[PR #580] [MERGED] build(deps): bump the patch-deps-updates-main group across 1 directory with 17 updates #579

Closed
opened 2026-06-05 17:23:49 -04:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/langchain-ai/deepagentsjs/pull/580
Author: @dependabot[bot]
Created: 6/3/2026
Status: Merged
Merged: 6/3/2026
Merged by: @jkennedyvz

Base: mainHead: dependabot/npm_and_yarn/patch-deps-updates-main-49a561ca55


📝 Commits (1)

  • 13f4831 build(deps): bump the patch-deps-updates-main group across 1 directory with 17 updates

📊 Changes

1 file changed (+582 additions, -542 deletions)

View changed files

📝 pnpm-lock.yaml (+582 -542)

📄 Description

Bumps the patch-deps-updates-main group with 17 updates in the / directory:

Package From To
@langchain/core 1.1.42 1.1.48
@langchain/langgraph-checkpoint 1.0.1 1.0.4
@vitest/coverage-v8 4.1.5 4.1.8
@vitest/ui 4.1.5 4.1.8
vitest 4.1.5 4.1.8
zod 4.4.1 4.4.3
@langchain/openai 1.4.5 1.4.7
modal 0.7.4 0.7.6
@sveltejs/acorn-typescript 1.0.9 1.0.10
@types/estree 1.0.8 1.0.9
hono 4.12.18 4.12.23
@hono/node-server 2.0.1 2.0.4
react 19.2.5 19.2.7
@types/react 19.2.14 19.2.16
react-dom 19.2.5 19.2.7
@vitejs/plugin-react 6.0.1 6.0.2
vite 8.0.10 8.0.16

Updates @langchain/core from 1.1.42 to 1.1.48

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.1.48

Patch Changes

  • #10832 1b24369 Thanks @​info-arnav! - fix(core, openrouter): make CJS default re-exports callable

  • #10666 2bb55b0 Thanks @​hnustwjj! - feat(openrouter): surface reasoning content as v1 standard content blocks

    convertOpenRouterResponseToBaseMessage and convertOpenRouterDeltaToBaseMessageChunk now copy OpenRouter's reasoning (flat string) and reasoning_details (structured array) fields onto additional_kwargs.reasoning_content / additional_kwargs.reasoning_details. A new ChatOpenRouterTranslator is registered in @langchain/core under the "openrouter" provider key so AIMessage.contentBlocks emits standard {type: "reasoning"} blocks alongside text and tool calls.

    Previously, reasoning text returned by reasoning-capable models routed through OpenRouter (DeepSeek R1, Minimax M2, Claude extended thinking, o-series, etc.) was silently dropped: only the reasoning_tokens count was preserved via usage_metadata. Consumers using standard content blocks (including the frontend agent UI patterns shown in the docs) could not display the model's chain of thought.

  • #10918 3999fab Thanks @​christian-bromann! - fix(openai): stream custom tool calls through Responses API chunks

@​langchain/core@​1.1.47

Patch Changes

  • #10906 f61b345 Thanks @​hntrl! - feat(core): add uuid v6 utility support

    Add v6 UUID generation support to @langchain/core/utils/uuid by vendoring the upstream uuidjs v6 implementation and its v1ToV6 helper, exporting v6 from the UUID utils index, and adding tests for deterministic generation, buffer/offset behavior, validation/versioning, and ordering.

  • #10872 a640079 Thanks @​hntrl! - chore(deps): remove redundant @​types/uuid declarations

    Remove @types/uuid from package manifests that rely on @langchain/core/utils/uuid or do not require uuid type stubs directly, and refresh the lockfile entries accordingly.

  • #10792 3682268 Thanks @​Genmin! - fix(core): apply v1 message casting after implicit streaming aggregation

  • #10901 f26fc4a Thanks @​christian-bromann! - fix(testing): share fakeModel invocation state across bindTools instances

@​langchain/core@​1.1.46

Patch Changes

  • #10847 1659e7d Thanks @​hntrl! - chore(core): reduce transitive dependency exposure and tighten release hygiene

    Remove direct runtime dependencies on ansi-styles, camelcase, and decamelize by inlining equivalent logic in core internals, and enable npm provenance in the release workflow.

  • #10790 ef78bc6 Thanks @​Genmin! - fix(core): keep different content block types separate when merging chunks

Commits

Updates @langchain/langgraph-checkpoint from 1.0.1 to 1.0.4

Release notes

Sourced from @​langchain/langgraph-checkpoint's releases.

@​langchain/langgraph-checkpoint@​1.0.4

Patch Changes

  • #2344 0125920 Thanks @​dependabot! - chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering stable

    Bump uuid from 10.x/13.x to 14.0.0 across packages. Starting with uuid 11, v6({ clockseq }) no longer advances the sub-millisecond time counter when an explicit clockseq is passed, so checkpoint IDs created within the same millisecond were ordered only by clockseq. Since checkpoint IDs are sorted lexicographically, this broke ordering — most visibly for the negative clockseq used by the first ("input") checkpoint, which sorted as the newest.

    uuid6() now maintains its own monotonic (msecs, nsecs) clock (mirroring uuid 10's internal v1 behavior) so the time component is always strictly increasing and checkpoint ordering no longer depends on the clockseq value. emptyCheckpoint() also uses a non-negative clockseq.

@​langchain/langgraph-checkpoint@​1.0.3

Patch Changes

  • #2352 14f2a79 Thanks @​Nagendhra-web! - fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reserved storage keys

    MemorySaver previously embedded thread_id, checkpoint_ns, checkpoint_id, and task_id directly into property accesses on the nested plain objects this.storage and this.writes. A caller able to shape any of those fields (every quickstart, tutorial, and test fixture uses MemorySaver by default) could pass "__proto__", "constructor", or "prototype" and have the subsequent assignment mutate Object.prototype. From that point every plain object in the process inherits the injected property, breaking for...in loops, truthy short-circuits, and downstream serializers across unrelated code paths. CWE-1321.

    Adds an assertSafeStorageKey chokepoint applied at every public entry that touches storage or writes (put, putWrites, deleteThread, getTuple, list). The guard rejects non-string values, the empty string (unless explicitly opted-in for checkpoint_ns), and the three prototype-pollution keys. Behaviour for valid string identifiers is unchanged.

@​langchain/langgraph-checkpoint-postgres@​1.0.2

Patch Changes

Changelog

Sourced from @​langchain/langgraph-checkpoint's changelog.

1.0.4

Patch Changes

  • #2344 0125920 Thanks @​dependabot! - chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering stable

    Bump uuid from 10.x/13.x to 14.0.0 across packages. Starting with uuid 11, v6({ clockseq }) no longer advances the sub-millisecond time counter when an explicit clockseq is passed, so checkpoint IDs created within the same millisecond were ordered only by clockseq. Since checkpoint IDs are sorted lexicographically, this broke ordering — most visibly for the negative clockseq used by the first ("input") checkpoint, which sorted as the newest.

    uuid6() now maintains its own monotonic (msecs, nsecs) clock (mirroring uuid 10's internal v1 behavior) so the time component is always strictly increasing and checkpoint ordering no longer depends on the clockseq value. emptyCheckpoint() also uses a non-negative clockseq.

1.0.3

Patch Changes

  • #2352 14f2a79 Thanks @​Nagendhra-web! - fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reserved storage keys

    MemorySaver previously embedded thread_id, checkpoint_ns, checkpoint_id, and task_id directly into property accesses on the nested plain objects this.storage and this.writes. A caller able to shape any of those fields (every quickstart, tutorial, and test fixture uses MemorySaver by default) could pass "__proto__", "constructor", or "prototype" and have the subsequent assignment mutate Object.prototype. From that point every plain object in the process inherits the injected property, breaking for...in loops, truthy short-circuits, and downstream serializers across unrelated code paths. CWE-1321.

    Adds an assertSafeStorageKey chokepoint applied at every public entry that touches storage or writes (put, putWrites, deleteThread, getTuple, list). The guard rejects non-string values, the empty string (unless explicitly opted-in for checkpoint_ns), and the three prototype-pollution keys. Behaviour for valid string identifiers is unchanged.

1.0.2

Patch Changes

  • #2314 085a07f Thanks @​christian-bromann! - Improve MemorySaver diagnostics when checkpoint writes are missing a thread_id.

    The in-memory checkpointer now explains why configurable.thread_id is required and includes a concrete graph.stream(..., { configurable: { thread_id } }) example in the error message. This makes the new thread-oriented event streaming flows easier to debug when an application forgets to provide durable thread configuration.

Commits
  • d2ca90f chore: version packages (#2453)
  • 0125920 chore(deps): bump uuid from 10.0.0 to 14.0.0 (#2344)
  • 381a9f6 chore: version packages (#2445)
  • 14f2a79 fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reser...
  • 1f11df2 chore: version packages (#2364)
  • 085a07f feat(core): event based streaming (#2314)
  • 9102d52 fix(langgraph): propagate tracer metadata defaults from configurable (#2315)
  • d88f29b chore(repo): migrate linting and formatting from ESLint/Prettier to oxlint/ox...
  • See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.5 to 4.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • See full diff in compare view

Updates @vitest/ui from 4.1.5 to 4.1.8

Release notes

Sourced from @​vitest/ui's releases.

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits

Updates vitest from 4.1.5 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • See full diff in compare view

Updates zod from 4.4.1 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

  • 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
  • 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
  • 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
  • b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
  • f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
  • 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

  • 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
  • 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
  • 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
  • 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
  • bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
  • cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
  • 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
  • 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
  • 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
  • e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
  • e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
  • 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
  • bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
  • 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
  • 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
  • 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
  • c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2
Commits
  • 1fb56a5 docs: document release procedure in AGENTS.md
  • f3c9ec0 4.4.3
  • c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
  • 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 9195250 docs: remove Mintlify from bronze sponsors (churned)
  • 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
  • 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
  • Additional commits viewable in compare view

Updates @langchain/openai from 1.4.5 to 1.4.7

Release notes

Sourced from @​langchain/openai's releases.

@​langchain/openai@​1.4.7

Patch Changes

@​langchain/openai@​1.4.6

Patch Changes

  • #10902 229a7ad Thanks @​christian-bromann! - fix(openai): preserve v1 assistant tool calls

  • #10895 36fb0ef Thanks @​BertBR! - fix(openai): guard bare JSON.parse in Responses API converter against trailing non-whitespace characters

    convertResponsesDeltaToChatGenerationChunk previously called JSON.parse(msg.text) directly when response.text.format.type === "json_schema". Some models (observed with gpt-5-mini on service_tier: "auto") intermittently emit trailing non-whitespace characters (extra tokens, control characters) after a valid JSON object, causing a SyntaxError that propagates as an unhandled exception and kills the entire streaming response mid-flight. The parse is now wrapped in a try/catch: on failure, additional_kwargs.parsed is left undefined, the stream completes normally, and the existing withStructuredOutput pipeline handles the typed failure — includeRaw: true returns { raw, parsed: null } via its withFallbacks wrapper, includeRaw: false throws a typed OutputParserException that the caller can catch and retry. Closes #10894.

Commits

Updates modal from 0.7.4 to 0.7.6

Changelog

Sourced from modal's changelog.

js/v0.7.6, go/v0.7.6

  • Added Sandbox Filesystem API in the Go SDK with sandbox.Filesystem() and in the JS SDK with sandbox.filesystem. The filesystem API contains methods:
    • fs.WriteText (Go) / fs.writeText (JS): Write UTF-8 to a file in the Sandbox.
    • fs.WriteBytes (Go) / fs.writeBytes (JS): Write binary content to a file in the Sandbox.
    • fs.ReadText (Go) / fs.readText (JS): Read a file from the Sandbox and return its contents as a UTF-8 string.
    • fs.ReadBytes (Go) / fs.readBytes (JS): Read a file from the Sandbox and return its contents as bytes.
    • fs.MakeDirectory (Go) / fs.makeDirectory (JS): Create a new directory in the Sandbox.
    • fs.ListFiles (Go) / fs.listFiles (JS): List files and directories in a Sandbox directory.
    • fs.Stat (Go) / fs.stat (JS): Return metadata for a single file, directory, or symlink in the Sandbox.
    • fs.CopyFromLocal (Go) / fs.copyFromLocal (JS): Copy a local file into the Sandbox.
    • fs.CopyToLocal (Go) / fs.copyToLocal (JS): Copy a file from the Sandbox to a local path.
    • fs.Remove (Go) / fs.remove (JS): Remove a file or directory in the Sandbox.
  • Added Volume.WithMountOptions (Go) and volume.withMountOptions (JS) to configure mount-time options (ReadOnly / readOnly and SubPath / subPath) when attaching a Volume to a Function or Sandbox. The SubPath / subPath option mounts a subdirectory of the Volume instead of its root. Calling withMountOptions multiple times on the same Volume stacks: fields left unset preserve their previous value.
  • Deprecated Volume.ReadOnly (Go) and Volume.readOnly (JS) in favor of WithMountOptions({ReadOnly: &t}) / withMountOptions({readOnly: true}). The old methods still work but will be removed in a future release.
  • Deprecated Volume.IsReadOnly (Go) and Volume.isReadOnly (JS); track configured mount options at the call site that configured them instead.

js/v0.7.5, go/v0.7.5

  • We've improved the reliability of the Sandbox.SnapshotFilesystem (Go) and Sandbox.snapshotFilesystem (JS) operation, especially for large snapshots, and we now support setting a timeout (Go) or timeoutMs (JS) longer than 55s when necessary.
  • Added Sandbox.UnmountImage (Go) and sandbox.unmountImage (JS) to remove an image mount from a path in the Sandbox filesystem and reveal the underlying directory again.
  • Sandboxes.Create (Go) and sandboxes.create (JS) now accept a Tags / tags parameter to attach key-value tags to the Sandbox at creation time.
  • Sandboxes.Create (Go) and sandboxes.create (JS) now accept an InboundCIDRAllowlist / inboundCidrAllowlist parameter to restrict which source IPs can connect inbound to a sandbox's tunnels and connection tokens.
  • Renamed cidrAllowlist to outboundCidrAllowlist (JS) and CIDRAllowlist to OutboundCIDRAllowlist (Go) to distinguish from the corresponding inbound allowlists.
  • The Go and JS SDKs can now respond more gracefully to server throttling (e.g., rate limiting) by backing off and automatically retrying.
Commits

Updates @sveltejs/acorn-typescript from 1.0.9 to 1.0.10

Release notes

Sourced from @​sveltejs/acorn-typescript's releases.

@​sveltejs/acorn-typescript@​1.0.10

Patch Changes

  • fix: use user-provided acorn-copy for ts plugin (#42)

  • fix: support namespace declaration merging (#34)

Changelog

Sourced from @​sveltejs/acorn-typescript's changelog.

1.0.10

Patch Changes

  • fix: use user-provided acorn-copy for ts plugin (#42)

  • fix: support namespace declaration merging (#34)

Commits

Updates @types/estree from 1.0.8 to 1.0.9

Commits

Updates hono from 4.12.18 to 4.12.23

Release notes

Sourced from hono's releases.

v4.12.23

What's Changed

Full Changelog: https://github.com/honojs/hono/compare/v4.12.22...v4.12.23

v4.12.22

What's Changed

New Contributors

Full Changelog: https://github.com/honojs/hono/compare/v4.12.21...v4.12.22

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

Affects: hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5

Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Affects: hono/cookie. Fixes missing validation of sameSite and priority options against injection characters (;, \r, \n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x

JWT middleware accepts any Authorization scheme, not only Bearer

Affects: hono/jwt, hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474


Users who use app.mount(), hono/ip-restriction, hono/cookie, or hono/jwt/hono/jwk are encouraged to upgrade to this version.

... (truncated)

Commits
  • 83bfb3b 4.12.23
  • bcd290a fix(utils/ipaddr): do not compress a single 0 group to :: (#4971)
  • c968177 feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...
  • 0265a54 docs(contribution): add AI Usage Policy (#4970)
  • c84c5d2 feat(context): export the Context class publicly (#4543)
  • 82dad62 fix(serve-static): normalize all backslashes in file paths, not just the firs...
  • 2f01b77 4.12.22
  • 6bc0dff feat: add msgpack as a compressible content type (#4957)
  • 7e0555d fix(deno): echo negotiated WebSocket subprotocol in upgrade response (#4955)
  • f0ed246 fix(compress): respect Accept-Encoding when encoding option is set (#4951)
  • Additional commits viewable in compare view

Updates @hono/node-server from 2.0.1 to 2.0.4

Release notes

Sourced from @​hono/node-server's releases.

v2.0.4

What's Changed

Full Changelog: https://github.com/honojs/node-server/compare/v2.0.3...v2.0.4

v2.0.3

What's Changed

New Contributors

Full Changelog: https://github.com/honojs/node-server/compare/v2.0.2...v2.0.3

v2.0.2

What's Changed

Full Changelog: https://github.com/honojs/node-server/compare/v2.0.1...v2.0.2

Commits
  • 9e1cdee 2.0.4
  • b4ca622 fix: stub ws types to prevent them leaking in public types (#359)
  • 9d87987 2.0.3
  • 9463250 fix: preserve headers mutated after raw Response construction (#357)
  • cee5e81 docs: Align the ServeStaticOption command with the current specification (#...
  • 4aa0650 chore(ci): update GitHub Actions versions (#352)
  • 808159c 2.0.2
  • 1a9748e fix: handle serveStatic stream fallback backpressure (#351)
  • 54d1bcd fix(serve-static): stop using file birthtime for Date header (#350)
  • See full diff in compare view

Updates react from 19.2.5 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

  • Type hardening and performance improvements (Description has been truncated


    🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/langchain-ai/deepagentsjs/pull/580 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/3/2026 **Status:** ✅ Merged **Merged:** 6/3/2026 **Merged by:** [@jkennedyvz](https://github.com/jkennedyvz) **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/patch-deps-updates-main-49a561ca55` --- ### 📝 Commits (1) - [`13f4831`](https://github.com/langchain-ai/deepagentsjs/commit/13f4831557d98441ae0a56d403fb5ad34f939b14) build(deps): bump the patch-deps-updates-main group across 1 directory with 17 updates ### 📊 Changes **1 file changed** (+582 additions, -542 deletions) <details> <summary>View changed files</summary> 📝 `pnpm-lock.yaml` (+582 -542) </details> ### 📄 Description Bumps the patch-deps-updates-main group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@langchain/core](https://github.com/langchain-ai/langchainjs) | `1.1.42` | `1.1.48` | | [@langchain/langgraph-checkpoint](https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint) | `1.0.1` | `1.0.4` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.5` | `4.1.8` | | [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) | `4.1.5` | `4.1.8` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.5` | `4.1.8` | | [zod](https://github.com/colinhacks/zod) | `4.4.1` | `4.4.3` | | [@langchain/openai](https://github.com/langchain-ai/langchainjs) | `1.4.5` | `1.4.7` | | [modal](https://github.com/modal-labs/modal-client) | `0.7.4` | `0.7.6` | | [@sveltejs/acorn-typescript](https://github.com/sveltejs/acorn-typescript) | `1.0.9` | `1.0.10` | | [@types/estree](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/estree) | `1.0.8` | `1.0.9` | | [hono](https://github.com/honojs/hono) | `4.12.18` | `4.12.23` | | [@hono/node-server](https://github.com/honojs/node-server) | `2.0.1` | `2.0.4` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.7` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.16` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.7` | | [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.1` | `6.0.2` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.10` | `8.0.16` | Updates `@langchain/core` from 1.1.42 to 1.1.48 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases">@​langchain/core's releases</a>.</em></p> <blockquote> <h2><code>@​langchain/core</code><a href="https://github.com/1"><code>@​1</code></a>.1.48</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10832">#10832</a> <a href="https://github.com/langchain-ai/langchainjs/commit/1b24369a970ad6f56f1f428027f48601f87e62eb"><code>1b24369</code></a> Thanks <a href="https://github.com/info-arnav"><code>@​info-arnav</code></a>! - fix(core, openrouter): make CJS default re-exports callable</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10666">#10666</a> <a href="https://github.com/langchain-ai/langchainjs/commit/2bb55b053f49f89e81e3252a7af08e86d71ddd95"><code>2bb55b0</code></a> Thanks <a href="https://github.com/hnustwjj"><code>@​hnustwjj</code></a>! - feat(openrouter): surface reasoning content as v1 standard content blocks</p> <p><code>convertOpenRouterResponseToBaseMessage</code> and <code>convertOpenRouterDeltaToBaseMessageChunk</code> now copy OpenRouter's <code>reasoning</code> (flat string) and <code>reasoning_details</code> (structured array) fields onto <code>additional_kwargs.reasoning_content</code> / <code>additional_kwargs.reasoning_details</code>. A new <code>ChatOpenRouterTranslator</code> is registered in <code>@langchain/core</code> under the <code>&quot;openrouter&quot;</code> provider key so <code>AIMessage.contentBlocks</code> emits standard <code>{type: &quot;reasoning&quot;}</code> blocks alongside text and tool calls.</p> <p>Previously, reasoning text returned by reasoning-capable models routed through OpenRouter (DeepSeek R1, Minimax M2, Claude extended thinking, o-series, etc.) was silently dropped: only the <code>reasoning_tokens</code> count was preserved via <code>usage_metadata</code>. Consumers using standard content blocks (including the frontend agent UI patterns shown in the docs) could not display the model's chain of thought.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10918">#10918</a> <a href="https://github.com/langchain-ai/langchainjs/commit/3999fab55870c6eea22d6d90c08aa472f9b2fac3"><code>3999fab</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>! - fix(openai): stream custom tool calls through Responses API chunks</p> </li> </ul> <h2><code>@​langchain/core</code><a href="https://github.com/1"><code>@​1</code></a>.1.47</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10906">#10906</a> <a href="https://github.com/langchain-ai/langchainjs/commit/f61b3450f275831e47e69c08899b4a2b67b4bdb3"><code>f61b345</code></a> Thanks <a href="https://github.com/hntrl"><code>@​hntrl</code></a>! - feat(core): add uuid v6 utility support</p> <p>Add <code>v6</code> UUID generation support to <code>@langchain/core/utils/uuid</code> by vendoring the upstream uuidjs <code>v6</code> implementation and its <code>v1ToV6</code> helper, exporting <code>v6</code> from the UUID utils index, and adding tests for deterministic generation, buffer/offset behavior, validation/versioning, and ordering.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10872">#10872</a> <a href="https://github.com/langchain-ai/langchainjs/commit/a64007997a4940f51bba3c1c83dae89d1ccfb692"><code>a640079</code></a> Thanks <a href="https://github.com/hntrl"><code>@​hntrl</code></a>! - chore(deps): remove redundant <code>@​types/uuid</code> declarations</p> <p>Remove <code>@types/uuid</code> from package manifests that rely on <code>@langchain/core/utils/uuid</code> or do not require uuid type stubs directly, and refresh the lockfile entries accordingly.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10792">#10792</a> <a href="https://github.com/langchain-ai/langchainjs/commit/3682268cd1844b2573b01f07bee367e21cb7bdc7"><code>3682268</code></a> Thanks <a href="https://github.com/Genmin"><code>@​Genmin</code></a>! - fix(core): apply v1 message casting after implicit streaming aggregation</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10901">#10901</a> <a href="https://github.com/langchain-ai/langchainjs/commit/f26fc4a6f461d6d0f86d59bd00197ad510432c4a"><code>f26fc4a</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>! - fix(testing): share fakeModel invocation state across bindTools instances</p> </li> </ul> <h2><code>@​langchain/core</code><a href="https://github.com/1"><code>@​1</code></a>.1.46</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10847">#10847</a> <a href="https://github.com/langchain-ai/langchainjs/commit/1659e7d36e31e315c890fa98f43db887f7a2d52b"><code>1659e7d</code></a> Thanks <a href="https://github.com/hntrl"><code>@​hntrl</code></a>! - chore(core): reduce transitive dependency exposure and tighten release hygiene</p> <p>Remove direct runtime dependencies on <code>ansi-styles</code>, <code>camelcase</code>, and <code>decamelize</code> by inlining equivalent logic in core internals, and enable npm provenance in the release workflow.</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10790">#10790</a> <a href="https://github.com/langchain-ai/langchainjs/commit/ef78bc6a21f9a8808ba95c98db2023f0a6b51bcc"><code>ef78bc6</code></a> Thanks <a href="https://github.com/Genmin"><code>@​Genmin</code></a>! - fix(core): keep different content block types separate when merging chunks</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langchainjs/commits/@langchain/core@1.1.48">compare view</a></li> </ul> </details> <br /> Updates `@langchain/langgraph-checkpoint` from 1.0.1 to 1.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/releases">@​langchain/langgraph-checkpoint's releases</a>.</em></p> <blockquote> <h2><code>@​langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@​1</code></a>.0.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> Thanks <a href="https://github.com/apps/dependabot"><code>@​dependabot</code></a>! - chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering stable</p> <p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages. Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances the sub-millisecond time counter when an explicit <code>clockseq</code> is passed, so checkpoint IDs created within the same millisecond were ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted lexicographically, this broke ordering — most visibly for the negative <code>clockseq</code> used by the first (&quot;input&quot;) checkpoint, which sorted as the newest.</p> <p><code>uuid6()</code> now maintains its own monotonic <code>(msecs, nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the time component is always strictly increasing and checkpoint ordering no longer depends on the <code>clockseq</code> value. <code>emptyCheckpoint()</code> also uses a non-negative <code>clockseq</code>.</p> </li> </ul> <h2><code>@​langchain/langgraph-checkpoint</code><a href="https://github.com/1"><code>@​1</code></a>.0.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2352">#2352</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a> Thanks <a href="https://github.com/Nagendhra-web"><code>@​Nagendhra-web</code></a>! - fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reserved storage keys</p> <p><code>MemorySaver</code> previously embedded <code>thread_id</code>, <code>checkpoint_ns</code>, <code>checkpoint_id</code>, and <code>task_id</code> directly into property accesses on the nested plain objects <code>this.storage</code> and <code>this.writes</code>. A caller able to shape any of those fields (every quickstart, tutorial, and test fixture uses <code>MemorySaver</code> by default) could pass <code>&quot;__proto__&quot;</code>, <code>&quot;constructor&quot;</code>, or <code>&quot;prototype&quot;</code> and have the subsequent assignment mutate <code>Object.prototype</code>. From that point every plain object in the process inherits the injected property, breaking <code>for...in</code> loops, truthy short-circuits, and downstream serializers across unrelated code paths. CWE-1321.</p> <p>Adds an <code>assertSafeStorageKey</code> chokepoint applied at every public entry that touches <code>storage</code> or <code>writes</code> (<code>put</code>, <code>putWrites</code>, <code>deleteThread</code>, <code>getTuple</code>, <code>list</code>). The guard rejects non-string values, the empty string (unless explicitly opted-in for <code>checkpoint_ns</code>), and the three prototype-pollution keys. Behaviour for valid string identifiers is unchanged.</p> </li> </ul> <h2><code>@​langchain/langgraph-checkpoint-postgres</code><a href="https://github.com/1"><code>@​1</code></a>.0.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2255">#2255</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/e82a50b961a9413dab1ad2248747d5c73a6a1e58"><code>e82a50b</code></a> Thanks <a href="https://github.com/leesta24"><code>@​leesta24</code></a>! - fix(checkpoint-postgres): move serialization outside transaction in put()</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraphjs/blob/main/libs/checkpoint/CHANGELOG.md">@​langchain/langgraph-checkpoint's changelog</a>.</em></p> <blockquote> <h2>1.0.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2344">#2344</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> Thanks <a href="https://github.com/apps/dependabot"><code>@​dependabot</code></a>! - chore(deps): bump uuid to 14.0.0 and keep checkpoint ID ordering stable</p> <p>Bump <code>uuid</code> from 10.x/13.x to 14.0.0 across packages. Starting with uuid 11, <code>v6({ clockseq })</code> no longer advances the sub-millisecond time counter when an explicit <code>clockseq</code> is passed, so checkpoint IDs created within the same millisecond were ordered only by <code>clockseq</code>. Since checkpoint IDs are sorted lexicographically, this broke ordering — most visibly for the negative <code>clockseq</code> used by the first (&quot;input&quot;) checkpoint, which sorted as the newest.</p> <p><code>uuid6()</code> now maintains its own monotonic <code>(msecs, nsecs)</code> clock (mirroring uuid 10's internal v1 behavior) so the time component is always strictly increasing and checkpoint ordering no longer depends on the <code>clockseq</code> value. <code>emptyCheckpoint()</code> also uses a non-negative <code>clockseq</code>.</p> </li> </ul> <h2>1.0.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2352">#2352</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a> Thanks <a href="https://github.com/Nagendhra-web"><code>@​Nagendhra-web</code></a>! - fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reserved storage keys</p> <p><code>MemorySaver</code> previously embedded <code>thread_id</code>, <code>checkpoint_ns</code>, <code>checkpoint_id</code>, and <code>task_id</code> directly into property accesses on the nested plain objects <code>this.storage</code> and <code>this.writes</code>. A caller able to shape any of those fields (every quickstart, tutorial, and test fixture uses <code>MemorySaver</code> by default) could pass <code>&quot;__proto__&quot;</code>, <code>&quot;constructor&quot;</code>, or <code>&quot;prototype&quot;</code> and have the subsequent assignment mutate <code>Object.prototype</code>. From that point every plain object in the process inherits the injected property, breaking <code>for...in</code> loops, truthy short-circuits, and downstream serializers across unrelated code paths. CWE-1321.</p> <p>Adds an <code>assertSafeStorageKey</code> chokepoint applied at every public entry that touches <code>storage</code> or <code>writes</code> (<code>put</code>, <code>putWrites</code>, <code>deleteThread</code>, <code>getTuple</code>, <code>list</code>). The guard rejects non-string values, the empty string (unless explicitly opted-in for <code>checkpoint_ns</code>), and the three prototype-pollution keys. Behaviour for valid string identifiers is unchanged.</p> </li> </ul> <h2>1.0.2</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langgraphjs/pull/2314">#2314</a> <a href="https://github.com/langchain-ai/langgraphjs/commit/085a07f569b6d7d79728eb7eb6eb3a0c67fcdefb"><code>085a07f</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>! - Improve <code>MemorySaver</code> diagnostics when checkpoint writes are missing a <code>thread_id</code>.</p> <p>The in-memory checkpointer now explains why <code>configurable.thread_id</code> is required and includes a concrete <code>graph.stream(..., { configurable: { thread_id } })</code> example in the error message. This makes the new thread-oriented event streaming flows easier to debug when an application forgets to provide durable thread configuration.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/d2ca90f8e2cfbba547a9645d81e7c5340d1e7ebf"><code>d2ca90f</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2453">#2453</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/0125920a2c4a87dc1d66aaf541ea16146f8cf842"><code>0125920</code></a> chore(deps): bump uuid from 10.0.0 to 14.0.0 (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2344">#2344</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/381a9f64d0e4b8627ee4ffb567ac10c6035ec438"><code>381a9f6</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2445">#2445</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/14f2a796912e81d7f52f0a4f16747f6d0a269209"><code>14f2a79</code></a> fix(langgraph-checkpoint): block prototype pollution in MemorySaver via reser...</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/1f11df266824d56e20c69cbb12c8da8166390ae2"><code>1f11df2</code></a> chore: version packages (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2364">#2364</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/085a07f569b6d7d79728eb7eb6eb3a0c67fcdefb"><code>085a07f</code></a> feat(core): event based streaming (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2314">#2314</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/9102d526c858a4cdbe9b47dcdd062b93da93e49f"><code>9102d52</code></a> fix(langgraph): propagate tracer metadata defaults from configurable (<a href="https://github.com/langchain-ai/langgraphjs/tree/HEAD/libs/checkpoint/issues/2315">#2315</a>)</li> <li><a href="https://github.com/langchain-ai/langgraphjs/commit/d88f29ba2558579781e60307947dba47290d58a1"><code>d88f29b</code></a> chore(repo): migrate linting and formatting from ESLint/Prettier to oxlint/ox...</li> <li>See full diff in <a href="https://github.com/langchain-ai/langgraphjs/commits/@langchain/langgraph-checkpoint@1.0.4/libs/checkpoint">compare view</a></li> </ul> </details> <br /> Updates `@vitest/coverage-v8` from 4.1.5 to 4.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">@​vitest/coverage-v8's releases</a>.</em></p> <blockquote> <h2>v4.1.8</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [backport to v4]  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a> <a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li> <li>Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by <a href="https://github.com/toxik"><code>@​toxik</code></a> and <a href="https://github.com/Zelys-DFKH"><code>@​Zelys-DFKH</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a> <a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li> </ul> </li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View changes on GitHub</a></h5> <h2>v4.1.7</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> <h2>v4.1.6</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Provide project reference in <code>ToMatchScreenshotResolvePath</code>  -  by <a href="https://github.com/macarie"><code>@​macarie</code></a> and <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a> <a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw HTML omitted -->(31882)<!-- raw HTML omitted --></a></li> <li>Global <code>sequence.concurrent: true</code> with top-level <code>test(..., { concurrent: false })</code> + depreacte <code>sequential</code> test API and options  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a> <a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Simplify orchestrator otel carrier  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a> <a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li> </ul> <h3>   🏎 Performance</h3> <ul> <li>Stringify diff objects only once  -  by <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a> <a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a> chore: release v4.1.8</li> <li><a href="https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9"><code>e4067b3</code></a> fix(browser): disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [ba...</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a> chore: release v4.1.6</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/coverage-v8">compare view</a></li> </ul> </details> <br /> Updates `@vitest/ui` from 4.1.5 to 4.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">@​vitest/ui's releases</a>.</em></p> <blockquote> <h2>v4.1.8</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [backport to v4]  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a> <a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li> <li>Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by <a href="https://github.com/toxik"><code>@​toxik</code></a> and <a href="https://github.com/Zelys-DFKH"><code>@​Zelys-DFKH</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a> <a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li> </ul> </li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View changes on GitHub</a></h5> <h2>v4.1.7</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> <h2>v4.1.6</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Provide project reference in <code>ToMatchScreenshotResolvePath</code>  -  by <a href="https://github.com/macarie"><code>@​macarie</code></a> and <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a> <a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw HTML omitted -->(31882)<!-- raw HTML omitted --></a></li> <li>Global <code>sequence.concurrent: true</code> with top-level <code>test(..., { concurrent: false })</code> + depreacte <code>sequential</code> test API and options  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a> <a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Simplify orchestrator otel carrier  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a> <a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li> </ul> <h3>   🏎 Performance</h3> <ul> <li>Stringify diff objects only once  -  by <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a> <a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a> chore: release v4.1.8</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a> chore: release v4.1.6</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/ui">compare view</a></li> </ul> </details> <br /> Updates `vitest` from 4.1.5 to 4.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">vitest's releases</a>.</em></p> <blockquote> <h2>v4.1.8</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [backport to v4]  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a> <a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1"><!-- raw HTML omitted -->(e4067)<!-- raw HTML omitted --></a></li> <li>Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by <a href="https://github.com/toxik"><code>@​toxik</code></a> and <a href="https://github.com/Zelys-DFKH"><code>@​Zelys-DFKH</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a> <a href="https://github.com/vitest-dev/vitest/commit/675b4343f"><!-- raw HTML omitted -->(675b4)<!-- raw HTML omitted --></a></li> </ul> </li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View changes on GitHub</a></h5> <h2>v4.1.7</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> <h2>v4.1.6</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Provide project reference in <code>ToMatchScreenshotResolvePath</code>  -  by <a href="https://github.com/macarie"><code>@​macarie</code></a> and <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a> <a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw HTML omitted -->(31882)<!-- raw HTML omitted --></a></li> <li>Global <code>sequence.concurrent: true</code> with top-level <code>test(..., { concurrent: false })</code> + depreacte <code>sequential</code> test API and options  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a> <a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Simplify orchestrator otel carrier  -  by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a> <a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li> </ul> <h3>   🏎 Performance</h3> <ul> <li>Stringify diff objects only once  -  by <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a> <a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a> chore: release v4.1.8</li> <li><a href="https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9"><code>e4067b3</code></a> fix(browser): disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [ba...</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a> chore: release v4.1.6</li> <li><a href="https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06"><code>18af98c</code></a> fix(browser): simplify orchestrator otel carrier (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10285">#10285</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/31882607cc67c7bf52ead13a606321ffdb06a857"><code>3188260</code></a> feat(browser): provide project reference in <code>ToMatchScreenshotResolvePath</code> (#...</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest">compare view</a></li> </ul> </details> <br /> Updates `zod` from 4.4.1 to 4.4.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/colinhacks/zod/releases">zod's releases</a>.</em></p> <blockquote> <h2>v4.4.3</h2> <h2>Commits:</h2> <ul> <li>4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo</li> <li>2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing</li> <li>7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones</li> <li>2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern</li> <li>9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)</li> <li>b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)</li> <li>1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (<a href="https://redirect.github.com/colinhacks/zod/issues/5937">#5937</a>) (<a href="https://redirect.github.com/colinhacks/zod/issues/5939">#5939</a>)</li> <li>c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (<a href="https://redirect.github.com/colinhacks/zod/issues/5941">#5941</a>)</li> <li>f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3</li> <li>1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md</li> </ul> <h2>v4.4.2</h2> <h2>Commits:</h2> <ul> <li>0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (<a href="https://redirect.github.com/colinhacks/zod/issues/5901">#5901</a>)</li> <li>20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps</li> <li>6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (<a href="https://redirect.github.com/colinhacks/zod/issues/5791">#5791</a>)</li> <li>4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing</li> <li>bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents</li> <li>cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint</li> <li>292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor</li> <li>1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion</li> <li>1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance</li> <li>e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes</li> <li>e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights</li> <li>905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing</li> <li>bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md</li> <li>8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch</li> <li>02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (<a href="https://redirect.github.com/colinhacks/zod/issues/5929">#5929</a>)</li> <li>88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated <code>baseUrl</code> from tsconfig</li> <li>c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/colinhacks/zod/commit/1fb56a5c18c27102dbc92260a4007c7732a0ccca"><code>1fb56a5</code></a> docs: document release procedure in AGENTS.md</li> <li><a href="https://github.com/colinhacks/zod/commit/f3c9ec03ba7a28ae72d25cc295f38674bee0f559"><code>f3c9ec0</code></a> 4.4.3</li> <li><a href="https://github.com/colinhacks/zod/commit/c2be4f819064eed62c7c350a2d399b5faecd15f8"><code>c2be4f8</code></a> fix(v4): generalize optin/fallback to transform; restore preprocess on absent...</li> <li><a href="https://github.com/colinhacks/zod/commit/1cab69383fcdeae2a366d5e2a2fc4d8fc765d168"><code>1cab693</code></a> fix(v4): restore catch handling for absent object keys (<a href="https://redirect.github.com/colinhacks/zod/issues/5937">#5937</a>) (<a href="https://redirect.github.com/colinhacks/zod/issues/5939">#5939</a>)</li> <li><a href="https://github.com/colinhacks/zod/commit/b8dffe9e62f17e6571e6249d05cc5102b54d94e4"><code>b8dffe9</code></a> docs: remove Numeric and Speakeasy (2+ missed monthly cycles)</li> <li><a href="https://github.com/colinhacks/zod/commit/9195250cab0e7950efe39c3926d6c203b4b0a170"><code>9195250</code></a> docs: remove Mintlify from bronze sponsors (churned)</li> <li><a href="https://github.com/colinhacks/zod/commit/2c703322a21b4e2b12f33f49ea8430c451a68b4f"><code>2c70332</code></a> docs: normalize bronze sponsor logos to github avatar pattern</li> <li><a href="https://github.com/colinhacks/zod/commit/7391be88ac1ee5cd02057f5ccc012a1f5df4efd0"><code>7391be8</code></a> docs: prune lapsed silver/bronze sponsors and add active ones</li> <li><a href="https://github.com/colinhacks/zod/commit/2aeec83eb135e3a83756e973ef44845fc5a455d2"><code>2aeec83</code></a> docs: prune lapsed gold sponsors and rebalance logo sizing</li> <li><a href="https://github.com/colinhacks/zod/commit/4c2fa95ce3f3390fbc522324e406b4e9e89b88f9"><code>4c2fa95</code></a> docs: use Zernio primary wordmark for gold sponsor logo</li> <li>Additional commits viewable in <a href="https://github.com/colinhacks/zod/compare/v4.4.1...v4.4.3">compare view</a></li> </ul> </details> <br /> Updates `@langchain/openai` from 1.4.5 to 1.4.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases">@​langchain/openai's releases</a>.</em></p> <blockquote> <h2><code>@​langchain/openai</code><a href="https://github.com/1"><code>@​1</code></a>.4.7</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10918">#10918</a> <a href="https://github.com/langchain-ai/langchainjs/commit/3999fab55870c6eea22d6d90c08aa472f9b2fac3"><code>3999fab</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>! - fix(openai): stream custom tool calls through Responses API chunks</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10791">#10791</a> <a href="https://github.com/langchain-ai/langchainjs/commit/fce9ab418901323618fdfaaa9fc350fa1c0d50e0"><code>fce9ab4</code></a> Thanks <a href="https://github.com/Genmin"><code>@​Genmin</code></a>! - fix(openai): preserve top-level Responses API ids on AI messages</p> </li> </ul> <h2><code>@​langchain/openai</code><a href="https://github.com/1"><code>@​1</code></a>.4.6</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10902">#10902</a> <a href="https://github.com/langchain-ai/langchainjs/commit/229a7ad67b9a7ebd8df3ca451e0b8195bea0190e"><code>229a7ad</code></a> Thanks <a href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>! - fix(openai): preserve v1 assistant tool calls</p> </li> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/10895">#10895</a> <a href="https://github.com/langchain-ai/langchainjs/commit/36fb0ef1dc76c096dcfa0c777e10c9f9365a5240"><code>36fb0ef</code></a> Thanks <a href="https://github.com/BertBR"><code>@​BertBR</code></a>! - fix(openai): guard bare <code>JSON.parse</code> in Responses API converter against trailing non-whitespace characters</p> <p><code>convertResponsesDeltaToChatGenerationChunk</code> previously called <code>JSON.parse(msg.text)</code> directly when <code>response.text.format.type === &quot;json_schema&quot;</code>. Some models (observed with <code>gpt-5-mini</code> on <code>service_tier: &quot;auto&quot;</code>) intermittently emit trailing non-whitespace characters (extra tokens, control characters) after a valid JSON object, causing a <code>SyntaxError</code> that propagates as an unhandled exception and kills the entire streaming response mid-flight. The parse is now wrapped in a <code>try</code>/<code>catch</code>: on failure, <code>additional_kwargs.parsed</code> is left undefined, the stream completes normally, and the existing <code>withStructuredOutput</code> pipeline handles the typed failure — <code>includeRaw: true</code> returns <code>{ raw, parsed: null }</code> via its <code>withFallbacks</code> wrapper, <code>includeRaw: false</code> throws a typed <code>OutputParserException</code> that the caller can catch and retry. Closes <a href="https://redirect.github.com/langchain-ai/langchainjs/issues/10894">#10894</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langchainjs/commits/@langchain/openai@1.4.7">compare view</a></li> </ul> </details> <br /> Updates `modal` from 0.7.4 to 0.7.6 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/modal-labs/modal-client/blob/main/CHANGELOG_GO_JS.md">modal's changelog</a>.</em></p> <blockquote> <h2>js/v0.7.6, go/v0.7.6</h2> <ul> <li>Added Sandbox Filesystem API in the Go SDK with <code>sandbox.Filesystem()</code> and in the JS SDK with <code>sandbox.filesystem</code>. The filesystem API contains methods: <ul> <li><code>fs.WriteText</code> (Go) / <code>fs.writeText</code> (JS): Write UTF-8 to a file in the Sandbox.</li> <li><code>fs.WriteBytes</code> (Go) / <code>fs.writeBytes</code> (JS): Write binary content to a file in the Sandbox.</li> <li><code>fs.ReadText</code> (Go) / <code>fs.readText</code> (JS): Read a file from the Sandbox and return its contents as a UTF-8 string.</li> <li><code>fs.ReadBytes</code> (Go) / <code>fs.readBytes</code> (JS): Read a file from the Sandbox and return its contents as bytes.</li> <li><code>fs.MakeDirectory</code> (Go) / <code>fs.makeDirectory</code> (JS): Create a new directory in the Sandbox.</li> <li><code>fs.ListFiles</code> (Go) / <code>fs.listFiles</code> (JS): List files and directories in a Sandbox directory.</li> <li><code>fs.Stat</code> (Go) / <code>fs.stat</code> (JS): Return metadata for a single file, directory, or symlink in the Sandbox.</li> <li><code>fs.CopyFromLocal</code> (Go) / <code>fs.copyFromLocal</code> (JS): Copy a local file into the Sandbox.</li> <li><code>fs.CopyToLocal</code> (Go) / <code>fs.copyToLocal</code> (JS): Copy a file from the Sandbox to a local path.</li> <li><code>fs.Remove</code> (Go) / <code>fs.remove</code> (JS): Remove a file or directory in the Sandbox.</li> </ul> </li> <li>Added <code>Volume.WithMountOptions</code> (Go) and <code>volume.withMountOptions</code> (JS) to configure mount-time options (<code>ReadOnly</code> / <code>readOnly</code> and <code>SubPath</code> / <code>subPath</code>) when attaching a Volume to a Function or Sandbox. The <code>SubPath</code> / <code>subPath</code> option mounts a subdirectory of the Volume instead of its root. Calling <code>withMountOptions</code> multiple times on the same Volume stacks: fields left unset preserve their previous value.</li> <li>Deprecated <code>Volume.ReadOnly</code> (Go) and <code>Volume.readOnly</code> (JS) in favor of <code>WithMountOptions({ReadOnly: &amp;t})</code> / <code>withMountOptions({readOnly: true})</code>. The old methods still work but will be removed in a future release.</li> <li>Deprecated <code>Volume.IsReadOnly</code> (Go) and <code>Volume.isReadOnly</code> (JS); track configured mount options at the call site that configured them instead.</li> </ul> <h2>js/v0.7.5, go/v0.7.5</h2> <ul> <li>We've improved the reliability of the <code>Sandbox.SnapshotFilesystem</code> (Go) and <code>Sandbox.snapshotFilesystem</code> (JS) operation, especially for large snapshots, and we now support setting a <code>timeout</code> (Go) or <code>timeoutMs</code> (JS) longer than 55s when necessary.</li> <li>Added <code>Sandbox.UnmountImage</code> (Go) and <code>sandbox.unmountImage</code> (JS) to remove an image mount from a path in the Sandbox filesystem and reveal the underlying directory again.</li> <li><code>Sandboxes.Create</code> (Go) and <code>sandboxes.create</code> (JS) now accept a <code>Tags</code> / <code>tags</code> parameter to attach key-value tags to the Sandbox at creation time.</li> <li><code>Sandboxes.Create</code> (Go) and <code>sandboxes.create</code> (JS) now accept an <code>InboundCIDRAllowlist</code> / <code>inboundCidrAllowlist</code> parameter to restrict which source IPs can connect inbound to a sandbox's tunnels and connection tokens.</li> <li>Renamed <code>cidrAllowlist</code> to <code>outboundCidrAllowlist</code> (JS) and <code>CIDRAllowlist</code> to <code>OutboundCIDRAllowlist</code> (Go) to distinguish from the corresponding inbound allowlists.</li> <li>The Go and JS SDKs can now respond more gracefully to server throttling (e.g., rate limiting) by backing off and automatically retrying.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/modal-labs/modal-client/commit/d08dce98adbce70d259e3db717da9a7ca43ff2a4"><code>d08dce9</code></a> Release 0.7.6 for Go/JS SDK (<a href="https://redirect.github.com/modal-labs/modal-client/issues/42155">#42155</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/f58831da34ae94987a733aea1ec942b5515b5517"><code>f58831d</code></a> Add EnvironmentVariables to Sandbox proto (<a href="https://redirect.github.com/modal-labs/modal-client/issues/40287">#40287</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/21db34b97778961116e0cc20a366fdbe7e7301f9"><code>21db34b</code></a> Sandboxes [new FS API]: translate new FS API to JS Client (<a href="https://redirect.github.com/modal-labs/modal-client/issues/40848">#40848</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/686261e4fc02ebdeff81d9576471a2c6c57cb45c"><code>686261e</code></a> Sandboxes [new FS API]: translate new FS API to Go Client (<a href="https://redirect.github.com/modal-labs/modal-client/issues/40969">#40969</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/fb1f5644a2c9a52c037bed920fdbbb8693c65ecb"><code>fb1f564</code></a> Add Volume subdirectory mount and mount options to Go and JS SDKs (<a href="https://redirect.github.com/modal-labs/modal-client/issues/40893">#40893</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/c4c29e21d008ac72aa0dc1ebf16bc5d086e3a4be"><code>c4c29e2</code></a> client: [Go] Add sandbox v2 <code>from_id</code> (<a href="https://redirect.github.com/modal-labs/modal-client/issues/41977">#41977</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/c7aae182b2a9440e2b0427b47549310efcfb60ef"><code>c7aae18</code></a> client: [typescript] Add sandbox v2 <code>from_id</code> (<a href="https://redirect.github.com/modal-labs/modal-client/issues/41918">#41918</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/4fd50761bb82d9336c34ff5217ad5b0b454bac0a"><code>4fd5076</code></a> Client: Change task command router tests to use mock grpc servicer (<a href="https://redirect.github.com/modal-labs/modal-client/issues/41937">#41937</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/7e27cb0206d6d97d904961fe921b0e3c42fc5f1b"><code>7e27cb0</code></a> [FLASH-103] Add flash endpoint stop protobuf (<a href="https://redirect.github.com/modal-labs/modal-client/issues/42040">#42040</a>)</li> <li><a href="https://github.com/modal-labs/modal-client/commit/61ba55ec223a2e6652fbb5fd6ff42b33ea606086"><code>61ba55e</code></a> client: [Python] Add sandbox v2 <code>from_id</code> (<a href="https://redirect.github.com/modal-labs/modal-client/issues/41916">#41916</a>)</li> <li>Additional commits viewable in <a href="https://github.com/modal-labs/modal-client/compare/go/v0.7.4...go/v0.7.6">compare view</a></li> </ul> </details> <br /> Updates `@sveltejs/acorn-typescript` from 1.0.9 to 1.0.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/acorn-typescript/releases">@​sveltejs/acorn-typescript's releases</a>.</em></p> <blockquote> <h2><code>@​sveltejs/acorn-typescript</code><a href="https://github.com/1"><code>@​1</code></a>.0.10</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: use user-provided acorn-copy for ts plugin (<a href="https://redirect.github.com/sveltejs/acorn-typescript/pull/42">#42</a>)</p> </li> <li> <p>fix: support namespace declaration merging (<a href="https://redirect.github.com/sveltejs/acorn-typescript/pull/34">#34</a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/acorn-typescript/blob/main/CHANGELOG.md">@​sveltejs/acorn-typescript's changelog</a>.</em></p> <blockquote> <h2>1.0.10</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: use user-provided acorn-copy for ts plugin (<a href="https://redirect.github.com/sveltejs/acorn-typescript/pull/42">#42</a>)</p> </li> <li> <p>fix: support namespace declaration merging (<a href="https://redirect.github.com/sveltejs/acorn-typescript/pull/34">#34</a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/acorn-typescript/commit/53ed12a418322a5545b61ad46e8f4f1381e7da25"><code>53ed12a</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/43">#43</a>)</li> <li><a href="https://github.com/sveltejs/acorn-typescript/commit/c46396a6ab28dfb4c845438875e38efe10d8bdaa"><code>c46396a</code></a> fix: generateAcornTypeScript breaks when two acorn copies exist (<a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/42">#42</a>)</li> <li><a href="https://github.com/sveltejs/acorn-typescript/commit/e9b347f620cea555bcee035da000eb104648ffa5"><code>e9b347f</code></a> fix: support namespace declaration merging (<a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/34">#34</a>)</li> <li><a href="https://github.com/sveltejs/acorn-typescript/commit/fab62a1500a156fb4ec018cc9f22a515a9457975"><code>fab62a1</code></a> docs: add missing changelog entry for PR <a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/38">#38</a> (<a href="https://redirect.github.com/sveltejs/acorn-typescript/issues/40">#40</a>)</li> <li>See full diff in <a href="https://github.com/sveltejs/acorn-typescript/compare/v1.0.9...@sveltejs/acorn-typescript@1.0.10">compare view</a></li> </ul> </details> <br /> Updates `@types/estree` from 1.0.8 to 1.0.9 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/estree">compare view</a></li> </ul> </details> <br /> Updates `hono` from 4.12.18 to 4.12.23 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.23</h2> <h2>What's Changed</h2> <ul> <li>fix(serve-static): normalize all backslashes in file paths, not just the first in <a href="https://redirect.github.com/honojs/hono/pull/4962">honojs/hono#4962</a></li> <li>feat(context): export the Context class publicly by <a href="https://github.com/BlankParticle"><code>@​BlankParticle</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4543">honojs/hono#4543</a></li> <li>docs(contribution): add AI Usage Policy by <a href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4970">honojs/hono#4970</a></li> <li>feat(compress): add contentTypeFilter option and <code>COMPRESSIBLE_CONTENT_TYPE_REGEX</code> re-export by <a href="https://github.com/na-trium-144"><code>@​na-trium-144</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4961">honojs/hono#4961</a></li> <li>fix(utils/ipaddr): do not compress a single 0 group to <code>::</code> by <a href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4971">honojs/hono#4971</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.22...v4.12.23">https://github.com/honojs/hono/compare/v4.12.22...v4.12.23</a></p> <h2>v4.12.22</h2> <h2>What's Changed</h2> <ul> <li>chore: update vitest to v4 and cleanups by <a href="https://github.com/BlankParticle"><code>@​BlankParticle</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4952">honojs/hono#4952</a></li> <li>fix(mime): specify charset parameter per MIME type instead of mechanical detection by <a href="https://github.com/renatograsso10"><code>@​renatograsso10</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4912">honojs/hono#4912</a></li> <li>fix(compress): respect Accept-Encoding when encoding option is set by <a href="https://github.com/LeSingh1"><code>@​LeSingh1</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4951">honojs/hono#4951</a></li> <li>fix(deno): echo negotiated WebSocket subprotocol in upgrade response by <a href="https://github.com/ATOM00blue"><code>@​ATOM00blue</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4955">honojs/hono#4955</a></li> <li>feat: add msgpack as a compressible content type by <a href="https://github.com/na-trium-144"><code>@​na-trium-144</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4957">honojs/hono#4957</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/renatograsso10"><code>@​renatograsso10</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4912">honojs/hono#4912</a></li> <li><a href="https://github.com/LeSingh1"><code>@​LeSingh1</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4951">honojs/hono#4951</a></li> <li><a href="https://github.com/ATOM00blue"><code>@​ATOM00blue</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4955">honojs/hono#4955</a></li> <li><a href="https://github.com/na-trium-144"><code>@​na-trium-144</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4957">honojs/hono#4957</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.21...v4.12.22">https://github.com/honojs/hono/compare/v4.12.21...v4.12.22</a></p> <h2>v4.12.21</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths</h3> <p>Affects: <code>app.mount()</code>. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3</p> <h3>IP Restriction bypasses static deny rules for non-canonical IPv6</h3> <p>Affects: <code>hono/ip-restriction</code>. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5</p> <h3>Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection</h3> <p>Affects: <code>hono/cookie</code>. Fixes missing validation of <code>sameSite</code> and <code>priority</code> options against injection characters (<code>;</code>, <code>\r</code>, <code>\n</code>), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x</p> <h3>JWT middleware accepts any Authorization scheme, not only Bearer</h3> <p>Affects: <code>hono/jwt</code>, <code>hono/jwk</code>. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474</p> <hr /> <p>Users who use <code>app.mount()</code>, <code>hono/ip-restriction</code>, <code>hono/cookie</code>, or <code>hono/jwt</code>/<code>hono/jwk</code> are encouraged to upgrade to this version.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/83bfb3bb4a12c1d92c163a39e907df5d662ff78d"><code>83bfb3b</code></a> 4.12.23</li> <li><a href="https://github.com/honojs/hono/commit/bcd290a64c0b392fd06d2bd1f256c5dc9835e4a4"><code>bcd290a</code></a> fix(utils/ipaddr): do not compress a single 0 group to <code>::</code> (<a href="https://redirect.github.com/honojs/hono/issues/4971">#4971</a>)</li> <li><a href="https://github.com/honojs/hono/commit/c968177d9c11ddc7c7cca57c384497f11a6d60ae"><code>c968177</code></a> feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...</li> <li><a href="https://github.com/honojs/hono/commit/0265a5453a7c272417eaa22b93d3fb319d2188ed"><code>0265a54</code></a> docs(contribution): add AI Usage Policy (<a href="https://redirect.github.com/honojs/hono/issues/4970">#4970</a>)</li> <li><a href="https://github.com/honojs/hono/commit/c84c5d2d46ca6a78c316529491d42ab7bb956368"><code>c84c5d2</code></a> feat(context): export the Context class publicly (<a href="https://redirect.github.com/honojs/hono/issues/4543">#4543</a>)</li> <li><a href="https://github.com/honojs/hono/commit/82dad6297c90c33c41bf48b4530509a21588ad06"><code>82dad62</code></a> fix(serve-static): normalize all backslashes in file paths, not just the firs...</li> <li><a href="https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e"><code>2f01b77</code></a> 4.12.22</li> <li><a href="https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99"><code>6bc0dff</code></a> feat: add msgpack as a compressible content type (<a href="https://redirect.github.com/honojs/hono/issues/4957">#4957</a>)</li> <li><a href="https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9"><code>7e0555d</code></a> fix(deno): echo negotiated WebSocket subprotocol in upgrade response (<a href="https://redirect.github.com/honojs/hono/issues/4955">#4955</a>)</li> <li><a href="https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6"><code>f0ed246</code></a> fix(compress): respect Accept-Encoding when encoding option is set (<a href="https://redirect.github.com/honojs/hono/issues/4951">#4951</a>)</li> <li>Additional commits viewable in <a href="https://github.com/honojs/hono/compare/v4.12.18...v4.12.23">compare view</a></li> </ul> </details> <br /> Updates `@hono/node-server` from 2.0.1 to 2.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/node-server/releases">@​hono/node-server's releases</a>.</em></p> <blockquote> <h2>v2.0.4</h2> <h2>What's Changed</h2> <ul> <li>fix: stub ws types to prevent them leaking in public types by <a href="https://github.com/BlankParticle"><code>@​BlankParticle</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/359">honojs/node-server#359</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v2.0.3...v2.0.4">https://github.com/honojs/node-server/compare/v2.0.3...v2.0.4</a></p> <h2>v2.0.3</h2> <h2>What's Changed</h2> <ul> <li>chore(ci): update GitHub Actions versions by <a href="https://github.com/BlankParticle"><code>@​BlankParticle</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/352">honojs/node-server#352</a></li> <li>docs: Align the <code>ServeStaticOptions</code> comment with the current spec by <a href="https://github.com/kakkokari-gtyih"><code>@​kakkokari-gtyih</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/356">honojs/node-server#356</a></li> <li>fix: preserve headers mutated after raw Response construction by <a href="https://github.com/abdulmunimjemal"><code>@​abdulmunimjemal</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/357">honojs/node-server#357</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kakkokari-gtyih"><code>@​kakkokari-gtyih</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/node-server/pull/356">honojs/node-server#356</a></li> <li><a href="https://github.com/abdulmunimjemal"><code>@​abdulmunimjemal</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/node-server/pull/357">honojs/node-server#357</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v2.0.2...v2.0.3">https://github.com/honojs/node-server/compare/v2.0.2...v2.0.3</a></p> <h2>v2.0.2</h2> <h2>What's Changed</h2> <ul> <li>fix(serve-static): stop using file birthtime for Date header by <a href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/350">honojs/node-server#350</a></li> <li>fix: handle serveStatic stream fallback backpressure by <a href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/351">honojs/node-server#351</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v2.0.1...v2.0.2">https://github.com/honojs/node-server/compare/v2.0.1...v2.0.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/node-server/commit/9e1cdee836baeb13f33e857a582b29546185c324"><code>9e1cdee</code></a> 2.0.4</li> <li><a href="https://github.com/honojs/node-server/commit/b4ca62216c9b537f1e56e0282bc8b5ee5b953b26"><code>b4ca622</code></a> fix: stub ws types to prevent them leaking in public types (<a href="https://redirect.github.com/honojs/node-server/issues/359">#359</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/9d879875a3d6b87a53e31ce6c0de080f9a7a30dc"><code>9d87987</code></a> 2.0.3</li> <li><a href="https://github.com/honojs/node-server/commit/9463250257b3d430d3cf71cb7d9fd847a7930427"><code>9463250</code></a> fix: preserve headers mutated after raw Response construction (<a href="https://redirect.github.com/honojs/node-server/issues/357">#357</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/cee5e812087cd80ef0f08741a390b37a8e2ea45d"><code>cee5e81</code></a> docs: Align the <code>ServeStaticOption</code> command with the current specification (#...</li> <li><a href="https://github.com/honojs/node-server/commit/4aa0650744858993d1770d64aa4826b436304bfd"><code>4aa0650</code></a> chore(ci): update GitHub Actions versions (<a href="https://redirect.github.com/honojs/node-server/issues/352">#352</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/808159c4d2ab71064b9d00f2723078ac1b8324d5"><code>808159c</code></a> 2.0.2</li> <li><a href="https://github.com/honojs/node-server/commit/1a9748edd8da1b2829744ca8a199785fb095a4f2"><code>1a9748e</code></a> fix: handle serveStatic stream fallback backpressure (<a href="https://redirect.github.com/honojs/node-server/issues/351">#351</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/54d1bcd11e2bd3dc334f0d0d3d77604acb17f602"><code>54d1bcd</code></a> fix(serve-static): stop using file birthtime for Date header (<a href="https://redirect.github.com/honojs/node-server/issues/350">#350</a>)</li> <li>See full diff in <a href="https://github.com/honojs/node-server/compare/v2.0.1...v2.0.4">compare view</a></li> </ul> </details> <br /> Updates `react` from 19.2.5 to 19.2.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases">react's releases</a>.</em></p> <blockquote> <h2>19.2.7 (June 1st, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Fixed missing <code>FormData</code> entries in Server Actions which regressed in 19.2.6 (<a href="https://redirect.github.com/facebook/react/pull/36566">#36566</a> by <a href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li> </ul> <h2>19.2.6 (May 6th, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Type hardening and performance improvements (<a href="https://redirect.github.com/faceb... _Description has been truncated_ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-06-05 17:23:49 -04:00
yindo closed this issue 2026-06-05 17:23:49 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: langchain-ai/deepagentsjs#579