when a subagent used an Anthropic server-side tool (web search, web fetch, or code execution): the subagent's `server_tool_use`/`*_tool_result` blocks were forwarded to the parent agent as `tool_result` content, which the API rejects. Subagent results are now passed back to the parent as their text content (matching the Python implementation), which resolves the error and also handles a trailing empty `end_turn` message. - [#656](https://github.com/langchain-ai/deepagentsjs/pull/656) [`1a2b2df`](https://github.com/langchain-ai/deepagentsjs/commit/1a2b2df5528f0f61870b054fff8291355f6a2a0b) Thanks [@colifran](https://github.com/colifran)! - fix(deepagents): default unknown file extensions to text/plain - [#611](https://github.com/langchain-ai/deepagentsjs/pull/611) [`42f34b6`](https://github.com/langchain-ai/deepagentsjs/commit/42f34b65ededf4a1fbf3cd4bbff486ddfeb320e9) Thanks [@aolsenjazz](https://github.com/aolsenjazz)! - feat(deepagents): add bedrockPromptCachingMiddleware to default stack Add bedrockPromptCachingMiddleware to default middleware stack. This automatically opts-in to Bedrock prompt caching for Nova and Anthropic models - [#613](https://github.com/langchain-ai/deepagentsjs/pull/613) [`0ae10d7`](https://github.com/langchain-ai/deepagentsjs/commit/0ae10d7e26c84203a5273939c9ad7a9c8c8661c6) Thanks [@christian-bromann](https://github.com/christian-bromann)! - fix(deepagents): declare LangChain runtime packages as peer dependencies Move `@langchain/core`, `@langchain/langgraph`, `@langchain/langgraph-sdk`, and `langchain` from `dependencies` to `peerDependencies`, and also declare `@langchain/langgraph-checkpoint` as a peer (its `BaseCheckpointSaver`/`BaseStore` types are part of the public API), so they resolve to a single shared instance in the consumer's tree. Previously they were bundled as regular dependencies, which let a consumer end up with two copies of `@langchain/core` (e.g. `1.2.0` vs `1.2.1`). Because these packages ship classes with private/ protected fields, the duplicate copies are treated as nominally distinct types, producing errors like passing a `ChatOpenAI` model to `createDeepAgent` or a compiled graph to the local protocol helpers. As peers, the app controls the version and bumping `@langchain/core` no longer requires a `deepagents` release. ## @langchain/daytona@0.2.1 ### Patch Changes - [#614](https://github.com/langchain-ai/deepagentsjs/pull/614) [`5b462f2`](https://github.com/langchain-ai/deepagentsjs/commit/5b462f2ab2400fba52906e8f1485a500ec5b6e17) Thanks [@christian-bromann](https://github.com/christian-bromann)! - Replace deprecated `@daytonaio/sdk` dependency with `@daytona/sdk`. ## @langchain/modal@0.1.5 ### Patch Changes - [#657](https://github.com/langchain-ai/deepagentsjs/pull/657) [`5f93c11`](https://github.com/langchain-ai/deepagentsjs/commit/5f93c114759399002a3981a93e3df13981514b1d) Thanks [@colifran](https://github.com/colifran)! - fix(modal): modal low level file handle api `sandbox.open` has been removed ## @deepagents/evals@0.0.15 ### Patch Changes - Updated dependencies [[`d7ecab2`](https://github.com/langchain-ai/deepagentsjs/commit/d7ecab2d9f9d41321a043eed6edc3366a1381a67), [`1a2b2df`](https://github.com/langchain-ai/deepagentsjs/commit/1a2b2df5528f0f61870b054fff8291355f6a2a0b), [`42f34b6`](https://github.com/langchain-ai/deepagentsjs/commit/42f34b65ededf4a1fbf3cd4bbff486ddfeb320e9), [`0ae10d7`](https://github.com/langchain-ai/deepagentsjs/commit/0ae10d7e26c84203a5273939c9ad7a9c8c8661c6)]: - deepagents@1.10.6 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Colin Francis <colin.francis@langchain.dev>@langchain/daytona@0.2.1 @langchain/modal@0.1.5 @langchain/quickjs@0.6.0 deepagents-acp@0.1.16 deepagents@1.10.6 |
||
|
|
1a2b2df552 |
fix(deepagents): default unknown file extensions to text/plain (#656)
### Summary `read_file` couldn't read many common text files and with Anthropic it crashes the whole run. `getMimeType()` mapped any unrecognized extension to `application/octet-stream`, which `isTextMimeType()` treats as binary, so the file got base64-encoded into a document block. This defaults unknown extensions to `text/plain` instead. Known binaries (images, audio, video, PDF/PPT) stay explicitly mapped, so image and PDF handling is unchanged. Files like `.properties`, `.scss`, `.tf`, `.lock`, and extension-less files like `Dockerfile` now read as text. ### Tests Flipped the unknown-extension unit test to expect `text/plain`. |
||
|
|
5f93c11475 |
fix(modal): modal sandboxes fail to upload files (#657)
### Summary Modal v0.8.0 released the following breaking change: ``` Breaking: Removed the deprecated low-level file-handle API: Sandbox.Open / SandboxFile (Go), and sandbox.open / SandboxFile (JS). Use the Sandbox Filesystem API instead: sandbox.Filesystem() (Go) / sandbox.filesystem (JS). ``` Ref: https://github.com/modal-labs/modal-client/blob/main/CHANGELOG_GO_JS.md This PR updates our implementation to use the sandbox filesystem api ### Tests Updated `sandbox.test.ts` mocks to model `sandbox.filesystem` |
||
|
|
ff7d82a791 |
build(deps): bump the minor-deps-updates-main group with 8 updates (#640)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps the minor-deps-updates-main group with 8 updates: | Package | From | To | | --- | --- | --- | | [globals](https://github.com/sindresorhus/globals) | `17.6.0` | `17.7.0` | | [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.53.0` | `0.57.0` | | [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.70.0` | `1.72.0` | | [@daytona/sdk](https://github.com/daytona/clients) | `0.184.0` | `0.192.0` | | [modal](https://github.com/modal-labs/modal-client) | `0.7.6` | `0.8.2` | | [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.21.0` | `8.22.0` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.21.0` | `1.23.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.2` | Updates `globals` from 17.6.0 to 17.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/globals/releases">globals's releases</a>.</em></p> <blockquote> <h2>v17.7.0</h2> <ul> <li>Update globals (2026-06-22) (<a href="https://redirect.github.com/sindresorhus/globals/issues/345">#345</a>) 33b75f9</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/globals/compare/v17.6.0...v17.7.0">https://github.com/sindresorhus/globals/compare/v17.6.0...v17.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/globals/commit/a19670cc86c1218e915657c55ea02ba3e7623834"><code>a19670c</code></a> 17.7.0</li> <li><a href="https://github.com/sindresorhus/globals/commit/9611620bad0ea45531ae0261b986ce694374e42c"><code>9611620</code></a> Update actions (<a href="https://redirect.github.com/sindresorhus/globals/issues/346">#346</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/33b75f9ddeb6f9ddd81251b043667eb8104a8d15"><code>33b75f9</code></a> Update globals (2026-06-22) (<a href="https://redirect.github.com/sindresorhus/globals/issues/345">#345</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/887dd529bde24486b7f9e31d1b2c515df2b7cf5c"><code>887dd52</code></a> Fix build script (<a href="https://redirect.github.com/sindresorhus/globals/issues/344">#344</a>)</li> <li>See full diff in <a href="https://github.com/sindresorhus/globals/compare/v17.6.0...v17.7.0">compare view</a></li> </ul> </details> <br /> Updates `oxfmt` from 0.53.0 to 0.57.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oxc-project/oxc/commit/5306f24d9e82ae36ad9c3c964f33075bc589c799"><code>5306f24</code></a> release(apps): oxlint v1.72.0 && oxfmt v0.57.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23935">#23935</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/c4be770f24adc4026efa96fb82182f743c55e423"><code>c4be770</code></a> release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23707">#23707</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/aa79b5be9915068f60bc361febf2e7496b92fc24"><code>aa79b5b</code></a> release(apps): oxlint v1.70.0 && oxfmt v0.55.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23442">#23442</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/9a2788b3ae60c033a969fbba63733748f8c6130a"><code>9a2788b</code></a> feat(linter/unicorn): implement <code>prefer-export-from</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22935">#22935</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/44ae845fe19d3700128e50e7e61d98c7a85f3f47"><code>44ae845</code></a> release(apps): oxlint v1.69.0 && oxfmt v0.54.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23116">#23116</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/dadafe3e0874b2b75775d265b24d19d7f446e2bf"><code>dadafe3</code></a> docs(oxlint, oxfmt): mention migrate skills in npm READMEs (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22965">#22965</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/f88961ae2968ae2a12035111d07c72797812d2fd"><code>f88961a</code></a> docs(oxfmt): annotate each config option with supported languages (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22953">#22953</a>)</li> <li>See full diff in <a href="https://github.com/oxc-project/oxc/commits/oxfmt_v0.57.0/npm/oxfmt">compare view</a></li> </ul> </details> <br /> Updates `oxlint` from 1.70.0 to 1.72.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/oxc-project/oxc/releases">oxlint's releases</a>.</em></p> <blockquote> <h2>oxlint v1.27.0 && oxfmt v0.12.0</h2> <h1>Oxlint v1.27.0</h1> <h3>🚀 Features</h3> <ul> <li>222a8f0 linter/plugins: Implement <code>SourceCode#isSpaceBetween</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15498">#15498</a>) (overlookmotel)</li> <li>2f9735d linter/plugins: Implement <code>context.languageOptions</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15486">#15486</a>) (overlookmotel)</li> <li>bc731ff linter/plugins: Stub out all <code>Context</code> APIs (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15479">#15479</a>) (overlookmotel)</li> <li>5822cb4 linter/plugins: Add <code>extend</code> method to <code>FILE_CONTEXT</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15477">#15477</a>) (overlookmotel)</li> <li>7b1e6f3 apps: Add pure rust binaries and release to github (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15469">#15469</a>) (Boshen)</li> <li>2a89b43 linter: Introduce debug assertions after fixes to assert validity (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15389">#15389</a>) (camc314)</li> <li>ad3c45a editor: Add <code>oxc.path.node</code> option (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15040">#15040</a>) (Sysix)</li> </ul> <h3>🐛 Bug Fixes</h3> <ul> <li>6f3cd77 linter/no-var: Incorrect warning for blocks (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15504">#15504</a>) (Hamir Mahal)</li> <li>6957fb9 linter/plugins: Do not allow access to <code>Context#id</code> in <code>createOnce</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15489">#15489</a>) (overlookmotel)</li> <li>7409630 linter/plugins: Allow access to <code>cwd</code> in <code>createOnce</code> in ESLint interop mode (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15488">#15488</a>) (overlookmotel)</li> <li>732205e parser: Reject <code>using</code> / <code>await using</code> in a switch <code>case</code> / <code>default</code> clause (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15225">#15225</a>) (sapphi-red)</li> <li>a17ca32 linter/plugins: Replace <code>Context</code> class (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15448">#15448</a>) (overlookmotel)</li> <li>ecf2f7b language_server: Fail gracefully when tsgolint executable not found (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15436">#15436</a>) (camc314)</li> <li>3c8d3a7 lang-server: Improve logging in failure case for tsgolint (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15299">#15299</a>) (camc314)</li> <li>ef71410 linter: Use jsx if source type is JS in fix debug assertion (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15434">#15434</a>) (camc314)</li> <li>e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15426">#15426</a>) (camc314)</li> <li>6565dbe linter/switch-case-braces: Skip comments when searching for <code>:</code> token (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15425">#15425</a>) (camc314)</li> <li>85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15423">#15423</a>) (camc314)</li> <li>fde753e linter/plugins: Block access to <code>context.settings</code> in <code>createOnce</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15394">#15394</a>) (overlookmotel)</li> <li>ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15388">#15388</a>) (camc314)</li> <li>dac2a9c linter/no-template-curly-in-string: Remove fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15387">#15387</a>) (camc314)</li> <li>989b8e3 linter/no-var: Only fix to <code>const</code> if the var has an initializer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15385">#15385</a>) (camc314)</li> <li>cc403f5 linter/plugins: Return empty object for unimplemented parserServices (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15364">#15364</a>) (magic-akari)</li> </ul> <h3>⚡ Performance</h3> <ul> <li>25d577e language_server: Start tools in parallel (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15500">#15500</a>) (Sysix)</li> <li>3c57291 linter/plugins: Optimize loops (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15449">#15449</a>) (overlookmotel)</li> <li>3166233 linter/plugins: Remove <code>Arc</code>s (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15431">#15431</a>) (overlookmotel)</li> <li>9de1322 linter/plugins: Lazily deserialize settings JSON (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15395">#15395</a>) (overlookmotel)</li> <li>3049ec2 linter/plugins: Optimize <code>deepFreezeSettings</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15392">#15392</a>) (overlookmotel)</li> <li>444ebfd linter/plugins: Use single object for <code>parserServices</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15378">#15378</a>) (overlookmotel)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>97d2104 linter: Update comment in lint.rs about default value for tsconfig path (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15530">#15530</a>) (Connor Shea)</li> <li>2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15411">#15411</a>) (sapphi-red)</li> <li>a0c5203 linter/import/named: Update "ES7" comment in examples (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15410">#15410</a>) (sapphi-red)</li> <li>3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15409">#15409</a>) (sapphi-red)</li> <li>2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15408">#15408</a>) (sapphi-red)</li> <li>57f0ce1 linter: Add backquotes where appropriate (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15407">#15407</a>) (sapphi-red)</li> </ul> <h1>Oxfmt v0.12.0</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md">oxlint's changelog</a>.</em></p> <blockquote> <h2>[1.72.0] - 2026-06-29</h2> <h3>🚀 Features</h3> <ul> <li>1c8f50c linter: Add schema for <code>eslint/no-restricted-import</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23642">#23642</a>) (Sysix)</li> </ul> <h3>🐛 Bug Fixes</h3> <ul> <li>742be36 refactor/node/handle-callback-err: Reject invalid regex config (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23740">#23740</a>) (camc314)</li> </ul> <h2>[1.71.0] - 2026-06-22</h2> <h3>🚀 Features</h3> <ul> <li>0dc2405 linter: Add schema for <code>eslint/no-restricted-properties</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23619">#23619</a>) (Sysix)</li> <li>b638d0e linter: Add schema for <code>node/callback-return</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23615">#23615</a>) (Sysix)</li> <li>eb8bedc linter: Add schema for <code>import/extensions</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23557">#23557</a>) (WaterWhisperer)</li> <li>46f3625 linter: Implement node/no-sync rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23589">#23589</a>) (fujitani sora)</li> <li>b01739a linter: Add schema for <code>unicorn/numeric-separators-style</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23554">#23554</a>) (Mikhail Baev)</li> <li>68afd2a linter/node: Implement <code>no-mixed-requires</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23539">#23539</a>) (fujitani sora)</li> <li>a421215 linter: Add schema for <code>eslint/prefer-destructuring</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23410">#23410</a>) (WaterWhisperer)</li> <li>84438be linter/jsdoc: Added missing options to <code>require-param-description</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23416">#23416</a>) (kapobajza)</li> <li>51910df linter/jsdoc: Add missing options to <code>require-param-type</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23418">#23418</a>) (kapobajza)</li> <li>e90925f linter/unicorn: Implement prefer-number-coercion rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23497">#23497</a>) (Shekhu☺️)</li> <li>dd1c866 linter/vue: Implement no-async-in-computed-properties rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23493">#23493</a>) (bab)</li> <li>b02444e linter: Add schema for <code>react/jsx-no-script-url</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23475">#23475</a>) (WaterWhisperer)</li> <li>a8dce46 linter/unicorn: Implement <code>max-nested-calls</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23461">#23461</a>) (arieleli01212)</li> </ul> <h3>🐛 Bug Fixes</h3> <ul> <li>a303c23 linter/jsx-a11y: Align <code>anchor-is-valid</code> config with upstream (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23446">#23446</a>) (camc314)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>b50bf4d linter: Remove manually written options doc for <code>eslint/arrow-body-style</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23490">#23490</a>) (Mikhail Baev)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oxc-project/oxc/commit/5306f24d9e82ae36ad9c3c964f33075bc589c799"><code>5306f24</code></a> release(apps): oxlint v1.72.0 && oxfmt v0.57.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23935">#23935</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/742be3616fc8df27053b09bdf9ff166e16761838"><code>742be36</code></a> fix(refactor/node/handle-callback-err): reject invalid regex config (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23740">#23740</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/1c8f50c67ff636b9d8193d3d7be1511a7960f25d"><code>1c8f50c</code></a> feat(linter): add schema for <code>eslint/no-restricted-import</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23642">#23642</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/c4be770f24adc4026efa96fb82182f743c55e423"><code>c4be770</code></a> release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23707">#23707</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/0dc24054119b22247c6a7b9bdb20cc6e589f267a"><code>0dc2405</code></a> feat(linter): add schema for <code>eslint/no-restricted-properties</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23619">#23619</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/b638d0ee1df63487e7c04e031b4b71ab10d592ce"><code>b638d0e</code></a> feat(linter): add schema for <code>node/callback-return</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23615">#23615</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/6d355ab8b3644505c4491da5fc4ec88695de50f7"><code>6d355ab</code></a> refactor(linter): remove <code>number_as_object_schema</code> helper (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23614">#23614</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/eb8bedc2fba9cead8632a75bb7936205fae7dcf0"><code>eb8bedc</code></a> feat(linter): add schema for <code>import/extensions</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23557">#23557</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/46f362530da1c2c5e868613e339999314b9f3a72"><code>46f3625</code></a> feat(linter): implement node/no-sync rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23589">#23589</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/953c7b3f1c9e2c80ee1b782f1540d277cc22ed99"><code>953c7b3</code></a> refactor(linter): make <code>unicorn/numeric-separators-style</code> options <code>u32</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/23558">#23558</a>)</li> <li>Additional commits viewable in <a href="https://github.com/oxc-project/oxc/commits/oxlint_v1.72.0/npm/oxlint">compare view</a></li> </ul> </details> <br /> Updates `@daytona/sdk` from 0.184.0 to 0.192.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/daytona/clients/releases">@daytona/sdk's releases</a>.</em></p> <blockquote> <h2>v0.192.0</h2> <h2>0.192.0 (2026-06-26)</h2> <h3>🚀 Features</h3> <ul> <li>secrets (<a href="https://redirect.github.com/daytona/clients/pull/10">#10</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>release:</strong> scope nx release to packages with package.json (<a href="https://github.com/daytona/clients/commit/8571c8693">8571c8693</a>)</li> </ul> <h3>Refactor</h3> <ul> <li>flatten repo structure, relicense to Apache-2.0, prep Go SDK release pipeline (<a href="https://redirect.github.com/daytona/clients/pull/6">#6</a>)</li> </ul> <h3>Chores</h3> <ul> <li>align replace directives with sdk-go v0.191.0 requires (<a href="https://redirect.github.com/daytona/clients/pull/11">#11</a>)</li> <li>fix release action (CLI build secrets, nx manifest, sync_gosum PR) (<a href="https://redirect.github.com/daytona/clients/pull/12">#12</a>)</li> <li>clarify Apache-2.0/AGPL-3.0 split and add REUSE LICENSES/ (<a href="https://github.com/daytona/clients/commit/7273f5be4">7273f5be4</a>)</li> <li>fall back to disk version for release + make Go tagging idempotent (<a href="https://redirect.github.com/daytona/clients/pull/16">#16</a>)</li> <li>changelog automaticFromRef for releases without a reachable base tag (<a href="https://redirect.github.com/daytona/clients/pull/17">#17</a>)</li> <li><strong>cli:</strong> restore CLI AGPL-3.0 headers, LICENSE, and checker (<a href="https://redirect.github.com/daytona/clients/pull/14">#14</a>)</li> <li><strong>sdk-go:</strong> bump to v0.191.0 (<a href="https://redirect.github.com/daytona/clients/pull/9">#9</a>)</li> <li><strong>sdk-go:</strong> bump to v0.192.0 (<a href="https://redirect.github.com/daytona/clients/pull/15">#15</a>)</li> <li><strong>sdk-go:</strong> migrate module paths from go.daytona.io to github.com/daytona/clients (<a href="https://redirect.github.com/daytona/clients/pull/18">#18</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>MDzaja <a href="https://github.com/MDzaja"><code>@MDzaja</code></a></li> <li>Mirko Džaja <a href="https://github.com/MDzaja"><code>@MDzaja</code></a></li> <li>Toma Puljak <a href="https://github.com/Tpuljak"><code>@Tpuljak</code></a></li> </ul> <h2>v0.191.0</h2> <h2>0.191.0 (2026-06-25)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>release:</strong> scope nx release to packages with package.json (<a href="https://github.com/daytona/clients/commit/8571c8693">8571c8693</a>)</li> </ul> <h3>Refactor</h3> <ul> <li>flatten repo structure, relicense to Apache-2.0, prep Go SDK release pipeline (<a href="https://redirect.github.com/daytona/clients/pull/6">#6</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>MDzaja <a href="https://github.com/MDzaja"><code>@MDzaja</code></a></li> <li>Mirko Džaja <a href="https://github.com/MDzaja"><code>@MDzaja</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/daytona/clients/commits/v0.192.0">compare view</a></li> </ul> </details> <br /> Updates `modal` from 0.7.6 to 0.8.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/modal-labs/modal-client/blob/main/CHANGELOG_GO_JS.md">modal's changelog</a>.</em></p> <blockquote> <h2>js/v0.8.2, go/v0.8.2</h2> <ul> <li>Added <code>Sandbox.updateNetworkPolicy</code> (JS) and <code>Sandbox.UpdateNetworkPolicy</code> (Go) to update the outbound network policy of a running Sandbox. Both <code>outboundCidrAllowlist</code> and <code>outboundDomainAllowlist</code> must be provided.</li> </ul> <h2>js/v0.8.1, go/v0.8.1</h2> <ul> <li>(Go, JS) <code>Sandbox.CreateConnectToken</code> (Go) / <code>Sandbox.createConnectToken</code> (JS) now accept an optional <code>Port</code> / <code>port</code> parameter on their params struct, controlling which container port requests are routed to when using the token. Defaults to 8080.</li> <li>(Go) Fixed a bug in <code>Function.Spawn</code> such that results are now accessible via <code>FunctionCall.Get</code> for up to 7 days after completion.</li> </ul> <h2>js/v0.8.0, go/v0.8.0</h2> <p>This release primarily contains a number of breaking changes as we continue working towards 1.0 in the JS and Go SDKs.</p> <ul> <li>Added support for named Images, akin to a Modal-native Image registry, decoupling Image builds from App deployment or Sandbox creation: <ul> <li>(Go) <code>Image.Publish</code> and <code>Image.FromName</code></li> <li>(JS) <code>Image.publish</code> and <code>Image.fromName</code></li> </ul> </li> <li>Added support for restricting the <em>domains</em> that processes inside of a Sandbox can connect to: <ul> <li>(Go) <code>OutboundDomainAllowlist</code> in <code>SandboxCreateParams</code></li> <li>(JS) <code>outboundDomainAllowlist</code> in <code>Sandbox.create</code></li> </ul> </li> <li>Added support for dynamic configuration of Functions: <ul> <li>(Go) <code>Function.WithOptions</code>, <code>Function.WithConcurrency</code>, <code>Function.WithBatching</code>, <code>Function.Instance</code></li> <li>(JS) <code>Function_.withOptions</code>, <code>Function_.withConcurrency</code>, <code>Function_.withBatching</code>, <code>Function_.instance</code></li> </ul> </li> <li>Improved reliability when uploading or downloading large data payloads for Function calls.</li> <li>Fixed a bug where adding Dockerfile commands to an Image loaded with <code>Image.FromID</code> (Go) / <code>Image.fromId</code> (JS) could fail to use the resolved Image as the base.</li> <li><code>Sandbox.exec</code> (JS) / <code>Sandbox.Exec</code> (Go) now reject a relative <code>Workdir</code> client-side with <code>InvalidError</code>. In JS, an empty-string <code>workdir</code> is also rejected (pass <code>undefined</code> to use the image default).</li> <li>(Go) <code>Sandbox.Create</code> and <code>Sandbox.Exec</code> now return an <code>InvalidError</code> if any <code>Secrets</code> entry is nil.</li> <li><strong>Breaking:</strong> The Go and JS SDKs now read the <a href="https://modal.com/docs/guide/images#image-builder-updates">Image Builder Version</a> from your <a href="https://modal.com/settings/image-config">Modal workspace settings</a>, like the Python SDK. Previously, the Go and JS SDKs were hardcoded to use version <code>2024.10</code>. If your workspace configuration uses a different version, your Images will rebuild once (then be cached as usual), so beware that the first run after upgrading may take longer than usual. Note that version <code>2025.06</code> has a number of improvements that are specifically oriented towards Sandbox workflows. Accordingly, the fixed <code>ModalClient.imageBuilderVersion</code> (JS) attribute has been removed in favor of <code>ModalClient.getImageBuilderVersion</code>.</li> <li><strong>Breaking:</strong> <code>Sandbox.SnapshotFilesystem</code> (Go) / <code>Sandbox.snapshotFilesystem</code> (JS) no longer take a positional <code>timeout</code> / <code>timeoutMs</code> argument. The timeout now lives on the params structs as <code>Timeout time.Duration</code> (Go) / <code>timeoutMs?: number</code> (JS), bringing the methods to parity with <code>Sandbox.SnapshotDirectory</code>. Migrate <code>sb.SnapshotFilesystem(ctx, 30*time.Second, params)</code> to <code>sb.SnapshotFilesystem(ctx, &SandboxSnapshotFilesystemParams{Timeout: 30*time.Second, ...})</code>, and <code>sb.snapshotFilesystem(30000, params)</code> to <code>sb.snapshotFilesystem({ timeoutMs: 30000, ...params })</code>.</li> <li><strong>Breaking:</strong> <code>Sandbox.SnapshotFilesystem</code> (Go) / <code>Sandbox.snapshotFilesystem</code> (JS) and <code>Sandbox.SnapshotDirectory</code> (Go) / <code>Sandbox.snapshotDirectory</code> (JS) now accept an explicit <code>TTL</code> (Go, a <code>time.Duration</code>) / <code>ttlMs</code> (JS, in milliseconds) field on their params struct, controlling how long the resulting Image is retained. Both methods default to 30 days. This is a change of default for <code>snapshotFilesystem</code> which previously kept Images indefinitely. Pass <code>TTL: modal.NoExpiryTTL</code> (Go) or <code>ttlMs: null</code> (JS) to opt out of expiry.</li> <li><strong>Breaking:</strong> <code>Sandbox.SnapshotDirectory</code> (Go) / <code>Sandbox.snapshotDirectory</code> (JS) now also have a <code>Timeout</code> (Go) / <code>timeoutMs</code> (JS) field on their params structs with a default of 55s, which brings them to parity with filesystem snapshots. If the snapshot does not return within that window, a <code>TimeoutError</code> is raised. The timeout can be set arbitrarily high to preserve the old behavior of not timing out.</li> <li><strong>Breaking:</strong> (Go) <code>Sandbox.Filesystem</code> is now a field rather than a method. Migrate <code>sb.Filesystem().ReadText(...)</code> to <code>sb.Filesystem.ReadText(...)</code>.</li> <li><strong>Breaking:</strong> <code>Sandbox.FromID</code> (Go) / <code>Sandbox.fromId</code> (JS) no longer checks if the sandbox ID exists. You can run <code>Poll</code> (Go) or <code>poll</code> (JS) to get the status of your sandbox.</li> <li><strong>Breaking:</strong> Removed the deprecated low-level file-handle API: <code>Sandbox.Open</code> / <code>SandboxFile</code> (Go), and <code>sandbox.open</code> / <code>SandboxFile</code> (JS). Use the Sandbox Filesystem API instead: <code>sandbox.Filesystem()</code> (Go) / <code>sandbox.filesystem</code> (JS).</li> <li><strong>Breaking:</strong> Removed the deprecated <code>Volume.ReadOnly</code> / <code>Volume.IsReadOnly</code> (Go) and <code>volume.readOnly</code> / <code>volume.isReadOnly</code> (JS). Use <code>WithMountOptions(&VolumeMountOptions{ReadOnly: &t})</code> / <code>withMountOptions({ readOnly: true })</code> instead.</li> <li><strong>Breaking:</strong> (JS) Removed the deprecated <code>cidrAllowlist</code> parameter from <code>sandboxes.create</code>. Use <code>outboundCidrAllowlist</code> instead.</li> <li><strong>Breaking:</strong> (JS) Removed the entire deprecated v0.5.0 backwards-compatibility surface: the global <code>initializeClient()</code> / <code>close()</code> functions and the <code>ClientOptions</code> type; the deprecated static factories <code>App.lookup</code>, <code>Function_.lookup</code>, <code>Cls.lookup</code>, <code>Queue.lookup</code> / <code>Queue.ephemeral</code> / <code>Queue.delete</code>, <code>Volume.fromName</code> / <code>Volume.ephemeral</code>, <code>Secret.fromName</code> / <code>Secret.fromObject</code>, <code>Sandbox.fromId</code> / <code>Sandbox.fromName</code> / <code>Sandbox.list</code>, <code>Image.fromId</code> / <code>Image.fromRegistry</code> / <code>Image.fromAwsEcr</code> / <code>Image.fromGcpArtifactRegistry</code> / <code>Image.delete</code>, <code>Proxy.fromName</code>, and <code>FunctionCall.fromId</code>. the instance shims <code>app.createSandbox</code>, <code>app.imageFromRegistry</code> / <code>imageFromAwsEcr</code> / <code>imageFromGcpArtifactRegistry</code>, the public <code>CloudBucketMount</code> constructor, and the deprecated <code>LookupOptions</code> / <code>DeleteOptions</code> / <code>EphemeralOptions</code> type aliases. See <a href="https://github.com/modal-labs/modal-client/blob/main/MIGRATION-GUIDE.md"><code>MIGRATION-GUIDE.md</code></a>.</li> <li><strong>Breaking:</strong> (Go) All public methods now end with a <code>*XxxParams</code> pointer argument, enabling forward-compatibility for future options without additional signature churn. Pass <code>nil</code> to accept defaults. Affected methods: <ul> <li><code>FunctionCall.FromID</code> → <code>FromID(ctx, id, *FunctionCallFromIDParams)</code></li> <li><code>Image.FromID</code> → <code>FromID(ctx, id, *ImageFromIDParams)</code></li> <li><code>Image.FromRegistry</code> → <code>FromRegistry(tag, *ImageFromRegistryParams)</code>, the <code>*Secret</code> field remains inside <code>ImageFromRegistryParams</code> (signature unchanged)</li> <li><code>Image.FromAwsEcr</code> → <code>FromAwsEcr(tag, secret, *ImageFromAwsEcrParams)</code> — the <code>*Secret</code> argument is now a positional parameter preceding the params struct</li> <li><code>Image.FromGcpArtifactRegistry</code> → <code>FromGcpArtifactRegistry(tag, secret, *ImageFromGcpArtifactRegistryParams)</code> — the <code>*Secret</code> argument is now a positional parameter preceding the params struct</li> <li><code>Image.Build</code> → <code>Build(ctx, app, *ImageBuildParams)</code></li> <li><code>Function.GetCurrentStats</code> → <code>GetCurrentStats(ctx, *FunctionGetCurrentStatsParams)</code></li> <li><code>ContainerProcess.Wait</code> → <code>Wait(ctx, *ContainerProcessWaitParams)</code></li> <li><code>Sandbox.FromID</code> → <code>FromID(ctx, id, *SandboxFromIDParams)</code></li> <li><code>Sandbox.Wait</code> → <code>Wait(ctx, *SandboxWaitParams)</code></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/modal-labs/modal-client/commit/464b3ec94b79b2f02a270fb98b4ed85d9c85f962"><code>464b3ec</code></a> Release 0.8.2 go/js SDK (<a href="https://redirect.github.com/modal-labs/modal-client/issues/46779">#46779</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/3f83306e23bec27bf9734912c14c40ff054e6914"><code>3f83306</code></a> Add Sandbox.UpdateNetworkPolicy to Go SDK (<a href="https://redirect.github.com/modal-labs/modal-client/issues/46709">#46709</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/bb3972100c45f83d58dc04af52f6b46955b58f18"><code>bb39721</code></a> client: [typescript] Add <code>reload_volumes</code> support for v2 sandboxes (<a href="https://redirect.github.com/modal-labs/modal-client/issues/46763">#46763</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/4982be8007ecc9e32f99a57eb8258575bea1c51b"><code>4982be8</code></a> client: [go] Add <code>reload_volume</code> support for v2 sandboxes (<a href="https://redirect.github.com/modal-labs/modal-client/issues/46765">#46765</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/60507cfcf7f268c4197ed9a6b93d638b8538f0d6"><code>60507cf</code></a> Add Sandbox.updateNetworkPolicy to JS SDK (<a href="https://redirect.github.com/modal-labs/modal-client/issues/46751">#46751</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/575b37543df238c6449b9501714dde270cc1d05a"><code>575b375</code></a> client: [python] Enable reload_volumes for v2 sandboxes (<a href="https://redirect.github.com/modal-labs/modal-client/issues/46615">#46615</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/709e8319c119c2de2135c097439f8e48e1f07761"><code>709e831</code></a> Fix typo - content manager instead of context manager (<a href="https://redirect.github.com/modal-labs/modal-client/issues/46600">#46600</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/0f0a0ccd0ff438a906aa3dac8d7c65a4ad0c47a7"><code>0f0a0cc</code></a> API changes for sidecar volumes (<a href="https://redirect.github.com/modal-labs/modal-client/issues/45342">#45342</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/52427413700930739bd1e9d852ca836645687d70"><code>5242741</code></a> [IO-71] Expose routing_region as an option to .with_options() in the modal cl...</li> <li><a href="https://github.com/modal-labs/modal-client/commit/38db96fdbdd006129c0d6d7779c079c38c7d4b85"><code>38db96f</code></a> Pin protoc and codegen plugin versions for Go proto generation (<a href="https://redirect.github.com/modal-labs/modal-client/issues/45919">#45919</a>)</li> <li>Additional commits viewable in <a href="https://github.com/modal-labs/modal-client/compare/go/v0.7.6...go/v0.8.2">compare view</a></li> </ul> </details> <br /> Updates `pg` from 8.21.0 to 8.22.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md">pg's changelog</a>.</em></p> <blockquote> <h2>pg@8.22.0</h2> <ul> <li>Add support for <a href="https://redirect.github.com/brianc/node-postgres/pull/3688">sslnegotiation=direct</a> for PostgreSQL 17+.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/brianc/node-postgres/commit/b617619f9fb6fbd231731823e2732a2927ded4be"><code>b617619</code></a> Publish</li> <li><a href="https://github.com/brianc/node-postgres/commit/d80b2612fbe83ed8234637f20b943d85e4331094"><code>d80b261</code></a> Update docs & changelog</li> <li><a href="https://github.com/brianc/node-postgres/commit/835fb83ab9e1cf30fa8367ba42bd633720d71832"><code>835fb83</code></a> Fix error handling for exceptions on values parsing. (<a href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3574">#3574</a>)</li> <li><a href="https://github.com/brianc/node-postgres/commit/f49ab4a9795ae0866409f9bfe52a68b4f65ef024"><code>f49ab4a</code></a> fix: correct spelling mistakes across codebase (<a href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3692">#3692</a>)</li> <li><a href="https://github.com/brianc/node-postgres/commit/d7175a4aa0347b7416109e9ecc61d4d235486d0e"><code>d7175a4</code></a> Expand CI matrix of PG versions and add direct SSL test (<a href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3693">#3693</a>)</li> <li><a href="https://github.com/brianc/node-postgres/commit/882fc308cce7bf136cd1448e00395f760dad3e00"><code>882fc30</code></a> Add support for sslnegotiation=direct (PostgreSQL 17) (<a href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3688">#3688</a>)</li> <li>See full diff in <a href="https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg">compare view</a></li> </ul> </details> <br /> Updates `lucide-react` from 1.21.0 to 1.23.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lucide-icons/lucide/releases">lucide-react's releases</a>.</em></p> <blockquote> <h2>Version 1.23.0</h2> <h2>What's Changed</h2> <ul> <li>fix(docs): prevent scrollbar layout shift on icons page by <a href="https://github.com/g30r93g"><code>@g30r93g</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4500">lucide-icons/lucide#4500</a></li> <li>chore(docs): Remove certificates banner by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4504">lucide-icons/lucide#4504</a></li> <li>ci(repo-journal.yml): GH copilot repo summary by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4505">lucide-icons/lucide#4505</a></li> <li>ci(repo-journal.yml): Small fix in the workflow by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4508">lucide-icons/lucide#4508</a></li> <li>ci(repo-journal.yml): Switch to token by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4509">lucide-icons/lucide#4509</a></li> <li>feat(icons): added <code>paper-bag</code> icon by <a href="https://github.com/dkast"><code>@dkast</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4023">lucide-icons/lucide#4023</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/g30r93g"><code>@g30r93g</code></a> made their first contribution in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4500">lucide-icons/lucide#4500</a></li> <li><a href="https://github.com/dkast"><code>@dkast</code></a> made their first contribution in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4023">lucide-icons/lucide#4023</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lucide-icons/lucide/compare/1.22.0...1.23.0">https://github.com/lucide-icons/lucide/compare/1.22.0...1.23.0</a></p> <h2>Version 1.22.0</h2> <h2>What's Changed</h2> <ul> <li>feat(icons): add 6 database variant icons by <a href="https://github.com/Barakudum"><code>@Barakudum</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4336">lucide-icons/lucide#4336</a></li> <li>ci(release.yml): Remove concurrency field to prevent release mess by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4485">lucide-icons/lucide#4485</a></li> <li>fix(docs): fix color input clipping by <a href="https://github.com/Hsiii"><code>@Hsiii</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4488">lucide-icons/lucide#4488</a></li> <li>docs(site): add Deno to installation instructions by <a href="https://github.com/bartlomieju"><code>@bartlomieju</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4486">lucide-icons/lucide#4486</a></li> <li>chore(deps): bump esbuild from 0.25.12 to 0.28.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4459">lucide-icons/lucide#4459</a></li> <li>fix(docs): prevent private analytics token from blocking local dev by <a href="https://github.com/Hsiii"><code>@Hsiii</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4481">lucide-icons/lucide#4481</a></li> <li>docs(installation.md): Remove outdate next tag in installation by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4495">lucide-icons/lucide#4495</a></li> <li>fix(lucide-react-native): Fix context provider export by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4497">lucide-icons/lucide#4497</a></li> <li>fix(astro): add Astro v7 compatibility by <a href="https://github.com/iseraph-dev"><code>@iseraph-dev</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4491">lucide-icons/lucide#4491</a></li> <li>fix(icons): changed <code>carrot</code> icon by <a href="https://github.com/jguddas"><code>@jguddas</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4010">lucide-icons/lucide#4010</a></li> <li>fix(icons): changed <code>ungroup</code> icon by <a href="https://github.com/jguddas"><code>@jguddas</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/3969">lucide-icons/lucide#3969</a></li> <li>feat(icons): added <code>phi</code> icon also used as <code>golden-ratio</code> by <a href="https://github.com/whoisBugsbunny"><code>@whoisBugsbunny</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4218">lucide-icons/lucide#4218</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bartlomieju"><code>@bartlomieju</code></a> made their first contribution in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4486">lucide-icons/lucide#4486</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lucide-icons/lucide/compare/1.21.0...1.22.0">https://github.com/lucide-icons/lucide/compare/1.21.0...1.22.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react">compare view</a></li> </ul> </details> <br /> Updates `vite` from 8.0.16 to 8.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v8.1.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.1.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.1.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.1.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.1.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.1.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>plugin-legacy@8.1.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/plugin-legacy@8.1.0/packages/plugin-legacy/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.1.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.1.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>plugin-legacy@8.1.0-beta.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/plugin-legacy@8.1.0-beta.0/packages/plugin-legacy/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.1.0-beta.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.1.0-beta.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.1.1...v8.1.2">8.1.2</a> (2026-06-30)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> revert es-module-lexer to 2.1.0 (<a href="https://redirect.github.com/vitejs/vite/issues/22827">#22827</a>) (<a href="https://github.com/vitejs/vite/commit/0d3bd7c4111b8345cfc353c7bbb2c30601752e26">0d3bd7c</a>)</li> <li>restore, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (<a href="https://redirect.github.com/vitejs/vite/issues/22757">#22757</a>)" (<a href="https://redirect.github.com/vitejs/vite/issues/22825">#22825</a>) (<a href="https://github.com/vitejs/vite/commit/efb98cce73f3f89c4f03936ab7741cd5b0636f5c">efb98cc</a>)</li> <li>revert, "fix: escape ids with multiple null bytes (<a href="https://redirect.github.com/vitejs/vite/issues/22687">#22687</a>)" (<a href="https://github.com/vitejs/vite/commit/cccef55dfaa6253929d2cb58d3af53f217efc877">cccef55</a>)</li> <li>revert, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (<a href="https://redirect.github.com/vitejs/vite/issues/22757">#22757</a>)" (<a href="https://github.com/vitejs/vite/commit/cf97711963ddcdcfac3e4fcd00771d7a55e92141">cf97711</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.1.0...v8.1.1">8.1.1</a> (2026-06-30)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>update dynamic import warning to link to Vite docs (<a href="https://redirect.github.com/vitejs/vite/issues/22823">#22823</a>) (<a href="https://github.com/vitejs/vite/commit/62bd7afd27ec0507bf528a135165dda3a44ebc21">62bd7af</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>bundled-dev:</strong> avoid stack overflow on <code>import.meta.hot.invalidate()</code> (<a href="https://redirect.github.com/vitejs/vite/issues/22797">#22797</a>) (<a href="https://github.com/vitejs/vite/commit/709eb8ee03d3c46269755334f59b7e9a353fc522">709eb8e</a>)</li> <li><strong>bundled-dev:</strong> serve assets emitted during HMR/lazy compile (<a href="https://redirect.github.com/vitejs/vite/issues/22745">#22745</a>) (<a href="https://github.com/vitejs/vite/commit/5876b2cc2e1a01df9363e1e3d1d19f474ba68285">5876b2c</a>)</li> <li><strong>bundledDev:</strong> skip plugin transform hooks for rolldown-lazy stub modules (<a href="https://redirect.github.com/vitejs/vite/issues/22778">#22778</a>) (<a href="https://github.com/vitejs/vite/commit/8f925e2e496f4d313d860acb53880245b07ce6f7">8f925e2</a>)</li> <li><strong>css:</strong> preserve dollar signs in external <code>@import</code> urls with lightningcss (<a href="https://redirect.github.com/vitejs/vite/issues/22718">#22718</a>) (<a href="https://github.com/vitejs/vite/commit/9fa7ab4990f4fe74597d0a37a16d84af1c1e3544">9fa7ab4</a>)</li> <li><strong>css:</strong> resolve tsconfig paths in CSS and Sass <a href="https://github.com/import"><code>@import</code></a> (<a href="https://redirect.github.com/vitejs/vite/issues/22775">#22775</a>) (<a href="https://github.com/vitejs/vite/commit/ef0b8916160c4d2a677decc062f6faa48fbf1578">ef0b891</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22734">#22734</a>) (<a href="https://github.com/vitejs/vite/commit/e635f493faa24930ae637318d6564539bc668e89">e635f49</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22804">#22804</a>) (<a href="https://github.com/vitejs/vite/commit/8837400a676a633af1ad6d3746b584d13cf90ecc">8837400</a>)</li> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22591">#22591</a>) (<a href="https://github.com/vitejs/vite/commit/2ce6677a151c53a019baec32859b646267f9d320">2ce6677</a>)</li> <li>escape ids with multiple null bytes (<a href="https://redirect.github.com/vitejs/vite/issues/22687">#22687</a>) (<a href="https://github.com/vitejs/vite/commit/833fc302f3f4a5030f49207b5fbf10422f3247a2">833fc30</a>)</li> <li>hide console window when running 'net use' on Windows (<a href="https://redirect.github.com/vitejs/vite/issues/22698">#22698</a>) (<a href="https://github.com/vitejs/vite/commit/92b63f219f6c1872f35461aa75e9e9aec79bb01c">92b63f2</a>)</li> <li>ignore bundled config temp dir (<a href="https://redirect.github.com/vitejs/vite/issues/22800">#22800</a>) (<a href="https://github.com/vitejs/vite/commit/043a81096ddf8c6f9077c8e3e12362c83f9ed089">043a810</a>)</li> <li>invert <code>esbuild.jsxSideEffects</code> when converting to <code>oxc.jsx.pure</code> (<a href="https://redirect.github.com/vitejs/vite/issues/22809">#22809</a>) (<a href="https://github.com/vitejs/vite/commit/33895ba4faa0a46d5bd7b3eb53d02255113c8b5d">33895ba</a>)</li> <li><strong>optimize-deps:</strong> ignore <code>ERR_CLOSED_SERVER</code> in scanner (<a href="https://redirect.github.com/vitejs/vite/issues/22784">#22784</a>) (<a href="https://github.com/vitejs/vite/commit/085a0ab704bf1a698d459d625a5c955d27b73134">085a0ab</a>)</li> <li><strong>optimizer:</strong> scanner should resolve <code>input</code> from <code>root</code> (<a href="https://redirect.github.com/vitejs/vite/issues/22769">#22769</a>) (<a href="https://github.com/vitejs/vite/commit/9722b0795b68602597ddd53e3d3c7ed9f00cb831">9722b07</a>)</li> <li>resolve pnpm .modules.yaml from workspace root instead of cwd (<a href="https://redirect.github.com/vitejs/vite/issues/22757">#22757</a>) (<a href="https://github.com/vitejs/vite/commit/2531ac7ccd1d581df5febe4a3814226ba8939a20">2531ac7</a>)</li> <li>return sourcemap field from some plugins that were lacking (<a href="https://redirect.github.com/vitejs/vite/issues/22782">#22782</a>) (<a href="https://github.com/vitejs/vite/commit/7e18bf802bdde7a386eb3b407c87a67f89a895ca">7e18bf8</a>)</li> <li><strong>server:</strong> handle malformed URI in indexHtmlMiddleware (<a href="https://redirect.github.com/vitejs/vite/issues/22781">#22781</a>) (<a href="https://github.com/vitejs/vite/commit/84f5cccc7574c740c46f5cb2a09f29cde8380701">84f5ccc</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li>improve dependency optimizer messages (<a href="https://redirect.github.com/vitejs/vite/issues/22549">#22549</a>) (<a href="https://github.com/vitejs/vite/commit/092cb3b4247a06ba176c094a9a743d335adc6574">092cb3b</a>)</li> </ul> <h3>Code Refactoring</h3> <ul> <li><strong>css:</strong> remove lightningcss null byte bug workaround (<a href="https://redirect.github.com/vitejs/vite/issues/22822">#22822</a>) (<a href="https://github.com/vitejs/vite/commit/2dafd3bb7f8b265037e216f50afaa890ae2e2875">2dafd3b</a>)</li> <li>use pre-defined environments variable to avoid duplicate <code>Object.values</code> calls (<a href="https://redirect.github.com/vitejs/vite/issues/22790">#22790</a>) (<a href="https://github.com/vitejs/vite/commit/1113acf6cff711196b3443f7126804847c1d4e1e">1113acf</a>)</li> </ul> <h3>Tests</h3> <ul> <li>enable "manual chunk path" test and remove "worker.format error" test (<a href="https://redirect.github.com/vitejs/vite/issues/22824">#22824</a>) (<a href="https://github.com/vitejs/vite/commit/c088511f34a01f13e21498a492df8554bf332cdf">c088511</a>)</li> </ul> <h2><a href="https://github.com/vitejs/vite/compare/v8.1.0-beta.0...v8.1.0">8.1.0</a> (2026-06-23)</h2> <h3>Features</h3> <ul> <li>extend <code>server.fs.deny</code> list with common files (<a href="https://redirect.github.com/vitejs/vite/issues/22707">#22707</a>) (<a href="https://github.com/vitejs/vite/commit/61ba8fdc6500e8aa668021833ae5e6ebd200466d">61ba8fd</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/ba3119397d0110952f29965774c627a3017d7292"><code>ba31193</code></a> release: v8.1.2</li> <li><a href="https://github.com/vitejs/vite/commit/0d3bd7c4111b8345cfc353c7bbb2c30601752e26"><code>0d3bd7c</code></a> fix(deps): revert es-module-lexer to 2.1.0 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22827">#22827</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/efb98cce73f3f89c4f03936ab7741cd5b0636f5c"><code>efb98cc</code></a> fix: restore, "fix: resolve pnpm .modules.yaml from workspace root instead of...</li> <li><a href="https://github.com/vitejs/vite/commit/cf97711963ddcdcfac3e4fcd00771d7a55e92141"><code>cf97711</code></a> fix: revert, "fix: resolve pnpm .modules.yaml from workspace root instead of ...</li> <li><a href="https://github.com/vitejs/vite/commit/cccef55dfaa6253929d2cb58d3af53f217efc877"><code>cccef55</code></a> fix: revert, "fix: escape ids with multiple null bytes (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22687">#22687</a>)"</li> <li><a href="https://github.com/vitejs/vite/commit/4ae9e14f2c4db0706b2e9d815656e050accbd2bf"><code>4ae9e14</code></a> release: v8.1.1</li> <li><a href="https://github.com/vitejs/vite/commit/8f925e2e496f4d313d860acb53880245b07ce6f7"><code>8f925e2</code></a> fix(bundledDev): skip plugin transform hooks for rolldown-lazy stub modules (...</li> <li><a href="https://github.com/vitejs/vite/commit/c088511f34a01f13e21498a492df8554bf332cdf"><code>c088511</code></a> test: enable "manual chunk path" test and remove "worker.format error" test (...</li> <li><a href="https://github.com/vitejs/vite/commit/62bd7afd27ec0507bf528a135165dda3a44ebc21"><code>62bd7af</code></a> feat: update dynamic import warning to link to Vite docs (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22823">#22823</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/2dafd3bb7f8b265037e216f50afaa890ae2e2875"><code>2dafd3b</code></a> refactor(css): remove lightningcss null byte bug workaround (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22822">#22822</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v8.1.2/packages/vite">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
88986a2417 |
build(deps): bump the major-deps-updates-main group with 3 updates (#641)
Bumps the major-deps-updates-main group with 3 updates: [@agentclientprotocol/sdk](https://github.com/agentclientprotocol/typescript-sdk), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [p-queue](https://github.com/sindresorhus/p-queue). Updates `@agentclientprotocol/sdk` from 0.24.0 to 1.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/agentclientprotocol/typescript-sdk/releases">@agentclientprotocol/sdk's releases</a>.</em></p> <blockquote> <h2>v1.1.0</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v1.0.0...v1.1.0">1.1.0</a> (2026-06-29)</h2> <h3>Features</h3> <ul> <li>Expose request ids in handler contexts (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/202">#202</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/eda849ca7894f32e4ed11df81eb5b024e5512e5b">eda849c</a>)</li> </ul> <h2>v1.0.0</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.29.0...v1.0.0">1.0.0</a> (2026-06-24)</h2> <h3>Features</h3> <ul> <li><strong>schema:</strong> Update to v1.16.0 of the schema (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/199">#199</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/de5879100c1bb5e2fdaebc957c1ca01364eb33cc">de58791</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li>release 1.0.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/201">#201</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/008fc2861adc3f87edc4daa12eb78b81a6fd7161">008fc28</a>)</li> </ul> <h2>v0.29.0</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.28.1...v0.29.0">0.29.0</a> (2026-06-22)</h2> <h3>Features</h3> <ul> <li><strong>unstable:</strong> Add support for request cancellation (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/195">#195</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/d5197f9f6346a4b57084552e0bdf3c71ccf64412">d5197f9</a>)</li> </ul> <h2>v0.28.1</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.28.0...v0.28.1">0.28.1</a> (2026-06-19)</h2> <h3>Bug Fixes</h3> <ul> <li>Expose peer contexts from app connections (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/190">#190</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/d6573109fd7c27170cd970aa9b28e7e6054e993e">d657310</a>)</li> </ul> <h2>v0.28.0</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.27.1...v0.28.0">0.28.0</a> (2026-06-18)</h2> <h3>Features</h3> <ul> <li><strong>schema:</strong> Update to schema v1.14.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/185">#185</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/3c619a737120bbd4ccc6282b893e94152125562c">3c619a7</a>)</li> </ul> <h2>v0.27.1</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.27.0...v0.27.1">0.27.1</a> (2026-06-18)</h2> <h3>Bug Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/agentclientprotocol/typescript-sdk/blob/main/CHANGELOG.md">@agentclientprotocol/sdk's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v1.0.0...v1.1.0">1.1.0</a> (2026-06-29)</h2> <h3>Features</h3> <ul> <li>Expose request ids in handler contexts (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/202">#202</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/eda849ca7894f32e4ed11df81eb5b024e5512e5b">eda849c</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.29.0...v1.0.0">1.0.0</a> (2026-06-24)</h2> <h3>Features</h3> <ul> <li><strong>schema:</strong> Update to v1.16.0 of the schema (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/199">#199</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/de5879100c1bb5e2fdaebc957c1ca01364eb33cc">de58791</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li>release 1.0.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/201">#201</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/008fc2861adc3f87edc4daa12eb78b81a6fd7161">008fc28</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.28.1...v0.29.0">0.29.0</a> (2026-06-22)</h2> <h3>Features</h3> <ul> <li><strong>unstable:</strong> Add support for request cancellation (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/195">#195</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/d5197f9f6346a4b57084552e0bdf3c71ccf64412">d5197f9</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.28.0...v0.28.1">0.28.1</a> (2026-06-19)</h2> <h3>Bug Fixes</h3> <ul> <li>Expose peer contexts from app connections (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/190">#190</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/d6573109fd7c27170cd970aa9b28e7e6054e993e">d657310</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.27.1...v0.28.0">0.28.0</a> (2026-06-18)</h2> <h3>Features</h3> <ul> <li><strong>schema:</strong> Update to schema v1.14.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/185">#185</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/3c619a737120bbd4ccc6282b893e94152125562c">3c619a7</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.27.0...v0.27.1">0.27.1</a> (2026-06-18)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>node-adapter:</strong> Cap HTTP request body size (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/186">#186</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/3832d4ce69d9f44c5f886c9b3ff24169d6119236">3832d4c</a>)</li> <li><strong>node-adapter:</strong> harden Node adapter request parsing (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/220eae660e459ac648fe352b756b586f39f9aa1e">220eae6</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.26.0...v0.27.0">0.27.0</a> (2026-06-18)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/78023d41520d693fcc79aed9c9c635b7bc3e58e8"><code>78023d4</code></a> chore(main): release 1.1.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/203">#203</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/eda849ca7894f32e4ed11df81eb5b024e5512e5b"><code>eda849c</code></a> feat: Expose request ids in handler contexts (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/202">#202</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/f8bf32c6be943e59969f31c65f338914fe25420e"><code>f8bf32c</code></a> chore(main): release 1.0.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/200">#200</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/008fc2861adc3f87edc4daa12eb78b81a6fd7161"><code>008fc28</code></a> chore: release 1.0.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/201">#201</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/de5879100c1bb5e2fdaebc957c1ca01364eb33cc"><code>de58791</code></a> feat(schema): Update to v1.16.0 of the schema (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/199">#199</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/bdc626790d26470324a68f26df9d3b6c152cec4c"><code>bdc6267</code></a> chore(main): release 0.29.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/196">#196</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/675ecbab8fde8054b621dd7c1ead758230d0c653"><code>675ecba</code></a> chore: Update Hey API OpenAPI TS to 0.99 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/197">#197</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/d5197f9f6346a4b57084552e0bdf3c71ccf64412"><code>d5197f9</code></a> feat(unstable): Add support for request cancellation (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/195">#195</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/06c932a22a5f8dc3cf691b20f4cc9d312d6e26a1"><code>06c932a</code></a> chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/192">#192</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/ffdbaac36004d9623a6ed8f37030650e5c8f409e"><code>ffdbaac</code></a> chore(deps-dev): bump <code>@types/node</code> from 25.9.3 to 26.0.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/193">#193</a>)</li> <li>Additional commits viewable in <a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.24.0...v1.1.0">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 25.9.3 to 26.1.0 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `p-queue` from 8.1.1 to 9.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/p-queue/releases">p-queue's releases</a>.</em></p> <blockquote> <h2>v9.3.0</h2> <ul> <li>Add <code>timeoutRemaining</code> to <code>runningTasks</code> 57d0a1a</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-queue/compare/v9.2.0...v9.3.0">https://github.com/sindresorhus/p-queue/compare/v9.2.0...v9.3.0</a></p> <h2>v9.2.0</h2> <ul> <li>Improve performance (<a href="https://redirect.github.com/sindresorhus/p-queue/issues/244">#244</a>) 87077d0</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-queue/compare/v9.1.2...v9.2.0">https://github.com/sindresorhus/p-queue/compare/v9.1.2...v9.2.0</a></p> <h2>v9.1.2</h2> <ul> <li>Fix: Export <code>PriorityQueue</code> type (<a href="https://redirect.github.com/sindresorhus/p-queue/issues/242">#242</a>) a20e1f3</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-queue/compare/v9.1.1...v9.1.2">https://github.com/sindresorhus/p-queue/compare/v9.1.1...v9.1.2</a></p> <h2>v9.1.1</h2> <ul> <li>Fix <code>signal</code> option not rejecting when task is aborted while queued a64b316 <ul> <li>If you use a custom queue class, you will have to add a <code>remove()</code> method. See the built-in class.</li> </ul> </li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-queue/compare/v9.1.0...v9.1.1">https://github.com/sindresorhus/p-queue/compare/v9.1.0...v9.1.1</a></p> <h2>v9.1.0</h2> <ul> <li>Add <a href="https://github.com/sindresorhus/p-queue?tab=readme-ov-file#strict"><code>strict</code></a> option for sliding window rate limiting 03b8156</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-queue/compare/v9.0.1...v9.1.0">https://github.com/sindresorhus/p-queue/compare/v9.0.1...v9.1.0</a></p> <h2>v9.0.1</h2> <ul> <li>Fix: Remove abort listener when operation completes (<a href="https://redirect.github.com/sindresorhus/p-queue/issues/235">#235</a>) e9074f0</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-queue/compare/v9.0.0...v9.0.1">https://github.com/sindresorhus/p-queue/compare/v9.0.0...v9.0.1</a></p> <h2>v9.0.0</h2> <h3>Breaking</h3> <ul> <li>Require Node.js 20 b2600d5</li> <li>Remove <code>throwOnTimeout</code> option - timeouts now always throw e48716f <ul> <li>It was a mistake to not throw on timeouts and the option made it complicated to handle types.</li> <li>If you really need the old behavior back:</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/p-queue/commit/cfa917af261fb6db9eb1281221ba21093eb49e3d"><code>cfa917a</code></a> 9.3.0</li> <li><a href="https://github.com/sindresorhus/p-queue/commit/b5a483f2b76f977f89e0968afcbd5e61643dff11"><code>b5a483f</code></a> Fix docs</li> <li><a href="https://github.com/sindresorhus/p-queue/commit/57d0a1a3ef683c3491aff71e03a4e3dfb4ed95a2"><code>57d0a1a</code></a> Add <code>timeoutRemaining</code> to <code>runningTasks</code></li> <li><a href="https://github.com/sindresorhus/p-queue/commit/fc4b7369d915ade31416d603fd35fd26c1885851"><code>fc4b736</code></a> 9.2.0</li> <li><a href="https://github.com/sindresorhus/p-queue/commit/ea65ce3659cb3e3be2fbe7049e69e280f04c8378"><code>ea65ce3</code></a> Tweaks</li> <li><a href="https://github.com/sindresorhus/p-queue/commit/87077d0214c203f38d0f36c4efee8172e67bf1c4"><code>87077d0</code></a> Improve performance (<a href="https://redirect.github.com/sindresorhus/p-queue/issues/244">#244</a>)</li> <li><a href="https://github.com/sindresorhus/p-queue/commit/53848611d103e16f39e94cba8c70a36f0ec791a0"><code>5384861</code></a> Fix CI</li> <li><a href="https://github.com/sindresorhus/p-queue/commit/55d306ba03479dcc531a8e06deab24d3f60feacd"><code>55d306b</code></a> 9.1.2</li> <li><a href="https://github.com/sindresorhus/p-queue/commit/a20e1f34b5c82e4e91e5d2e0c8b663e831dc16ab"><code>a20e1f3</code></a> Export <code>PriorityQueue</code> type (<a href="https://redirect.github.com/sindresorhus/p-queue/issues/242">#242</a>)</li> <li><a href="https://github.com/sindresorhus/p-queue/commit/9eec7efb433c33f66799d9dec41aa56d43f3435a"><code>9eec7ef</code></a> 9.1.1</li> <li>Additional commits viewable in <a href="https://github.com/sindresorhus/p-queue/compare/v8.1.1...v9.3.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9217edd307 |
build(deps): bump the patch-deps-updates-main group with 15 updates (#639)
Bumps the patch-deps-updates-main group with 15 updates: | Package | From | To | | --- | --- | --- | | [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.7` | `17.0.8` | | [@langchain/core](https://github.com/langchain-ai/langchainjs) | `1.2.0` | `1.2.1` | | [@langchain/langgraph](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core) | `1.4.4` | `1.4.7` | | [@langchain/langgraph-checkpoint](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint) | `1.1.2` | `1.1.3` | | [@langchain/anthropic](https://github.com/langchain-ai/langchainjs) | `1.5.0` | `1.5.1` | | [@langchain/langgraph-sdk](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk) | `1.9.23` | `1.9.25` | | [@langchain/openai](https://github.com/langchain-ai/langchainjs) | `1.5.1` | `1.5.3` | | [langchain](https://github.com/langchain-ai/langchainjs) | `1.5.0` | `1.5.2` | | [node-vfs-polyfill](https://github.com/vercel-labs/node-vfs-polyfill) | ``1227fb0`` | ``ef76f90`` | | [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.7.10` | `0.7.14` | | [hono](https://github.com/honojs/hono) | `4.12.26` | `4.12.27` | | [@hono/node-server](https://github.com/honojs/node-server) | `2.0.5` | `2.0.6` | | [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.3.1` | `4.3.2` | | [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.2` | `6.0.3` | | [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.1` | `4.3.2` | Updates `lint-staged` from 17.0.7 to 17.0.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lint-staged/lint-staged/releases">lint-staged's releases</a>.</em></p> <blockquote> <h2>v17.0.8</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1809">#1809</a> <a href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a> - Fix <em>lint-staged</em> discarding the ongoing merge conflict status (<code>.git/MERGE_HEAD</code>) when using the <code>--hide-unstaged</code> or <code>--hide-all</code> options.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1811">#1811</a> <a href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a> - Fix issues with Git commands that are successful but also emit warnings to <code>stderr</code>, by ignoring the <code>stderr</code> output completely when the process exits with code 0. This was the behavior when using <code>nano-spawn</code> and <code>execa</code>, but when switching to <code>tinyexec</code> in 16.3.0 both <code>stdout</code> and <code>stderr</code> were used as interleaved output.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md">lint-staged's changelog</a>.</em></p> <blockquote> <h2>17.0.8</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1809">#1809</a> <a href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a> - Fix <em>lint-staged</em> discarding the ongoing merge conflict status (<code>.git/MERGE_HEAD</code>) when using the <code>--hide-unstaged</code> or <code>--hide-all</code> options.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1811">#1811</a> <a href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a> - Fix issues with Git commands that are successful but also emit warnings to <code>stderr</code>, by ignoring the <code>stderr</code> output completely when the process exits with code 0. This was the behavior when using <code>nano-spawn</code> and <code>execa</code>, but when switching to <code>tinyexec</code> in 16.3.0 both <code>stdout</code> and <code>stderr</code> were used as interleaved output.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lint-staged/lint-staged/commit/5f3b8f28e895972bd5a2cdba733327b49859b91f"><code>5f3b8f2</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1812">#1812</a> from lint-staged/changeset-release/main</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/43a9b8d759443d3c313514b8a54af37108b19ac5"><code>43a9b8d</code></a> chore(changeset): release</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/630e2f60abc9e3964cf62f3f833594a19cdaf3cd"><code>630e2f6</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1809">#1809</a> from lint-staged/restore-merge-status</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a> fix: restore Git merge status after creating backup stash</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/6bae2e2aac7fd2981cf0b24e266631191760186c"><code>6bae2e2</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1811">#1811</a> from lint-staged/exec-git-ignore-stderr</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/b82a83099ddef36fccc26937761f184dfbe7c370"><code>b82a830</code></a> ci: run npm audit omitting dev, including prod dependencies</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/0b19b80233efc83b8e7c6df3f117d87fe760752c"><code>0b19b80</code></a> build(deps): update dependencies</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a> fix: ignore stderr when doing Git operations</li> <li>See full diff in <a href="https://github.com/lint-staged/lint-staged/compare/v17.0.7...v17.0.8">compare view</a></li> </ul> </details> <br /> Updates `@langchain/core` from 1.2.0 to 1.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases">@langchain/core's releases</a>.</em></p> <blockquote> <h2><code>@langchain/core</code><a href="https://github.com/1"><code>@1</code></a>.2.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10674">#10674</a> <a href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix: classify provider 429s before retrying</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/11092">#11092</a> <a href="https://github.com/langchain-ai/langchainjs/commit/7918bbdd2eaf8d9aff736b122f359a555267e1e7"><code>7918bbd</code></a> Thanks <a href="https://github.com/aolsenjazz"><code>@aolsenjazz</code></a>! - fix(core): only treat arrays of content blocks as ToolMessage content</p> <p>Fix tool outputs that are arrays of plain objects being forwarded as malformed message content. An array is now only treated as message content blocks when every element is an object with a <code>type</code>; otherwise it is JSON-stringified.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchainjs/commit/1ee0df0c49335104968f6c5130dbdb7e777f85d7"><code>1ee0df0</code></a> chore: version packages (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11097">#11097</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a> fix(core): better 429 error handling (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/10674">#10674</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a> fix(openai): omit empty reasoning item id in Responses API input (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11045">#11045</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a> fix(openai): route standard url file blocks to native input_file in Responses...</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a> fix(openai): stream built-in tool progress events (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11090">#11090</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/d2e6afcf17b269aa11a2f18444c208bc8a4b2520"><code>d2e6afc</code></a> fix(groq): require <code>@langchain/core</code> >= 1.1.30 in peer dependency (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11072">#11072</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/c66870ea8ebf9e3b0794ab8d969b25dfb189f2de"><code>c66870e</code></a> feat(weaviate): add X-Weaviate-Client-Integration telemetry header (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11088">#11088</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/baa57ba7cdce2046ba3dd40e9e8cf3c93c9c1ac4"><code>baa57ba</code></a> fix(anthropic): omit default disabled thinking from requests (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11073">#11073</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/04edb8d0fa3c408adbc6e4c277d1f3aaf5b40161"><code>04edb8d</code></a> docs(ibm): fix "Recieved" typo in tool_choice error message (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11066">#11066</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/2b7f368c2baa3f2916a207bf099a437adce2179c"><code>2b7f368</code></a> chore(deps): bump uuid from 14.0.0 to 14.0.1 (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11094">#11094</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchainjs/compare/@langchain/core@1.2.0...@langchain/core@1.2.1">compare view</a></li> </ul> </details> <br /> Updates `@langchain/langgraph` from 1.4.4 to 1.4.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/releases">@langchain/langgraph's releases</a>.</em></p> <blockquote> <h2><code>@langchain/langgraph</code><a href="https://github.com/1"><code>@1</code></a>.4.7</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2571">#2571</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/85ba859b6f60f4bf193d3313fa24149efe05491b"><code>85ba859</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph): drop unused zod-to-json-schema peer dependency</p> <p>Remove the vestigial <code>zod-to-json-schema</code> (and its <code>peerDependenciesMeta</code>/dev) declarations. JSON Schema generation now flows through <code>@langchain/core</code>'s Zod v3/v4 interop (<code>toJsonSchema</code>), so the old <code>zod-to-json-schema@^3.x</code> peer (which pins <code>zod@^3.24.1</code>) is no longer needed and was the last source of install-time peer conflicts with Zod v4. Closes <a href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1706">#1706</a>.</p> </li> </ul> <h2><code>@langchain/langgraph</code><a href="https://github.com/1"><code>@1</code></a>.4.6</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://github.com/langchain-ai/langgraphjs/commit/03a0d8b8632082e6dbf4a96fcf37f8f67151b74f"><code>03a0d8b</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph): emit valid UUIDs for exit-mode delta task_ids</p> <p>Exit-mode DeltaChannel writes used a step-prefixed synthetic task id that produced a 6-segment string Postgres rejects for <code>checkpoint_writes.task_id uuid</code> in LangGraph API. Embed the superstep in the first UUID group instead, matching <a href="https://redirect.github.com/langchain-ai/langgraph/issues/8165">langchain-ai/langgraph#8165</a>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a>, <a href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.25</li> <li><code>@langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@1</code></a>.1.3</li> </ul> </li> </ul> <h2><code>@langchain/langgraph</code><a href="https://github.com/1"><code>@1</code></a>.4.5</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2557">#2557</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(sdk): apply state update and goto alongside interrupt resume</p> <p><code>respond(decision, { update, goto })</code> now maps to LangGraph's <code>Command(resume, update, goto)</code>, so a human-in-the-loop UI can commit a state update (e.g. push the interrupt card into state) in the <strong>same superstep</strong> as the resume — one checkpoint, no separate <code>updateState</code> write, no flicker. <code>@langchain/langgraph-api</code> forwards <code>update</code>/<code>goto</code> through <code>input.respond</code>, and <code>@langchain/core</code> message instances in <code>update</code> are serialized to dicts before transport, exactly like <code>submit()</code>. Bumps <code>@langchain/protocol</code> to <code>^0.0.18</code> for the <code>Goto</code> type.</p> <p><code>respond</code>/<code>respondAll</code> also apply <code>update</code> <strong>optimistically</strong> (mirroring <code>submit()</code>): the pushed messages paint immediately, with stable ids minted so the resumed run's echo reconciles them in place. Without this the interrupt is cleared the instant <code>respond()</code> dispatches while the pushed card only reappears a server round-trip later — so the card would flicker in that gap. The optimistic state settles on the resumed run's terminal (pending → sent, or rolled back on a failure before any echo).</p> <p>User-initiated optimistic writes (<code>submit()</code> / <code>respond()</code> / <code>respondAll()</code>) now commit to the store <strong>synchronously</strong>, in the same tick as the triggering event, instead of being coalesced onto the next macrotask. This lets a framework render the pushed message in the <strong>same commit</strong> as any local UI state the caller flips alongside it (e.g. a HITL form swapping its inputs for the resolved card), so the card no longer blinks out for the one-macrotask window before the flush lands. High-frequency streaming writes keep their macrotask coalescing.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.24</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/langgraph-core/CHANGELOG.md">@langchain/langgraph's changelog</a>.</em></p> <blockquote> <h2>1.4.7</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2571">#2571</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/85ba859b6f60f4bf193d3313fa24149efe05491b"><code>85ba859</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph): drop unused zod-to-json-schema peer dependency</p> <p>Remove the vestigial <code>zod-to-json-schema</code> (and its <code>peerDependenciesMeta</code>/dev) declarations. JSON Schema generation now flows through <code>@langchain/core</code>'s Zod v3/v4 interop (<code>toJsonSchema</code>), so the old <code>zod-to-json-schema@^3.x</code> peer (which pins <code>zod@^3.24.1</code>) is no longer needed and was the last source of install-time peer conflicts with Zod v4. Closes <a href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1706">#1706</a>.</p> </li> </ul> <h2>1.4.6</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://github.com/langchain-ai/langgraphjs/commit/03a0d8b8632082e6dbf4a96fcf37f8f67151b74f"><code>03a0d8b</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph): emit valid UUIDs for exit-mode delta task_ids</p> <p>Exit-mode DeltaChannel writes used a step-prefixed synthetic task id that produced a 6-segment string Postgres rejects for <code>checkpoint_writes.task_id uuid</code> in LangGraph API. Embed the superstep in the first UUID group instead, matching <a href="https://redirect.github.com/langchain-ai/langgraph/issues/8165">langchain-ai/langgraph#8165</a>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a>, <a href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.25</li> <li><code>@langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@1</code></a>.1.3</li> </ul> </li> </ul> <h2>1.4.5</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2557">#2557</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(sdk): apply state update and goto alongside interrupt resume</p> <p><code>respond(decision, { update, goto })</code> now maps to LangGraph's <code>Command(resume, update, goto)</code>, so a human-in-the-loop UI can commit a state update (e.g. push the interrupt card into state) in the <strong>same superstep</strong> as the resume — one checkpoint, no separate <code>updateState</code> write, no flicker. <code>@langchain/langgraph-api</code> forwards <code>update</code>/<code>goto</code> through <code>input.respond</code>, and <code>@langchain/core</code> message instances in <code>update</code> are serialized to dicts before transport, exactly like <code>submit()</code>. Bumps <code>@langchain/protocol</code> to <code>^0.0.18</code> for the <code>Goto</code> type.</p> <p><code>respond</code>/<code>respondAll</code> also apply <code>update</code> <strong>optimistically</strong> (mirroring <code>submit()</code>): the pushed messages paint immediately, with stable ids minted so the resumed run's echo reconciles them in place. Without this the interrupt is cleared the instant <code>respond()</code> dispatches while the pushed card only reappears a server round-trip later — so the card would flicker in that gap. The optimistic state settles on the resumed run's terminal (pending → sent, or rolled back on a failure before any echo).</p> <p>User-initiated optimistic writes (<code>submit()</code> / <code>respond()</code> / <code>respondAll()</code>) now commit to the store <strong>synchronously</strong>, in the same tick as the triggering event, instead of being coalesced onto the next macrotask. This lets a framework render the pushed message in the <strong>same commit</strong> as any local UI state the caller flips alongside it (e.g. a HITL form swapping its inputs for the resolved card), so the card no longer blinks out for the one-macrotask window before the flush lands. High-frequency streaming writes keep their macrotask coalescing.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/217463762364134fdf0611349d53861a59d2708c"><code>2174637</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2572">#2572</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/85ba859b6f60f4bf193d3313fa24149efe05491b"><code>85ba859</code></a> fix(langgraph): drop unused zod-to-json-schema dependency (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2571">#2571</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/86389fa3a64ec89e0cb26d97379efcc90c7a211f"><code>86389fa</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2567">#2567</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/03a0d8b8632082e6dbf4a96fcf37f8f67151b74f"><code>03a0d8b</code></a> fix(langgraph): emit valid UUIDs for exit-mode delta task_ids</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/31261c3be539f0e41e13cf3e21283c55228bc545"><code>31261c3</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2558">#2558</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/5d279df5d524699e3824fdc7d8f9d8d0888edcc4"><code>5d279df</code></a> chore(deps): bump langchain (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2564">#2564</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a> feat(sdk): apply state update and goto alongside interrupt resume (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2557">#2557</a>)</li> <li>See full diff in <a href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph@1.4.7/libs/langgraph-core">compare view</a></li> </ul> </details> <br /> Updates `@langchain/langgraph-checkpoint` from 1.1.2 to 1.1.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/releases">@langchain/langgraph-checkpoint's releases</a>.</em></p> <blockquote> <h2><code>@langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@1</code></a>.1.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2566">#2566</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph-checkpoint-postgres): prevent createAgent failures with PostgresSaver</p> <p>Add BaseCheckpointSaver.toJSON() so ConfigurableModel can stringify runnable config without traversing pg Pool timers, and default missing checkpoint maps on load/copy so resume no longer crashes on undefined versions_seen. Closes <a href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1808">#1808</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/checkpoint/CHANGELOG.md">@langchain/langgraph-checkpoint's changelog</a>.</em></p> <blockquote> <h2>1.1.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2566">#2566</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph-checkpoint-postgres): prevent createAgent failures with PostgresSaver</p> <p>Add BaseCheckpointSaver.toJSON() so ConfigurableModel can stringify runnable config without traversing pg Pool timers, and default missing checkpoint maps on load/copy so resume no longer crashes on undefined versions_seen. Closes <a href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1808">#1808</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/86389fa3a64ec89e0cb26d97379efcc90c7a211f"><code>86389fa</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2567">#2567</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/091a46f32ddd3a85ee89e35fb9ea953dfc4cf8b4"><code>091a46f</code></a> fix(langgraph-checkpoint-postgres): prevent createAgent failures with Postgre...</li> <li>See full diff in <a href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph-checkpoint@1.1.3/libs/checkpoint">compare view</a></li> </ul> </details> <br /> Updates `@langchain/anthropic` from 1.5.0 to 1.5.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases">@langchain/anthropic's releases</a>.</em></p> <blockquote> <h2><code>@langchain/anthropic</code><a href="https://github.com/1"><code>@1</code></a>.5.1</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/11073">#11073</a> <a href="https://github.com/langchain-ai/langchainjs/commit/baa57ba7cdce2046ba3dd40e9e8cf3c93c9c1ac4"><code>baa57ba</code></a> Thanks <a href="https://github.com/archievi"><code>@archievi</code></a>! - Stop sending <code>thinking: { type: "disabled" }</code> on <code>ChatAnthropic</code> requests when the user never configured thinking. The disabled value is now only emitted when it is explicitly set, so adaptive-only models (e.g. <code>claude-fable-5</code>) that reject an explicit <code>thinking.type: "disabled"</code> no longer fail with a 400 on a default <code>ChatAnthropic</code> instance.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchainjs/commit/1ee0df0c49335104968f6c5130dbdb7e777f85d7"><code>1ee0df0</code></a> chore: version packages (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11097">#11097</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a> fix(core): better 429 error handling (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/10674">#10674</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a> fix(openai): omit empty reasoning item id in Responses API input (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11045">#11045</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a> fix(openai): route standard url file blocks to native input_file in Responses...</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a> fix(openai): stream built-in tool progress events (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11090">#11090</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/d2e6afcf17b269aa11a2f18444c208bc8a4b2520"><code>d2e6afc</code></a> fix(groq): require <code>@langchain/core</code> >= 1.1.30 in peer dependency (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11072">#11072</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/c66870ea8ebf9e3b0794ab8d969b25dfb189f2de"><code>c66870e</code></a> feat(weaviate): add X-Weaviate-Client-Integration telemetry header (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11088">#11088</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/baa57ba7cdce2046ba3dd40e9e8cf3c93c9c1ac4"><code>baa57ba</code></a> fix(anthropic): omit default disabled thinking from requests (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11073">#11073</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/04edb8d0fa3c408adbc6e4c277d1f3aaf5b40161"><code>04edb8d</code></a> docs(ibm): fix "Recieved" typo in tool_choice error message (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11066">#11066</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/2b7f368c2baa3f2916a207bf099a437adce2179c"><code>2b7f368</code></a> chore(deps): bump uuid from 14.0.0 to 14.0.1 (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11094">#11094</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchainjs/compare/@langchain/anthropic@1.5.0...@langchain/anthropic@1.5.1">compare view</a></li> </ul> </details> <br /> Updates `@langchain/langgraph-sdk` from 1.9.23 to 1.9.25 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/releases">@langchain/langgraph-sdk's releases</a>.</em></p> <blockquote> <h2><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.25</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2565">#2565</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(sdk): bundle pure-ESM deps into CJS build to fix ERR_REQUIRE_ESM</p> <p>Bundle the pure-ESM dependencies <code>p-retry</code> and <code>p-queue</code> (and their transitive ESM-only deps) into the build output so the CJS artifact no longer does a top-level <code>require()</code> of an ESM module. This fixes <code>ERR_REQUIRE_ESM</code> for CommonJS consumers on Node versions where <code>require(ESM)</code> is not enabled by default (< 20.19 / < 22.12). Closes <a href="https://redirect.github.com/langchain-ai/langgraphjs/issues/2562">#2562</a>.</p> </li> </ul> <h2><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.24</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2557">#2557</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(sdk): apply state update and goto alongside interrupt resume</p> <p><code>respond(decision, { update, goto })</code> now maps to LangGraph's <code>Command(resume, update, goto)</code>, so a human-in-the-loop UI can commit a state update (e.g. push the interrupt card into state) in the <strong>same superstep</strong> as the resume — one checkpoint, no separate <code>updateState</code> write, no flicker. <code>@langchain/langgraph-api</code> forwards <code>update</code>/<code>goto</code> through <code>input.respond</code>, and <code>@langchain/core</code> message instances in <code>update</code> are serialized to dicts before transport, exactly like <code>submit()</code>. Bumps <code>@langchain/protocol</code> to <code>^0.0.18</code> for the <code>Goto</code> type.</p> <p><code>respond</code>/<code>respondAll</code> also apply <code>update</code> <strong>optimistically</strong> (mirroring <code>submit()</code>): the pushed messages paint immediately, with stable ids minted so the resumed run's echo reconciles them in place. Without this the interrupt is cleared the instant <code>respond()</code> dispatches while the pushed card only reappears a server round-trip later — so the card would flicker in that gap. The optimistic state settles on the resumed run's terminal (pending → sent, or rolled back on a failure before any echo).</p> <p>User-initiated optimistic writes (<code>submit()</code> / <code>respond()</code> / <code>respondAll()</code>) now commit to the store <strong>synchronously</strong>, in the same tick as the triggering event, instead of being coalesced onto the next macrotask. This lets a framework render the pushed message in the <strong>same commit</strong> as any local UI state the caller flips alongside it (e.g. a HITL form swapping its inputs for the resolved card), so the card no longer blinks out for the one-macrotask window before the flush lands. High-frequency streaming writes keep their macrotask coalescing.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/sdk/CHANGELOG.md">@langchain/langgraph-sdk's changelog</a>.</em></p> <blockquote> <h2>1.9.25</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2565">#2565</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(sdk): bundle pure-ESM deps into CJS build to fix ERR_REQUIRE_ESM</p> <p>Bundle the pure-ESM dependencies <code>p-retry</code> and <code>p-queue</code> (and their transitive ESM-only deps) into the build output so the CJS artifact no longer does a top-level <code>require()</code> of an ESM module. This fixes <code>ERR_REQUIRE_ESM</code> for CommonJS consumers on Node versions where <code>require(ESM)</code> is not enabled by default (< 20.19 / < 22.12). Closes <a href="https://redirect.github.com/langchain-ai/langgraphjs/issues/2562">#2562</a>.</p> </li> </ul> <h2>1.9.24</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2557">#2557</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(sdk): apply state update and goto alongside interrupt resume</p> <p><code>respond(decision, { update, goto })</code> now maps to LangGraph's <code>Command(resume, update, goto)</code>, so a human-in-the-loop UI can commit a state update (e.g. push the interrupt card into state) in the <strong>same superstep</strong> as the resume — one checkpoint, no separate <code>updateState</code> write, no flicker. <code>@langchain/langgraph-api</code> forwards <code>update</code>/<code>goto</code> through <code>input.respond</code>, and <code>@langchain/core</code> message instances in <code>update</code> are serialized to dicts before transport, exactly like <code>submit()</code>. Bumps <code>@langchain/protocol</code> to <code>^0.0.18</code> for the <code>Goto</code> type.</p> <p><code>respond</code>/<code>respondAll</code> also apply <code>update</code> <strong>optimistically</strong> (mirroring <code>submit()</code>): the pushed messages paint immediately, with stable ids minted so the resumed run's echo reconciles them in place. Without this the interrupt is cleared the instant <code>respond()</code> dispatches while the pushed card only reappears a server round-trip later — so the card would flicker in that gap. The optimistic state settles on the resumed run's terminal (pending → sent, or rolled back on a failure before any echo).</p> <p>User-initiated optimistic writes (<code>submit()</code> / <code>respond()</code> / <code>respondAll()</code>) now commit to the store <strong>synchronously</strong>, in the same tick as the triggering event, instead of being coalesced onto the next macrotask. This lets a framework render the pushed message in the <strong>same commit</strong> as any local UI state the caller flips alongside it (e.g. a HITL form swapping its inputs for the resolved card), so the card no longer blinks out for the one-macrotask window before the flush lands. High-frequency streaming writes keep their macrotask coalescing.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/86389fa3a64ec89e0cb26d97379efcc90c7a211f"><code>86389fa</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2567">#2567</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/0558e472b7697304c62cb6fe69cc3005e8e1a457"><code>0558e47</code></a> fix(sdk): bundle pure-ESM deps into CJS build to fix ERR_REQUIRE_ESM (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2565">#2565</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/31261c3be539f0e41e13cf3e21283c55228bc545"><code>31261c3</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2558">#2558</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/5d279df5d524699e3824fdc7d8f9d8d0888edcc4"><code>5d279df</code></a> chore(deps): bump langchain (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2564">#2564</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/b1e856d987ac16148dc0872d1fecf70e659ef28e"><code>b1e856d</code></a> feat(sdk): apply state update and goto alongside interrupt resume (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk/issues/2557">#2557</a>)</li> <li>See full diff in <a href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph-sdk@1.9.25/libs/sdk">compare view</a></li> </ul> </details> <br /> Updates `@langchain/openai` from 1.5.1 to 1.5.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases">@langchain/openai's releases</a>.</em></p> <blockquote> <h2><code>@langchain/openai</code><a href="https://github.com/1"><code>@1</code></a>.5.3</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/11100">#11100</a> <a href="https://github.com/langchain-ai/langchainjs/commit/3205b35ac83037a2fff2998f16a66b5126b306f8"><code>3205b35</code></a> Thanks <a href="https://github.com/colifran"><code>@colifran</code></a>! - fix(langchain, openai): decouple strict tools from strict structured output response</li> </ul> <h2><code>@langchain/openai</code><a href="https://github.com/1"><code>@1</code></a>.5.2</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/11045">#11045</a> <a href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a> Thanks <a href="https://github.com/jackjin1997"><code>@jackjin1997</code></a>! - fix(openai): omit empty id and content on reasoning items in Responses API input</p> <p>Reasoning blocks reassembled from streaming chunks (e.g. via <code>streamEvents</code>) never carry an id, since OpenAI's streaming protocol only includes it in non-streaming responses. When such a message was replayed as Responses API input on the next turn, the reasoning item was emitted with <code>id: ""</code>, which OpenAI rejects with <code>400 Invalid 'input[n].id': ''</code>. The <code>id</code> field is now omitted when absent.</p> <p>A second error surfaced immediately after that fix: the same converter set a populated <code>content</code> array on the reasoning input item, which the Responses API also rejects (<code>400 Invalid 'input[n].content': array too long. Expected an array with maximum length 0</code>). Reasoning input items only carry <code>summary</code>, so <code>content</code> is no longer forwarded. Thanks to <a href="https://github.com/csrujanreddy"><code>@csrujanreddy</code></a> for catching the second issue and verifying both fixes against the live API.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/11065">#11065</a> <a href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a> Thanks <a href="https://github.com/rxits"><code>@rxits</code></a>! - fix(openai): route standard url file blocks to native input_file in Responses API</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/11090">#11090</a> <a href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a> Thanks <a href="https://github.com/nikhilpakhloo"><code>@nikhilpakhloo</code></a>! - fix(openai): stream built-in tool progress events</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchainjs/commit/f1d64ff8d6076fb6656c1f327b7b58eac520314b"><code>f1d64ff</code></a> chore: version packages (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11101">#11101</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/72ffc4bf17dc6dca390546c0e6c9503607198f26"><code>72ffc4b</code></a> fix(aws): add Bedrock stream idle timeout (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11098">#11098</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/3205b35ac83037a2fff2998f16a66b5126b306f8"><code>3205b35</code></a> fix(langchain, openai): decouple strict tools from strict structured output r...</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/1ee0df0c49335104968f6c5130dbdb7e777f85d7"><code>1ee0df0</code></a> chore: version packages (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11097">#11097</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a> fix(core): better 429 error handling (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/10674">#10674</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a> fix(openai): omit empty reasoning item id in Responses API input (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11045">#11045</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a> fix(openai): route standard url file blocks to native input_file in Responses...</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a> fix(openai): stream built-in tool progress events (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11090">#11090</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/d2e6afcf17b269aa11a2f18444c208bc8a4b2520"><code>d2e6afc</code></a> fix(groq): require <code>@langchain/core</code> >= 1.1.30 in peer dependency (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11072">#11072</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/c66870ea8ebf9e3b0794ab8d969b25dfb189f2de"><code>c66870e</code></a> feat(weaviate): add X-Weaviate-Client-Integration telemetry header (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11088">#11088</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchainjs/compare/@langchain/openai@1.5.1...@langchain/openai@1.5.3">compare view</a></li> </ul> </details> <br /> Updates `langchain` from 1.5.0 to 1.5.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases">langchain's releases</a>.</em></p> <blockquote> <h2>langchain@1.5.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/11100">#11100</a> <a href="https://github.com/langchain-ai/langchainjs/commit/3205b35ac83037a2fff2998f16a66b5126b306f8"><code>3205b35</code></a> Thanks <a href="https://github.com/colifran"><code>@colifran</code></a>! - fix(langchain, openai): decouple strict tools from strict structured output response</li> </ul> <h2>langchain@1.5.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/11087">#11087</a> <a href="https://github.com/langchain-ai/langchainjs/commit/534b43a0719c89e3fb4ab7052d3f39797660aa43"><code>534b43a</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langchain): keep tool call streams pending across any tool interrupt</p> <p>A raw <code>interrupt()</code> raised from inside a tool surfaced as a <code>tool-error</code> and rejected the call's un-awaited <code>output</code> promise, producing an unhandled rejection that crashed HITL runs. The tool-call stream transformer now treats any serialized graph interrupt as control flow (the call stays pending and resumes), not just <code>humanInTheLoopMiddleware</code> interrupts.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchainjs/commit/f1d64ff8d6076fb6656c1f327b7b58eac520314b"><code>f1d64ff</code></a> chore: version packages (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11101">#11101</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/72ffc4bf17dc6dca390546c0e6c9503607198f26"><code>72ffc4b</code></a> fix(aws): add Bedrock stream idle timeout (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11098">#11098</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/3205b35ac83037a2fff2998f16a66b5126b306f8"><code>3205b35</code></a> fix(langchain, openai): decouple strict tools from strict structured output r...</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/1ee0df0c49335104968f6c5130dbdb7e777f85d7"><code>1ee0df0</code></a> chore: version packages (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11097">#11097</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/f01770895c06621b469a6c6b5244747f6efdfbf7"><code>f017708</code></a> fix(core): better 429 error handling (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/10674">#10674</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/05936ab45ce1bbb04b955c3ebdd03dc1451b655c"><code>05936ab</code></a> fix(openai): omit empty reasoning item id in Responses API input (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11045">#11045</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/798cb705222f43759e94d02a790ebb706ef2f099"><code>798cb70</code></a> fix(openai): route standard url file blocks to native input_file in Responses...</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/80c790b593ad19668f1101f84f06c175db114909"><code>80c790b</code></a> fix(openai): stream built-in tool progress events (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11090">#11090</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/d2e6afcf17b269aa11a2f18444c208bc8a4b2520"><code>d2e6afc</code></a> fix(groq): require <code>@langchain/core</code> >= 1.1.30 in peer dependency (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11072">#11072</a>)</li> <li><a href="https://github.com/langchain-ai/langchainjs/commit/c66870ea8ebf9e3b0794ab8d969b25dfb189f2de"><code>c66870e</code></a> feat(weaviate): add X-Weaviate-Client-Integration telemetry header (<a href="https://redirect.github.com/langchain-ai/langchainjs/issues/11088">#11088</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchainjs/compare/langchain@1.5.0...langchain@1.5.2">compare view</a></li> </ul> </details> <br /> Updates `node-vfs-polyfill` from `1227fb0` to `ef76f90` <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel-labs/node-vfs-polyfill/commit/ef76f903d052d915395336dbf3498e3f5311a852"><code>ef76f90</code></a> Update README.md</li> <li>See full diff in <a href="https://github.com/vercel-labs/node-vfs-polyfill/compare/1227fb028a26eb0d65e565c11b0a28e7b49b990f...ef76f903d052d915395336dbf3498e3f5311a852">compare view</a></li> </ul> </details> <br /> Updates `langsmith` from 0.7.10 to 0.7.14 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.7.14</h2> <h2>What's Changed</h2> <ul> <li>fix: sum Anthropic cache tokens into input_tokens for correct cost calculation by <a href="https://github.com/QuentinBrosse"><code>@QuentinBrosse</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2519">langchain-ai/langsmith-sdk#2519</a></li> <li>chore(py): Bump version: 0.7.13 → 0.7.14 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2535">langchain-ai/langsmith-sdk#2535</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.13...v0.7.14">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.13...v0.7.14</a></p> <h2>v0.7.13</h2> <h2>What's Changed</h2> <ul> <li>fix: initialize otel exporter before background thread by <a href="https://github.com/ericdong-langchain"><code>@ericdong-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2526">langchain-ai/langsmith-sdk#2526</a></li> <li>fix: convert non primitive types to JSON strings by <a href="https://github.com/ericdong-langchain"><code>@ericdong-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2527">langchain-ai/langsmith-sdk#2527</a></li> <li>fix: missing await by <a href="https://github.com/ericdong-langchain"><code>@ericdong-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2528">langchain-ai/langsmith-sdk#2528</a></li> <li>fix: bump minimatch to resolve CVE-2026-27903 by <a href="https://github.com/jkennedyvz"><code>@jkennedyvz</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2502">langchain-ai/langsmith-sdk#2502</a></li> <li>feat(py): add experiment-level metadata to pytest integration by <a href="https://github.com/baskaryan"><code>@baskaryan</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2524">langchain-ai/langsmith-sdk#2524</a></li> <li>Bump version: 0.7.12 → 0.7.13 by <a href="https://github.com/baskaryan"><code>@baskaryan</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2531">langchain-ai/langsmith-sdk#2531</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13</a></p> <h2>v0.7.12</h2> <h2>What's Changed</h2> <ul> <li>fix: sample before transform in ingest by <a href="https://github.com/ericdong-langchain"><code>@ericdong-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2488">langchain-ai/langsmith-sdk#2488</a></li> <li>chore: bump version by <a href="https://github.com/ericdong-langchain"><code>@ericdong-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2521">langchain-ai/langsmith-sdk#2521</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12</a></p> <h2>v0.7.11</h2> <h2>What's Changed</h2> <ul> <li>add get insights reports with runs by <a href="https://github.com/Palashio"><code>@Palashio</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517">langchain-ai/langsmith-sdk#2517</a></li> <li>bump version for insights sdk changes by <a href="https://github.com/Palashio"><code>@Palashio</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2520">langchain-ai/langsmith-sdk#2520</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Palashio"><code>@Palashio</code></a> made their first contribution in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517">langchain-ai/langsmith-sdk#2517</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/f099beb36228b2ce008e56262ab6a5846d2dbdd1"><code>f099beb</code></a> chore(py): Bump version: 0.7.13 → 0.7.14 (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2535">#2535</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/27f1b8312c39b7acda31ac9a850fd74fb99a4e29"><code>27f1b83</code></a> fix: sum Anthropic cache tokens into input_tokens for correct cost calculatio...</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/22c21bff7d1e429d0dfa7800adf95ef971ef2458"><code>22c21bf</code></a> Bump version: 0.7.12 → 0.7.13 (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2531">#2531</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/5d17205b854377bf1c8c59f2c40923c295e2c127"><code>5d17205</code></a> feat(py): add experiment-level metadata to pytest integration (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2524">#2524</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/1412ad4bfe5294e5d6407962162b2fbfcd75202d"><code>1412ad4</code></a> fix: bump minimatch to resolve CVE-2026-27903 (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2502">#2502</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/da0d6e3f137ff375d787c4ba773c8b8d7832d0d8"><code>da0d6e3</code></a> fix: missing await (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2528">#2528</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/9f587d5f45ead3f19a61bd12743827fd84541657"><code>9f587d5</code></a> fix: convert non primitive types to JSON strings (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2527">#2527</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/0efa7fb188a451857790d0066edd5e5cf28dca2f"><code>0efa7fb</code></a> fix: initialize otel exporter before background thread (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2526">#2526</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/51d4e0b867cab82fa95468099e6b2ec3fbb21644"><code>51d4e0b</code></a> chore: bump version (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2521">#2521</a>)</li> <li><a href="https://github.com/langchain-ai/langsmith-sdk/commit/f8db5d1542703c388ccf7d506cbdbff5786c9d6f"><code>f8db5d1</code></a> fix: sample before transform in ingest (<a href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2488">#2488</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.14">compare view</a></li> </ul> </details> <br /> Updates `hono` from 4.12.26 to 4.12.27 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.27</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>hono/jsx does not isolate context per request</h3> <p>Affects: <code>hono/jsx</code>, <code>hono/jsx-renderer</code>. During SSR, context was stored process-wide instead of per request, so <code>useContext()</code>/<code>useRequestContext()</code> read after an <code>await</code> in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj</p> <h3>Server-Side XSS via JSX escaping bypass in cx()</h3> <p>Affects: <code>hono/css</code>. <code>cx()</code> marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX <code>class</code> attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59</p> <h3>API Gateway v1 adapter can drop a repeated request header value</h3> <p>Affects: <code>hono/aws-lambda</code>. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. <code>203.0.113.1</code> dropped when <code>203.0.113.10</code> is present) — affecting logic such as <code>X-Forwarded-For</code>-based IP restriction. GHSA-xgm2-5f3f-mvvc</p> <hr /> <p>Users of <code>hono/jsx</code>/<code>hono/jsx-renderer</code>, <code>hono/css</code> (<code>cx()</code>), or the <code>hono/aws-lambda</code> API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/97c6fe1f12298c715eb7b2da65b4b6e0d81682bb"><code>97c6fe1</code></a> 4.12.27</li> <li><a href="https://github.com/honojs/hono/commit/aa921770d09bc35970362d5a2630a878f6d982fd"><code>aa92177</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/cd3f6f7194f0e5c9d4b26ae0cf232018d0f388fc"><code>cd3f6f7</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/d4853a8f2794ce982818783f123e388a6dedd966"><code>d4853a8</code></a> fix(jsx): make merged context-isolation tests pass tsc type check (<a href="https://redirect.github.com/honojs/hono/issues/5037">#5037</a>)</li> <li><a href="https://github.com/honojs/hono/commit/6735fea78db8ca72e8606001f57b10ee6a96b349"><code>6735fea</code></a> fix(jsx): cast awaitedFallback through unknown to fix Deno type check (<a href="https://redirect.github.com/honojs/hono/issues/5036">#5036</a>)</li> <li><a href="https://github.com/honojs/hono/commit/fab3b13639339cbd5ba1166a5b23d9ac30c5f64f"><code>fab3b13</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/9f0dadf141a3242a6c3b77462c7d33c6ce0f599d"><code>9f0dadf</code></a> ci: use npm Staged publishing (<a href="https://redirect.github.com/honojs/hono/issues/5035">#5035</a>)</li> <li>See full diff in <a href="https://github.com/honojs/hono/compare/v4.12.26...v4.12.27">compare view</a></li> </ul> </details> <br /> Updates `@hono/node-server` from 2.0.5 to 2.0.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/node-server/releases">@hono/node-server's releases</a>.</em></p> <blockquote> <h2>v2.0.6</h2> <h2>What's Changed</h2> <ul> <li>ci: publish to npm from CI with OIDC trusted publishing and bump <code>np</code> by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/361">honojs/node-server#361</a></li> <li>ci: use npm Staged publishing by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/364">honojs/node-server#364</a></li> <li>fix: preserve status and statusText when cloning a Response with liveheaders by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/363">honojs/node-server#363</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v2.0.5...v2.0.6">https://github.com/honojs/node-server/compare/v2.0.5...v2.0.6</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/node-server/commit/ff75c611b248da710553d7a2d38ee474b82ac544"><code>ff75c61</code></a> 2.0.6</li> <li><a href="https://github.com/honojs/node-server/commit/814720fc36debc336d09300581df614fb31dfdce"><code>814720f</code></a> fix: preserve status and statusText when cloning a Response with live headers...</li> <li><a href="https://github.com/honojs/node-server/commit/a76209a4fa863eb449d9b61041330cae92a108ed"><code>a76209a</code></a> ci: use npm Staged publishing (<a href="https://redirect.github.com/honojs/node-server/issues/364">#364</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/44c365a1b136a3eb66ad307a3c3224f7be51cb23"><code>44c365a</code></a> ci: publish to npm from CI with OIDC trusted publishing and bump <code>np</code> (<a href="https://redirect.github.com/honojs/node-server/issues/361">#361</a>)</li> <li>See full diff in <a href="https://github.com/honojs/node-server/compare/v2.0.5...v2.0.6">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@hono/node-server</code> since your current version.</p> </details> <br /> Updates `@tailwindcss/vite` from 4.3.1 to 4.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">@tailwindcss/vite's releases</a>.</em></p> <blockquote> <h2>v4.3.2</h2> <h3>Fixed</h3> <ul> <li>Support bare spacing values for <code>auto-rows-*</code> and <code>auto-cols-*</code> utilities (e.g. <code>auto-rows-12</code> and <code>auto-cols-16</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20229">#20229</a>)</li> <li>Prevent <code>@tailwindcss/cli</code> in <code>--watch</code> mode from crashing on Windows when <code>@source</code> points to a directory that doesn't exist (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20242">#20242</a>)</li> <li>Prevent <code>@tailwindcss/vite</code> from crashing in Deno v2.8.x when <code>context.parentURL</code> is not a valid URL (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20245">#20245</a>)</li> <li>Ensure <code>@tailwindcss/cli</code> in <code>--watch</code> mode rebuilds when the input CSS file changes in an ignored directory (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20246">#20246</a>)</li> <li>Allow <code>@variant</code> rules used in <code>addBase(…)</code> to use custom variants defined later (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20247">#20247</a>)</li> <li>Prevent <code>@tailwindcss/vite</code> from crashing during HMR when scanned files or directories are deleted (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20259">#20259</a>)</li> <li>Generate <code>font-size</code> instead of <code>color</code> declarations for <code>text-[--spacing(…)]</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20260">#20260</a>)</li> <li>Prevent <code>@source</code> patterns from scanning unrelated sibling files and folders (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20263">#20263</a>)</li> <li>Extract class candidates adjacent to Template Toolkit delimiters like <code>%]…[%</code> in <code>.tt</code>, <code>.tt2</code>, and <code>.tx</code> files (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20269">#20269</a>)</li> <li>Extract class candidates from conditional Maud syntax like <code>p.text-black[condition]</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20269">#20269</a>)</li> <li>Prevent <code>@position-try</code> rules from triggering unknown at-rule warnings when optimizing CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20277">#20277</a>)</li> <li>Support class suggestions for named opacity modifiers from <code>--opacity</code> theme values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20287">#20287</a>)</li> <li>Prevent type errors in <code>@tailwindcss/postcss</code> when used with newer PostCSS patch releases (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20289">#20289</a>)</li> </ul> </blockquote... _Description has been truncated_ Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
4f1b6cfd71 |
build(deps): bump actions/checkout from 6.0.1 to 7.0.0 in the major-deps-updates group (#638)
Bumps the major-deps-updates group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.1 to 7.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>What's Changed</h2> <ul> <li>block checking out fork pr for pull_request_target and workflow_run by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> <li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li> <li>Bump flatted from 3.3.1 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li> <li>Bump js-yaml from 4.1.0 to 4.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li> <li>Bump <code>@actions/core</code> and <code>@actions/tool-cache</code> and Remove uuid by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li> <li>upgrade module to esm and update dependencies by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li> <li>Bump the minor-npm-dependencies group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li> <li>getting ready for checkout v7 release by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2464">actions/checkout#2464</a></li> <li>update error wording by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2467">actions/checkout#2467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6.0.3...v7.0.0">https://github.com/actions/checkout/compare/v6.0.3...v7.0.0</a></p> <h2>v6.0.3</h2> <h2>What's Changed</h2> <ul> <li>Update changelog by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>Update changelog for v6.0.3 by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yaananth"><code>@yaananth</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p> <h2>v6.0.2</h2> <h2>What's Changed</h2> <ul> <li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2355">actions/checkout#2355</a></li> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v7.0.0</h2> <ul> <li>Block checking out fork PR for pull_request_target and workflow_run by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> <li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li> <li>Bump flatted from 3.3.1 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li> <li>Bump js-yaml from 4.1.0 to 4.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li> <li>Bump <code>@actions/core</code> and <code>@actions/tool-cache</code> and Remove uuid by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li> <li>upgrade module to esm and update dependencies by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li> <li>Bump the minor-npm-dependencies group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li> </ul> <h2>v6.0.3</h2> <ul> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0"><code>9c091bb</code></a> update error wording (<a href="https://redirect.github.com/actions/checkout/issues/2467">#2467</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a"><code>1044a6d</code></a> getting ready for checkout v7 release (<a href="https://redirect.github.com/actions/checkout/issues/2464">#2464</a>)</li> <li><a href="https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f"><code>f028218</code></a> Bump the minor-npm-dependencies group across 1 directory with 3 updates (<a href="https://redirect.github.com/actions/checkout/issues/2462">#2462</a>)</li> <li><a href="https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d"><code>d914b26</code></a> upgrade module to esm and update dependencies (<a href="https://redirect.github.com/actions/checkout/issues/2463">#2463</a>)</li> <li><a href="https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d"><code>537c7ef</code></a> Bump <code>@actions/core</code> and <code>@actions/tool-cache</code> and Remove uuid (<a href="https://redirect.github.com/actions/checkout/issues/2459">#2459</a>)</li> <li><a href="https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6"><code>130a169</code></a> Bump js-yaml from 4.1.0 to 4.2.0 (<a href="https://redirect.github.com/actions/checkout/issues/2461">#2461</a>)</li> <li><a href="https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3"><code>7d09575</code></a> Bump flatted from 3.3.1 to 3.4.2 (<a href="https://redirect.github.com/actions/checkout/issues/2460">#2460</a>)</li> <li><a href="https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e"><code>0f9f3aa</code></a> Bump actions/publish-immutable-action (<a href="https://redirect.github.com/actions/checkout/issues/2458">#2458</a>)</li> <li><a href="https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7"><code>f9e715a</code></a> block checking out fork pr for pull_request_target and workflow_run (<a href="https://redirect.github.com/actions/checkout/issues/2454">#2454</a>)</li> <li><a href="https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10"><code>df4cb1c</code></a> Update changelog for v6.0.3 (<a href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1cca3d32bb |
build(deps): bump actions/setup-python from 6.2.0 to 6.3.0 in the minor-deps-updates group (#637)
Bumps the minor-deps-updates group with 1 update: [actions/setup-python](https://github.com/actions/setup-python). Updates `actions/setup-python` from 6.2.0 to 6.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v6.3.0</h2> <h2>What's Changed</h2> <h3>Enhancement</h3> <ul> <li>Add RHEL support and include Linux distro in cache keys by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1323">actions/setup-python#1323</a></li> <li>Fix pip cache error handling on Windows by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1040">actions/setup-python#1040</a></li> </ul> <h3>Dependency update</h3> <ul> <li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1281">actions/setup-python#1281</a></li> <li>Upgrade actions dependencies by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> with <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1303">actions/setup-python#1303</a></li> <li>Upgrade <code>@actions/cache</code> to 5.1.0, log cache write denied by <a href="https://github.com/jasongin"><code>@jasongin</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1324">actions/setup-python#1324</a></li> <li>Upgrade dependency versions and test workflow configuration by <a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1322">actions/setup-python#1322</a></li> </ul> <h3>Documentation</h3> <ul> <li>Update advanced-usage.md by <a href="https://github.com/Dunky-Z"><code>@Dunky-Z</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/811">actions/setup-python#811</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> with <a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1303">actions/setup-python#1303</a></li> <li><a href="https://github.com/jasongin"><code>@jasongin</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1324">actions/setup-python#1324</a></li> <li><a href="https://github.com/Dunky-Z"><code>@Dunky-Z</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/811">actions/setup-python#811</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v6...v6.3.0">https://github.com/actions/setup-python/compare/v6...v6.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/ece7cb06caefa5fff74198d8649806c4678c61a1"><code>ece7cb0</code></a> Fix pip cache error handling on Windows. (<a href="https://redirect.github.com/actions/setup-python/issues/1040">#1040</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/1d18d7af5f767c1259ede05a0a5bcc30f3dcf1cf"><code>1d18d7a</code></a> Update advanced-usage.md (<a href="https://redirect.github.com/actions/setup-python/issues/811">#811</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/d2b357a6a3a3687dd6781a416c0d24fcfd68660e"><code>d2b357a</code></a> Update dependency versions and test workflow configuration (<a href="https://redirect.github.com/actions/setup-python/issues/1322">#1322</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/8f639b1e75c1048640734b2bb46e22cecf136982"><code>8f639b1</code></a> Merge pull request <a href="https://redirect.github.com/actions/setup-python/issues/1324">#1324</a> from jasongin/update-actions-cache-5.1.0</li> <li><a href="https://github.com/actions/setup-python/commit/6731c2ba87f530c26324d128c8fdd53499a4d4b0"><code>6731c2b</code></a> Resolve high-severity audit issues</li> <li><a href="https://github.com/actions/setup-python/commit/0cb1a84326b90186fcd211036c65b42819794c87"><code>0cb1a84</code></a> Add RHEL support and include Linux distro in cache keys (<a href="https://redirect.github.com/actions/setup-python/issues/1323">#1323</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/dc6eab6194394e0119523369788b507096f923e2"><code>dc6eab6</code></a> Update dist</li> <li><a href="https://github.com/actions/setup-python/commit/6f4b74bfa2f520a380a620de3615c0dac427f4d3"><code>6f4b74b</code></a> Strict equality</li> <li><a href="https://github.com/actions/setup-python/commit/fa8bde1a9cc6347d06948d66bcd68c598b79eaea"><code>fa8bde1</code></a> Bump <code>@actions/cache</code> to 5.1.0, log cache write denied</li> <li><a href="https://github.com/actions/setup-python/commit/c8813ba1bc76ebf779b911ad8ffccbf2e449cb48"><code>c8813ba</code></a> Upgrade <a href="https://github.com/actions"><code>@actions</code></a> dependencies and update licenses (<a href="https://redirect.github.com/actions/setup-python/issues/1303">#1303</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-python/compare/a309ff8b426b58ec0e2a45f0f869d46889d02405...ece7cb06caefa5fff74198d8649806c4678c61a1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
331b80f8d0 |
build(deps): bump the patch-deps-updates group with 2 updates (#636)
Bumps the patch-deps-updates group with 2 updates: [pnpm/action-setup](https://github.com/pnpm/action-setup) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `pnpm/action-setup` from 6.0.8 to 6.0.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pnpm/action-setup/releases">pnpm/action-setup's releases</a>.</em></p> <blockquote> <h2>v6.0.9</h2> <h2>What's Changed</h2> <ul> <li>fix: update pnpm to v11.7.0 by <a href="https://github.com/zkochan"><code>@zkochan</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/267">pnpm/action-setup#267</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pnpm/action-setup/compare/v6...v6.0.9">https://github.com/pnpm/action-setup/compare/v6...v6.0.9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pnpm/action-setup/commit/0ebf47130e4866e96fce0953f49152a61190b271"><code>0ebf471</code></a> fix: update pnpm to v11.7.0 (<a href="https://redirect.github.com/pnpm/action-setup/issues/267">#267</a>)</li> <li>See full diff in <a href="https://github.com/pnpm/action-setup/compare/0e279bb959325dab635dd2c09392533439d90093...0ebf47130e4866e96fce0953f49152a61190b271">compare view</a></li> </ul> </details> <br /> Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v3.0.1</h2> <h2>3.0.1</h2> <ul> <li>maintenance release with updated dependencies</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>3.0.1</h2> <ul> <li>maintenance release with updated dependencies</li> </ul> <h2>3.0.0</h2> <p><code>3.0.0</code> is a major release that moves the action runtime from Node 20 to Node 24. Use <code>v3</code> on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on <code>v2.6.2</code>.</p> <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>Move the action runtime and bundle target to Node 24</li> <li>Update <code>@types/node</code> to the Node 24 line and allow future Dependabot updates</li> <li>Keep the floating major tag on <code>v3</code>; <code>v2</code> remains pinned to the latest <code>2.x</code> release</li> </ul> <h2>2.6.2</h2> <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): bump picomatch from 4.0.3 to 4.0.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/775">softprops/action-gh-release#775</a></li> <li>chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/777">softprops/action-gh-release#777</a></li> <li>chore(deps): bump vite from 8.0.0 to 8.0.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/781">softprops/action-gh-release#781</a></li> </ul> <h2>2.6.1</h2> <p><code>2.6.1</code> is a patch release focused on restoring linked discussion thread creation when <code>discussion_category_name</code> is set. It fixes <code>[#764](https://github.com/softprops/action-gh-release/issues/764)</code>, where the draft-first publish flow stopped carrying the discussion category through the final publish step.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: preserve discussion category on publish by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/765">softprops/action-gh-release#765</a></li> </ul> <h2>2.6.0</h2> <p><code>2.6.0</code> is a minor release centered on <code>previous_tag</code> support for <code>generate_release_notes</code>, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a <code>working_directory</code> docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/718ea10b132b3b2eba29c1007bb80653f286566b"><code>718ea10</code></a> release 3.0.1</li> <li><a href="https://github.com/softprops/action-gh-release/commit/f1a938b9d84ca9b770d0d8dfeb3e7285fe261e63"><code>f1a938b</code></a> chore(deps): bump esbuild from 0.28.0 to 0.28.1 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/802">#802</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/0066ead0de7252b4876b36b5357fc3974619d36a"><code>0066ead</code></a> chore(deps): bump vite from 8.0.14 to 8.0.16 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/806">#806</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/dc643cac6252aaa00c9b0b6c940d489cd7bf6b23"><code>dc643ca</code></a> chore(deps): bump the npm group with 3 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/805">#805</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/85ee99b6b20742a3823a8a289ee5e6ceab44e8aa"><code>85ee99b</code></a> chore(deps): bump actions/checkout in the github-actions group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/804">#804</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/9ed3cf9a6863b31f005d951c8d19de20628cf4eb"><code>9ed3cf9</code></a> chore(deps): bump the npm group with 2 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/800">#800</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/3efcac8951299998593f871640ea8059d6818655"><code>3efcac8</code></a> chore(deps): bump the npm group with 3 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/798">#798</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/05d6b9164aa74958de40b0179d6a773112fcdc7f"><code>05d6b91</code></a> chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/797">#797</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/403a5240f3837fa857f642062e05aad6bb3391ca"><code>403a524</code></a> chore(deps): bump <code>@types/node</code> from 24.12.2 to 24.12.3 in the npm group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/796">#796</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/437e073e786973c6b6af97d9e445c41ae43b1d29"><code>437e073</code></a> chore(deps): bump the npm group with 4 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/792">#792</a>)</li> <li>Additional commits viewable in <a href="https://github.com/softprops/action-gh-release/compare/b4309332981a82ec1c5618f44dd2e27cc8bfbfda...718ea10b132b3b2eba29c1007bb80653f286566b">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
5b462f2ab2 |
fix: migrate Daytona SDK dependency [closes #609] (#614)
## Description Closes #609 by updating `@langchain/daytona` to the maintained `@daytona/sdk` at `^0.184.0` while preserving the same SDK API usage. Added a patch changeset; `@daytona/sdk` is Apache-2.0 and maintained by Daytona as the direct replacement for deprecated `@daytonaio/sdk`. ## Self-Hosted Release Note `@langchain/daytona` now depends on `@daytona/sdk` instead of deprecated `@daytonaio/sdk`. ## Test Plan - [ ] Verify package publish metadata resolves `@daytona/sdk` `^0.184.0`. Made by [Open SWE](https://openswe.vercel.app/agents/d6f434c5-39c6-eef7-6cc6-670cf092bb67) Co-authored-by: Christian Bromann <731337+christian-bromann@users.noreply.github.com> Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com> |
||
|
|
9a9fce9429 |
ci: enforce sha-pinned github actions (#628)
## Summary - add PR linting that rejects external GitHub Actions not pinned to a 40-character commit SHA - keep existing action refs pinned and align stale version comments with their pinned SHAs - extend .gitignore coverage for local env, key/cert, Python cache, and virtualenv files ## Testing - local SHA-pin check over .github/workflows/*.yml and *.yaml - ruby YAML parse for .github/workflows/*.yml - git diff --cached --check |
||
|
|
0ae10d7e26 |
fix(deepagents): declare LangChain runtime packages as peer dependencies (#613)
Updates to `@langchain/core` can cause downstream friction with
TypeScript:
```
Type 'ChatOpenAI<ChatOpenAICallOptions>' is not assignable to type 'string | BaseLanguageModel<any, BaseLanguageModelCallOptions> | undefined'.
Type 'ChatOpenAI<ChatOpenAICallOptions>' is not assignable to type 'BaseLanguageModel<any, BaseLanguageModelCallOptions>'.
Types of property 'getGraph' are incompatible.
Type '(_?: import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>> | undefined) => import("/Users/christian.bromann/Sites/L...' is not assignable to type '(_?: import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>> | undefined) => import("/Users/christian.bromann/Sites/L...'.
Types of parameters '_' and '_' are incompatible.
Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>> | undefined' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>> | undefined'.
Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>>' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/runnables/types").RunnableConfig<Record<string, any>>'.
Types of property 'callbacks' are incompatible.
Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").Callbacks | undefined' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").Callbacks | undefined'.
Type 'CallbackManager' is not assignable to type 'Callbacks | undefined'.
Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManager' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManager'.
The types returned by 'handleLLMStart(...)' are incompatible between these types.
Type 'Promise<import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun[]>' is not assignable to type 'Promise<import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun[]>'.
Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun[]' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun[]'.
Type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.0_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun' is not assignable to type 'import("/Users/christian.bromann/Sites/LangChain/deployment-cookbook/js-langsmith/node_modules/.pnpm/@langchain+core@1.2.1_openai@6.44.0_ws@8.21.0_zod@4.4.3__ws@8.21.0/node_modules/@langchain/core/dist/callbacks/manager").CallbackManagerForLLMRun'.
Property 'inheritableHandlers' is protected but type 'BaseRunManager' is not a class derived from 'BaseRunManager'.ts(2322)
```
to avoid this we should move the LangChain dependency to become peer
deps.
- Moved `@langchain/core`, `@langchain/langgraph`,
`@langchain/langgraph-sdk`, and `langchain` from `dependencies` to
`peerDependencies` in `libs/deepagents`, keeping dev copies for isolated
build/test.
- Lets consumers bump `@langchain/core` without requiring a new
`deepagents` release; a release is only needed to widen the peer range
across a major.
- Note on install contract: npm 7+ and pnpm 8+ auto-install peers; Yarn
only warns, so Yarn users must add the four packages explicitly (worth a
README follow-up).
---------
Signed-off-by: Christian Bromann <git@bromann.dev>
Co-authored-by: open-swe[bot] <215916821+open-swe[bot]@users.noreply.github.com>
|
||
|
|
d7ecab2d9f |
fix(deepagents): forward subagent results as text (#608)
## Summary
A deep agent that delegates to a subagent 400s when that subagent uses
an Anthropic server-side tool (web search, web fetch, code execution,
MCP). The subagent's final-message content blocks e.g.
server_tool_use/..._tool_result were forwarded verbatim as the task
ToolMessage content. On the parent agent's next request they serialize
into a tool_result, which Anthropic rejects:
`400 invalid_request_error
messages.N.content.0.tool_result.content.0: Input tag 'server_tool_use'
found using 'type'
does not match any of the expected tags:
'document','image','search_result','text','tool_reference'`
## Solution
Now matches the Python impl: forward only the subagent's text answer.
returnCommandWithStateUpdate now walks back to the last AIMessage with
non-empty text and uses that text (a string) as the ToolMessage content.
- Confirmed the Python deepagents impl is not affected (it forwards
.text); this aligns JS with Python.
- Reproduced the 400 across {web_search, code_execution, web_fetch} ×
{claude-haiku-4-5, claude-sonnet-4-6} on the latest published packages;
all green after the fix.
## Tests
- New: subagent server-tool blocks are filtered from forwarded content.
- New: walk-back uses the last non-empty AIMessage, skipping a trailing
empty message.
- Updated the #239/#245 tests to assert the (now string) ToolMessage
content.
- No regressions in subagent-related tests in the evals suite
---------
Signed-off-by: Alexander Olsen <aolsenjazz@gmail.com>
Co-authored-by: Christian Bromann <git@bromann.dev>
|
||
|
|
42f34b65ed |
feat(deepagents): add bedrockPromptCachingMiddleware to default stack (#611)
## Summary - Adds `bedrockPromptCachingMiddleware` to the default middleware stack - Adds unit tests for the Bedrock model detection util function covering the different formats of model strings/`ChatModel`s |
||
|
|
3c8f8b2ea6 |
chore(quickjs): disallow task as a configurable ptc tool (#606)
### Summary The code interpreter now comes with a global `task` tool out of the box. As a result, we should disallow specifying the `task` tool for ptc. This PR implements logic that forbids the task tool as in ptc and throws with a detailed error message if found. This PR also updates the RLM agent example and READMEs. ### Tests Unit tests validating expected behavior for task by name and tool instance with "task" name. |
||
|
|
a9e1ba1b89 |
chore: version packages (#605)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## deepagents-acp@0.1.15 ### Patch Changes - Updated dependencies [[`7c4a11e`](https://github.com/langchain-ai/deepagentsjs/commit/7c4a11eacc11c3720b70d802068300ac3b4d8651)]: - deepagents@1.10.5 ## deepagents@1.10.5 ### Patch Changes - [#598](https://github.com/langchain-ai/deepagentsjs/pull/598) [`7c4a11e`](https://github.com/langchain-ai/deepagentsjs/commit/7c4a11eacc11c3720b70d802068300ac3b4d8651) Thanks [@christian-bromann](https://github.com/christian-bromann)! - refactor(stream): use langchain `run.subagents` instead of bespoke transformer Remove deepagents' custom `createSubagentTransformer` and rely on the native subagent stream that `createAgent` registers (langchain#37739). Keep `DeepAgentRunStream` as a compile-time overlay that narrows `run.subagents` to declared subagent specs. Update streaming tests for `cause` and per-subagent message coverage. ## @langchain/quickjs@0.5.1 ### Patch Changes - [#602](https://github.com/langchain-ai/deepagentsjs/pull/602) [`204cb27`](https://github.com/langchain-ai/deepagentsjs/commit/204cb27414c82c34a0c681c7e5a5336e1834f058) Thanks [@colifran](https://github.com/colifran)! - chore(quickjs): refine dynamic subagent prompt to trigger on workflow keyword and to improve iterative eval behavior - [#604](https://github.com/langchain-ai/deepagentsjs/pull/604) [`0971007`](https://github.com/langchain-ai/deepagentsjs/commit/0971007ab2491e73eb1a78c5426ab934470d5620) Thanks [@colifran](https://github.com/colifran)! - fix(quickjs): unwrap Command/ToolMessage envelopes from tool and subagent results ## @deepagents/evals@0.0.14 ### Patch Changes - Updated dependencies [[`7c4a11e`](https://github.com/langchain-ai/deepagentsjs/commit/7c4a11eacc11c3720b70d802068300ac3b4d8651)]: - deepagents@1.10.5 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>@langchain/quickjs@0.5.1 deepagents-acp@0.1.15 deepagents@1.10.5 |
||
|
|
7c4a11eacc |
fix(deepagents): use langchain run.subagents instead of bespoke transformer (#598)
## Summary - Remove deepagents' bespoke `createSubagentTransformer` (~460 lines) and wire `createDeepAgent` to langchain's native `run.subagents` projection from `createAgent` (langchain#37739). - Slim `stream.ts` to type-only exports: re-export `SubagentRunStream` from langchain and keep `DeepAgentRunStream` as a compile-time narrowing over declared subagent specs. - Update streaming tests for `sub.cause` (replacing `taskInput`), add single-subagent `sub.messages` coverage, and document parallel-subagent streaming behavior. - Pin `langchain@1.4.6-dev-1781497519109` and `@langchain/langgraph` / `@langchain/langgraph-checkpoint` to `d2312cf` dev builds (root `pnpm.overrides`) for end-to-end verification until published releases are available. - Clarify `streamTransformers` docs: custom transformers surface on `run.extensions`; built-in streams like `run.subagents` and `run.toolCalls` are separate. fixes #560 |
||
|
|
9ecb176109 |
build(deps): bump hono from 4.12.23 to 4.12.25 (#603)
Bumps [hono](https://github.com/honojs/hono) from 4.12.23 to 4.12.25. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.25</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>CORS Middleware reflects any Origin with credentials when <code>origin</code> defaults to the wildcard</h3> <p>Affects: <code>hono/cors</code>. Fixes the wildcard origin reflecting the request <code>Origin</code> and sending <code>Access-Control-Allow-Credentials: true</code> when <code>credentials: true</code> is set without an explicit <code>origin</code>, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc</p> <h3>Body Limit Middleware can be bypassed on AWS Lambda by understating <code>Content-Length</code></h3> <p>Affects: <code>hono/body-limit</code> on AWS Lambda (<code>hono/aws-lambda</code>, <code>hono/lambda-edge</code>). Fixes the request being built with the client-declared <code>Content-Length</code> while the body is delivered fully buffered, where a client could declare a small <code>Content-Length</code> with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2</p> <h3>Path traversal in <code>serve-static</code> on Windows via encoded backslash (<code>%5C</code>)</h3> <p>Affects: <code>serveStatic</code> on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (<code>%5C</code>) decoded to <code>\</code> was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44</p> <h3>AWS Lambda adapter merges multiple <code>Set-Cookie</code> headers into one value, dropping cookies on ALB single-header and Lattice</h3> <p>Affects: <code>hono/aws-lambda</code>. Fixes multiple <code>Set-Cookie</code> response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf</p> <h3>Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest</h3> <p>Affects: <code>hono/lambda-edge</code>. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as <code>X-Forwarded-For</code> reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p</p> <h2>v4.12.24</h2> <h2>What's Changed</h2> <ul> <li>docs(contribution): simplifyAI Usage Policy by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4972">honojs/hono#4972</a></li> <li>chore: remove <code>@types/glob</code> by <a href="https://github.com/rtritto"><code>@rtritto</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4978">honojs/hono#4978</a></li> <li>fix(bearer-auth): mention verifyToken in missing-options error message by <a href="https://github.com/tan7vir"><code>@tan7vir</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4987">honojs/hono#4987</a></li> <li>refactor(language): Test/improve tests on languages middleware by <a href="https://github.com/iNeoO"><code>@iNeoO</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4980">honojs/hono#4980</a></li> <li>fix(utils/ipaddr): expand "::" to eight zero groups by <a href="https://github.com/youcefzemmar"><code>@youcefzemmar</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4973">honojs/hono#4973</a></li> <li>fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by <a href="https://github.com/Mohammad-Faiz-Cloud-Engineer"><code>@Mohammad-Faiz-Cloud-Engineer</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4982">honojs/hono#4982</a></li> <li>refactor(timing): Test/add test for middleware timing by <a href="https://github.com/iNeoO"><code>@iNeoO</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4991">honojs/hono#4991</a></li> <li>fix(utils/ipaddr): render the unspecified address binary as "::" by <a href="https://github.com/sarathfrancis90"><code>@sarathfrancis90</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4998">honojs/hono#4998</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.23...v4.12.24">https://github.com/honojs/hono/compare/v4.12.23...v4.12.24</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/fce483e11466b72d27e61d44523c7e6edeb19e50"><code>fce483e</code></a> 4.12.25</li> <li><a href="https://github.com/honojs/hono/commit/751ba41ba26dff20351a13964c07627ddcf382b6"><code>751ba41</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/f0b094db8474696344d98e5665a4ac2a6d5f346e"><code>f0b094d</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/fa5f9bfcc25d65e08af85211cc2e5ecd0e0ea24b"><code>fa5f9bf</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/3892a6c2b54f974505de41013fcac88a71908e3d"><code>3892a6c</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/74c2cf8ef4f5cc29a876380df1ba230ff7128b3f"><code>74c2cf8</code></a> test(aws-lambda): update integration tests (<a href="https://redirect.github.com/honojs/hono/issues/5012">#5012</a>)</li> <li><a href="https://github.com/honojs/hono/commit/7ae7cbae5d0ed8a40e8b9cc353e13175b9d7e3e1"><code>7ae7cba</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/1b1384815485f9d6590c6966e23a06fd07166cb7"><code>1b13848</code></a> chore(ci): bump codecov-action to v7.0.0 (<a href="https://redirect.github.com/honojs/hono/issues/5011">#5011</a>)</li> <li><a href="https://github.com/honojs/hono/commit/5fdde5ab5a7d7c89eba4d1ceab76f4a7c011cd3b"><code>5fdde5a</code></a> 4.12.24</li> <li><a href="https://github.com/honojs/hono/commit/c78932d745cdf6284ae131a156479ac930da0262"><code>c78932d</code></a> fix(utils/ipaddr): render the unspecified address binary as "::" (<a href="https://redirect.github.com/honojs/hono/issues/4998">#4998</a>)</li> <li>Additional commits viewable in <a href="https://github.com/honojs/hono/compare/v4.12.23...v4.12.25">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/deepagentsjs/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0971007ab2 |
fix(quickjs): unwrap Command/ToolMessage envelopes from tool and subagent results (#604)
### Summary The deepagents `task` tool resolves to a LangGraph `Command` (and some tools return a `ToolMessage` or a list of messages), but the quickjs bridges passed these envelopes straight to the REPL so `task(...)` and PTC `tools.*` calls handed the model the wrapper instead of the subagent's actual output, breaking the contract that a `responseSchema` dispatch resolves to a typed value. This PR adds `unwrapToolEnvelope`: a duck-typed unwrap of `Command` / `ToolMessage` / message-list shapes that reverse-scans `update.messages` for the last message with content and reads both live and serialized forms. Non-envelope values pass through unchanged. `unwrapToolEnvelope` is wired into both bridges, i.e., the `task()` dispatch and the PTC `tools.*` bridge. Inspired by the Python's [`coerce_tool_output_for_ptc`](https://github.com/langchain-ai/deepagents/blob/4c347603162e181c721e5e2a5ca8bbff6828e23c/libs/partners/quickjs/langchain_quickjs/_format.py#L93-L119). ### Tests - `coerce.test.ts` provide unit test coverage for `unwrapToolEnvelope`: string/null/undefined passthrough, `Command` (single + multi-message), reverse-scan past empty trailing messages, serialized `kwargs.content`, bare `ToolMessage`, message lists, content-block arrays and plain `{ content }` objects left untouched. - `middleware.test.ts` provides an integration test that the `task()` bridge returns the parsed structured value from a `Command` result. |
||
|
|
204cb27414 |
chore(quickjs): refine dynamic subagent prompt to trigger on workflow keyword and to improve iterative eval behavior (#602)
### Summary Prompt change only, no runtime behavior change. Reworks the quickjs code-interpreter subagent prompt to steer the orchestrator toward an explore-then-distribute workflow. It explores with its own tools first, hands subagents file paths instead of pasted contents, reuses persisted REPL variables rather than re-pasting prior eval output, and returns results via the last expression instead of `console.log`. Also gates the REPL sandbox note so it only mentions the `tools.*` namespace when PTC is actually exposed. --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> |
||
|
|
750d69c024 |
chore: version packages (#568)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @langchain/node-vfs@0.2.0 ### Minor Changes - [#575](https://github.com/langchain-ai/deepagentsjs/pull/575) [`5d266a2`](https://github.com/langchain-ai/deepagentsjs/commit/5d266a213d8d3d15c2281e2e00ab71ee30ca3ffe) Thanks [@hntrl](https://github.com/hntrl)! - BREAKING: remove shell execution from the VFS provider `VfsBackend` now operates as a filesystem-only `BackendProtocolV2` implementation and no longer exposes command execution. The provider now implements `read`, `ls`, `grep`, and `glob` directly against the in-memory VFS, path resolution is confined to the virtual workspace root, and legacy `VfsSandbox` / `createVfsSandboxFactory*` aliases are removed. ## @langchain/quickjs@0.5.0 ### Minor Changes - [#590](https://github.com/langchain-ai/deepagentsjs/pull/590) [`7ee3feb`](https://github.com/langchain-ai/deepagentsjs/commit/7ee3feb674c361305b2a031db9132253e3d0543b) Thanks [@colifran](https://github.com/colifran)! - chore(quickjs): remove skills backend and associated plumbing - [#592](https://github.com/langchain-ai/deepagentsjs/pull/592) [`72cfb0c`](https://github.com/langchain-ai/deepagentsjs/commit/72cfb0c0384b30059b5e8028139a2e167c1be882) Thanks [@colifran](https://github.com/colifran)! - feat(quickjs): implement default subagent primitive in code interpreter for programmatic subagent calling ### Patch Changes - [#594](https://github.com/langchain-ai/deepagentsjs/pull/594) [`61db938`](https://github.com/langchain-ai/deepagentsjs/commit/61db9381494f61b4548cd80b715e5af72fdde381) Thanks [@colifran](https://github.com/colifran)! - chore(quickjs): remove configurable concurrency and add subagents option with true default - [#546](https://github.com/langchain-ai/deepagentsjs/pull/546) [`b7a5f26`](https://github.com/langchain-ai/deepagentsjs/commit/b7a5f26fd9cba992b11e1a4cf18607d64533503b) Thanks [@open-swe](https://github.com/apps/open-swe)! - fix(quickjs): scope `CodeInterpreterMiddleware` REPL prompt sandbox bullet to the runtime ## deepagents-acp@0.1.14 ### Patch Changes - Updated dependencies [[`18557db`](https://github.com/langchain-ai/deepagentsjs/commit/18557db7bbdf92052ed5f994512fb70e11989e69), [`773cac5`](https://github.com/langchain-ai/deepagentsjs/commit/773cac5dc7efc7843dd882642d91f7d64d6fde81), [`1ca6dc9`](https://github.com/langchain-ai/deepagentsjs/commit/1ca6dc92fd40a6d845d24b95ba14b8f2643db394), [`03df237`](https://github.com/langchain-ai/deepagentsjs/commit/03df237385fbdfefd862076c5588eb39cb6e43c3), [`84f3c0c`](https://github.com/langchain-ai/deepagentsjs/commit/84f3c0c2f1cad271191bcc138b84ba5b9c9205c9), [`72cfb0c`](https://github.com/langchain-ai/deepagentsjs/commit/72cfb0c0384b30059b5e8028139a2e167c1be882), [`04cc3fc`](https://github.com/langchain-ai/deepagentsjs/commit/04cc3fc26001ee566ed94de44c2dda2cf6adecc4), [`18fbb48`](https://github.com/langchain-ai/deepagentsjs/commit/18fbb4839050e98ae3cfd36ec69b11f0725ad6d6), [`e3d4b53`](https://github.com/langchain-ai/deepagentsjs/commit/e3d4b5367b1825df56c919b483ec4a3e117d631f)]: - deepagents@1.10.4 ## deepagents@1.10.4 ### Patch Changes - [#551](https://github.com/langchain-ai/deepagentsjs/pull/551) [`18557db`](https://github.com/langchain-ai/deepagentsjs/commit/18557db7bbdf92052ed5f994512fb70e11989e69) Thanks [@antonnak](https://github.com/antonnak)! - fix(deepagents): gate cache_control writes on per-call request.model `createCacheBreakpointMiddleware` and `createMemoryMiddleware` were gating the Anthropic-specific `cache_control` write at agent-creation time only. When `modelFallbackMiddleware` swapped `request.model` to a non-Anthropic provider mid-flight (e.g. on Anthropic 5xx), the marker leaked through and the fallback provider rejected the request with `400 Unknown parameter: 'cache_control'`. Both middlewares now also check `isAnthropicModel(request.model)` inside `wrapModelCall`. Fixes [#550](https://github.com/langchain-ai/deepagentsjs/issues/550). - [#591](https://github.com/langchain-ai/deepagentsjs/pull/591) [`773cac5`](https://github.com/langchain-ai/deepagentsjs/commit/773cac5dc7efc7843dd882642d91f7d64d6fde81) Thanks [@colifran](https://github.com/colifran)! - chore(deepagents): expose createSubAgent - [#541](https://github.com/langchain-ai/deepagentsjs/pull/541) [`1ca6dc9`](https://github.com/langchain-ai/deepagentsjs/commit/1ca6dc92fd40a6d845d24b95ba14b8f2643db394) Thanks [@ixchio](https://github.com/ixchio)! - fix getMimeType to return application/octet-stream for unknown file extensions instead of text/plain - [#572](https://github.com/langchain-ai/deepagentsjs/pull/572) [`03df237`](https://github.com/langchain-ai/deepagentsjs/commit/03df237385fbdfefd862076c5588eb39cb6e43c3) Thanks [@hntrl](https://github.com/hntrl)! - fix: scope CompositeBackend grep/glob route fanout by search path CompositeBackend now limits fallback route fanout to routes mounted under the requested search path, instead of querying all routed backends unconditionally. This avoids unrelated routed backend calls (and side-effect errors) for scoped searches like `path="/workspace"`, while preserving full fanout behavior at root (`path="/"`). - [#574](https://github.com/langchain-ai/deepagentsjs/pull/574) [`84f3c0c`](https://github.com/langchain-ai/deepagentsjs/commit/84f3c0c2f1cad271191bcc138b84ba5b9c9205c9) Thanks [@hntrl](https://github.com/hntrl)! - fix(deepagents): add explicit browser and node entrypoints - add `deepagents/browser` and `deepagents/node` subpath exports - route browser bundlers to the browser-safe bundle via the root `browser` export condition - avoid named Node builtin imports in backend utils that can break browser builds - document browser guidance to import from `deepagents/browser` - [#592](https://github.com/langchain-ai/deepagentsjs/pull/592) [`72cfb0c`](https://github.com/langchain-ai/deepagentsjs/commit/72cfb0c0384b30059b5e8028139a2e167c1be882) Thanks [@colifran](https://github.com/colifran)! - feat(quickjs): implement default subagent primitive in code interpreter for programmatic subagent calling - [#566](https://github.com/langchain-ai/deepagentsjs/pull/566) [`04cc3fc`](https://github.com/langchain-ai/deepagentsjs/commit/04cc3fc26001ee566ed94de44c2dda2cf6adecc4) Thanks [@hntrl](https://github.com/hntrl)! - fix(deepagents): propagate subagent `lc_agent_name` during task delegation - Ensure `task` tool subagent invocations override `metadata.lc_agent_name` with the selected `subagent_type`. - Add regression coverage for both compiled subagents (`runnable`) and standard subagent specs to verify tool-time metadata reflects the active subagent. - Update the `langsmith` peer dependency range in `deepagents` to `^0.7.1`. - [#595](https://github.com/langchain-ai/deepagentsjs/pull/595) [`18fbb48`](https://github.com/langchain-ai/deepagentsjs/commit/18fbb4839050e98ae3cfd36ec69b11f0725ad6d6) Thanks [@christian-bromann](https://github.com/christian-bromann)! - fix(deepagents): count tokens once per model call in summarization middleware `createSummarizationMiddleware` counted tokens twice on every model call—once inside `truncateArgs` and again for the should-summarize check—even when nothing was truncated or summarized. Count once and pass the total into `truncateArgs`; recount only when truncation actually modifies messages. - [#242](https://github.com/langchain-ai/deepagentsjs/pull/242) [`e3d4b53`](https://github.com/langchain-ai/deepagentsjs/commit/e3d4b5367b1825df56c919b483ec4a3e117d631f) Thanks [@alvedder](https://github.com/alvedder)! - feat(deepagents): support direct skill paths as sources in createSkillsMiddleware ## @deepagents/evals@0.0.13 ### Patch Changes - Updated dependencies [[`18557db`](https://github.com/langchain-ai/deepagentsjs/commit/18557db7bbdf92052ed5f994512fb70e11989e69), [`773cac5`](https://github.com/langchain-ai/deepagentsjs/commit/773cac5dc7efc7843dd882642d91f7d64d6fde81), [`1ca6dc9`](https://github.com/langchain-ai/deepagentsjs/commit/1ca6dc92fd40a6d845d24b95ba14b8f2643db394), [`03df237`](https://github.com/langchain-ai/deepagentsjs/commit/03df237385fbdfefd862076c5588eb39cb6e43c3), [`84f3c0c`](https://github.com/langchain-ai/deepagentsjs/commit/84f3c0c2f1cad271191bcc138b84ba5b9c9205c9), [`72cfb0c`](https://github.com/langchain-ai/deepagentsjs/commit/72cfb0c0384b30059b5e8028139a2e167c1be882), [`04cc3fc`](https://github.com/langchain-ai/deepagentsjs/commit/04cc3fc26001ee566ed94de44c2dda2cf6adecc4), [`18fbb48`](https://github.com/langchain-ai/deepagentsjs/commit/18fbb4839050e98ae3cfd36ec69b11f0725ad6d6), [`e3d4b53`](https://github.com/langchain-ai/deepagentsjs/commit/e3d4b5367b1825df56c919b483ec4a3e117d631f)]: - deepagents@1.10.4 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>@langchain/node-vfs@0.2.0 @langchain/quickjs@0.5.0 deepagents-acp@0.1.14 deepagents@1.10.4 |
||
|
|
d879d1c979 |
ci(infra): pin actions/checkout to commit SHA in release workflow (#596)
The `build` job in the CLI release workflow referenced `actions/checkout@v6` by tag while every other action across the repo's workflows is pinned to a full commit SHA. Pinning it closes the one remaining mutable-tag reference so CI can't silently pull a re-tagged action. ## Changes - Pin `actions/checkout` in the `cli-release.yml` `build` job to `8e8c483…90e8` (`v6.0.1`) — the same SHA used by the repo's other checkout steps. |
||
|
|
18fbb48390 |
fix(deepagents): count tokens once per model call in summarization middleware (#595)
## Summary - Port [langchain-ai/deepagents#3877](https://github.com/langchain-ai/deepagents/pull/3877): `createSummarizationMiddleware` now counts tokens once per model call instead of twice on the common pass-through path. - Pass the precomputed total into `truncateArgs` via an optional `totalTokens` parameter; recount only when truncation modifies messages. - Add a regression test asserting `countTokensApproximately` runs exactly once when nothing is truncated or summarized. |
||
|
|
61db938149 |
chore(quickjs): remove configurable concurrency and add subagents option with true default (#594)
### Summary This PR remove the configurable concurrency option from code interpreter middleware options and adds a subagents option that is true by default |
||
|
|
72cfb0c038 |
feat(quickjs): implement default task primitive in code interpreter for programmatic subagent calling (#592)
### Summary This PR adds a default task primitive to the code interpreter that allows the agent to natively write code to programmatically dispatch subagents. The task primitive supports passing response schemas for dynamic structured output that helps with more complex orchestration patterns. This PR also removes the swarm task tool in favor of the task primitive. --------- Co-authored-by: Hunter Lovell <40191806+hntrl@users.noreply.github.com> |
||
|
|
773cac5dc7 |
chore(deepagents): expose createSubAgent (#591)
### Summary Exposes `createSubAgent` as a dedicated function which allows us to reuse the inner subagent factory outside of the middleware (e.g. using it as the single source of truth for defining subagents in quickjs). Port of similar implementation from https://github.com/langchain-ai/deepagents/pull/3846 |
||
|
|
7ee3feb674 |
chore(quickjs): remove skills backend and associated plumbing (#590)
### Summary Removes skills backend and associated plumbing from code interpreter middleware and options |
||
|
|
7c47e66601 |
build(deps): bump the minor-deps-updates-main group across 1 directory with 19 updates (#581)
Bumps the minor-deps-updates-main group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@changesets/changelog-github](https://github.com/changesets/changesets) | `0.6.0` | `0.7.0` | | [globals](https://github.com/sindresorhus/globals) | `17.5.0` | `17.6.0` | | [jiti](https://github.com/unjs/jiti) | `2.6.1` | `2.7.0` | | [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.47.0` | `0.53.0` | | [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.62.0` | `1.68.0` | | [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` | | [@agentclientprotocol/sdk](https://github.com/agentclientprotocol/typescript-sdk) | `0.18.2` | `0.24.0` | | [@langchain/langgraph](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core) | `1.2.9` | `1.3.4` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.0` | `25.9.1` | | [tsdown](https://github.com/rolldown/tsdown) | `0.21.10` | `0.22.1` | | [@langchain/langgraph-sdk](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/sdk) | `1.8.10` | `1.9.15` | | [langchain](https://github.com/langchain-ai/langchainjs) | `1.3.5` | `1.4.4` | | [yaml](https://github.com/eemeli/yaml) | `2.8.3` | `2.9.0` | | [@langchain/anthropic](https://github.com/langchain-ai/langchainjs) | `1.3.28` | `1.4.0` | | [@daytonaio/sdk](https://github.com/daytonaio/daytona) | `0.155.0` | `0.184.0` | | [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.6.1` | `0.7.4` | | [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.20.0` | `8.21.0` | | [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.2.4` | `4.3.0` | | [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.4` | `4.3.0` | Updates `@changesets/changelog-github` from 0.6.0 to 0.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/changesets/changesets/releases">@changesets/changelog-github's releases</a>.</em></p> <blockquote> <h2><code>@changesets/changelog-github</code><a href="https://github.com/0"><code>@0</code></a>.7.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/changesets/changesets/pull/1255">#1255</a> <a href="https://github.com/changesets/changesets/commit/94578cf164aa7abcb12b97dd3a55d12a324f4fe8"><code>94578cf</code></a> Thanks <a href="https://github.com/Kauhsa"><code>@Kauhsa</code></a>! - Added <code>disableThanks</code> option</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/changesets/changesets/commit/d1ef2d8cc11f86042a82f0cf7b125021e24dafc4"><code>d1ef2d8</code></a> Version Packages (<a href="https://redirect.github.com/changesets/changesets/issues/1950">#1950</a>)</li> <li><a href="https://github.com/changesets/changesets/commit/7af587636b8e793cc43fc6a52d32598193fcb68e"><code>7af5876</code></a> Restrict <code>publish</code> job to the <code>npm</code> env (<a href="https://redirect.github.com/changesets/changesets/issues/1972">#1972</a>)</li> <li><a href="https://github.com/changesets/changesets/commit/ff767d2da25173bcab643826702b2af74cbf08cf"><code>ff767d2</code></a> Sync config-file-options documentation with schema.json and source code (<a href="https://redirect.github.com/changesets/changesets/issues/1683">#1683</a>)</li> <li><a href="https://github.com/changesets/changesets/commit/951094babb7c356536c243e9cca0faa3ec86360a"><code>951094b</code></a> fix: pin 2 unpinned action(s) (<a href="https://redirect.github.com/changesets/changesets/issues/1915">#1915</a>)</li> <li><a href="https://github.com/changesets/changesets/commit/94578cf164aa7abcb12b97dd3a55d12a324f4fe8"><code>94578cf</code></a> Added <code>disableThanks</code> option (<a href="https://redirect.github.com/changesets/changesets/issues/1255">#1255</a>)</li> <li><a href="https://github.com/changesets/changesets/commit/d87334df92a36788e778b21e2bc603beb754f0d5"><code>d87334d</code></a> Support dark mode banner in readme (<a href="https://redirect.github.com/changesets/changesets/issues/1943">#1943</a>)</li> <li><a href="https://github.com/changesets/changesets/commit/87472a757062402ca121bd168d693a1be866cf45"><code>87472a7</code></a> Update .vscode/settings.json (<a href="https://redirect.github.com/changesets/changesets/issues/1944">#1944</a>)</li> <li><a href="https://github.com/changesets/changesets/commit/317a373aef2639e4ca2804f20aeb4af5338c41ca"><code>317a373</code></a> Disable <code>publish_pr</code> job</li> <li><a href="https://github.com/changesets/changesets/commit/9cce6db18ddecbf7f9cded45254b9905b19a7516"><code>9cce6db</code></a> Version Packages (<a href="https://redirect.github.com/changesets/changesets/issues/1897">#1897</a>)</li> <li><a href="https://github.com/changesets/changesets/commit/d2121dc3d86b55f76de6022ccfcde843ed4b884a"><code>d2121dc</code></a> Fix npm auth for path-based registries during publish by preserving configure...</li> <li>Additional commits viewable in <a href="https://github.com/changesets/changesets/compare/@changesets/changelog-github@0.6.0...@changesets/changelog-github@0.7.0">compare view</a></li> </ul> </details> <br /> Updates `globals` from 17.5.0 to 17.6.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/globals/releases">globals's releases</a>.</em></p> <blockquote> <h2>v17.6.0</h2> <ul> <li>Update globals (2026-05-01) (<a href="https://redirect.github.com/sindresorhus/globals/issues/343">#343</a>) 00a4dd9</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0">https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/globals/commit/6b15870f1c08b60b5b57afe45a703d9ed0be39bc"><code>6b15870</code></a> 17.6.0</li> <li><a href="https://github.com/sindresorhus/globals/commit/00a4dd9821830a9b044798120e86b1bb1a54648d"><code>00a4dd9</code></a> Update globals (2026-05-01) (<a href="https://redirect.github.com/sindresorhus/globals/issues/343">#343</a>)</li> <li>See full diff in <a href="https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0">compare view</a></li> </ul> </details> <br /> Updates `jiti` from 2.6.1 to 2.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/unjs/jiti/releases">jiti's releases</a>.</em></p> <blockquote> <h2>v2.7.0</h2> <p><a href="https://github.com/unjs/jiti/compare/v2.6.1...v2.7.0">compare changes</a></p> <h3>🚀 Enhancements</h3> <ul> <li>Add explicit resource management (<code>using</code>/<code>await using</code>) support (<a href="https://redirect.github.com/unjs/jiti/pull/422">#422</a>)</li> <li>Support opt-in <code>tsconfigPaths</code> (<a href="https://redirect.github.com/unjs/jiti/pull/427">#427</a>)</li> <li>Support virtual modules (<a href="https://redirect.github.com/unjs/jiti/pull/428">#428</a>)</li> <li>Add <code>jiti/static</code> subpath (<a href="https://redirect.github.com/unjs/jiti/pull/430">#430</a>)</li> </ul> <h3>🔥 Performance</h3> <ul> <li><strong>interopDefault:</strong> Add caching to reduce proxy overhead by ~2x (<a href="https://redirect.github.com/unjs/jiti/pull/421">#421</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>require:</strong> Passthrough resolve options (<a href="https://redirect.github.com/unjs/jiti/pull/412">#412</a>)</li> <li><strong>require:</strong> Fallback to transpilation when <code>tryNative</code> fails (<a href="https://redirect.github.com/unjs/jiti/pull/413">#413</a>)</li> <li>Fallback for <code>ENAMETOOLONG</code> when evaluating esm (<a href="https://redirect.github.com/unjs/jiti/pull/429">#429</a>)</li> </ul> <h3>📦 Build</h3> <ul> <li>Upgrade rspack to v2 (<a href="https://github.com/unjs/jiti/commit/55194fb">55194fb</a>)</li> <li>Experimental rolldown config (<a href="https://github.com/unjs/jiti/commit/8c0243f">8c0243f</a>)</li> </ul> <h3>✅ Tests</h3> <ul> <li>Ignore jsx test for bun/cjs (<a href="https://github.com/unjs/jiti/commit/3a744ca">3a744ca</a>)</li> </ul> <h3>❤️ Contributors</h3> <ul> <li>Pooya Parsa (<a href="https://github.com/pi0"><code>@pi0</code></a>)</li> <li>Kricsleo (<a href="https://github.com/kricsleo"><code>@kricsleo</code></a>)</li> <li>Espen Hovlandsdal (<a href="https://github.com/rexxars"><code>@rexxars</code></a>)</li> <li>Rintaro Itokawa (<a href="https://github.com/re-taro"><code>@re-taro</code></a>)</li> <li>Matteo Collina (<a href="https://github.com/mcollina"><code>@mcollina</code></a>)</li> <li>Mario Zechner (<a href="https://github.com/badlogic"><code>@badlogic</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/unjs/jiti/blob/main/CHANGELOG.md">jiti's changelog</a>.</em></p> <blockquote> <h2>v2.7.0</h2> <p><a href="https://github.com/unjs/jiti/compare/v2.6.1...v2.7.0">compare changes</a></p> <h3>🚀 Enhancements</h3> <ul> <li>Add explicit resource management (using/await using) support (<a href="https://redirect.github.com/unjs/jiti/pull/422">#422</a>)</li> <li>Support opt-in <code>tsconfigPaths</code> (<a href="https://redirect.github.com/unjs/jiti/pull/427">#427</a>)</li> <li>Support virtual modules option (<a href="https://redirect.github.com/unjs/jiti/pull/428">#428</a>)</li> <li>Add <code>jiti/static</code> export (<a href="https://redirect.github.com/unjs/jiti/pull/430">#430</a>)</li> </ul> <h3>🔥 Performance</h3> <ul> <li><strong>interopDefault:</strong> Add caching to reduce proxy overhead by ~2x (<a href="https://redirect.github.com/unjs/jiti/pull/421">#421</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>require:</strong> Passthrough resolve options (<a href="https://redirect.github.com/unjs/jiti/pull/412">#412</a>)</li> <li><strong>ci:</strong> Skip <code>--coverage</code> flag for node 18 (<a href="https://github.com/unjs/jiti/commit/fe264b4">fe264b4</a>)</li> <li><strong>require:</strong> Fallback to transpilation when <code>tryNative</code> fails (<a href="https://redirect.github.com/unjs/jiti/pull/413">#413</a>)</li> <li>Fallback for <code>ENAMETOOLONG</code> when evaluating esm (<a href="https://redirect.github.com/unjs/jiti/pull/429">#429</a>)</li> </ul> <h3>📦 Build</h3> <ul> <li>Upgrade rspack (<a href="https://github.com/unjs/jiti/commit/55194fb">55194fb</a>)</li> <li>Experimental rolldown config (<a href="https://github.com/unjs/jiti/commit/8c0243f">8c0243f</a>)</li> </ul> <h3>🏡 Chore</h3> <ul> <li>Fix lint issues (<a href="https://github.com/unjs/jiti/commit/4045c7a">4045c7a</a>)</li> <li>Update deps (<a href="https://github.com/unjs/jiti/commit/e88ac44">e88ac44</a>)</li> <li>Update deps (<a href="https://github.com/unjs/jiti/commit/498e8d7">498e8d7</a>)</li> <li>Add missing prettier dep (<a href="https://github.com/unjs/jiti/commit/650bc48">650bc48</a>)</li> <li>Lint (<a href="https://github.com/unjs/jiti/commit/058d91a">058d91a</a>)</li> <li>Init agents.md (<a href="https://github.com/unjs/jiti/commit/c49c54e">c49c54e</a>)</li> <li>Update agents.md (<a href="https://github.com/unjs/jiti/commit/4deba16">4deba16</a>)</li> <li>Update deps (<a href="https://github.com/unjs/jiti/commit/08fc868">08fc868</a>)</li> <li>Update tsconfig (<a href="https://github.com/unjs/jiti/commit/8c7822e">8c7822e</a>)</li> <li>Update release script (<a href="https://github.com/unjs/jiti/commit/27fe3f2">27fe3f2</a>)</li> </ul> <h3>✅ Tests</h3> <ul> <li>Ignore jsx test for bun/cjs (<a href="https://github.com/unjs/jiti/commit/3a744ca">3a744ca</a>)</li> <li>Update (<a href="https://github.com/unjs/jiti/commit/9ee314f">9ee314f</a>)</li> </ul> <h3>🤖 CI</h3> <ul> <li>Update node test matrix (<a href="https://github.com/unjs/jiti/commit/0abda72">0abda72</a>)</li> </ul> <h3>❤️ Contributors</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/unjs/jiti/commit/fd3bb289b75ed207edfb686d671ed50144f7e90f"><code>fd3bb28</code></a> chore(release): v2.7.0</li> <li><a href="https://github.com/unjs/jiti/commit/27fe3f2a496b712674061c767f21ceaf34d39d83"><code>27fe3f2</code></a> chore: update release script</li> <li><a href="https://github.com/unjs/jiti/commit/4fcd2f23aa31d2e1ece4b307350b8c1d72a26870"><code>4fcd2f2</code></a> fix: fallback for <code>ENAMETOOLONG</code> when evaluating esm (<a href="https://redirect.github.com/unjs/jiti/issues/429">#429</a>)</li> <li><a href="https://github.com/unjs/jiti/commit/8c0243f14e65193fceb023b81aed5c9a820ee2cb"><code>8c0243f</code></a> build: experimental rolldown config</li> <li><a href="https://github.com/unjs/jiti/commit/55194fbb97b56af50ae1c19735ee3b06110b3903"><code>55194fb</code></a> build: upgrade rspack</li> <li><a href="https://github.com/unjs/jiti/commit/0abda72c11fa31654ae17f255f9a854e4b706018"><code>0abda72</code></a> ci: update node test matrix</li> <li><a href="https://github.com/unjs/jiti/commit/8c7822ef2ff03669c31de2fedfcf6676970f5b2a"><code>8c7822e</code></a> chore: update tsconfig</li> <li><a href="https://github.com/unjs/jiti/commit/08fc868c928d65fb615800e51b0ec1ac78f83a69"><code>08fc868</code></a> chore: update deps</li> <li><a href="https://github.com/unjs/jiti/commit/5d552e3bebf9ffcd3fb9f176364fce7b4e35134d"><code>5d552e3</code></a> feat: add <code>jiti/static</code> export (<a href="https://redirect.github.com/unjs/jiti/issues/430">#430</a>)</li> <li><a href="https://github.com/unjs/jiti/commit/ae790b0214512857e40e8b3078b63a7d65f7f2c9"><code>ae790b0</code></a> feat: support virtual modules option (<a href="https://redirect.github.com/unjs/jiti/issues/428">#428</a>)</li> <li>Additional commits viewable in <a href="https://github.com/unjs/jiti/compare/v2.6.1...v2.7.0">compare view</a></li> </ul> </details> <br /> Updates `oxfmt` from 0.47.0 to 0.53.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oxc-project/oxc/commit/964a7580840f394d67c149ea083e35a1e74c128f"><code>964a758</code></a> release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22883">#22883</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/68b455d84f0b18bd6646cfe4f9babb12ec4fc448"><code>68b455d</code></a> release(apps): oxlint v1.67.0 && oxfmt v0.52.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22735">#22735</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/16b8058cd6fd55472cb3a225852ca22db24bb461"><code>16b8058</code></a> feat(oxfmt): Support <code>vite-plus/resolveConfig</code> for vite.config.ts (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22454">#22454</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/557020642e27b948e46f73754b82bee452a82f32"><code>5570206</code></a> release(apps): oxlint v1.66.0 && oxfmt v0.51.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22528">#22528</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/25e5cbc76f887cf5c0c2bdfbef8d4a74fd1ce87d"><code>25e5cbc</code></a> release(apps): oxlint v1.65.0 && oxfmt v0.50.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22458">#22458</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/43b997847b76bfbc35e83738296330a9a33de4e4"><code>43b9978</code></a> fix(formatter/sort_imports): Treat subpath imports as internal (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22440">#22440</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/d652a556196178515a3c1ea6d25a832c74961d02"><code>d652a55</code></a> release(apps): oxlint v1.64.0 && oxfmt v0.49.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22318">#22318</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/6e8e8185c0a3d653bb90dff051ec7d4558793752"><code>6e8e818</code></a> feat(oxfmt): Experimental .svelte support (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/21700">#21700</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/330fe31f826b7d4ae11ae49ba50e2b2ab2bdc6f1"><code>330fe31</code></a> refactor(config): Update doc comment for <code>GlobSet</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22197">#22197</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/fb3067ca2bafbbf7d75b058788202dc16d994f3e"><code>fb3067c</code></a> refactor(oxfmt): use shared GlobSet for overrides (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22147">#22147</a>)</li> <li>Additional commits viewable in <a href="https://github.com/oxc-project/oxc/commits/oxfmt_v0.53.0/npm/oxfmt">compare view</a></li> </ul> </details> <br /> Updates `oxlint` from 1.62.0 to 1.68.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/oxc-project/oxc/releases">oxlint's releases</a>.</em></p> <blockquote> <h2>oxlint v1.27.0 && oxfmt v0.12.0</h2> <h1>Oxlint v1.27.0</h1> <h3>🚀 Features</h3> <ul> <li>222a8f0 linter/plugins: Implement <code>SourceCode#isSpaceBetween</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15498">#15498</a>) (overlookmotel)</li> <li>2f9735d linter/plugins: Implement <code>context.languageOptions</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15486">#15486</a>) (overlookmotel)</li> <li>bc731ff linter/plugins: Stub out all <code>Context</code> APIs (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15479">#15479</a>) (overlookmotel)</li> <li>5822cb4 linter/plugins: Add <code>extend</code> method to <code>FILE_CONTEXT</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15477">#15477</a>) (overlookmotel)</li> <li>7b1e6f3 apps: Add pure rust binaries and release to github (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15469">#15469</a>) (Boshen)</li> <li>2a89b43 linter: Introduce debug assertions after fixes to assert validity (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15389">#15389</a>) (camc314)</li> <li>ad3c45a editor: Add <code>oxc.path.node</code> option (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15040">#15040</a>) (Sysix)</li> </ul> <h3>🐛 Bug Fixes</h3> <ul> <li>6f3cd77 linter/no-var: Incorrect warning for blocks (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15504">#15504</a>) (Hamir Mahal)</li> <li>6957fb9 linter/plugins: Do not allow access to <code>Context#id</code> in <code>createOnce</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15489">#15489</a>) (overlookmotel)</li> <li>7409630 linter/plugins: Allow access to <code>cwd</code> in <code>createOnce</code> in ESLint interop mode (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15488">#15488</a>) (overlookmotel)</li> <li>732205e parser: Reject <code>using</code> / <code>await using</code> in a switch <code>case</code> / <code>default</code> clause (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15225">#15225</a>) (sapphi-red)</li> <li>a17ca32 linter/plugins: Replace <code>Context</code> class (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15448">#15448</a>) (overlookmotel)</li> <li>ecf2f7b language_server: Fail gracefully when tsgolint executable not found (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15436">#15436</a>) (camc314)</li> <li>3c8d3a7 lang-server: Improve logging in failure case for tsgolint (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15299">#15299</a>) (camc314)</li> <li>ef71410 linter: Use jsx if source type is JS in fix debug assertion (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15434">#15434</a>) (camc314)</li> <li>e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15426">#15426</a>) (camc314)</li> <li>6565dbe linter/switch-case-braces: Skip comments when searching for <code>:</code> token (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15425">#15425</a>) (camc314)</li> <li>85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15423">#15423</a>) (camc314)</li> <li>fde753e linter/plugins: Block access to <code>context.settings</code> in <code>createOnce</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15394">#15394</a>) (overlookmotel)</li> <li>ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15388">#15388</a>) (camc314)</li> <li>dac2a9c linter/no-template-curly-in-string: Remove fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15387">#15387</a>) (camc314)</li> <li>989b8e3 linter/no-var: Only fix to <code>const</code> if the var has an initializer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15385">#15385</a>) (camc314)</li> <li>cc403f5 linter/plugins: Return empty object for unimplemented parserServices (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15364">#15364</a>) (magic-akari)</li> </ul> <h3>⚡ Performance</h3> <ul> <li>25d577e language_server: Start tools in parallel (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15500">#15500</a>) (Sysix)</li> <li>3c57291 linter/plugins: Optimize loops (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15449">#15449</a>) (overlookmotel)</li> <li>3166233 linter/plugins: Remove <code>Arc</code>s (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15431">#15431</a>) (overlookmotel)</li> <li>9de1322 linter/plugins: Lazily deserialize settings JSON (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15395">#15395</a>) (overlookmotel)</li> <li>3049ec2 linter/plugins: Optimize <code>deepFreezeSettings</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15392">#15392</a>) (overlookmotel)</li> <li>444ebfd linter/plugins: Use single object for <code>parserServices</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15378">#15378</a>) (overlookmotel)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>97d2104 linter: Update comment in lint.rs about default value for tsconfig path (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15530">#15530</a>) (Connor Shea)</li> <li>2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15411">#15411</a>) (sapphi-red)</li> <li>a0c5203 linter/import/named: Update "ES7" comment in examples (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15410">#15410</a>) (sapphi-red)</li> <li>3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15409">#15409</a>) (sapphi-red)</li> <li>2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15408">#15408</a>) (sapphi-red)</li> <li>57f0ce1 linter: Add backquotes where appropriate (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15407">#15407</a>) (sapphi-red)</li> </ul> <h1>Oxfmt v0.12.0</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md">oxlint's changelog</a>.</em></p> <blockquote> <h2>[1.68.0] - 2026-06-01</h2> <h3>🚀 Features</h3> <ul> <li>e4b1f46 linter/typescript: Implement <code>method-signature-style</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22679">#22679</a>) (Mikhail Baev)</li> <li>bc462ca linter/vue: Implement no-reserved-component-names rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22741">#22741</a>) (bab)</li> <li>ef9e751 linter/vue: Implement component-definition-name-casing rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22818">#22818</a>) (bab)</li> <li>d67f51a linter/vue: Implement require-prop-type-constructor rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22708">#22708</a>) (bab)</li> <li>8422e8b linter/jsdoc: Implement <code>require-yields-description</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22805">#22805</a>) (Mikhail Baev)</li> <li>fe93f97 linter/eslint: Implement <code>prefer-named-capture-group</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22759">#22759</a>) (Sebastian Poxhofer)</li> </ul> <h2>[1.67.0] - 2026-05-26</h2> <h3>🚀 Features</h3> <ul> <li>b84941e linter/vue: Implement no-expose-after-await rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22675">#22675</a>) (bab)</li> <li>98b98c1 linter/vue: Implement no-computed-properties-in-data rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22674">#22674</a>) (bab)</li> <li>2d4c919 oxlint: Support <code>vite-plus/resolveConfig</code> for vite.config.ts (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22456">#22456</a>) (leaysgur)</li> <li>2a60012 linter/vue: Implement require-render-return rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22613">#22613</a>) (bab)</li> <li>9f227fd linter/vue: Implement no-deprecated-props-default-this rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/21892">#21892</a>) (bab)</li> <li>87f065e linter/vue: Implement return-in-emits-validator rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/21935">#21935</a>) (bab)</li> <li>ea0380c linter/unicorn: Implement <code>import-style</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22173">#22173</a>) (Hao Chen)</li> <li>dde40fe linter/vue: Implement no-watch-after-await rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22006">#22006</a>) (bab)</li> <li>a735eb0 linter/vue: Implement valid-next-tick rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22531">#22531</a>) (bab)</li> <li>6dc615d linter/vue: Implement no-shared-component-data rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/21842">#21842</a>) (bab)</li> <li>a656418 linter/vue: Implement valid-define-options rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22107">#22107</a>) (bab)</li> <li>bb6f1b2 linter/vue: Implement require-slots-as-functions rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22244">#22244</a>) (bab)</li> <li>5fa4774 linter/n: Implement <code>callback-return</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22470">#22470</a>) (Mikhail Baev)</li> </ul> <h2>[1.66.0] - 2026-05-18</h2> <h3>🚀 Features</h3> <ul> <li>0440b0f linter/eslint: Implement <code>id-match</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22379">#22379</a>) (Vladislav Sayapin)</li> <li>65bf119 linter: Implement react no-object-type-as-default-prop (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22481">#22481</a>) (uhyo)</li> <li>2a6ddce linter/eslint: Implement <code>no-implied-eval</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22391">#22391</a>) (Vladislav Sayapin)</li> <li>625758a linter/vitest: Implement padding-around-after-all-blocks rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/21788">#21788</a>) (kapobajza)</li> <li>37680b0 linter: Implement react no-unstable-nested-components (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22248">#22248</a>) (Jovi De Croock)</li> <li>d8d9c74 linter: Implement import/newline-after-import rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/19142">#19142</a>) (Ryuya Yanagi)</li> </ul> <h2>[1.65.0] - 2026-05-15</h2> <h3>🚀 Features</h3> <ul> <li>5478fb5 linter/jsdoc: Implement <code>require-throws-description</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22386">#22386</a>) (Mikhail Baev)</li> <li>c73225e linter/eslint: Implement <code>prefer-arrow-callback</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22312">#22312</a>) (박천(Cheon Park))</li> <li>de82b59 linter: Add support for <code>eslint-plugin-jsx-a11y-x</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22356">#22356</a>) (mehm8128)</li> <li>f44b6c8 linter: Fill schemas <code>DummyRuleMap</code> with built-in rules (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22288">#22288</a>) (Sysix)</li> </ul> <h2>[1.64.0] - 2026-05-11</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oxc-project/oxc/commit/964a7580840f394d67c149ea083e35a1e74c128f"><code>964a758</code></a> release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22883">#22883</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/3f05c5e1267c25daa1c90babd84427f59acf96be"><code>3f05c5e</code></a> feat(linter): expose <code>override::exclude_files</code> option (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22884">#22884</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/e4b1f46bec95da661af72f513e769d729ff605c6"><code>e4b1f46</code></a> feat(linter/typescript): implement <code>method-signature-style</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22679">#22679</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/bc462ca5a778c246d6185d9b8d2cbdf3919ed527"><code>bc462ca</code></a> feat(linter/vue): implement no-reserved-component-names rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22741">#22741</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/ef9e75170dca39091e4aa8360f7d59dc5aa206eb"><code>ef9e751</code></a> feat(linter/vue): implement component-definition-name-casing rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22818">#22818</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/d67f51aba16939ce33b21c7504e177a9ff1c6887"><code>d67f51a</code></a> feat(linter/vue): implement require-prop-type-constructor rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22708">#22708</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/8422e8bc44db47033ce516f9375867624e265823"><code>8422e8b</code></a> feat(linter/jsdoc): implement <code>require-yields-description</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22805">#22805</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/fe93f9718ac09bab79286eb6dbc90ad14f8270bd"><code>fe93f97</code></a> feat(linter/eslint): implement <code>prefer-named-capture-group</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22759">#22759</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/68b455d84f0b18bd6646cfe4f9babb12ec4fc448"><code>68b455d</code></a> release(apps): oxlint v1.67.0 && oxfmt v0.52.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22735">#22735</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/b84941e69e2e630e998fe6b1e90b0506608f7caa"><code>b84941e</code></a> feat(linter/vue): implement no-expose-after-await rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22675">#22675</a>)</li> <li>Additional commits viewable in <a href="https://github.com/oxc-project/oxc/commits/oxlint_v1.68.0/npm/oxlint">compare view</a></li> </ul> </details> <br /> Updates `tsx` from 4.21.0 to 4.22.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/privatenumber/tsx/releases">tsx's releases</a>.</em></p> <blockquote> <h2>v4.22.4</h2> <h2><a href="https://github.com/privatenumber/tsx/compare/v4.22.3...v4.22.4">4.22.4</a> (2026-05-31)</h2> <h3>Bug Fixes</h3> <ul> <li>resolve CommonJS directory requires inside dependencies (<a href="https://redirect.github.com/privatenumber/tsx/issues/803">#803</a>) (<a href="https://github.com/privatenumber/tsx/commit/1ce846335b7c445a3328c7d27f06424949356d97">1ce8463</a>)</li> </ul> <hr /> <p>This release is also available on:</p> <ul> <li><a href="https://www.npmjs.com/package/tsx/v/4.22.4"><code>npm package (@latest dist-tag)</code></a></li> </ul> <h2>v4.22.3</h2> <h2><a href="https://github.com/privatenumber/tsx/compare/v4.22.2...v4.22.3">4.22.3</a> (2026-05-19)</h2> <h3>Bug Fixes</h3> <ul> <li>decode typed loader source (<a href="https://github.com/privatenumber/tsx/commit/dce02fc3b8b64a58d24560714902b16f89332f1f">dce02fc</a>)</li> <li>preserve entrypoint with TypeScript preload hooks (<a href="https://github.com/privatenumber/tsx/commit/68f72f3304d8c3ff7048bde8571af9c163fcefa2">68f72f3</a>)</li> </ul> <hr /> <p>This release is also available on:</p> <ul> <li><a href="https://www.npmjs.com/package/tsx/v/4.22.3"><code>npm package (@latest dist-tag)</code></a></li> </ul> <h2>v4.22.2</h2> <h2><a href="https://github.com/privatenumber/tsx/compare/v4.22.1...v4.22.2">4.22.2</a> (2026-05-18)</h2> <h3>Bug Fixes</h3> <ul> <li>preserve CJS JSON require in ESM hooks (<a href="https://github.com/privatenumber/tsx/commit/35b700bd8620696df03827068af29dcd0d091a60">35b700b</a>)</li> <li>preserve named exports from CommonJS TypeScript (<a href="https://github.com/privatenumber/tsx/commit/11de737dae1fb9dae28db3716df5b1a7e1a6a089">11de737</a>)</li> <li>support module.exports require(esm) interop (<a href="https://github.com/privatenumber/tsx/commit/cf8f19918e4e0a0dc5ee5c52d8cc15e5e22d7c49">cf8f199</a>)</li> </ul> <hr /> <p>This release is also available on:</p> <ul> <li><a href="https://www.npmjs.com/package/tsx/v/4.22.2"><code>npm package (@latest dist-tag)</code></a></li> </ul> <h2>v4.22.1</h2> <h2><a href="https://github.com/privatenumber/tsx/compare/v4.22.0...v4.22.1">4.22.1</a> (2026-05-17)</h2> <h3>Bug Fixes</h3> <ul> <li>resolve tsconfig path aliases containing a colon (<a href="https://redirect.github.com/privatenumber/tsx/issues/780">#780</a>) (<a href="https://github.com/privatenumber/tsx/commit/6979f28810829dc79ec9baf406e162a18b65ab4b">6979f28</a>)</li> </ul> <hr /> <p>This release is also available on:</p> <ul> <li><a href="https://www.npmjs.com/package/tsx/v/4.22.1"><code>npm package (@latest dist-tag)</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/privatenumber/tsx/commit/1ce846335b7c445a3328c7d27f06424949356d97"><code>1ce8463</code></a> fix: resolve CommonJS directory requires inside dependencies (<a href="https://redirect.github.com/privatenumber/tsx/issues/803">#803</a>)</li> <li><a href="https://github.com/privatenumber/tsx/commit/dce02fc3b8b64a58d24560714902b16f89332f1f"><code>dce02fc</code></a> fix: decode typed loader source</li> <li><a href="https://github.com/privatenumber/tsx/commit/68f72f3304d8c3ff7048bde8571af9c163fcefa2"><code>68f72f3</code></a> fix: preserve entrypoint with TypeScript preload hooks</li> <li><a href="https://github.com/privatenumber/tsx/commit/69455cfefbfe71100a3c58d3ce7cea42445d9113"><code>69455cf</code></a> test: cover package exports for ambiguous ESM reexports</li> <li><a href="https://github.com/privatenumber/tsx/commit/35b700bd8620696df03827068af29dcd0d091a60"><code>35b700b</code></a> fix: preserve CJS JSON require in ESM hooks</li> <li><a href="https://github.com/privatenumber/tsx/commit/ef807dba6832260fb4cafd78d81f5469a733966b"><code>ef807db</code></a> chore: update testing dependencies</li> <li><a href="https://github.com/privatenumber/tsx/commit/3917090d4f61863ea6ea16e4a9a3722a112cc3f7"><code>3917090</code></a> test: document compatibility test taxonomy</li> <li><a href="https://github.com/privatenumber/tsx/commit/de8113ffa8edbcd4e05fa218324c3e8c2a4afdbe"><code>de8113f</code></a> refactor: centralize Node capability facts</li> <li><a href="https://github.com/privatenumber/tsx/commit/c1f62db45ada60b24ceb3dfdf7f64173d9a15396"><code>c1f62db</code></a> test: consolidate tsconfig path edge coverage</li> <li><a href="https://github.com/privatenumber/tsx/commit/4e08174ec10276ac71c9a69eb28426ad702d0c76"><code>4e08174</code></a> test: consolidate loader hook coverage</li> <li>Additional commits viewable in <a href="https://github.com/privatenumber/tsx/compare/v4.21.0...v4.22.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for tsx since your current version.</p> </details> <br /> Updates `@agentclientprotocol/sdk` from 0.18.2 to 0.24.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/agentclientprotocol/typescript-sdk/releases">@agentclientprotocol/sdk's releases</a>.</em></p> <blockquote> <h2>v0.24.0</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.23.0...v0.24.0">0.24.0</a> (2026-06-02)</h2> <h3>Features</h3> <ul> <li>Add resilient schema deserialization (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/167">#167</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/5864e7306e0feb0852cef9aee2a5ba53a0a7f627">5864e73</a>)</li> <li><strong>schema:</strong> Stabilize addl dirs and remove unstable model selectors (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/165">#165</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/fa6e30280874ccd702cc4ab7577d402d2864f619">fa6e302</a>)</li> </ul> <h2>v0.23.0</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.22.1...v0.23.0">0.23.0</a> (2026-06-01)</h2> <h3>Features</h3> <ul> <li><strong>schema:</strong> Stabilize logout and update schema to v0.13.4 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/163">#163</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/cfd900a981eb00dbcdee52db2b2b38847a957328">cfd900a</a>)</li> </ul> <h2>v0.22.1</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.22.0...v0.22.1">0.22.1</a> (2026-05-18)</h2> <h3>Bug Fixes</h3> <ul> <li>Event ordering (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/153">#153</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/7b632266f009865d0e8e64def5cd55367363845b">7b63226</a>)</li> </ul> <h2>v0.22.0</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.21.1...v0.22.0">0.22.0</a> (2026-05-18)</h2> <h3>Features</h3> <ul> <li><strong>unstable:</strong> Add session delete handling (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/152">#152</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/f9384f59008298b44fd1e22e5dde3f2e922fc7ec">f9384f5</a>)</li> <li>Update schema to v0.13.2 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/150">#150</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/b15960b74667f9a582470d58c18ebb9054e5acfd">b15960b</a>)</li> </ul> <h2>v0.21.1</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.21.0...v0.21.1">0.21.1</a> (2026-05-14)</h2> <h3>Bug Fixes</h3> <ul> <li>emit .js extensions in generated schema barrel for nodenext consumers (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/146">#146</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/63b96db49d4826c02fe4afc62a7754db1f9f9ef7">63b96db</a>)</li> </ul> <h2>v0.21.0</h2> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.20.0...v0.21.0">0.21.0</a> (2026-04-28)</h2> <h3>Features</h3> <ul> <li><strong>unstable:</strong> Add <code>providers/*</code> support (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/138">#138</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/e234c213d362d2cd170f8215fa0758a62a59d54e">e234c21</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/agentclientprotocol/typescript-sdk/blob/main/CHANGELOG.md">@agentclientprotocol/sdk's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.23.0...v0.24.0">0.24.0</a> (2026-06-02)</h2> <h3>Features</h3> <ul> <li>Add resilient schema deserialization (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/167">#167</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/5864e7306e0feb0852cef9aee2a5ba53a0a7f627">5864e73</a>)</li> <li><strong>schema:</strong> Stabilize addl dirs and remove unstable model selectors (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/165">#165</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/fa6e30280874ccd702cc4ab7577d402d2864f619">fa6e302</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.22.1...v0.23.0">0.23.0</a> (2026-06-01)</h2> <h3>Features</h3> <ul> <li><strong>schema:</strong> Stabilize logout and update schema to v0.13.4 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/163">#163</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/cfd900a981eb00dbcdee52db2b2b38847a957328">cfd900a</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.22.0...v0.22.1">0.22.1</a> (2026-05-18)</h2> <h3>Bug Fixes</h3> <ul> <li>Event ordering (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/153">#153</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/7b632266f009865d0e8e64def5cd55367363845b">7b63226</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.21.1...v0.22.0">0.22.0</a> (2026-05-18)</h2> <h3>Features</h3> <ul> <li><strong>unstable:</strong> Add session delete handling (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/152">#152</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/f9384f59008298b44fd1e22e5dde3f2e922fc7ec">f9384f5</a>)</li> <li>Update schema to v0.13.2 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/150">#150</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/b15960b74667f9a582470d58c18ebb9054e5acfd">b15960b</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.21.0...v0.21.1">0.21.1</a> (2026-05-14)</h2> <h3>Bug Fixes</h3> <ul> <li>emit .js extensions in generated schema barrel for nodenext consumers (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/146">#146</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/63b96db49d4826c02fe4afc62a7754db1f9f9ef7">63b96db</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.20.0...v0.21.0">0.21.0</a> (2026-04-28)</h2> <h3>Features</h3> <ul> <li><strong>unstable:</strong> Add <code>providers/*</code> support (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/138">#138</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/e234c213d362d2cd170f8215fa0758a62a59d54e">e234c21</a>)</li> </ul> <h2><a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.19.2...v0.20.0">0.20.0</a> (2026-04-23)</h2> <h3>Features</h3> <ul> <li>Stabilize <code>closeSession</code> and <code>resumeSession</code> (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/132">#132</a>) (<a href="https://github.com/agentclientprotocol/typescript-sdk/commit/806d307ba92e824e859075f3f72fe1e9b35b8f0b">806d307</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/8966c11c6e88da3a4adfd16f1789ff71c723c530"><code>8966c11</code></a> chore(main): release 0.24.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/166">#166</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/5864e7306e0feb0852cef9aee2a5ba53a0a7f627"><code>5864e73</code></a> feat: Add resilient schema deserialization (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/167">#167</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/fa6e30280874ccd702cc4ab7577d402d2864f619"><code>fa6e302</code></a> feat(schema): Stabilize addl dirs and remove unstable model selectors (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/165">#165</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/0c2e622a11d49da21b8abdd76ce4cd659ba8c74f"><code>0c2e622</code></a> chore(main): release 0.23.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/164">#164</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/cfd900a981eb00dbcdee52db2b2b38847a957328"><code>cfd900a</code></a> feat(schema): Stabilize logout and update schema to v0.13.4 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/163">#163</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/171a253ae61a243469f4cee547e447d7a7f3ddbf"><code>171a253</code></a> chore(deps-dev): bump concurrently from 9.2.1 to 10.0.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/162">#162</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/0ecf00184fa194f2006e19d364befb0551fb7d58"><code>0ecf001</code></a> chore(deps): bump the minor group with 19 updates (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/161">#161</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/ca74103730cf1c68bdcf89301847aadca8cfb797"><code>ca74103</code></a> chore(deps): bump crate-ci/typos from 1.46.2 to 1.47.0 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/160">#160</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/c6a9c9487d64e884536a6c74d1190f5243796746"><code>c6a9c94</code></a> chore(deps): bump crate-ci/typos from 1.46.1 to 1.46.2 (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/158">#158</a>)</li> <li><a href="https://github.com/agentclientprotocol/typescript-sdk/commit/c7256e7c5d7c8ff8ee888f447210829996a4da78"><code>c7256e7</code></a> chore(deps): bump the minor group with 43 updates (<a href="https://redirect.github.com/agentclientprotocol/typescript-sdk/issues/159">#159</a>)</li> <li>Additional commits viewable in <a href="https://github.com/agentclientprotocol/typescript-sdk/compare/v0.18.2...v0.24.0">compare view</a></li> </ul> </details> <br /> Updates `@langchain/langgraph` from 1.2.9 to 1.3.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/releases">@langchain/langgraph's releases</a>.</em></p> <blockquote> <h2><code>@langchain/langgraph</code><a href="https://github.com/1"><code>@1</code></a>.3.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2035">#2035</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/7c3a98b23af29fee0d9f064942abb71044ed0e51"><code>7c3a98b</code></a> Thanks <a href="https://github.com/JadenKim-dev"><code>@JadenKim-dev</code></a>! - fix(core): prevent Zod schema defaults from overwriting checkpoint state in Command.update</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/04915347128e40fc9617647cadba6b472a357d36"><code>0491534</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.12</li> </ul> </li> </ul> <h2><code>@langchain/langgraph</code><a href="https://github.com/1"><code>@1</code></a>.3.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2037">#2037</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/9eb478ffeeda2ad9c3bff2cd0f0ac602b0a79f4f"><code>9eb478f</code></a> Thanks <a href="https://github.com/pawel-twardziak"><code>@pawel-twardziak</code></a>! - Decouple <code>ContextType</code> generic from <code>configurable</code> in <code>PregelOptions</code> so that providing a custom context type no longer incorrectly narrows the configurable parameter.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2457">#2457</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/91a54947155b3fad3234001e63e20099a63ed999"><code>91a5494</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph): pass context with stateful RemoteGraph runs</p> <p>Pop <code>thread_id</code> from run <code>config.configurable</code> and forward <code>context</code> to the SDK so checkpointed remote runs accept user context without a 400 from ambiguous parameters. Closes <a href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1922">#1922</a>.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/1988">#1988</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/6d4bf927e5cf3744034205528bcd09964949d6d7"><code>6d4bf92</code></a> Thanks <a href="https://github.com/Axadali"><code>@Axadali</code></a>! - Fix race condition in IterableReadableWritableStream.push() that caused ERR_INVALID_STATE errors when streaming with multiple parallel nodes and aborting the stream.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2409">#2409</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/101b70aa8d7ec26ec1654ef814689b832f1e17f3"><code>101b70a</code></a> Thanks <a href="https://github.com/pragnyanramtha"><code>@pragnyanramtha</code></a>! - Preserve non-plain objects passed through <code>Send</code> and <code>Command</code> argument deserialization.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> Thanks <a href="https://github.com/apps/dependabot"><code>@dependabot</code></a>! - chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering stable</p> <p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages. Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances the sub-millisecond time counter when an explicit <code>clockseq</code> is passed, so checkpoint IDs created within the same millisecond were ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted lexicographically, this broke ordering — most visibly for the negative <code>clockseq</code> used by the first ("input") checkpoint, which sorted as the newest.</p> <p><code>uuid6()</code> now maintains its own monotonic <code>(msecs, nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the time component is always strictly increasing and checkpoint ordering no longer depends on the <code>clockseq</code> value. <code>emptyCheckpoint()</code> also uses a non-negative <code>clockseq</code>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/863b555346de02c2c0be290e877b7d260a3f8856"><code>863b555</code></a>, <a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.11</li> <li><code>@langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@1</code></a>.0.4</li> </ul> </li> </ul> <h2><code>@langchain/langgraph-checkpoint-mongodb</code><a href="https://github.com/1"><code>@1</code></a>.3.3</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2260">#2260</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/4d03dcbc28bbfdf4c0f0ac065b9853652836d2f9"><code>4d03dcb</code></a> Thanks <a href="https://github.com/venkat22022202"><code>@venkat22022202</code></a>! - fix(mongodb): include pendingWrites in list() results</li> </ul> <h2><code>@langchain/langgraph</code><a href="https://github.com/1"><code>@1</code></a>.3.2</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2415">#2415</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/9d3c9dd3182059f9eca9fd9b14d8f7466b4338c4"><code>9d3c9dd</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - Move <code>@langchain/core</code> from a runtime dependency back to a required peer dependency so installing the SDK alone no longer pulls in <code>@langchain/core</code> (and <code>js-tiktoken</code>, etc.). Consumers that use streaming or message coercion must install <code>@langchain/core</code> explicitly or via <code>@langchain/langgraph</code>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/9d3c9dd3182059f9eca9fd9b14d8f7466b4338c4"><code>9d3c9dd</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.4</li> </ul> </li> </ul> <h2><code>@langchain/langgraph-checkpoint-mongodb</code><a href="https://github.com/1"><code>@1</code></a>.3.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2186">#2186</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/26c2e325f435a2c061d6b78a7bd6af089cb1e0e6"><code>26c2e32</code></a> Thanks <a href="https://github.com/jackjin1997"><code>@jackjin1997</code></a>! - fix: metadata filter in list() now works by querying a plain JSON shadow copy instead of the serialized binary blob</li> </ul> <h2><code>@langchain/langgraph</code><a href="https://github.com/1"><code>@1</code></a>.3.1</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/langgraph-core/CHANGELOG.md">@langchain/langgraph's changelog</a>.</em></p> <blockquote> <h2>1.3.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2035">#2035</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/7c3a98b23af29fee0d9f064942abb71044ed0e51"><code>7c3a98b</code></a> Thanks <a href="https://github.com/JadenKim-dev"><code>@JadenKim-dev</code></a>! - fix(core): prevent Zod schema defaults from overwriting checkpoint state in Command.update</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/04915347128e40fc9617647cadba6b472a357d36"><code>0491534</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.12</li> </ul> </li> </ul> <h2>1.3.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2037">#2037</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/9eb478ffeeda2ad9c3bff2cd0f0ac602b0a79f4f"><code>9eb478f</code></a> Thanks <a href="https://github.com/pawel-twardziak"><code>@pawel-twardziak</code></a>! - Decouple <code>ContextType</code> generic from <code>configurable</code> in <code>PregelOptions</code> so that providing a custom context type no longer incorrectly narrows the configurable parameter.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2457">#2457</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/91a54947155b3fad3234001e63e20099a63ed999"><code>91a5494</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph): pass context with stateful RemoteGraph runs</p> <p>Pop <code>thread_id</code> from run <code>config.configurable</code> and forward <code>context</code> to the SDK so checkpointed remote runs accept user context without a 400 from ambiguous parameters. Closes <a href="https://redirect.github.com/langchain-ai/langgraphjs/issues/1922">#1922</a>.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/1988">#1988</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/6d4bf927e5cf3744034205528bcd09964949d6d7"><code>6d4bf92</code></a> Thanks <a href="https://github.com/Axadali"><code>@Axadali</code></a>! - Fix race condition in IterableReadableWritableStream.push() that caused ERR_INVALID_STATE errors when streaming with multiple parallel nodes and aborting the stream.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2409">#2409</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/101b70aa8d7ec26ec1654ef814689b832f1e17f3"><code>101b70a</code></a> Thanks <a href="https://github.com/pragnyanramtha"><code>@pragnyanramtha</code></a>! - Preserve non-plain objects passed through <code>Send</code> and <code>Command</code> argument deserialization.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> Thanks <a href="https://github.com/apps/dependabot"><code>@dependabot</code></a>! - chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering stable</p> <p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages. Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances the sub-millisecond time counter when an explicit <code>clockseq</code> is passed, so checkpoint IDs created within the same millisecond were ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted lexicographically, this broke ordering — most visibly for the negative <code>clockseq</code> used by the first ("input") checkpoint, which sorted as the newest.</p> <p><code>uuid6()</code> now maintains its own monotonic <code>(msecs, nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the time component is always strictly increasing and checkpoint ordering no longer depends on the <code>clockseq</code> value. <code>emptyCheckpoint()</code> also uses a non-negative <code>clockseq</code>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/863b555346de02c2c0be290e877b7d260a3f8856"><code>863b555</code></a>, <a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.11</li> <li><code>@langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@1</code></a>.0.4</li> </ul> </li> </ul> <h2>1.3.2</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2415">#2415</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/9d3c9dd3182059f9eca9fd9b14d8f7466b4338c4"><code>9d3c9dd</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - Move <code>@langchain/core</code> from a runtime dependency back to a required peer dependency so installing the SDK alone no longer pulls in <code>@langchain/core</code> (and <code>js-tiktoken</code>, etc.). Consumers that use streaming or message coercion must install <code>@langchain/core</code> explicitly or via <code>@langchain/langgraph</code>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/langchain-ai/langgraphjs/commit/9d3c9dd3182059f9eca9fd9b14d8f7466b4338c4"><code>9d3c9dd</code></a>]:</p> <ul> <li><code>@langchain/langgraph-sdk</code><a href="https://github.com/1"><code>@1</code></a>.9.4</li> </ul> </li> </ul> <h2>1.3.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2339">#2339</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/2b88da497b2c6f8fbf8f4d901578a198824eb32f"><code>2b88da4</code></a> Thanks <a href="https://github.com/vigneshpatel14"><code>@vigneshpatel14</code></a>! - fix(langgraph): surface structuredResponse parse failures in createReactAgent</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2406">#2406</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/e54ae901e119ccf81653b90d5a0db2485027a5a9"><code>e54ae90</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(langgraph-core): keep tool results out of v3 message streams</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/c6b29fb040963e3dcedb7e98ee3a3e3a728e5f82"><code>c6b29fb</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2465">#2465</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/7c3a98b23af29fee0d9f064942abb71044ed0e51"><code>7c3a98b</code></a> fix(core): prevent Zod schema defaults from overwriting checkpoint state in C...</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/d2ca90f8e2cfbba547a9645d81e7c5340d1e7ebf"><code>d2ca90f</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2453">#2453</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/101b70aa8d7ec26ec1654ef814689b832f1e17f3"><code>101b70a</code></a> fix: preserve non-plain Send args (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2409">#2409</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> chore(deps): bump uuid from 10.0.0 to 14.0.0 (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2344">#2344</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/91a54947155b3fad3234001e63e20099a63ed999"><code>91a5494</code></a> fix(langgraph): pass context with stateful RemoteGraph runs (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2457">#2457</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/6d4bf927e5cf3744034205528bcd09964949d6d7"><code>6d4bf92</code></a> fix(langgraph): StreamMessagesHandler throws "Controller is already closed" e...</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/c5dcbd176dba4d7b76b8e2c27b4bc0ed0a9109ac"><code>c5dcbd1</code></a> fix(langgraph): handle null thread checkpoint in RemoteGraph.getState (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2331">#2331</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/9eb478ffeeda2ad9c3bff2cd0f0ac602b0a79f4f"><code>9eb478f</code></a> fix(langgraph): decouple ContextType from configurable in PregelOptions (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/langgraph-core/issues/2037">#2037</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/4d12fe0233aa1283c1d7aa1790a7015df9856f66"><code>4d12fe0</code></a> docs: more readme cleanups</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph@1.3.4/libs/langgraph-core">co... _Description has been truncated_ --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: John Kennedy <65985482+jkennedyvz@users.noreply.github.com> |
||
|
|
e3d4b5367b |
feat(deepagents): support direct skill paths as sources in createSkillsMiddleware (#242)
## Description
Previously, sources had to be parent directories (e.g. `/skills/`) whose
subdirectories each contained a SKILL.md. Passing a direct skill path
(e.g. `/skills/my-skill/`) had no effect because `listSkillsFromBackend`
scanned for subdirectories inside the source, found none, and returned
an empty list.
## Real case
The motivating scenario is when a curated list of skills organised as
individual directories under a shared directory. Each skill has a clear
responsibility, and different skills are intentionally assigned to the
orchestrator agent vs. subagents:
```typescript
// Desired: pass individual skill paths — one per capability
const SHARED_SKILLS = ['/skills/web-research/'];
const ORCHESTRATOR_SKILLS = [
'/skills/requirement-completeness-validator/',
'/skills/diff-risk-analyzer/',
];
createDeepAgent({
skills: [...SHARED_SKILLS, ...ORCHESTRATOR_SKILLS],
subagents: subagentsConfig.map(agentConfig => ({
skills: [
...SHARED_SKILLS,
...agentConfig.skills,
]
}))
});
```
The workaround would be to create nested directories like this:
```
skills/
web-research/
web-research/
SKILL.md
equirement-completeness-validator/
equirement-completeness-validator/
SKILL.md
...and so on
```
## What's done
Detection is done by inspecting the lsInfo() result of the source
directory: if a SKILL.md file appears directly in the listing, the
source itself is treated as the skill directory. Otherwise the existing
parent-directory scan runs unchanged.
The two modes can be freely mixed in the sources array:
```ts
sources: [
'/skills/', // parent dir: all subdirs with SKILL.md
'/skills/my-skill/', // direct path: SKILL.md at its root
]
```
---------
Co-authored-by: Hunter Lovell <40191806+hntrl@users.noreply.github.com>
|
||
|
|
82fc0aeeb0 |
build(deps): bump the patch-deps-updates-main group across 1 directory with 17 updates (#580)
Bumps the patch-deps-updates-main group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@langchain/core](https://github.com/langchain-ai/langchainjs) | `1.1.42` | `1.1.48` | | [@langchain/langgraph-checkpoint](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint) | `1.0.1` | `1.0.4` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.5` | `4.1.8` | | [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) | `4.1.5` | `4.1.8` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.5` | `4.1.8` | | [zod](https://github.com/colinhacks/zod) | `4.4.1` | `4.4.3` | | [@langchain/openai](https://github.com/langchain-ai/langchainjs) | `1.4.5` | `1.4.7` | | [modal](https://github.com/modal-labs/modal-client) | `0.7.4` | `0.7.6` | | [@sveltejs/acorn-typescript](https://github.com/sveltejs/acorn-typescript) | `1.0.9` | `1.0.10` | | [@types/estree](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/estree) | `1.0.8` | `1.0.9` | | [hono](https://github.com/honojs/hono) | `4.12.18` | `4.12.23` | | [@hono/node-server](https://github.com/honojs/node-server) | `2.0.1` | `2.0.4` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.7` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.16` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.7` | | [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.1` | `6.0.2` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.10` | `8.0.16` | Updates `@langchain/core` from 1.1.42 to 1.1.48 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases">@langchain/core's releases</a>.</em></p> <blockquote> <h2><code>@langchain/core</code><a href="https://github.com/1"><code>@1</code></a>.1.48</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10832">#10832</a> <a href="https://github.com/langchain-ai/langchainjs/commit/1b24369a970ad6f56f1f428027f48601f87e62eb"><code>1b24369</code></a> Thanks <a href="https://github.com/info-arnav"><code>@info-arnav</code></a>! - fix(core, openrouter): make CJS default re-exports callable</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10666">#10666</a> <a href="https://github.com/langchain-ai/langchainjs/commit/2bb55b053f49f89e81e3252a7af08e86d71ddd95"><code>2bb55b0</code></a> Thanks <a href="https://github.com/hnustwjj"><code>@hnustwjj</code></a>! - feat(openrouter): surface reasoning content as v1 standard content blocks</p> <p><code>convertOpenRouterResponseToBaseMessage</code> and <code>convertOpenRouterDeltaToBaseMessageChunk</code> now copy OpenRouter's <code>reasoning</code> (flat string) and <code>reasoning_details</code> (structured array) fields onto <code>additional_kwargs.reasoning_content</code> / <code>additional_kwargs.reasoning_details</code>. A new <code>ChatOpenRouterTranslator</code> is registered in <code>@langchain/core</code> under the <code>"openrouter"</code> provider key so <code>AIMessage.contentBlocks</code> emits standard <code>{type: "reasoning"}</code> blocks alongside text and tool calls.</p> <p>Previously, reasoning text returned by reasoning-capable models routed through OpenRouter (DeepSeek R1, Minimax M2, Claude extended thinking, o-series, etc.) was silently dropped: only the <code>reasoning_tokens</code> count was preserved via <code>usage_metadata</code>. Consumers using standard content blocks (including the frontend agent UI patterns shown in the docs) could not display the model's chain of thought.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10918">#10918</a> <a href="https://github.com/langchain-ai/langchainjs/commit/3999fab55870c6eea22d6d90c08aa472f9b2fac3"><code>3999fab</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(openai): stream custom tool calls through Responses API chunks</p> </li> </ul> <h2><code>@langchain/core</code><a href="https://github.com/1"><code>@1</code></a>.1.47</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10906">#10906</a> <a href="https://github.com/langchain-ai/langchainjs/commit/f61b3450f275831e47e69c08899b4a2b67b4bdb3"><code>f61b345</code></a> Thanks <a href="https://github.com/hntrl"><code>@hntrl</code></a>! - feat(core): add uuid v6 utility support</p> <p>Add <code>v6</code> UUID generation support to <code>@langchain/core/utils/uuid</code> by vendoring the upstream uuidjs <code>v6</code> implementation and its <code>v1ToV6</code> helper, exporting <code>v6</code> from the UUID utils index, and adding tests for deterministic generation, buffer/offset behavior, validation/versioning, and ordering.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10872">#10872</a> <a href="https://github.com/langchain-ai/langchainjs/commit/a64007997a4940f51bba3c1c83dae89d1ccfb692"><code>a640079</code></a> Thanks <a href="https://github.com/hntrl"><code>@hntrl</code></a>! - chore(deps): remove redundant <code>@types/uuid</code> declarations</p> <p>Remove <code>@types/uuid</code> from package manifests that rely on <code>@langchain/core/utils/uuid</code> or do not require uuid type stubs directly, and refresh the lockfile entries accordingly.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10792">#10792</a> <a href="https://github.com/langchain-ai/langchainjs/commit/3682268cd1844b2573b01f07bee367e21cb7bdc7"><code>3682268</code></a> Thanks <a href="https://github.com/Genmin"><code>@Genmin</code></a>! - fix(core): apply v1 message casting after implicit streaming aggregation</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10901">#10901</a> <a href="https://github.com/langchain-ai/langchainjs/commit/f26fc4a6f461d6d0f86d59bd00197ad510432c4a"><code>f26fc4a</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(testing): share fakeModel invocation state across bindTools instances</p> </li> </ul> <h2><code>@langchain/core</code><a href="https://github.com/1"><code>@1</code></a>.1.46</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10847">#10847</a> <a href="https://github.com/langchain-ai/langchainjs/commit/1659e7d36e31e315c890fa98f43db887f7a2d52b"><code>1659e7d</code></a> Thanks <a href="https://github.com/hntrl"><code>@hntrl</code></a>! - chore(core): reduce transitive dependency exposure and tighten release hygiene</p> <p>Remove direct runtime dependencies on <code>ansi-styles</code>, <code>camelcase</code>, and <code>decamelize</code> by inlining equivalent logic in core internals, and enable npm provenance in the release workflow.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10790">#10790</a> <a href="https://github.com/langchain-ai/langchainjs/commit/ef78bc6a21f9a8808ba95c98db2023f0a6b51bcc"><code>ef78bc6</code></a> Thanks <a href="https://github.com/Genmin"><code>@Genmin</code></a>! - fix(core): keep different content block types separate when merging chunks</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langchainjs/commits/@langchain/core@1.1.48">compare view</a></li> </ul> </details> <br /> Updates `@langchain/langgraph-checkpoint` from 1.0.1 to 1.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/releases">@langchain/langgraph-checkpoint's releases</a>.</em></p> <blockquote> <h2><code>@langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@1</code></a>.0.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> Thanks <a href="https://github.com/apps/dependabot"><code>@dependabot</code></a>! - chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering stable</p> <p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages. Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances the sub-millisecond time counter when an explicit <code>clockseq</code> is passed, so checkpoint IDs created within the same millisecond were ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted lexicographically, this broke ordering — most visibly for the negative <code>clockseq</code> used by the first ("input") checkpoint, which sorted as the newest.</p> <p><code>uuid6()</code> now maintains its own monotonic <code>(msecs, nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the time component is always strictly increasing and checkpoint ordering no longer depends on the <code>clockseq</code> value. <code>emptyCheckpoint()</code> also uses a non-negative <code>clockseq</code>.</p> </li> </ul> <h2><code>@langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@1</code></a>.0.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2352">#2352</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a> Thanks <a href="https://github.com/Nagendhra-web"><code>@Nagendhra-web</code></a>! - fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reserved storage keys</p> <p><code>MemorySaver</code> previously embedded <code>thread_id</code>, <code>checkpoint_ns</code>, <code>checkpoint_id</code>, and <code>task_id</code> directly into property accesses on the nested plain objects <code>this.storage</code> and <code>this.writes</code>. A caller able to shape any of those fields (every quickstart, tutorial, and test fixture uses <code>MemorySaver</code> by default) could pass <code>"__proto__"</code>, <code>"constructor"</code>, or <code>"prototype"</code> and have the subsequent assignment mutate <code>Object.prototype</code>. From that point every plain object in the process inherits the injected property, breaking <code>for...in</code> loops, truthy short-circuits, and downstream serializers across unrelated code paths. CWE-1321.</p> <p>Adds an <code>assertSafeStorageKey</code> chokepoint applied at every public entry that touches <code>storage</code> or <code>writes</code> (<code>put</code>, <code>putWrites</code>, <code>deleteThread</code>, <code>getTuple</code>, <code>list</code>). The guard rejects non-string values, the empty string (unless explicitly opted-in for <code>checkpoint_ns</code>), and the three prototype-pollution keys. Behaviour for valid string identifiers is unchanged.</p> </li> </ul> <h2><code>@langchain/langgraph-checkpoint-postgres</code><a href="https://github.com/1"><code>@1</code></a>.0.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2255">#2255</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/e82a50b961a9413dab1ad2248747d5c73a6a1e58"><code>e82a50b</code></a> Thanks <a href="https://github.com/leesta24"><code>@leesta24</code></a>! - fix(checkpoint-postgres): move serialization outside transaction in put()</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/checkpoint/CHANGELOG.md">@langchain/langgraph-checkpoint's changelog</a>.</em></p> <blockquote> <h2>1.0.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> Thanks <a href="https://github.com/apps/dependabot"><code>@dependabot</code></a>! - chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering stable</p> <p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages. Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances the sub-millisecond time counter when an explicit <code>clockseq</code> is passed, so checkpoint IDs created within the same millisecond were ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted lexicographically, this broke ordering — most visibly for the negative <code>clockseq</code> used by the first ("input") checkpoint, which sorted as the newest.</p> <p><code>uuid6()</code> now maintains its own monotonic <code>(msecs, nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the time component is always strictly increasing and checkpoint ordering no longer depends on the <code>clockseq</code> value. <code>emptyCheckpoint()</code> also uses a non-negative <code>clockseq</code>.</p> </li> </ul> <h2>1.0.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2352">#2352</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a> Thanks <a href="https://github.com/Nagendhra-web"><code>@Nagendhra-web</code></a>! - fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reserved storage keys</p> <p><code>MemorySaver</code> previously embedded <code>thread_id</code>, <code>checkpoint_ns</code>, <code>checkpoint_id</code>, and <code>task_id</code> directly into property accesses on the nested plain objects <code>this.storage</code> and <code>this.writes</code>. A caller able to shape any of those fields (every quickstart, tutorial, and test fixture uses <code>MemorySaver</code> by default) could pass <code>"__proto__"</code>, <code>"constructor"</code>, or <code>"prototype"</code> and have the subsequent assignment mutate <code>Object.prototype</code>. From that point every plain object in the process inherits the injected property, breaking <code>for...in</code> loops, truthy short-circuits, and downstream serializers across unrelated code paths. CWE-1321.</p> <p>Adds an <code>assertSafeStorageKey</code> chokepoint applied at every public entry that touches <code>storage</code> or <code>writes</code> (<code>put</code>, <code>putWrites</code>, <code>deleteThread</code>, <code>getTuple</code>, <code>list</code>). The guard rejects non-string values, the empty string (unless explicitly opted-in for <code>checkpoint_ns</code>), and the three prototype-pollution keys. Behaviour for valid string identifiers is unchanged.</p> </li> </ul> <h2>1.0.2</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2314">#2314</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/085a07f569b6d7d79728eb7eb6eb3a0c67fcdefb"><code>085a07f</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - Improve <code>MemorySaver</code> diagnostics when checkpoint writes are missing a <code>thread_id</code>.</p> <p>The in-memory checkpointer now explains why <code>configurable.thread_id</code> is required and includes a concrete <code>graph.stream(..., { configurable: { thread_id } })</code> example in the error message. This makes the new thread-oriented event streaming flows easier to debug when an application forgets to provide durable thread configuration.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/d2ca90f8e2cfbba547a9645d81e7c5340d1e7ebf"><code>d2ca90f</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2453">#2453</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> chore(deps): bump uuid from 10.0.0 to 14.0.0 (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2344">#2344</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/381a9f64d0e4b8627ee4ffb567ac10c6035ec438"><code>381a9f6</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2445">#2445</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a> fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reser...</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/1f11df266824d56e20c69cbb12c8da8166390ae2"><code>1f11df2</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2364">#2364</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/085a07f569b6d7d79728eb7eb6eb3a0c67fcdefb"><code>085a07f</code></a> feat(core): event based streaming (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2314">#2314</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/9102d526c858a4cdbe9b47dcdd062b93da93e49f"><code>9102d52</code></a> fix(langgraph): propagate tracer metadata defaults from configurable (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2315">#2315</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/d88f29ba2558579781e60307947dba47290d58a1"><code>d88f29b</code></a> chore(repo): migrate linting and formatting from ESLint/Prettier to oxlint/ox...</li> <li>See full diff in <a href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph-checkpoint@1.0.4/libs/checkpoint">compare view</a></li> </ul> </details> <br /> Updates `@vitest/coverage-v8` from 4.1.5 to 4.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">@vitest/coverage-v8's releases</a>.</em></p> <blockquote> <h2>v4.1.8</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [backport to v4] - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a> <a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li> <li>Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by <a href="https://github.com/toxik"><code>@toxik</code></a> and <a href="https://github.com/Zelys-DFKH"><code>@Zelys-DFKH</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a> <a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li> </ul> </li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View changes on GitHub</a></h5> <h2>v4.1.7</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> <h2>v4.1.6</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Provide project reference in <code>ToMatchScreenshotResolvePath</code> - by <a href="https://github.com/macarie"><code>@macarie</code></a> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a> <a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw HTML omitted -->(31882)<!-- raw HTML omitted --></a></li> <li>Global <code>sequence.concurrent: true</code> with top-level <code>test(..., { concurrent: false })</code> + depreacte <code>sequential</code> test API and options - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a> <a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Simplify orchestrator otel carrier - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a> <a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li> </ul> <h3> 🏎 Performance</h3> <ul> <li>Stringify diff objects only once - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a> <a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a> chore: release v4.1.8</li> <li><a href="https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9"><code>e4067b3</code></a> fix(browser): disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [ba...</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a> chore: release v4.1.6</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/coverage-v8">compare view</a></li> </ul> </details> <br /> Updates `@vitest/ui` from 4.1.5 to 4.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">@vitest/ui's releases</a>.</em></p> <blockquote> <h2>v4.1.8</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [backport to v4] - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a> <a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li> <li>Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by <a href="https://github.com/toxik"><code>@toxik</code></a> and <a href="https://github.com/Zelys-DFKH"><code>@Zelys-DFKH</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a> <a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li> </ul> </li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View changes on GitHub</a></h5> <h2>v4.1.7</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> <h2>v4.1.6</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Provide project reference in <code>ToMatchScreenshotResolvePath</code> - by <a href="https://github.com/macarie"><code>@macarie</code></a> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a> <a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw HTML omitted -->(31882)<!-- raw HTML omitted --></a></li> <li>Global <code>sequence.concurrent: true</code> with top-level <code>test(..., { concurrent: false })</code> + depreacte <code>sequential</code> test API and options - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a> <a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Simplify orchestrator otel carrier - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a> <a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li> </ul> <h3> 🏎 Performance</h3> <ul> <li>Stringify diff objects only once - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a> <a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a> chore: release v4.1.8</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a> chore: release v4.1.6</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/ui">compare view</a></li> </ul> </details> <br /> Updates `vitest` from 4.1.5 to 4.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">vitest's releases</a>.</em></p> <blockquote> <h2>v4.1.8</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [backport to v4] - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a> <a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li> <li>Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by <a href="https://github.com/toxik"><code>@toxik</code></a> and <a href="https://github.com/Zelys-DFKH"><code>@Zelys-DFKH</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a> <a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li> </ul> </li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View changes on GitHub</a></h5> <h2>v4.1.7</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> <h2>v4.1.6</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Provide project reference in <code>ToMatchScreenshotResolvePath</code> - by <a href="https://github.com/macarie"><code>@macarie</code></a> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a> <a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw HTML omitted -->(31882)<!-- raw HTML omitted --></a></li> <li>Global <code>sequence.concurrent: true</code> with top-level <code>test(..., { concurrent: false })</code> + depreacte <code>sequential</code> test API and options - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a> <a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Simplify orchestrator otel carrier - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a> <a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li> </ul> <h3> 🏎 Performance</h3> <ul> <li>Stringify diff objects only once - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a> <a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a> chore: release v4.1.8</li> <li><a href="https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9"><code>e4067b3</code></a> fix(browser): disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [ba...</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a> chore: release v4.1.6</li> <li><a href="https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06"><code>18af98c</code></a> fix(browser): simplify orchestrator otel carrier (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10285">#10285</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/31882607cc67c7bf52ead13a606321ffdb06a857"><code>3188260</code></a> feat(browser): provide project reference in <code>ToMatchScreenshotResolvePath</code> (#...</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest">compare view</a></li> </ul> </details> <br /> Updates `zod` from 4.4.1 to 4.4.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/colinhacks/zod/releases">zod's releases</a>.</em></p> <blockquote> <h2>v4.4.3</h2> <h2>Commits:</h2> <ul> <li>4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo</li> <li>2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing</li> <li>7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones</li> <li>2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern</li> <li>9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)</li> <li>b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)</li> <li>1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (<a href="https://redirect.github.com/colinhacks/zod/issues/5937">#5937</a>) (<a href="https://redirect.github.com/colinhacks/zod/issues/5939">#5939</a>)</li> <li>c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (<a href="https://redirect.github.com/colinhacks/zod/issues/5941">#5941</a>)</li> <li>f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3</li> <li>1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md</li> </ul> <h2>v4.4.2</h2> <h2>Commits:</h2> <ul> <li>0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (<a href="https://redirect.github.com/colinhacks/zod/issues/5901">#5901</a>)</li> <li>20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps</li> <li>6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (<a href="https://redirect.github.com/colinhacks/zod/issues/5791">#5791</a>)</li> <li>4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing</li> <li>bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents</li> <li>cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint</li> <li>292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor</li> <li>1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion</li> <li>1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance</li> <li>e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes</li> <li>e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights</li> <li>905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing</li> <li>bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md</li> <li>8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch</li> <li>02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (<a href="https://redirect.github.com/colinhacks/zod/issues/5929">#5929</a>)</li> <li>88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated <code>baseUrl</code> from tsconfig</li> <li>c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/colinhacks/zod/commit/1fb56a5c18c27102dbc92260a4007c7732a0ccca"><code>1fb56a5</code></a> docs: document release procedure in AGENTS.md</li> <li><a href="https://github.com/colinhacks/zod/commit/f3c9ec03ba7a28ae72d25cc295f38674bee0f559"><code>f3c9ec0</code></a> 4.4.3</li> <li><a href="https://github.com/colinhacks/zod/commit/c2be4f819064eed62c7c350a2d399b5faecd15f8"><code>c2be4f8</code></a> fix(v4): generalize optin/fallback to transform; restore preprocess on absent...</li> <li><a href="https://github.com/colinhacks/zod/commit/1cab69383fcdeae2a366d5e2a2fc4d8fc765d168"><code>1cab693</code></a> fix(v4): restore catch handling for absent object keys (<a href="https://redirect.github.com/colinhacks/zod/issues/5937">#5937</a>) (<a href="https://redirect.github.com/colinhacks/zod/issues/5939">#5939</a>)</li> <li><a href="https://github.com/colinhacks/zod/commit/b8dffe9e62f17e6571e6249d05cc5102b54d94e4"><code>b8dffe9</code></a> docs: remove Numeric and Speakeasy (2+ missed monthly cycles)</li> <li><a href="https://github.com/colinhacks/zod/commit/9195250cab0e7950efe39c3926d6c203b4b0a170"><code>9195250</code></a> docs: remove Mintlify from bronze sponsors (churned)</li> <li><a href="https://github.com/colinhacks/zod/commit/2c703322a21b4e2b12f33f49ea8430c451a68b4f"><code>2c70332</code></a> docs: normalize bronze sponsor logos to github avatar pattern</li> <li><a href="https://github.com/colinhacks/zod/commit/7391be88ac1ee5cd02057f5ccc012a1f5df4efd0"><code>7391be8</code></a> docs: prune lapsed silver/bronze sponsors and add active ones</li> <li><a href="https://github.com/colinhacks/zod/commit/2aeec83eb135e3a83756e973ef44845fc5a455d2"><code>2aeec83</code></a> docs: prune lapsed gold sponsors and rebalance logo sizing</li> <li><a href="https://github.com/colinhacks/zod/commit/4c2fa95ce3f3390fbc522324e406b4e9e89b88f9"><code>4c2fa95</code></a> docs: use Zernio primary wordmark for gold sponsor logo</li> <li>Additional commits viewable in <a href="https://github.com/colinhacks/zod/compare/v4.4.1...v4.4.3">compare view</a></li> </ul> </details> <br /> Updates `@langchain/openai` from 1.4.5 to 1.4.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases">@langchain/openai's releases</a>.</em></p> <blockquote> <h2><code>@langchain/openai</code><a href="https://github.com/1"><code>@1</code></a>.4.7</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10918">#10918</a> <a href="https://github.com/langchain-ai/langchainjs/commit/3999fab55870c6eea22d6d90c08aa472f9b2fac3"><code>3999fab</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(openai): stream custom tool calls through Responses API chunks</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10791">#10791</a> <a href="https://github.com/langchain-ai/langchainjs/commit/fce9ab418901323618fdfaaa9fc350fa1c0d50e0"><code>fce9ab4</code></a> Thanks <a href="https://github.com/Genmin"><code>@Genmin</code></a>! - fix(openai): preserve top-level Responses API ids on AI messages</p> </li> </ul> <h2><code>@langchain/openai</code><a href="https://github.com/1"><code>@1</code></a>.4.6</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10902">#10902</a> <a href="https://github.com/langchain-ai/langchainjs/commit/229a7ad67b9a7ebd8df3ca451e0b8195bea0190e"><code>229a7ad</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a>! - fix(openai): preserve v1 assistant tool calls</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10895">#10895</a> <a href="https://github.com/langchain-ai/langchainjs/commit/36fb0ef1dc76c096dcfa0c777e10c9f9365a5240"><code>36fb0ef</code></a> Thanks <a href="https://github.com/BertBR"><code>@BertBR</code></a>! - fix(openai): guard bare <code>JSON.parse</code> in Responses API converter against trailing non-whitespace characters</p> <p><code>convertResponsesDeltaToChatGenerationChunk</code> previously called <code>JSON.parse(msg.text)</code> directly when <code>response.text.format.type === "json_schema"</code>. Some models (observed with <code>gpt-5-mini</code> on <code>service_tier: "auto"</code>) intermittently emit trailing non-whitespace characters (extra tokens, control characters) after a valid JSON object, causing a <code>SyntaxError</code> that propagates as an unhandled exception and kills the entire streaming response mid-flight. The parse is now wrapped in a <code>try</code>/<code>catch</code>: on failure, <code>additional_kwargs.parsed</code> is left undefined, the stream completes normally, and the existing <code>withStructuredOutput</code> pipeline handles the typed failure — <code>includeRaw: true</code> returns <code>{ raw, parsed: null }</code> via its <code>withFallbacks</code> wrapper, <code>includeRaw: false</code> throws a typed <code>OutputParserException</code> that the caller can catch and retry. Closes <a href="https://redirect.github.com/langchain-ai/langchainjs/issues/10894">#10894</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langchainjs/commits/@langchain/openai@1.4.7">compare view</a></li> </ul> </details> <br /> Updates `modal` from 0.7.4 to 0.7.6 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/modal-labs/modal-client/blob/main/CHANGELOG_GO_JS.md">modal's changelog</a>.</em></p> <blockquote> <h2>js/v0.7.6, go/v0.7.6</h2> <ul> <li>Added Sandbox Filesystem API in the Go SDK with <code>sandbox.Filesystem()</code> and in the JS SDK with <code>sandbox.filesystem</code>. The filesystem API contains methods: <ul> <li><code>fs.WriteText</code> (Go) / <code>fs.writeText</code> (JS): Write UTF-8 to a file in the Sandbox.</li> <li><code>fs.WriteBytes</code> (Go) / <code>fs.writeBytes</code> (JS): Write binary content to a file in the Sandbox.</li> <li><code>fs.ReadText</code> (Go) / <code>fs.readText</code> (JS): Read a file from the Sandbox and return its contents as a UTF-8 string.</li> <li><code>fs.ReadBytes</code> (Go) / <code>fs.readBytes</code> (JS): Read a file from the Sandbox and return its contents as bytes.</li> <li><code>fs.MakeDirectory</code> (Go) / <code>fs.makeDirectory</code> (JS): Create a new directory in the Sandbox.</li> <li><code>fs.ListFiles</code> (Go) / <code>fs.listFiles</code> (JS): List files and directories in a Sandbox directory.</li> <li><code>fs.Stat</code> (Go) / <code>fs.stat</code> (JS): Return metadata for a single file, directory, or symlink in the Sandbox.</li> <li><code>fs.CopyFromLocal</code> (Go) / <code>fs.copyFromLocal</code> (JS): Copy a local file into the Sandbox.</li> <li><code>fs.CopyToLocal</code> (Go) / <code>fs.copyToLocal</code> (JS): Copy a file from the Sandbox to a local path.</li> <li><code>fs.Remove</code> (Go) / <code>fs.remove</code> (JS): Remove a file or directory in the Sandbox.</li> </ul> </li> <li>Added <code>Volume.WithMountOptions</code> (Go) and <code>volume.withMountOptions</code> (JS) to configure mount-time options (<code>ReadOnly</code> / <code>readOnly</code> and <code>SubPath</code> / <code>subPath</code>) when attaching a Volume to a Function or Sandbox. The <code>SubPath</code> / <code>subPath</code> option mounts a subdirectory of the Volume instead of its root. Calling <code>withMountOptions</code> multiple times on the same Volume stacks: fields left unset preserve their previous value.</li> <li>Deprecated <code>Volume.ReadOnly</code> (Go) and <code>Volume.readOnly</code> (JS) in favor of <code>WithMountOptions({ReadOnly: &t})</code> / <code>withMountOptions({readOnly: true})</code>. The old methods still work but will be removed in a future release.</li> <li>Deprecated <code>Volume.IsReadOnly</code> (Go) and <code>Volume.isReadOnly</code> (JS); track configured mount options at the call site that configured them instead.</li> </ul> <h2>js/v0.7.5, go/v0.7.5</h2> <ul> <li>We've improved the reliability of the <code>Sandbox.SnapshotFilesystem</code> (Go) and <code>Sandbox.snapshotFilesystem</code> (JS) operation, especially for large snapshots, and we now support setting a <code>timeout</code> (Go) or <code>timeoutMs</code> (JS) longer than 55s when necessary.</li> <li>Added <code>Sandbox.UnmountImage</code> (Go) and <code>sandbox.unmountImage</code> (JS) to remove an image mount from a path in the Sandbox filesystem and reveal the underlying directory again.</li> <li><code>Sandboxes.Create</code> (Go) and <code>sandboxes.create</code> (JS) now accept a <code>Tags</code> / <code>tags</code> parameter to attach key-value tags to the Sandbox at creation time.</li> <li><code>Sandboxes.Create</code> (Go) and <code>sandboxes.create</code> (JS) now accept an <code>InboundCIDRAllowlist</code> / <code>inboundCidrAllowlist</code> parameter to restrict which source IPs can connect inbound to a sandbox's tunnels and connection tokens.</li> <li>Renamed <code>cidrAllowlist</code> to <code>outboundCidrAllowlist</code> (JS) and <code>CIDRAllowlist</code> to <code>OutboundCIDRAllowlist</code> (Go) to distinguish from the corresponding inbound allowlists.</li> <li>The Go and JS SDKs can now respond more gracefully to server throttling (e.g., rate limiting) by backing off and automatically retrying.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/modal-labs/modal-client/commit/d08dce98adbce70d259e3db717da9a7ca43ff2a4"><code>d08dce9</code></a> Release 0.7.6 for Go/JS SDK (<a href="https://redirect.github.com/modal-labs/modal-client/issues/42155">#42155</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/f58831da34ae94987a733aea1ec942b5515b5517"><code>f58831d</code></a> Add EnvironmentVariables to Sandbox proto (<a href="https://redirect.github.com/modal-labs/modal-client/issues/40287">#40287</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/21db34b97778961116e0cc20a366fdbe7e7301f9"><code>21db34b</code></a> Sandboxes [new FS API]: translate new FS API to JS Client (<a href="https://redirect.github.com/modal-labs/modal-client/issues/40848">#40848</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/686261e4fc02ebdeff81d9576471a2c6c57cb45c"><code>686261e</code></a> Sandboxes [new FS API]: translate new FS API to Go Client (<a href="https://redirect.github.com/modal-labs/modal-client/issues/40969">#40969</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/fb1f5644a2c9a52c037bed920fdbbb8693c65ecb"><code>fb1f564</code></a> Add Volume subdirectory mount and mount options to Go and JS SDKs (<a href="https://redirect.github.com/modal-labs/modal-client/issues/40893">#40893</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/c4c29e21d008ac72aa0dc1ebf16bc5d086e3a4be"><code>c4c29e2</code></a> client: [Go] Add sandbox v2 <code>from_id</code> (<a href="https://redirect.github.com/modal-labs/modal-client/issues/41977">#41977</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/c7aae182b2a9440e2b0427b47549310efcfb60ef"><code>c7aae18</code></a> client: [typescript] Add sandbox v2 <code>from_id</code> (<a href="https://redirect.github.com/modal-labs/modal-client/issues/41918">#41918</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/4fd50761bb82d9336c34ff5217ad5b0b454bac0a"><code>4fd5076</code></a> Client: Change task command router tests to use mock grpc servicer (<a href="https://redirect.github.com/modal-labs/modal-client/issues/41937">#41937</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/7e27cb0206d6d97d904961fe921b0e3c42fc5f1b"><code>7e27cb0</code></a> [FLASH-103] Add flash endpoint stop protobuf (<a href="https://redirect.github.com/modal-labs/modal-client/issues/42040">#42040</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/61ba55ec223a2e6652fbb5fd6ff42b33ea606086"><code>61ba55e</code></a> client: [Python] Add sandbox v2 <code>from_id</code> (<a href="https://redirect.github.com/modal-labs/modal-client/issues/41916">#41916</a>)</li> <li>Additional commits viewable in <a href="https://github.com/modal-labs/modal-client/compare/go/v0.7.4...go/v0.7.6">compare view</a></li> </ul> </details> <br /> Updates `@sveltejs/acorn-typescript` from 1.0.9 to 1.0.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/acorn-typescript/releases">@sveltejs/acorn-typescript's releases</a>.</em></p> <blockquote> <h2><code>@sveltejs/acorn-typescript</code><a href="https://github.com/1"><code>@1</code></a>.0.10</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: use user-provided acorn-copy for ts plugin (<a href="https://redirect.github.com/sveltejs/acorn-typescript/pull/42">#42</a>)</p> </li> <li> <p>fix: support namespace declaration merging (<a href="https://redirect.github.com/sveltejs/acorn-typescript/pull/34">#34</a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/acorn-typescript/blob/main/CHANGELOG.md">@sveltejs/acorn-typescript's changelog</a>.</em></p> <blockquote> <h2>1.0.10</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: use user-provided acorn-copy for ts plugin (<a href="https://redirect.github.com/sveltejs/acorn-typescript/pull/42">#42</a>)</p> </li> <li> <p>fix: support namespace declaration merging (<a href="https://redirect.github.com/sveltejs/acorn-typescript/pull/34">#34</a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/acorn-typescript/commit/53ed12a418322a5545b61ad46e8f4f1381e7da25"><code>53ed12a</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/43">#43</a>)</li> <li><a href="https://github.com/sveltejs/acorn-typescript/commit/c46396a6ab28dfb4c845438875e38efe10d8bdaa"><code>c46396a</code></a> fix: generateAcornTypeScript breaks when two acorn copies exist (<a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/42">#42</a>)</li> <li><a href="https://github.com/sveltejs/acorn-typescript/commit/e9b347f620cea555bcee035da000eb104648ffa5"><code>e9b347f</code></a> fix: support namespace declaration merging (<a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/34">#34</a>)</li> <li><a href="https://github.com/sveltejs/acorn-typescript/commit/fab62a1500a156fb4ec018cc9f22a515a9457975"><code>fab62a1</code></a> docs: add missing changelog entry for PR <a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/38">#38</a> (<a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/40">#40</a>)</li> <li>See full diff in <a href="https://github.com/sveltejs/acorn-typescript/compare/v1.0.9...@sveltejs/acorn-typescript@1.0.10">compare view</a></li> </ul> </details> <br /> Updates `@types/estree` from 1.0.8 to 1.0.9 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/estree">compare view</a></li> </ul> </details> <br /> Updates `hono` from 4.12.18 to 4.12.23 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.23</h2> <h2>What's Changed</h2> <ul> <li>fix(serve-static): normalize all backslashes in file paths, not just the first in <a href="https://redirect.github.com/honojs/hono/pull/4962">honojs/hono#4962</a></li> <li>feat(context): export the Context class publicly by <a href="https://github.com/BlankParticle"><code>@BlankParticle</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4543">honojs/hono#4543</a></li> <li>docs(contribution): add AI Usage Policy by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4970">honojs/hono#4970</a></li> <li>feat(compress): add contentTypeFilter option and <code>COMPRESSIBLE_CONTENT_TYPE_REGEX</code> re-export by <a href="https://github.com/na-trium-144"><code>@na-trium-144</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4961">honojs/hono#4961</a></li> <li>fix(utils/ipaddr): do not compress a single 0 group to <code>::</code> by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4971">honojs/hono#4971</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.22...v4.12.23">https://github.com/honojs/hono/compare/v4.12.22...v4.12.23</a></p> <h2>v4.12.22</h2> <h2>What's Changed</h2> <ul> <li>chore: update vitest to v4 and cleanups by <a href="https://github.com/BlankParticle"><code>@BlankParticle</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4952">honojs/hono#4952</a></li> <li>fix(mime): specify charset parameter per MIME type instead of mechanical detection by <a href="https://github.com/renatograsso10"><code>@renatograsso10</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4912">honojs/hono#4912</a></li> <li>fix(compress): respect Accept-Encoding when encoding option is set by <a href="https://github.com/LeSingh1"><code>@LeSingh1</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4951">honojs/hono#4951</a></li> <li>fix(deno): echo negotiated WebSocket subprotocol in upgrade response by <a href="https://github.com/ATOM00blue"><code>@ATOM00blue</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4955">honojs/hono#4955</a></li> <li>feat: add msgpack as a compressible content type by <a href="https://github.com/na-trium-144"><code>@na-trium-144</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4957">honojs/hono#4957</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/renatograsso10"><code>@renatograsso10</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4912">honojs/hono#4912</a></li> <li><a href="https://github.com/LeSingh1"><code>@LeSingh1</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4951">honojs/hono#4951</a></li> <li><a href="https://github.com/ATOM00blue"><code>@ATOM00blue</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4955">honojs/hono#4955</a></li> <li><a href="https://github.com/na-trium-144"><code>@na-trium-144</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4957">honojs/hono#4957</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.21...v4.12.22">https://github.com/honojs/hono/compare/v4.12.21...v4.12.22</a></p> <h2>v4.12.21</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths</h3> <p>Affects: <code>app.mount()</code>. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3</p> <h3>IP Restriction bypasses static deny rules for non-canonical IPv6</h3> <p>Affects: <code>hono/ip-restriction</code>. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5</p> <h3>Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection</h3> <p>Affects: <code>hono/cookie</code>. Fixes missing validation of <code>sameSite</code> and <code>priority</code> options against injection characters (<code>;</code>, <code>\r</code>, <code>\n</code>), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x</p> <h3>JWT middleware accepts any Authorization scheme, not only Bearer</h3> <p>Affects: <code>hono/jwt</code>, <code>hono/jwk</code>. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474</p> <hr /> <p>Users who use <code>app.mount()</code>, <code>hono/ip-restriction</code>, <code>hono/cookie</code>, or <code>hono/jwt</code>/<code>hono/jwk</code> are encouraged to upgrade to this version.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/83bfb3bb4a12c1d92c163a39e907df5d662ff78d"><code>83bfb3b</code></a> 4.12.23</li> <li><a href="https://github.com/honojs/hono/commit/bcd290a64c0b392fd06d2bd1f256c5dc9835e4a4"><code>bcd290a</code></a> fix(utils/ipaddr): do not compress a single 0 group to <code>::</code> (<a href="https://redirect.github.com/honojs/hono/issues/4971">#4971</a>)</li> <li><a href="https://github.com/honojs/hono/commit/c968177d9c11ddc7c7cca57c384497f11a6d60ae"><code>c968177</code></a> feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...</li> <li><a href="https://github.com/honojs/hono/commit/0265a5453a7c272417eaa22b93d3fb319d2188ed"><code>0265a54</code></a> docs(contribution): add AI Usage Policy (<a href="https://redirect.github.com/honojs/hono/issues/4970">#4970</a>)</li> <li><a href="https://github.com/honojs/hono/commit/c84c5d2d46ca6a78c316529491d42ab7bb956368"><code>c84c5d2</code></a> feat(context): export the Context class publicly (<a href="https://redirect.github.com/honojs/hono/issues/4543">#4543</a>)</li> <li><a href="https://github.com/honojs/hono/commit/82dad6297c90c33c41bf48b4530509a21588ad06"><code>82dad62</code></a> fix(serve-static): normalize all backslashes in file paths, not just the firs...</li> <li><a href="https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e"><code>2f01b77</code></a> 4.12.22</li> <li><a href="https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99"><code>6bc0dff</code></a> feat: add msgpack as a compressible content type (<a href="https://redirect.github.com/honojs/hono/issues/4957">#4957</a>)</li> <li><a href="https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9"><code>7e0555d</code></a> fix(deno): echo negotiated WebSocket subprotocol in upgrade response (<a href="https://redirect.github.com/honojs/hono/issues/4955">#4955</a>)</li> <li><a href="https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6"><code>f0ed246</code></a> fix(compress): respect Accept-Encoding when encoding option is set (<a href="https://redirect.github.com/honojs/hono/issues/4951">#4951</a>)</li> <li>Additional commits viewable in <a href="https://github.com/honojs/hono/compare/v4.12.18...v4.12.23">compare view</a></li> </ul> </details> <br /> Updates `@hono/node-server` from 2.0.1 to 2.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/node-server/releases">@hono/node-server's releases</a>.</em></p> <blockquote> <h2>v2.0.4</h2> <h2>What's Changed</h2> <ul> <li>fix: stub ws types to prevent them leaking in public types by <a href="https://github.com/BlankParticle"><code>@BlankParticle</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/359">honojs/node-server#359</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v2.0.3...v2.0.4">https://github.com/honojs/node-server/compare/v2.0.3...v2.0.4</a></p> <h2>v2.0.3</h2> <h2>What's Changed</h2> <ul> <li>chore(ci): update GitHub Actions versions by <a href="https://github.com/BlankParticle"><code>@BlankParticle</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/352">honojs/node-server#352</a></li> <li>docs: Align the <code>ServeStaticOptions</code> comment with the current spec by <a href="https://github.com/kakkokari-gtyih"><code>@kakkokari-gtyih</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/356">honojs/node-server#356</a></li> <li>fix: preserve headers mutated after raw Response construction by <a href="https://github.com/abdulmunimjemal"><code>@abdulmunimjemal</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/357">honojs/node-server#357</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kakkokari-gtyih"><code>@kakkokari-gtyih</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/node-server/pull/356">honojs/node-server#356</a></li> <li><a href="https://github.com/abdulmunimjemal"><code>@abdulmunimjemal</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/node-server/pull/357">honojs/node-server#357</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v2.0.2...v2.0.3">https://github.com/honojs/node-server/compare/v2.0.2...v2.0.3</a></p> <h2>v2.0.2</h2> <h2>What's Changed</h2> <ul> <li>fix(serve-static): stop using file birthtime for Date header by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/350">honojs/node-server#350</a></li> <li>fix: handle serveStatic stream fallback backpressure by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/351">honojs/node-server#351</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v2.0.1...v2.0.2">https://github.com/honojs/node-server/compare/v2.0.1...v2.0.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/node-server/commit/9e1cdee836baeb13f33e857a582b29546185c324"><code>9e1cdee</code></a> 2.0.4</li> <li><a href="https://github.com/honojs/node-server/commit/b4ca62216c9b537f1e56e0282bc8b5ee5b953b26"><code>b4ca622</code></a> fix: stub ws types to prevent them leaking in public types (<a href="https://redirect.github.com/honojs/node-server/issues/359">#359</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/9d879875a3d6b87a53e31ce6c0de080f9a7a30dc"><code>9d87987</code></a> 2.0.3</li> <li><a href="https://github.com/honojs/node-server/commit/9463250257b3d430d3cf71cb7d9fd847a7930427"><code>9463250</code></a> fix: preserve headers mutated after raw Response construction (<a href="https://redirect.github.com/honojs/node-server/issues/357">#357</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/cee5e812087cd80ef0f08741a390b37a8e2ea45d"><code>cee5e81</code></a> docs: Align the <code>ServeStaticOption</code> command with the current specification (#...</li> <li><a href="https://github.com/honojs/node-server/commit/4aa0650744858993d1770d64aa4826b436304bfd"><code>4aa0650</code></a> chore(ci): update GitHub Actions versions (<a href="https://redirect.github.com/honojs/node-server/issues/352">#352</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/808159c4d2ab71064b9d00f2723078ac1b8324d5"><code>808159c</code></a> 2.0.2</li> <li><a href="https://github.com/honojs/node-server/commit/1a9748edd8da1b2829744ca8a199785fb095a4f2"><code>1a9748e</code></a> fix: handle serveStatic stream fallback backpressure (<a href="https://redirect.github.com/honojs/node-server/issues/351">#351</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/54d1bcd11e2bd3dc334f0d0d3d77604acb17f602"><code>54d1bcd</code></a> fix(serve-static): stop using file birthtime for Date header (<a href="https://redirect.github.com/honojs/node-server/issues/350">#350</a>)</li> <li>See full diff in <a href="https://github.com/honojs/node-server/compare/v2.0.1...v2.0.4">compare view</a></li> </ul> </details> <br /> Updates `react` from 19.2.5 to 19.2.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases">react's releases</a>.</em></p> <blockquote> <h2>19.2.7 (June 1st, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Fixed missing <code>FormData</code> entries in Server Actions which regressed in 19.2.6 (<a href="https://redirect.github.com/facebook/react/pull/36566">#36566</a> by <a href="https://github.com/unstubbable"><code>@unstubbable</code></a>)</li> </ul> <h2>19.2.6 (May 6th, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Type hardening and performance improvements (<a href="https://redirect.github.com/faceb... _Description has been truncated_ Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
147fec9b19 |
build(deps): bump the major-deps-updates-main group with 2 updates (#582)
Bumps the major-deps-updates-main group with 2 updates: [lint-staged](https://github.com/lint-staged/lint-staged) and [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react). Updates `lint-staged` from 16.4.0 to 17.0.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lint-staged/lint-staged/releases">lint-staged's releases</a>.</em></p> <blockquote> <h2>v17.0.7</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1806">#1806</a> <a href="https://github.com/lint-staged/lint-staged/commit/e692e58ced9eae65b2077435b7e799c632f3db07"><code>e692e58</code></a> - Update dependency <code>tinyexec@^1.2.4</code>.</li> </ul> <h2>v17.0.6</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1803">#1803</a> <a href="https://github.com/lint-staged/lint-staged/commit/bdf27700a6e25b40333672eef4d438984a2d0383"><code>bdf2770</code></a> - Run all tests with <a href="https://deno.com">Deno</a>, in addition to Node.js and Bun.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1796">#1796</a> <a href="https://github.com/lint-staged/lint-staged/commit/75082727cdd070adb59d62c9040515da3bbbb2f9"><code>7508272</code></a> - Fix performance regression of <em>lint-staged</em> v17 by going back to using <code>git add</code> to stage task modifications. This was changed to <code>git update-index --again</code> in v17 for less manual work, but unfortunately the <code>update-index</code> command gets slower in very large Git repos.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1797">#1797</a> <a href="https://github.com/lint-staged/lint-staged/commit/7b2505a1f8fb8735e6306c7dabdd5295632f8c1a"><code>7b2505a</code></a> - This version of <em>lint-staged</em> uses the new <a href="https://docs.npmjs.com/staged-publishing">staged publishing for npm packages</a> feature. Releases are already published from GitHub Actions with <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing</a>, but now an additional approval with two-factor authentication is also required.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1802">#1802</a> <a href="https://github.com/lint-staged/lint-staged/commit/321b0a972a434006f5b5fac18867974ef040d037"><code>321b0a9</code></a> - Downgrade dependency <code>tinyexec@1.2.2</code> to avoid issues in version 1.2.3.</p> </li> </ul> <h2>v17.0.5</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1792">#1792</a> <a href="https://github.com/lint-staged/lint-staged/commit/1f672718b6fa67e0f00aafe107cb9f084f4d9102"><code>1f67271</code></a> - Correctly set the <code>--max-arg-length</code> default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.</li> </ul> <h2>v17.0.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1788">#1788</a> <a href="https://github.com/lint-staged/lint-staged/commit/f95c1f8df3368758c44c2052e568aac1b3d4c767"><code>f95c1f8</code></a> - Another fix for making sure <em>lint-staged</em> adds task modifications correctly to the commit in the following cases:</p> <ul> <li>after editing <code><file></code> it is staged with <code>git add <file></code>, and then committed with <code>git commit</code></li> <li>after editing <code><file></code> it is committed with <code>git commit --all</code> without explicit <code>git add</code></li> <li>after editing <code><file></code> it is committed with <code>git commit <pathspec></code> without explicit <code>git add</code></li> </ul> <p>There's new test cases which actually setup the Git <code>pre_commit</code> hook to run <em>lint-staged</em> and verify them. These issues started in <strong>v17.0.0</strong> when trying to improve support for committig without having explicitly staged files.</p> </li> </ul> <h2>v17.0.3</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1782">#1782</a> <a href="https://github.com/lint-staged/lint-staged/commit/06813f9ab661db987e7720086ef9ec3f552ee097"><code>06813f9</code></a> Thanks <a href="https://github.com/iiroj"><code>@iiroj</code></a>! - Fix <em>lint-staged</em> behavior when implicitly committing files without using <code>git add</code> by either: <ul> <li><code>git commit -am "my commit message"</code> where <code>-a</code> (<code>--all</code>) means to automatically stage all tracked modified and deleted files</li> <li><code>git commit -m "my commit message" .</code> where <code>.</code> is an example of a <a href="https://git-scm.com/docs/git-commit#Documentation/git-commit.txt-pathspec"><em>pathspec</em></a> where matching files will be staged</li> </ul> </li> </ul> <h2>v17.0.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1779">#1779</a> <a href="https://github.com/lint-staged/lint-staged/commit/88670ca2278200f6348ed663358895ddc4bfff3c"><code>88670ca</code></a> Thanks <a href="https://github.com/iiroj"><code>@iiroj</code></a>! - Enable immutable GitHub releases</li> </ul> <h2>v17.0.1</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1776">#1776</a> <a href="https://github.com/lint-staged/lint-staged/commit/4a5664be63af19590ec37940f705dad870ac5cfb"><code>4a5664b</code></a> Thanks <a href="https://github.com/iiroj"><code>@iiroj</code></a>! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.</li> </ul> <h2>v17.0.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md">lint-staged's changelog</a>.</em></p> <blockquote> <h2>17.0.7</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1806">#1806</a> <a href="https://github.com/lint-staged/lint-staged/commit/e692e58ced9eae65b2077435b7e799c632f3db07"><code>e692e58</code></a> - Update dependency <code>tinyexec@^1.2.4</code>.</li> </ul> <h2>17.0.6</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1803">#1803</a> <a href="https://github.com/lint-staged/lint-staged/commit/bdf27700a6e25b40333672eef4d438984a2d0383"><code>bdf2770</code></a> - Run all tests with <a href="https://deno.com">Deno</a>, in addition to Node.js and Bun.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1796">#1796</a> <a href="https://github.com/lint-staged/lint-staged/commit/75082727cdd070adb59d62c9040515da3bbbb2f9"><code>7508272</code></a> - Fix performance regression of <em>lint-staged</em> v17 by going back to using <code>git add</code> to stage task modifications. This was changed to <code>git update-index --again</code> in v17 for less manual work, but unfortunately the <code>update-index</code> command gets slower in very large Git repos.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1797">#1797</a> <a href="https://github.com/lint-staged/lint-staged/commit/7b2505a1f8fb8735e6306c7dabdd5295632f8c1a"><code>7b2505a</code></a> - This version of <em>lint-staged</em> uses the new <a href="https://docs.npmjs.com/staged-publishing">staged publishing for npm packages</a> feature. Releases are already published from GitHub Actions with <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing</a>, but now an additional approval with two-factor authentication is also required.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1802">#1802</a> <a href="https://github.com/lint-staged/lint-staged/commit/321b0a972a434006f5b5fac18867974ef040d037"><code>321b0a9</code></a> - Downgrade dependency <code>tinyexec@1.2.2</code> to avoid issues in version 1.2.3.</p> </li> </ul> <h2>17.0.5</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1792">#1792</a> <a href="https://github.com/lint-staged/lint-staged/commit/1f672718b6fa67e0f00aafe107cb9f084f4d9102"><code>1f67271</code></a> - Correctly set the <code>--max-arg-length</code> default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.</li> </ul> <h2>17.0.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1788">#1788</a> <a href="https://github.com/lint-staged/lint-staged/commit/f95c1f8df3368758c44c2052e568aac1b3d4c767"><code>f95c1f8</code></a> - Another fix for making sure <em>lint-staged</em> adds task modifications correctly to the commit in the following cases:</p> <ul> <li>after editing <code><file></code> it is staged with <code>git add <file></code>, and then committed with <code>git commit</code></li> <li>after editing <code><file></code> it is committed with <code>git commit --all</code> without explicit <code>git add</code></li> <li>after editing <code><file></code> it is committed with <code>git commit <pathspec></code> without explicit <code>git add</code></li> </ul> <p>There's new test cases which actually setup the Git <code>pre_commit</code> hook to run <em>lint-staged</em> and verify them. These issues started in <strong>v17.0.0</strong> when trying to improve support for committig without having explicitly staged files.</p> </li> </ul> <h2>17.0.3</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1782">#1782</a> <a href="https://github.com/lint-staged/lint-staged/commit/06813f9ab661db987e7720086ef9ec3f552ee097"><code>06813f9</code></a> Thanks <a href="https://github.com/iiroj"><code>@iiroj</code></a>! - Fix <em>lint-staged</em> behavior when implicitly committing files without using <code>git add</code> by either: <ul> <li><code>git commit -am "my commit message"</code> where <code>-a</code> (<code>--all</code>) means to automatically stage all tracked modified and deleted files</li> <li><code>git commit -m "my commit message" .</code> where <code>.</code> is an example of a <a href="https://git-scm.com/docs/git-commit#Documentation/git-commit.txt-pathspec"><em>pathspec</em></a> where matching files will be staged</li> </ul> </li> </ul> <h2>17.0.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1779">#1779</a> <a href="https://github.com/lint-staged/lint-staged/commit/88670ca2278200f6348ed663358895ddc4bfff3c"><code>88670ca</code></a> Thanks <a href="https://github.com/iiroj"><code>@iiroj</code></a>! - Enable immutable GitHub releases</li> </ul> <h2>17.0.1</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lint-staged/lint-staged/commit/cd11fec419c59b4900aab194f288adf6bb4afdd1"><code>cd11fec</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1807">#1807</a> from lint-staged/changeset-release/main</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/15a8ee0df4ffb4c6fc65ea6828133cc32740c9c4"><code>15a8ee0</code></a> chore(changeset): release</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/797bbd943a7adab888640915449c09b8a67cc11d"><code>797bbd9</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1808">#1808</a> from lint-staged/add-stashing-faq</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/504e307c819a8b2decdf6c791d5350c4db0b15ed"><code>504e307</code></a> docs: add FAQ entry on how stashing works</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/eff5cd19633ce51ca62ac17a9e66d972a2aaf104"><code>eff5cd1</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1806">#1806</a> from lint-staged/update-tinyexec</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/e692e58ced9eae65b2077435b7e799c632f3db07"><code>e692e58</code></a> build(deps): update <code>tinyexec@^1.2.4</code></li> <li><a href="https://github.com/lint-staged/lint-staged/commit/a2dd4ea97b1ff36486d88d9bad285834acef7ea6"><code>a2dd4ea</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1805">#1805</a> from lint-staged/update-github-templates</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/c92851945ff4fa604841e53fe044b47177b159b8"><code>c928519</code></a> docs: update GitHub templates</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/094ba56a3caeeda2cf83ad0a0c83df38ab2f6d06"><code>094ba56</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1798">#1798</a> from lint-staged/changeset-release/main</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/88e19fe3d81b8e1516564e7afaf6681f09f83b16"><code>88e19fe</code></a> chore(changeset): release</li> <li>Additional commits viewable in <a href="https://github.com/lint-staged/lint-staged/compare/v16.4.0...v17.0.7">compare view</a></li> </ul> </details> <br /> Updates `lucide-react` from 0.477.0 to 1.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lucide-icons/lucide/releases">lucide-react's releases</a>.</em></p> <blockquote> <h2>Version 1.17.0</h2> <h2>What's Changed</h2> <ul> <li>chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove deprecated packages by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4376">lucide-icons/lucide#4376</a></li> <li>chore(repo): Update issue templates and documentation for package ren… by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4379">lucide-icons/lucide#4379</a></li> <li>feat(site): Adds survey overlay to website by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4380">lucide-icons/lucide#4380</a></li> <li>feat(site): Certificate dev links by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4390">lucide-icons/lucide#4390</a></li> <li>fix(icons): changed <code>martini</code> icon by <a href="https://github.com/jamiemlaw"><code>@jamiemlaw</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4335">lucide-icons/lucide#4335</a></li> <li>chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4386">lucide-icons/lucide#4386</a></li> <li>chore(deps): bump <code>@tootallnate/once</code> from 2.0.0 to 2.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4404">lucide-icons/lucide#4404</a></li> <li>chore(deps): bump devalue from 5.8.0 to 5.8.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4391">lucide-icons/lucide#4391</a></li> <li>chore(deps): bump ws from 8.18.0 to 8.20.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4392">lucide-icons/lucide#4392</a></li> <li>fix(gh-icon): limit icon size to a maximum of 256 pixels by <a href="https://github.com/jguddas"><code>@jguddas</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4398">lucide-icons/lucide#4398</a></li> <li>chore(dependencies): Update dependencies by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4377">lucide-icons/lucide#4377</a></li> <li>feat(copilot): Adding copilot instructions by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4407">lucide-icons/lucide#4407</a></li> <li>feat(icons): add <code>globe-check</code> by <a href="https://github.com/Barakudum"><code>@Barakudum</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4342">lucide-icons/lucide#4342</a></li> <li>feat(metadata): Require use-cases in meta json by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4321">lucide-icons/lucide#4321</a></li> <li>feat(icons): added <code>parasol</code> icon by <a href="https://github.com/karsa-mistmere"><code>@karsa-mistmere</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4347">lucide-icons/lucide#4347</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lucide-icons/lucide/compare/1.16.0...1.17.0">https://github.com/lucide-icons/lucide/compare/1.16.0...1.17.0</a></p> <h2>Version 1.16.0</h2> <h2>What's Changed</h2> <ul> <li>feat(icons): added <code>blender</code> icon by <a href="https://github.com/rrod497"><code>@rrod497</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/3884">lucide-icons/lucide#3884</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lucide-icons/lucide/compare/1.15.0...1.16.0">https://github.com/lucide-icons/lucide/compare/1.15.0...1.16.0</a></p> <h2>Version 1.15.0</h2> <h2>What's Changed</h2> <ul> <li>fix: remove 'less' from brand stopwords by <a href="https://github.com/jguddas"><code>@jguddas</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4331">lucide-icons/lucide#4331</a></li> <li>fix(<code>@lucide/vue</code>): Clone slots before passing to icon by <a href="https://github.com/axtho"><code>@axtho</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4339">lucide-icons/lucide#4339</a></li> <li>fix(icons): changed <code>text-cursor</code> icon by <a href="https://github.com/jamiemlaw"><code>@jamiemlaw</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4340">lucide-icons/lucide#4340</a></li> <li>fix(icons): changed <code>landmark</code> icon by <a href="https://github.com/jamiemlaw"><code>@jamiemlaw</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4334">lucide-icons/lucide#4334</a></li> <li>chore(deps-dev): bump nitropack from 2.13.1 to 2.13.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4352">lucide-icons/lucide#4352</a></li> <li>chore(deps-dev): bump simple-git from 3.33.0 to 3.36.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4349">lucide-icons/lucide#4349</a></li> <li>fix(icons): changed <code>candy-cane</code> icon by <a href="https://github.com/jguddas"><code>@jguddas</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4148">lucide-icons/lucide#4148</a></li> <li>fix(icons): changed <code>volleyball</code> icon by <a href="https://github.com/jamiemlaw"><code>@jamiemlaw</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4338">lucide-icons/lucide#4338</a></li> <li>fix(icons): changed <code>chart-no-axes-combined</code> icon by <a href="https://github.com/jguddas"><code>@jguddas</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/3567">lucide-icons/lucide#3567</a></li> <li>feat(icon): added broccoli icon by <a href="https://github.com/swastik7805"><code>@swastik7805</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4263">lucide-icons/lucide#4263</a></li> <li>chore(site): Updates to site and updated carbon ads by <a href="https://github.com/ericfennis"><code>@ericfennis</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4359">lucide-icons/lucide#4359</a></li> <li>feat(icons): added sticky note variants by <a href="https://github.com/Barakudum"><code>@Barakudum</code></a> in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4348">lucide-icons/lucide#4348</a></li> <li>chore(deps-dev): bump astro from 6.1.6 to 6.1.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4361">lucide-icons/lucide#4361</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/axtho"><code>@axtho</code></a> made their first contribution in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4339">lucide-icons/lucide#4339</a></li> <li><a href="https://github.com/Barakudum"><code>@Barakudum</code></a> made their first contribution in <a href="https://redirect.github.com/lucide-icons/lucide/pull/4348">lucide-icons/lucide#4348</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lucide-icons/lucide/compare/1.14.0...1.15.0">https://github.com/lucide-icons/lucide/compare/1.14.0...1.15.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lucide-icons/lucide/commit/07c885e6c1f9952965ba388b7fd2bb7c4d416a67"><code>07c885e</code></a> fix(docs): fix zephyr-cloud URL in readmes</li> <li><a href="https://github.com/lucide-icons/lucide/commit/50d8af5a1012e188f3d71ac8f1fc0fba1aab5357"><code>50d8af5</code></a> docs(readme): Update readme files (<a href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4320">#4320</a>)</li> <li><a href="https://github.com/lucide-icons/lucide/commit/653e44b83293567ff24dcb90ca1094a9cf0a042a"><code>653e44b</code></a> feat(packages): use .mjs for ESM bundles (<a href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4285">#4285</a>)</li> <li><a href="https://github.com/lucide-icons/lucide/commit/7623e23f787fe78e5075a613fd22da2cecbb9b1b"><code>7623e23</code></a> feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...</li> <li><a href="https://github.com/lucide-icons/lucide/commit/dada0a82970d3733d1d716e2089591c538272a39"><code>dada0a8</code></a> fix(lucide-react): Fix dynamic imports (<a href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4210">#4210</a>)</li> <li><a href="https://github.com/lucide-icons/lucide/commit/a6e648a66ff470c2255d3666765fd73cfcc185ff"><code>a6e648a</code></a> fix(lucide-react): correct client directives in RSC files (<a href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4189">#4189</a>)</li> <li><a href="https://github.com/lucide-icons/lucide/commit/1f010a357a21c7a8c5e1f92dd90f09d76a04e2dd"><code>1f010a3</code></a> fix(lucide-react): Fixes provider export and RSC render issues (<a href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4175">#4175</a>)</li> <li><a href="https://github.com/lucide-icons/lucide/commit/484f2c9cd377dbeb536f63d4b183ecfd26947014"><code>484f2c9</code></a> docs(version-1): Version 1 website (<a href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/4142">#4142</a>)</li> <li><a href="https://github.com/lucide-icons/lucide/commit/a0e202d759da95c243b541f8d3c1c26eada32b2e"><code>a0e202d</code></a> feat(packages/angular): add new <code>@lucide/angular</code> package (<a href="https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react/issues/3897">#3897</a>)</li> <li><a href="https://github.com/lucide-icons/lucide/commit/c5b155ec37f0217bfd85e309873029379df473ac"><code>c5b155e</code></a> Merge branch 'main' of <a href="https://github.com/lucide-icons/lucide">https://github.com/lucide-icons/lucide</a> into next</li> <li>Additional commits viewable in <a href="https://github.com/lucide-icons/lucide/commits/1.17.0/packages/lucide-react">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for lucide-react since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e21688b444 |
build(deps): bump the minor-deps-updates group with 2 updates (#579)
Bumps the minor-deps-updates group with 2 updates: [actions/stale](https://github.com/actions/stale) and [changesets/action](https://github.com/changesets/action). Updates `actions/stale` from 10.2.0 to 10.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p> <blockquote> <h2>v10.3.0</h2> <h2>What's Changed</h2> <h3>Bug Fix</h3> <ul> <li>Enhancement: ignore stale labeling events by <a href="https://github.com/shamoon"><code>@shamoon</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1311">actions/stale#1311</a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Upgrade dependencies (<code>@actions/core</code>, <code>@octokit/plugin-retry</code>, <a href="https://github.com/typescript-eslint"><code>@typescript-eslint</code></a>) by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1335">actions/stale#1335</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/shamoon"><code>@shamoon</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1311">actions/stale#1311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v10...v10.3.0">https://github.com/actions/stale/compare/v10...v10.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/stale/commit/eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899"><code>eb5cf3a</code></a> chore: upgrade dependencies and bump version to 10.3.0 (<a href="https://redirect.github.com/actions/stale/issues/1335">#1335</a>)</li> <li><a href="https://github.com/actions/stale/commit/db5d06a4c82d5e94513c09c406638111df61f63e"><code>db5d06a</code></a> Enhancement: ignore stale labeling events (<a href="https://redirect.github.com/actions/stale/issues/1311">#1311</a>)</li> <li>See full diff in <a href="https://github.com/actions/stale/compare/b5d41d4e1d5dceea10e7104786b73624c18a190f...eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899">compare view</a></li> </ul> </details> <br /> Updates `changesets/action` from 1.7.0 to 1.9.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/changesets/action/releases">changesets/action's releases</a>.</em></p> <blockquote> <h2>v1.9.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/changesets/action/pull/636">#636</a> <a href="https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1"><code>b072bcc</code></a> Thanks <a href="https://github.com/bluwy"><code>@bluwy</code></a>! - Add a new <code>@changesets/action/pr-comment</code> sub-action to comment on PRs</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/625">#625</a> <a href="https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6"><code>8795eee</code></a> Thanks <a href="https://github.com/bluwy"><code>@bluwy</code></a>! - Add a new <code>@changesets/action/pr-status</code> sub-action to generate the changeset status comment for PRs as an alternative to the <a href="https://github.com/apps/changeset-bot">Changesets Bot</a>.</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/changesets/action/pull/535">#535</a> <a href="https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520"><code>34f64f6</code></a> Thanks <a href="https://github.com/Andarist"><code>@Andarist</code></a>! - Fixed an issue with GitHub releases not being created for successfully published packages when <em>some</em> packages failed to be published to the registry.</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/632">#632</a> <a href="https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4"><code>1d54b9e</code></a> Thanks <a href="https://github.com/bluwy"><code>@bluwy</code></a>! - Simplify internal implementation to get changelog entries for a package version</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/629">#629</a> <a href="https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50"><code>e0c90aa</code></a> Thanks <a href="https://github.com/bluwy"><code>@bluwy</code></a>! - Fix custom version and publish command argument parsing</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/645">#645</a> <a href="https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf"><code>f9585d9</code></a> Thanks <a href="https://github.com/Andarist"><code>@Andarist</code></a>! - Improved force-push handling when using <code>commitMode: "github-api"</code> so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.</p> </li> </ul> <h2>v1.8.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/changesets/action/pull/258">#258</a> <a href="https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d"><code>f5dbf72</code></a> Thanks <a href="https://github.com/tom-sherman"><code>@tom-sherman</code></a>! - Support draft version PR modes with a new <code>prDraft</code> input. Use <code>create</code> to create new version PRs as drafts, or <code>always</code> to also convert existing version PRs back to draft when updating them.</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/changesets/action/pull/502">#502</a> <a href="https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977"><code>6002dbd</code></a> Thanks <a href="https://github.com/oshytiko"><code>@oshytiko</code></a>! - Fixed initial <code>.changeset</code> state being picked up, when <code>cwd</code> parameter is provided</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/536">#536</a> <a href="https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2"><code>81b3f61</code></a> Thanks <a href="https://github.com/radnan"><code>@radnan</code></a>! - Fixed <code>.changeset</code> state being picked for the version command when <code>cwd</code> parameter is provided</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/changesets/action/blob/main/CHANGELOG.md">changesets/action's changelog</a>.</em></p> <blockquote> <h1><code>@changesets/action</code></h1> <h2>1.9.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/changesets/action/pull/636">#636</a> <a href="https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1"><code>b072bcc</code></a> Thanks <a href="https://github.com/bluwy"><code>@bluwy</code></a>! - Add a new <code>@changesets/action/pr-comment</code> sub-action to comment on PRs</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/625">#625</a> <a href="https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6"><code>8795eee</code></a> Thanks <a href="https://github.com/bluwy"><code>@bluwy</code></a>! - Add a new <code>@changesets/action/pr-status</code> sub-action to generate the changeset status comment for PRs as an alternative to the <a href="https://github.com/apps/changeset-bot">Changesets Bot</a>.</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/changesets/action/pull/535">#535</a> <a href="https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520"><code>34f64f6</code></a> Thanks <a href="https://github.com/Andarist"><code>@Andarist</code></a>! - Fixed an issue with GitHub releases not being created for successfully published packages when <em>some</em> packages failed to be published to the registry.</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/632">#632</a> <a href="https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4"><code>1d54b9e</code></a> Thanks <a href="https://github.com/bluwy"><code>@bluwy</code></a>! - Simplify internal implementation to get changelog entries for a package version</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/629">#629</a> <a href="https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50"><code>e0c90aa</code></a> Thanks <a href="https://github.com/bluwy"><code>@bluwy</code></a>! - Fix custom version and publish command argument parsing</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/645">#645</a> <a href="https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf"><code>f9585d9</code></a> Thanks <a href="https://github.com/Andarist"><code>@Andarist</code></a>! - Improved force-push handling when using <code>commitMode: "github-api"</code> so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.</p> </li> </ul> <h2>1.8.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/changesets/action/pull/258">#258</a> <a href="https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d"><code>f5dbf72</code></a> Thanks <a href="https://github.com/tom-sherman"><code>@tom-sherman</code></a>! - Support draft version PR modes with a new <code>prDraft</code> input. Use <code>create</code> to create new version PRs as drafts, or <code>always</code> to also convert existing version PRs back to draft when updating them.</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/changesets/action/pull/502">#502</a> <a href="https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977"><code>6002dbd</code></a> Thanks <a href="https://github.com/oshytiko"><code>@oshytiko</code></a>! - Fixed initial <code>.changeset</code> state being picked up, when <code>cwd</code> parameter is provided</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/536">#536</a> <a href="https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2"><code>81b3f61</code></a> Thanks <a href="https://github.com/radnan"><code>@radnan</code></a>! - Fixed <code>.changeset</code> state being picked for the version command when <code>cwd</code> parameter is provided</p> </li> </ul> <h2>1.7.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/changesets/action/pull/564">#564</a> <a href="https://github.com/changesets/action/commit/935fe876b0054dfc962ac86bcddf028460040d46"><code>935fe87</code></a> Thanks <a href="https://github.com/Andarist"><code>@Andarist</code></a>! - Automatically use the GitHub-provided token to allow most users to avoid explicit <code>GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}</code> configuration.</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/changesets/action/pull/545">#545</a> <a href="https://github.com/changesets/action/commit/54220dd92c06e7da112b139f95d8beb933e4cdde"><code>54220dd</code></a> Thanks <a href="https://github.com/ryanbas21"><code>@ryanbas21</code></a>! - The <code>.npmrc</code> generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when <code>NPM_TOKEN</code> is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.</p> </li> <li> <p><a href="https://redirect.github.com/changesets/action/pull/563">#563</a> <a href="https://github.com/changesets/action/commit/6af4a7ec080d23ac6b304f69b67fd0aa92e089e7"><code>6af4a7e</code></a> Thanks <a href="https://github.com/Andarist"><code>@Andarist</code></a>! - Don't error on already committed symlinks and executables that stay untouched</p> </li> </ul> <h2>1.6.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/changesets/action/pull/558">#558</a> <a href="https://github.com/changesets/action/commit/342005d41242bccd9dd9ae8d3679efce96af48ae"><code>342005d</code></a> Thanks <a href="https://github.com/harsha-venugopal-ledn"><code>@harsha-venugopal-ledn</code></a>! - Upgrade from Node.js 20 to Node.js 24 LTS</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/changesets/action/commit/a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d"><code>a45c4d5</code></a> v1.9.0</li> <li><a href="https://github.com/changesets/action/commit/b459b1eaa0a3889b4eea8af244304a64da6331ce"><code>b459b1e</code></a> Version Packages (<a href="https://redirect.github.com/changesets/action/issues/637">#637</a>)</li> <li><a href="https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf"><code>f9585d9</code></a> Update <code>@changesets/ghcommit</code> (<a href="https://redirect.github.com/changesets/action/issues/645">#645</a>)</li> <li><a href="https://github.com/changesets/action/commit/020e8cc600a1e7e7b8b843654902f043f32387ea"><code>020e8cc</code></a> Use internal bot for versioning (<a href="https://redirect.github.com/changesets/action/issues/643">#643</a>)</li> <li><a href="https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1"><code>b072bcc</code></a> Add simple PR comment sub-action (<a href="https://redirect.github.com/changesets/action/issues/636">#636</a>)</li> <li><a href="https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6"><code>8795eee</code></a> Comment changeset status in PRs (<a href="https://redirect.github.com/changesets/action/issues/625">#625</a>)</li> <li><a href="https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520"><code>34f64f6</code></a> Fixed an issue with GitHub releases not being created for successfully publis...</li> <li><a href="https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4"><code>1d54b9e</code></a> Simplify getChangelogEntry (<a href="https://redirect.github.com/changesets/action/issues/632">#632</a>)</li> <li><a href="https://github.com/changesets/action/commit/031358f743b5a6199bd7a39bdc8b469280983df9"><code>031358f</code></a> Update to typescript v6 (<a href="https://redirect.github.com/changesets/action/issues/633">#633</a>)</li> <li><a href="https://github.com/changesets/action/commit/a0c05f7a4b1df776543903d7dca8e39cd787b30a"><code>a0c05f7</code></a> Bump <code>@changesets/changelog-github</code> from 0.5.2 to 0.7.0 (<a href="https://redirect.github.com/changesets/action/issues/620">#620</a>)</li> <li>Additional commits viewable in <a href="https://github.com/changesets/action/compare/6a0a831ff30acef54f2c6aa1cbbc1096b066edaf...a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0563823693 |
build(deps): bump pnpm/action-setup from 6.0.5 to 6.0.8 in the patch-deps-updates group (#578)
Bumps the patch-deps-updates group with 1 update: [pnpm/action-setup](https://github.com/pnpm/action-setup). Updates `pnpm/action-setup` from 6.0.5 to 6.0.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pnpm/action-setup/releases">pnpm/action-setup's releases</a>.</em></p> <blockquote> <h2>v6.0.8</h2> <h2>What's Changed</h2> <ul> <li>docs(README): fix <code>cache_dependency_path</code> type by <a href="https://github.com/haines"><code>@haines</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/257">pnpm/action-setup#257</a></li> <li>fix: drop patchPnpmEnv so standalone+self-update works on Windows by <a href="https://github.com/zkochan"><code>@zkochan</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/258">pnpm/action-setup#258</a></li> <li>fix: update pnpm to 11.1.1 by <a href="https://github.com/mungodewar"><code>@mungodewar</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/248">pnpm/action-setup#248</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mungodewar"><code>@mungodewar</code></a> made their first contribution in <a href="https://redirect.github.com/pnpm/action-setup/pull/248">pnpm/action-setup#248</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pnpm/action-setup/compare/v6.0.7...v6.0.8">https://github.com/pnpm/action-setup/compare/v6.0.7...v6.0.8</a></p> <h2>v6.0.7</h2> <h2>What's Changed</h2> <ul> <li>fix: honor devEngines.packageManager.onFail=error (<a href="https://redirect.github.com/pnpm/action-setup/issues/252">#252</a>) by <a href="https://github.com/zkochan"><code>@zkochan</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/254">pnpm/action-setup#254</a></li> <li>fix: restore inputs from state in post by <a href="https://github.com/haines"><code>@haines</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/255">pnpm/action-setup#255</a></li> <li>fix: self-update bootstrap to packageManager-pinned version (<a href="https://redirect.github.com/pnpm/action-setup/issues/233">#233</a>) by <a href="https://github.com/zkochan"><code>@zkochan</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/256">pnpm/action-setup#256</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/haines"><code>@haines</code></a> made their first contribution in <a href="https://redirect.github.com/pnpm/action-setup/pull/255">pnpm/action-setup#255</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pnpm/action-setup/compare/v6.0.6...v6.0.7">https://github.com/pnpm/action-setup/compare/v6.0.6...v6.0.7</a></p> <h2>v6.0.6</h2> <h2>What's Changed</h2> <ul> <li>fix: bin_dest output points to self-updated pnpm, not bootstrap by <a href="https://github.com/zkochan"><code>@zkochan</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/249">pnpm/action-setup#249</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pnpm/action-setup/compare/v6.0.5...v6.0.6">https://github.com/pnpm/action-setup/compare/v6.0.5...v6.0.6</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pnpm/action-setup/commit/0e279bb959325dab635dd2c09392533439d90093"><code>0e279bb</code></a> fix: update pnpm to 11.1.1 (<a href="https://redirect.github.com/pnpm/action-setup/issues/248">#248</a>)</li> <li><a href="https://github.com/pnpm/action-setup/commit/3e835812ef01165f4f8ae08ade56da44427ed4e0"><code>3e83581</code></a> fix: drop patchPnpmEnv so standalone+self-update works on Windows (<a href="https://redirect.github.com/pnpm/action-setup/issues/258">#258</a>)</li> <li><a href="https://github.com/pnpm/action-setup/commit/551b42e879e37e74d986effdd2a1647d2b02d464"><code>551b42e</code></a> docs(README): fix <code>cache_dependency_path</code> type (<a href="https://redirect.github.com/pnpm/action-setup/issues/257">#257</a>)</li> <li><a href="https://github.com/pnpm/action-setup/commit/739bfe42ca9233c5e6aca07c1a25a9d34aca49b0"><code>739bfe4</code></a> fix: self-update bootstrap to packageManager-pinned version (<a href="https://redirect.github.com/pnpm/action-setup/issues/233">#233</a>) (<a href="https://redirect.github.com/pnpm/action-setup/issues/256">#256</a>)</li> <li><a href="https://github.com/pnpm/action-setup/commit/f61705d907761b3b5209e83910fafd1fea50c5a1"><code>f61705d</code></a> chore: add CODEOWNERS</li> <li><a href="https://github.com/pnpm/action-setup/commit/7a5507b117647ab83e96e9db317ba2234056ebf3"><code>7a5507b</code></a> fix: restore inputs from state in post (<a href="https://redirect.github.com/pnpm/action-setup/issues/255">#255</a>)</li> <li><a href="https://github.com/pnpm/action-setup/commit/1155470f3e5fb872accd4d104b8dfcda41f676ce"><code>1155470</code></a> fix: honor devEngines.packageManager.onFail=error (<a href="https://redirect.github.com/pnpm/action-setup/issues/252">#252</a>) (<a href="https://redirect.github.com/pnpm/action-setup/issues/254">#254</a>)</li> <li><a href="https://github.com/pnpm/action-setup/commit/91ab88e2619ed1f46221f0ba42d1492c02baf788"><code>91ab88e</code></a> fix: bin_dest output points to self-updated pnpm, not bootstrap (<a href="https://redirect.github.com/pnpm/action-setup/issues/249">#249</a>)</li> <li><a href="https://github.com/pnpm/action-setup/commit/e578e19d19d31b011b841ba2aca34731a5f706a5"><code>e578e19</code></a> fix: update pnpm to 11.0.4</li> <li>See full diff in <a href="https://github.com/pnpm/action-setup/compare/v6.0.5...0e279bb959325dab635dd2c09392533439d90093">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
27ebdc3fea |
chore(deepagents): clarify LocalShellBackend virtualMode behavior (#577)
## Summary Fixes #544. Clarifies `LocalShellBackend` path semantics without introducing a breaking default change. This keeps legacy behavior intact while making the bounded-workspace setup explicit in docs and examples. ## Changes ### deepagents (`LocalShellBackend`) - Clarified `LocalShellBackendOptions` docs to explicitly note that `rootDir` does not bound filesystem paths when `virtualMode` is `false`. - Updated `LocalShellBackend` examples to use `virtualMode: true` when bounded path semantics are intended. - Added unit coverage to assert legacy behavior is preserved: with `virtualMode: false`, absolute writes can resolve outside `rootDir`. |
||
|
|
18557db7bb |
fix(deepagents): gate cache_control writes on per-call request.model (#551)
Fixes #550. ## Problem `createCacheBreakpointMiddleware` and `createMemoryMiddleware` write Anthropic-specific `cache_control: { type: "ephemeral" }` markers into the request payload. Both gate the write at **agent-creation time** in `createDeepAgent` (whether the *primary* model is Anthropic). When `modelFallbackMiddleware` swaps `request.model` to a non-Anthropic provider at request time, the markers leak through and the fallback provider rejects the request: ``` 400 Unknown parameter: 'messages[0].content[N].cache_control' ``` Full root-cause writeup, production trace, and reproduction in #550. ## Fix Move the model classification from boot-time to **per-call**, using the existing `isAnthropicModel` helper (`src/utils.ts:9`). - **`src/middleware/cache.ts`** — bail at the top of `wrapModelCall` when `request.model` isn't Anthropic. - **`src/middleware/memory.ts`** — AND the existing `addCacheControl` flag with the same per-call check. `addCacheControl` keeps its current public meaning (opt-in switch); the per-call gate is an additional safety net. - **`src/agent.ts`** — left untouched. The boot-time install gate stays (small perf win when primary is non-Anthropic — middleware isn't installed at all). The new per-call check handles the fallback case where the middleware *is* installed but the model has been swapped. ## Tests Each middleware's `.test.ts` got a `per-call provider gating` block. They build a request with a `ChatAnthropic`-shaped stub vs a `ChatOpenAI`-shaped stub on `request.model`, run `wrapModelCall`, and assert `cache_control` is/isn't written. Also covers `ConfigurableModel` with `modelProvider: "anthropic"` and the string forms (`"anthropic:claude-..."`, `"openai:gpt-5"`). Existing fixtures that didn't set `request.model` now pass a `ChatAnthropic` stub so they keep exercising the write path — they were previously relying on the unconditional behavior. No behavioral assertions changed; only the fixture got more explicit. 31/31 tests pass on `libs/deepagents` (`cache.test.ts` + `memory.test.ts`). ## Compatibility - **No public API change.** `addCacheControl?: boolean` on `MemoryMiddlewareOptions` keeps its existing semantics. - **Anthropic-primary happy path unchanged** — same writes, same cache hits. - **Per-call cost:** one `getName()` / string check inside `wrapModelCall`. Sub-microsecond. - **Failure mode improvement:** users running `createDeepAgent` with an Anthropic primary + non-Anthropic fallback no longer get a 400 from the fallback provider on swap. ## Changeset `patch` bump on `deepagents`. ## Out of scope `request.modelSettings.cache_control` (written by LangChain core's `anthropicPromptCachingMiddleware`) can also leak across the swap. Mentioned in #550 for tracking — that's a LangChain-side fix, not deepagents. --------- Co-authored-by: Anton Nakaliuzhnyi <anakaliuzhnyi@gipartners.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |