Skip to content

chore(deps): Bump the production group across 1 directory with 18 updates#264

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-b88474550d
Open

chore(deps): Bump the production group across 1 directory with 18 updates#264
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-b88474550d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 27, 2026

Copy link
Copy Markdown
Contributor

Bumps the production group with 18 updates in the / directory:

Package From To
@agentclientprotocol/sdk 0.16.1 0.25.0
better-sqlite3 12.8.0 12.10.0
drizzle-orm 0.45.1 0.45.2
grammy 1.41.1 1.43.0
helmet 8.1.0 8.2.0
uuid 13.0.0 14.0.0
ws 8.19.0 8.21.0
yaml 2.8.2 2.9.0
zod 4.3.6 4.4.3
@tanstack/react-query 5.90.21 5.101.0
@xyflow/react 12.10.1 12.11.0
fuse.js 7.1.0 7.4.2
lucide-react 0.577.0 1.17.0
react 19.2.4 19.2.7
react-dom 19.2.4 19.2.7
react-router-dom 7.13.1 7.17.0
react-virtuoso 4.18.3 4.18.7
zustand 5.0.11 5.0.14

Updates @agentclientprotocol/sdk from 0.16.1 to 0.25.0

Release notes

Sourced from @​agentclientprotocol/sdk's releases.

v0.25.0

0.25.0 (2026-06-05)

Features

v0.24.0

0.24.0 (2026-06-02)

Features

  • Add resilient schema deserialization (#167) (5864e73)
  • schema: Stabilize addl dirs and remove unstable model selectors (#165) (fa6e302)

v0.23.0

0.23.0 (2026-06-01)

Features

  • schema: Stabilize logout and update schema to v0.13.4 (#163) (cfd900a)

v0.22.1

0.22.1 (2026-05-18)

Bug Fixes

v0.22.0

0.22.0 (2026-05-18)

Features

v0.21.1

0.21.1 (2026-05-14)

Bug Fixes

  • emit .js extensions in generated schema barrel for nodenext consumers (#146) (63b96db)

... (truncated)

Changelog

Sourced from @​agentclientprotocol/sdk's changelog.

0.25.0 (2026-06-05)

Features

0.24.0 (2026-06-02)

Features

  • Add resilient schema deserialization (#167) (5864e73)
  • schema: Stabilize addl dirs and remove unstable model selectors (#165) (fa6e302)

0.23.0 (2026-06-01)

Features

  • schema: Stabilize logout and update schema to v0.13.4 (#163) (cfd900a)

0.22.1 (2026-05-18)

Bug Fixes

0.22.0 (2026-05-18)

Features

0.21.1 (2026-05-14)

Bug Fixes

  • emit .js extensions in generated schema barrel for nodenext consumers (#146) (63b96db)

0.21.0 (2026-04-28)

Features

... (truncated)

Commits
  • c55af88 chore(main): release 0.25.0 (#169)
  • 2cc77af feat(schema): stabilize deleteSession (#168)
  • 8966c11 chore(main): release 0.24.0 (#166)
  • 5864e73 feat: Add resilient schema deserialization (#167)
  • fa6e302 feat(schema): Stabilize addl dirs and remove unstable model selectors (#165)
  • 0c2e622 chore(main): release 0.23.0 (#164)
  • cfd900a feat(schema): Stabilize logout and update schema to v0.13.4 (#163)
  • 171a253 chore(deps-dev): bump concurrently from 9.2.1 to 10.0.0 (#162)
  • 0ecf001 chore(deps): bump the minor group with 19 updates (#161)
  • ca74103 chore(deps): bump crate-ci/typos from 1.46.2 to 1.47.0 (#160)
  • Additional commits viewable in compare view

Updates better-sqlite3 from 12.8.0 to 12.10.0

Release notes

Sourced from better-sqlite3's releases.

v12.10.0

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

New Contributors

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

v12.9.0

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

Commits

Updates drizzle-orm from 0.45.1 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

Updates grammy from 1.41.1 to 1.43.0

Release notes

Sourced from grammy's releases.

v1.43.0

What's Changed

New Contributors

Full Changelog: grammyjs/grammY@v1.42.0...v1.43.0

v1.42.0

What's Changed

New Contributors

Full Changelog: grammyjs/grammY@v1.41.1...v1.42.0

Commits

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options
Commits

Updates uuid from 13.0.0 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

  • expect crypto to be global everywhere (requires node@20+) (#935)
  • drop node@18 support (#934)

Features

Bug Fixes

  • expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
  • Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

  • rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

  • Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

  • crypto is now expected to be globally defined (requires node@20+) (#935)
  • drop node@18 support (#934)
  • upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
Commits
  • 7c1ea08 chore(main): release 14.0.0 (#926)
  • 3d2c5b0 Merge commit from fork
  • f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
  • 529ef08 chore: upgrade TypeScript and fixup types (#927)
  • 086fd79 chore: update dependencies (#933)
  • dc4ddb8 feat!: drop node@18 support (#934)
  • 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
  • e2879e6 chore: use maintained version of npm-run-all (#930)
  • ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
  • 0423d49 docs: remove obsolete v1 option notes (#915)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.


Updates ws from 8.19.0 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits
  • bca91ad [dist] 8.21.0
  • 2b2abd4 [security] Limit retained message parts
  • 78eabe2 [security] Add latest vulnerability to SECURITY.md
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • Additional commits viewable in compare view

Updates yaml from 2.8.2 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

  • fix: Avoid calling Array.prototype.push.apply() with large source array
  • fix(lexer): Avoid recursive calls that may exhaust the call stack

v2.8.4

  • Disable alias resolution with maxAliasCount:0 (#677)
  • Handle invalid unicode escapes (e1a1a77)
  • Apply minFractionDigits only to decimal strings (#676)

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)
Commits
  • ddb21b0 2.9.0
  • 167365b docs: Clarify that not all errors can be avoided
  • 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
  • 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
  • ccdf743 2.8.4
  • f625789 fix: Disable alias resolution with maxAliasCount:0 (#677)
  • e1a1a77 fix: Handle invalid unicode escapes
  • a163ea0 style: Satify Prettier
  • b2a5a6c fix: Apply minFractionDigits only to decimal strings (#676)
  • 93c951b chore: Bump JSR version to v2.8.3 (#673)
  • Additional commits viewable in compare view

Updates zod from 4.3.6 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

  • 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
  • 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
  • 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
  • b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
  • f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
  • 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

  • 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
  • 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
  • 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
  • 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
  • bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
  • cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
  • 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
  • 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
  • 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
  • e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
  • e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
  • 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
  • bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
  • 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
  • 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
  • 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
  • c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

  • 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
  • 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
  • cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
  • edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
  • 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits
  • 1fb56a5 docs: document release procedure in AGENTS.md
  • f3c9ec0 4.4.3
  • c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
  • 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 9195250 docs: remove Mintlify from bronze sponsors (churned)
  • 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
  • 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.


Updates @tanstack/react-query from 5.90.21 to 5.101.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.0

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.0

Patch Changes

  • #10857 7cf5923 - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'

  • Updated dependencies []:

    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-persist-client@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.0
    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0

@​tanstack/react-query-devtools@​5.100.14

Patch Changes

  • Updated dependencies [ed20b6d]:
    • @​tanstack/react-query@​5.100.14
    • @​tanstack/query-devtools@​5.100.14

@​tanstack/react-query-next-experimental@​5.100.14

Patch Changes

  • Updated dependencies [ed20b6d]:
    • @​tanstack/react-query@​5.100.14

@​tanstack/react-query-persist-client@​5.100.14

Patch Changes

  • Updated dependencies [ed20b6d]:
    • @​tanstack/react-query@​5.100.14
    • @​tanstack/query-persist-client-core@​5.100.14

@​tanstack/react-query@​5.100.14

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0

5.100.14

Patch Changes

  • fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

  • Updated dependencies []:

    • @​tanstack/query-core@​5.100.14

5.100.13

Patch Changes

  • Updated dependencies [d423168]:
    • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.11

5.100.10

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.10

5.100.9

Patch Changes

  • Updated dependencies [fcee7bd]:
    • @​tanstack/query-core@​5.100.9

... (truncated)

Commits

Updates @xyflow/react from 12.10.1 to 12.11.0

Release notes

Sourced from @​xyflow/react's releases.

@​xyflow/react@​12.11.0

12.11.0

Minor Changes

  • #5677 e6661de - Add autoPanOnSelection to auto-pan when user drags a selection close to the edge of the viewport.

Patch Changes

  • #5791 732c8eb - Adds a type error when handleId is used without handleType in useNodeConnections

  • #5793 c5c853d - Dev Warnings now use library-specific messaging with the correct documentation links.

  • #5776 0441e9f - Export NodeHandle type

  • #5755 88737f9 - Add @types/react and @types/react-dom as optional peer dependencies to prevent issues with pnpm strict mode (hoist: false)

  • #5105 076ad38 - Fix type for event passed to onNodeDrag

  • #5784 7055140 - Fix node resizing possible beyond absolute extents

  • #5769 ad4d547 - Use useEffect for StoreUpdater to restore previous behaviour

  • Updated dependencies [732c8eb, c5c853d, e6661de, 737194d, 40660cd, 4806e7c, 7055140]:

    • @​xyflow/system@​0.0.77

@​xyflow/react@​12.10.2

Patch Changes

... (truncated)

Changelog

Sourced from @​xyflow/react's changelog.

12.11.0

Minor Changes

  • #5677 e6661de - Add autoPanOnSelection to auto-pan when user drags a selection close to the edge of the viewport.

Patch Changes

  • #5791 732c8eb - Adds a type error when handleId is used without handleType in useNodeConnections

  • #5793 c5c853d - Dev Warnings now use library-specific messaging with the correct documentation links.

  • #5776 0441e9f - Export NodeHandle type

  • #5755 88737f9 - Add @types/react and @types/react-dom as optional peer dependencies to prevent issues with pnpm strict mode (hoist: false)

  • #5105 076ad38 - Fix type for event passed to onNodeDrag

  • #5784 7055140 - Fix node resizing possible beyond absolute extents

  • #5769 ad4d547 - Use useEffect for StoreUpdater to restore previous behaviour

  • Updated dependencies [732c8eb, c5c853d, e6661de, 737194d, 40660cd, 4806e7c, 7055140]:

    • @​xyflow/system@​0.0.77

12.10.2

Patch Changes

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 27, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-b88474550d branch from cbd7c09 to 171edbc Compare June 4, 2026 01:30
…ates

Bumps the production group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@agentclientprotocol/sdk](https://github.com/agentclientprotocol/typescript-sdk) | `0.16.1` | `0.25.0` |
| [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) | `12.8.0` | `12.10.0` |
| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.45.1` | `0.45.2` |
| [grammy](https://github.com/grammyjs/grammY) | `1.41.1` | `1.43.0` |
| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |
| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |
| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.9.0` |
| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.90.21` | `5.101.0` |
| [@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react) | `12.10.1` | `12.11.0` |
| [fuse.js](https://github.com/krisk/Fuse) | `7.1.0` | `7.4.2` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.577.0` | `1.17.0` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.7` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.13.1` | `7.17.0` |
| [react-virtuoso](https://github.com/petyosi/react-virtuoso/tree/HEAD/packages/react-virtuoso) | `4.18.3` | `4.18.7` |
| [zustand](https://github.com/pmndrs/zustand) | `5.0.11` | `5.0.14` |



Updates `@agentclientprotocol/sdk` from 0.16.1 to 0.25.0
- [Release notes](https://github.com/agentclientprotocol/typescript-sdk/releases)
- [Changelog](https://github.com/agentclientprotocol/typescript-sdk/blob/main/CHANGELOG.md)
- [Commits](agentclientprotocol/typescript-sdk@v0.16.1...v0.25.0)

Updates `better-sqlite3` from 12.8.0 to 12.10.0
- [Release notes](https://github.com/WiseLibs/better-sqlite3/releases)
- [Commits](WiseLibs/better-sqlite3@v12.8.0...v12.10.0)

Updates `drizzle-orm` from 0.45.1 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.45.1...0.45.2)

Updates `grammy` from 1.41.1 to 1.43.0
- [Release notes](https://github.com/grammyjs/grammY/releases)
- [Commits](grammyjs/grammY@v1.41.1...v1.43.0)

Updates `helmet` from 8.1.0 to 8.2.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.1.0...v8.2.0)

Updates `uuid` from 13.0.0 to 14.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v13.0.0...v14.0.0)

Updates `ws` from 8.19.0 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.19.0...8.21.0)

Updates `yaml` from 2.8.2 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.2...v2.9.0)

Updates `zod` from 4.3.6 to 4.4.3
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v4.3.6...v4.4.3)

Updates `@tanstack/react-query` from 5.90.21 to 5.101.0
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.0/packages/react-query)

Updates `@xyflow/react` from 12.10.1 to 12.11.0
- [Release notes](https://github.com/xyflow/xyflow/releases)
- [Changelog](https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/xyflow/xyflow/commits/@xyflow/react@12.11.0/packages/react)

Updates `fuse.js` from 7.1.0 to 7.4.2
- [Release notes](https://github.com/krisk/Fuse/releases)
- [Changelog](https://github.com/krisk/Fuse/blob/main/CHANGELOG.md)
- [Commits](krisk/Fuse@v7.1.0...v7.4.2)

Updates `lucide-react` from 0.577.0 to 1.17.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.17.0/packages/lucide-react)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `react-router-dom` from 7.13.1 to 7.17.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.17.0/packages/react-router-dom)

Updates `react-virtuoso` from 4.18.3 to 4.18.7
- [Release notes](https://github.com/petyosi/react-virtuoso/releases)
- [Changelog](https://github.com/petyosi/react-virtuoso/blob/main/packages/react-virtuoso/CHANGELOG.md)
- [Commits](https://github.com/petyosi/react-virtuoso/commits/react-virtuoso@4.18.7/packages/react-virtuoso)

Updates `zustand` from 5.0.11 to 5.0.14
- [Release notes](https://github.com/pmndrs/zustand/releases)
- [Commits](pmndrs/zustand@v5.0.11...v5.0.14)

---
updated-dependencies:
- dependency-name: "@agentclientprotocol/sdk"
  dependency-version: 0.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.100.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: "@xyflow/react"
  dependency-version: 12.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: better-sqlite3
  dependency-version: 12.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: fuse.js
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: grammy
  dependency-version: 1.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: lucide-react
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production
- dependency-name: react
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: react-dom
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: react-router-dom
  dependency-version: 7.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: react-virtuoso
  dependency-version: 4.18.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: zod
  dependency-version: 4.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: zustand
  dependency-version: 5.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-b88474550d branch from 171edbc to 2d9cfca Compare June 10, 2026 05:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants