Skip to content

chore(deps): bump the all-pnpm group across 3 directories with 10 updates#105

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/e2e_tests/tests_omni_full/main/all-pnpm-975a5c3d25
Open

chore(deps): bump the all-pnpm group across 3 directories with 10 updates#105
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/e2e_tests/tests_omni_full/main/all-pnpm-975a5c3d25

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Bumps the all-pnpm group with 1 update in the /e2e_tests/tests_omni_full directory: @types/node.
Bumps the all-pnpm group with 1 update in the /e2e_tests/tests_omni_light directory: @types/node.
Bumps the all-pnpm group with 8 updates in the /frontend/omni directory:

Package From To
@ai-sdk/openai 3.0.63 3.0.64
@ai-sdk/svelte 4.0.177 4.0.185
ai 6.0.177 6.0.185
dompurify 3.4.2 3.4.5
i18next 26.1.0 26.2.0
katex 0.16.45 0.16.47
sv-router 0.16.1 0.16.2
vite 8.0.12 8.0.13

Updates @types/node from 25.7.0 to 25.9.0

Commits

Updates @types/node from 25.7.0 to 25.9.0

Commits

Updates @ai-sdk/openai from 3.0.63 to 3.0.64

Release notes

Sourced from @​ai-sdk/openai's releases.

@​ai-sdk/openai@​3.0.64

Patch Changes

  • b7ed8bd: feat(openai): add opt-in pass-through for unsupported file media types
Changelog

Sourced from @​ai-sdk/openai's changelog.

3.0.64

Patch Changes

  • b7ed8bd: feat(openai): add opt-in pass-through for unsupported file media types
Commits

Updates @ai-sdk/svelte from 4.0.177 to 4.0.185

Release notes

Sourced from @​ai-sdk/svelte's releases.

@​ai-sdk/svelte@​4.0.185

Patch Changes

  • ai@6.0.185

@​ai-sdk/svelte@​4.0.184

Patch Changes

  • Updated dependencies [40fc5e4]
    • ai@6.0.184

@​ai-sdk/svelte@​4.0.183

Patch Changes

  • ai@6.0.183
Changelog

Sourced from @​ai-sdk/svelte's changelog.

4.0.185

Patch Changes

  • ai@6.0.185

4.0.184

Patch Changes

  • Updated dependencies [40fc5e4]
    • ai@6.0.184

4.0.183

Patch Changes

  • ai@6.0.183

4.0.182

Patch Changes

  • Updated dependencies [e76a29a]
    • ai@6.0.182

4.0.181

Patch Changes

  • Updated dependencies [538974a]
    • ai@6.0.181

4.0.180

Patch Changes

  • Updated dependencies [253bd5a]
  • Updated dependencies [57ec10f]
    • ai@6.0.180

4.0.179

Patch Changes

  • ai@6.0.179

4.0.178

Patch Changes

... (truncated)

Commits

Updates ai from 6.0.177 to 6.0.185

Release notes

Sourced from ai's releases.

ai@6.0.185

Patch Changes

  • Updated dependencies [488ef33]
    • @​ai-sdk/gateway@​3.0.116

ai@6.0.184

Patch Changes

  • 40fc5e4: fix(ai): default missing embedding warnings to an empty array

ai@6.0.183

Patch Changes

  • Updated dependencies [363cefe]
    • @​ai-sdk/gateway@​3.0.115
Changelog

Sourced from ai's changelog.

6.0.185

Patch Changes

  • Updated dependencies [488ef33]
    • @​ai-sdk/gateway@​3.0.116

6.0.184

Patch Changes

  • 40fc5e4: fix(ai): default missing embedding warnings to an empty array

6.0.183

Patch Changes

  • Updated dependencies [363cefe]
    • @​ai-sdk/gateway@​3.0.115

6.0.182

Patch Changes

  • e76a29a: fix(ai): download tool-result file URLs

6.0.181

Patch Changes

  • 538974a: fix(ui): make input optional on output-error tool and dynamic-tool UI message parts

    validateUIMessages rejected persisted assistant messages whose output-error tool parts had no input key. This happened for any errored tool call where the SDK set input: undefined (e.g. NoSuchToolError / InvalidToolInputError): JSON serialization stripped the undefined value, and Zod 4.4+ treats a missing z.unknown() key as a validation failure (previously it was implicitly optional). The schema now matches the runtime shape produced by process-ui-message-stream, so reloading a thread that contains an errored tool call no longer throws AI_TypeValidationError.

6.0.180

Patch Changes

  • 253bd5a: fix(gateway): enable retry support for gateway errors
  • 57ec10f: fix URL of hero animation in README
  • Updated dependencies [253bd5a]
    • @​ai-sdk/gateway@​3.0.114

6.0.179

Patch Changes

  • Updated dependencies [ee4de68]
    • @​ai-sdk/gateway@​3.0.113

... (truncated)

Commits

Updates dompurify from 3.4.2 to 3.4.5

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.5

  • Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @​KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

  • Added the selectedcontent element to default allow-list, thanks @​lukewarlow
  • Added the command and commandfor attributes to default allowed-list, thanks @​lukewarlow
  • Added better template scrubbing for IN_PLACE operations, thanks @​DEMON1A
  • Added stronger checks for cross-realm windows, thanks @​DEMON1A & @​fg0x0
  • Updated demo website and made sure it uses the latest from main
  • Updated existing workflows, fuzzer, dependabot, etc., added more tests
  • Bumped several dependencies where possible

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

DOMPurify 3.4.3

  • Fixed an issue with handling of nested Shadow DOM trees, thanks @​fishjojo1
  • Fixed the template regexes to be more robust against ReDoS attacks, thanks @​aleung27
  • Updated the node iteration code to catch more Shadow DOM related issues
  • Updated Playwright and added Node 26 to test matrix
  • Updated existing workflows, fuzzer, release signing, etc., added more tests
  • Bumped several dependencies where possible
Commits

Updates i18next from 26.1.0 to 26.2.0

Release notes

Sourced from i18next's releases.

v26.2.0

  • feat(types): new parseInterpolation TypeOption (default true). When set to false in CustomTypeOptions, the type-level extractor stops parsing translation strings for {{variable}} patterns. Required by i18next-icu users — the default extractor mistakes ICU MessageFormat nested-brace plurals like {count, plural, one {{count} row} other {{count} rows}} for an interpolation block and demands a phantom variable name. The flag is type-only; runtime interpolation is governed by InterpolationOptions and is unaffected. Fixes i18next-icu#85.
  • fix(types): expose enableSelector on InitOptions so i18next.init({ enableSelector: 'strict' }) typechecks without a module augmentation. The runtime already reads opts?.enableSelector from init options; this lands the matching type declaration next to the other selector-resolution knobs. Accepts false | true | 'optimize' | 'strict'. Thanks @​Faithfinder (#2431)
Changelog

Sourced from i18next's changelog.

26.2.0

  • feat(types): new parseInterpolation TypeOption (default true). When set to false in CustomTypeOptions, the type-level extractor stops parsing translation strings for {{variable}} patterns. Required by i18next-icu users — the default extractor mistakes ICU MessageFormat nested-brace plurals like {count, plural, one {{count} row} other {{count} rows}} for an interpolation block and demands a phantom variable name. The flag is type-only; runtime interpolation is governed by InterpolationOptions and is unaffected. Fixes i18next-icu#85.
  • fix(types): expose enableSelector on InitOptions so i18next.init({ enableSelector: 'strict' }) typechecks without a module augmentation. The runtime already reads opts?.enableSelector from init options; this lands the matching type declaration next to the other selector-resolution knobs. Accepts false | true | 'optimize' | 'strict'. Thanks @​Faithfinder (#2431)
Commits
  • 22fb6ad 26.2.0
  • b640ac4 feat(types): parseInterpolation flag for ICU-friendly t() typing (i18next-icu...
  • 0b9debd changelog: 26.1.1 entry for #2431
  • 50509e4 fix(types): expose enableSelector on InitOptions (#2431)
  • 80b5402 Enhance Pro Tip in README with i18next-locize-backend plugin link
  • See full diff in compare view

Updates katex from 0.16.45 to 0.16.47

Release notes

Sourced from katex's releases.

v0.16.47

0.16.47 (2026-05-16)

Bug Fixes

v0.16.46

0.16.46 (2026-05-13)

Bug Fixes

Changelog

Sourced from katex's changelog.

0.16.47 (2026-05-16)

Bug Fixes

0.16.46 (2026-05-13)

Bug Fixes

Commits
  • 878a61b chore(release): 0.16.47 [ci skip]
  • 7ba0027 fix: correct size of [ big delimiter (#4217)
  • 8a52ddb chore: migrate screenshotter for Safari to GitHub MacOS runner (#4206)
  • 2c25b47 chore(release): 0.16.46 [ci skip]
  • e9ee046 fix: preserve math font in some styling commands (#4214)
  • 88256c0 ci(screenshotter): require safe to test label for PRs (#4211)
  • a3fce45 ci(screenshotter): disable cache (#4209)
  • 9de4b3d chore: update linters (#4205)
  • c224153 refactor: improve typing for fonts (#4200)
  • 89a3d67 chore(deps): update dependency postcss to v8.5.10 [security] (#4202)
  • Additional commits viewable in compare view

Updates sv-router from 0.16.1 to 0.16.2

Release notes

Sourced from sv-router's releases.

sv-router@0.16.2

Patch Changes

  • 18093d8: Fix syncSearchParams discarding array values
  • 6d7ea95: Don't intercept link clicks outside the base path
Changelog

Sourced from sv-router's changelog.

0.16.2

Patch Changes

  • 18093d8: Fix syncSearchParams discarding array values
  • 6d7ea95: Don't intercept link clicks outside the base path
Commits

Updates svelte from 5.55.5 to 5.55.8

Release notes

Sourced from svelte's releases.

svelte@5.55.8

Patch Changes

  • fix(print): handle svelte:body and fix keyframe percentage double-printing (#18234)

  • fix: execute uninitialized derived even if it's destroyed (#18228)

  • fix: use named symbols everywhere (#18238)

  • fix: don't run teardown effects when deriveds are unfreezed (#18227)

  • fix: unset context synchronously in run (#18236)

svelte@5.55.7

Patch Changes

svelte@5.55.6

Patch Changes

  • fix: leave stale promises to wait for a later resolution, instead of rejecting (#18180)

  • fix: keep dependencies of $state.eager/pending (#18218)

  • fix: reapply context after transforming error during SSR (#18099)

  • fix: don't rebase just-created batches (#18117)

  • chore: allow null for pending in typings (#18201)

  • fix: flush eager effects in production (#18107)

  • fix: rethrow error of failed iterable after calling return() (#18169)

  • fix: account for proxified instance when updating bind:this (#18147)

  • fix: ensure scheduled batch is flushed if not obsolete (#18131)

  • fix: resolve stale deriveds with latest value (#18167)

  • chore: remove unnecessary increment_pending calls (#18183)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.55.8

Patch Changes

  • fix(print): handle svelte:body and fix keyframe percentage double-printing (#18234)

  • fix: execute uninitialized derived even if it's destroyed (#18228)

  • fix: use named symbols everywhere (#18238)

  • fix: don't run teardown effects when deriveds are unfreezed (#18227)

  • fix: unset context synchronously in run (#18236)

5.55.7

Patch Changes

5.55.6

Patch Changes

  • fix: leave stale promises to wait for a later resolution, instead of rejecting (#18180)

  • fix: keep dependencies of $state.eager/pending (#18218)

  • fix: reapply context after transforming error during SSR (#18099)

  • fix: don't rebase just-created batches (#18117)

  • chore: allow null for pending in typings (#18201)

  • fix: flush eager effects in production (#18107)

  • fix: rethrow error of failed iterable after calling return() (#18169)

  • fix: account for proxified instance when updating bind:this (#18147)

  • fix: ensure scheduled batch is flushed if not obsolete (#18131)

... (truncated)

Commits

Updates vite from 8.0.12 to 8.0.13

Release notes

Sourced from vite's releases.

v8.0.13

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.13 (2026-05-14)

Features

  • bundled-dev: add lazy bundling support (#21406) (4f0949f)
  • optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)
  • update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

  • build: copy public directory after building same environment with write=false (#22328) (158e8ae)
  • css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)
  • css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)
  • make isBundled per environment (#22257) (a576326)
  • ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

Commits
  • a46f11a release: v8.0.13
  • d9b18e0 fix(ssr): avoid rewriting labels that collide with imports (#22451)
  • 4f0949f feat(bundled-dev): add lazy bundling support (#21406)
  • 158e8ae fix(build): copy public directory after building same environment with `write...
  • 47071ce feat(optimizer): improve the esbuild plugin converter to pass some properties...
  • 8e59c97 fix(css): keep deprecated name/originalFileName in synthetic `assetFileNa...
  • a576326 fix: make isBundled per environment (#22257)
  • 8c766a6 feat: update rolldown to 1.0.1 (#22444)
  • b7edcb7 fix(css): await sass/less/styl worker disposal on teardown (fix #22274) (#22275)
  • fcdc87c chore: update changelog (#22413)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all-pnpm group across 3 directories with 10 upd…
6a688f9 
…ates

Bumps the all-pnpm group with 1 update in the /e2e_tests/tests_omni_full directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).
Bumps the all-pnpm group with 1 update in the /e2e_tests/tests_omni_light directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).
Bumps the all-pnpm group with 8 updates in the /frontend/omni directory:

| Package | From | To |
| --- | --- | --- |
| [@ai-sdk/openai](https://github.com/vercel/ai/tree/HEAD/packages/openai) | `3.0.63` | `3.0.64` |
| [@ai-sdk/svelte](https://github.com/vercel/ai/tree/HEAD/packages/svelte) | `4.0.177` | `4.0.185` |
| [ai](https://github.com/vercel/ai/tree/HEAD/packages/ai) | `6.0.177` | `6.0.185` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.4.2` | `3.4.5` |
| [i18next](https://github.com/i18next/i18next) | `26.1.0` | `26.2.0` |
| [katex](https://github.com/KaTeX/KaTeX) | `0.16.45` | `0.16.47` |
| [sv-router](https://github.com/colinlienard/sv-router) | `0.16.1` | `0.16.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.12` | `8.0.13` |



Updates `@types/node` from 25.7.0 to 25.9.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/node` from 25.7.0 to 25.9.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@ai-sdk/openai` from 3.0.63 to 3.0.64
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/@ai-sdk/openai@3.0.64/packages/openai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/@ai-sdk/openai@3.0.64/packages/openai)

Updates `@ai-sdk/svelte` from 4.0.177 to 4.0.185
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/@ai-sdk/svelte@4.0.185/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/@ai-sdk/svelte@4.0.185/packages/svelte)

Updates `ai` from 6.0.177 to 6.0.185
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/ai@6.0.185/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/ai@6.0.185/packages/ai)

Updates `dompurify` from 3.4.2 to 3.4.5
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.2...3.4.5)

Updates `i18next` from 26.1.0 to 26.2.0
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v26.1.0...v26.2.0)

Updates `katex` from 0.16.45 to 0.16.47
- [Release notes](https://github.com/KaTeX/KaTeX/releases)
- [Changelog](https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md)
- [Commits](KaTeX/KaTeX@v0.16.45...v0.16.47)

Updates `sv-router` from 0.16.1 to 0.16.2
- [Release notes](https://github.com/colinlienard/sv-router/releases)
- [Changelog](https://github.com/colinlienard/sv-router/blob/main/CHANGELOG.md)
- [Commits](https://github.com/colinlienard/sv-router/compare/sv-router@0.16.1...sv-router@0.16.2)

Updates `svelte` from 5.55.5 to 5.55.8
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.55.8/packages/svelte)

Updates `vite` from 8.0.12 to 8.0.13
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.9.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-pnpm
- dependency-name: "@types/node"
  dependency-version: 25.9.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-pnpm
- dependency-name: "@ai-sdk/openai"
  dependency-version: 3.0.64
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pnpm
- dependency-name: "@ai-sdk/svelte"
  dependency-version: 4.0.185
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pnpm
- dependency-name: ai
  dependency-version: 6.0.185
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pnpm
- dependency-name: dompurify
  dependency-version: 3.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pnpm
- dependency-name: i18next
  dependency-version: 26.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-pnpm
- dependency-name: katex
  dependency-version: 0.16.47
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pnpm
- dependency-name: sv-router
  dependency-version: 0.16.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pnpm
- dependency-name: svelte
  dependency-version: 5.55.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pnpm
- dependency-name: vite
  dependency-version: 8.0.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-pnpm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants