Skip to content

chore(deps): bump the production-deps group with 8 updates#89

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-deps-51851c0a2c
Open

chore(deps): bump the production-deps group with 8 updates#89
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-deps-51851c0a2c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Bumps the production-deps group with 8 updates:

Package From To
@langchain/core 1.1.46 1.1.48
posthog-node 5.34.2 5.35.1
undici 8.2.0 8.3.0
ws 8.20.1 8.21.0
tsx 4.21.0 4.22.3
@whiskeysockets/baileys 6.7.21 6.7.23
bonjour-service 1.3.0 1.4.0
livekit-server-sdk 2.15.2 2.15.3

Updates @langchain/core from 1.1.46 to 1.1.48

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.1.48

Patch Changes

  • #10832 1b24369 Thanks @​info-arnav! - fix(core, openrouter): make CJS default re-exports callable

  • #10666 2bb55b0 Thanks @​hnustwjj! - feat(openrouter): surface reasoning content as v1 standard content blocks

    convertOpenRouterResponseToBaseMessage and convertOpenRouterDeltaToBaseMessageChunk now copy OpenRouter's reasoning (flat string) and reasoning_details (structured array) fields onto additional_kwargs.reasoning_content / additional_kwargs.reasoning_details. A new ChatOpenRouterTranslator is registered in @langchain/core under the "openrouter" provider key so AIMessage.contentBlocks emits standard {type: "reasoning"} blocks alongside text and tool calls.

    Previously, reasoning text returned by reasoning-capable models routed through OpenRouter (DeepSeek R1, Minimax M2, Claude extended thinking, o-series, etc.) was silently dropped: only the reasoning_tokens count was preserved via usage_metadata. Consumers using standard content blocks (including the frontend agent UI patterns shown in the docs) could not display the model's chain of thought.

  • #10918 3999fab Thanks @​christian-bromann! - fix(openai): stream custom tool calls through Responses API chunks

@​langchain/core@​1.1.47

Patch Changes

  • #10906 f61b345 Thanks @​hntrl! - feat(core): add uuid v6 utility support

    Add v6 UUID generation support to @langchain/core/utils/uuid by vendoring the upstream uuidjs v6 implementation and its v1ToV6 helper, exporting v6 from the UUID utils index, and adding tests for deterministic generation, buffer/offset behavior, validation/versioning, and ordering.

  • #10872 a640079 Thanks @​hntrl! - chore(deps): remove redundant @​types/uuid declarations

    Remove @types/uuid from package manifests that rely on @langchain/core/utils/uuid or do not require uuid type stubs directly, and refresh the lockfile entries accordingly.

  • #10792 3682268 Thanks @​Genmin! - fix(core): apply v1 message casting after implicit streaming aggregation

  • #10901 f26fc4a Thanks @​christian-bromann! - fix(testing): share fakeModel invocation state across bindTools instances

Commits
  • caad091 chore: version packages (#10919)
  • f4a6149 chore(deps): bump fast-uri from 3.1.0 to 3.1.2 (#10926)
  • 7b12f6d chore(deps): bump protobufjs from 7.5.6 to 7.6.0 (#10930)
  • 5c6c5fe chore(deps): bump ws from 5.2.4 to 8.20.0 (#10915)
  • a8652ce docs: fix typos, add Ollama setup, update outdated references (#10922)
  • 2bb55b0 feat(openrouter): surface reasoning as v1 standard content blocks (#10666)
  • 4ecb660 fix(langchain): set name on todoListMiddleware ToolMessages (#10706)
  • 20f27df fix(ibm): handle API errors in streaming responses (#10721)
  • 4566873 feat(ibm): add integration test to IBM implementation (#10732)
  • 6e4337f fix(aws): add claude-haiku-4 to supportedToolChoiceValuesForModel (#10743)
  • Additional commits viewable in compare view

Updates posthog-node from 5.34.2 to 5.35.1

Release notes

Sourced from posthog-node's releases.

posthog-node@5.35.1

5.35.1

Patch Changes

  • Updated dependencies [c806cca]:
    • @​posthog/core@​1.29.9

posthog-node@5.35.0

5.35.0

Minor Changes

  • #3642 18ea8b5 Thanks @​dustinbyrne! - Promote feature flag definition cache provider types to the main posthog-node export and deprecate posthog-node/experimental imports. (2026-05-21)

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.29.8

posthog-node@5.34.10

5.34.10

Patch Changes

  • #3643 f42f371 Thanks @​dmarticus! - Reject semver values with leading zeros in local flag evaluation. Per semver 2.0.0 §2, numeric identifiers must not include leading zeros — values like 1.07.3 are not valid semver and should not match targeting conditions. Both override values and flag values are now validated; invalid inputs surface as InconclusiveMatchError so the condition does not match. (2026-05-21)

posthog-node@5.34.9

5.34.9

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.29.7

posthog-node@5.34.8

5.34.8

Patch Changes

  • #3640 12ef3f6 Thanks @​hpouillot! - Fix identifyImmediate to await the underlying network request. Previously the returned promise resolved before the $identify event was sent, causing events to be dropped when called from short-lived runtimes (Vercel/Cloudflare Workers, Convex actions) that exit immediately after await. (2026-05-21)

posthog-node@5.34.7

5.34.7

Patch Changes

... (truncated)

Changelog

Sourced from posthog-node's changelog.

5.35.1

Patch Changes

  • Updated dependencies [c806cca]:
    • @​posthog/core@​1.29.9

5.35.0

Minor Changes

  • #3642 18ea8b5 Thanks @​dustinbyrne! - Promote feature flag definition cache provider types to the main posthog-node export and deprecate posthog-node/experimental imports. (2026-05-21)

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.29.8

5.34.10

Patch Changes

  • #3643 f42f371 Thanks @​dmarticus! - Reject semver values with leading zeros in local flag evaluation. Per semver 2.0.0 §2, numeric identifiers must not include leading zeros — values like 1.07.3 are not valid semver and should not match targeting conditions. Both override values and flag values are now validated; invalid inputs surface as InconclusiveMatchError so the condition does not match. (2026-05-21)

5.34.9

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.29.7

5.34.8

Patch Changes

  • #3640 12ef3f6 Thanks @​hpouillot! - Fix identifyImmediate to await the underlying network request. Previously the returned promise resolved before the $identify event was sent, causing events to be dropped when called from short-lived runtimes (Vercel/Cloudflare Workers, Convex actions) that exit immediately after await. (2026-05-21)

5.34.7

Patch Changes

  • Updated dependencies [a880dbc]:
    • @​posthog/core@​1.29.6

5.34.6

Patch Changes

... (truncated)

Commits
  • 3d41c1d chore: update versions and lockfile [version bump]
  • a05405d chore: update versions and lockfile [version bump]
  • 18ea8b5 feat(node): promote flag definition cache provider types (#3642)
  • 1fcb5ae chore: update versions and lockfile [version bump]
  • f42f371 fix(node): reject leading-zero semver values in local evaluation (#3643)
  • 2f46fe6 chore: update versions and lockfile [version bump]
  • 993a165 chore: update versions and lockfile [version bump]
  • 12ef3f6 fix(node): identifyImmediate does not await its network request (#3640)
  • e59c337 chore: update versions and lockfile [version bump]
  • 5f95335 chore: update versions and lockfile [version bump]
  • Additional commits viewable in compare view

Updates undici from 8.2.0 to 8.3.0

Release notes

Sourced from undici's releases.

v8.3.0

What's Changed

... (truncated)

Commits

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

Updates tsx from 4.21.0 to 4.22.3

Release notes

Sourced from tsx's releases.

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

  • decode typed loader source (dce02fc)
  • preserve entrypoint with TypeScript preload hooks (68f72f3)

This release is also available on:

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

  • preserve CJS JSON require in ESM hooks (35b700b)
  • preserve named exports from CommonJS TypeScript (11de737)
  • support module.exports require(esm) interop (cf8f199)

This release is also available on:

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

  • resolve tsconfig path aliases containing a colon (#780) (6979f28)

This release is also available on:

v4.22.0

4.22.0 (2026-05-14)

Features

This release is also available on:

... (truncated)

Commits
  • dce02fc fix: decode typed loader source
  • 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
  • 69455cf test: cover package exports for ambiguous ESM reexports
  • 35b700b fix: preserve CJS JSON require in ESM hooks
  • ef807db chore: update testing dependencies
  • 3917090 test: document compatibility test taxonomy
  • de8113f refactor: centralize Node capability facts
  • c1f62db test: consolidate tsconfig path edge coverage
  • 4e08174 test: consolidate loader hook coverage
  • 674bb30 test: consolidate tsImport commonjs mts coverage
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.


Updates @whiskeysockets/baileys from 6.7.21 to 6.7.23

Commits
  • e05b16b chore(release): v6.7.23
  • 58932e7 fix(decode): match sender against both PN and LID identities
  • 071a43e chore(release): v6.7.22
  • fcf9b7c fix(process-message): only drop self-only protocolMessages from non-self senders
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by purpshell, a new releaser for @​whiskeysockets/baileys since your current version.

Install script changes

This version adds preinstall, prepare scripts that run during installation. Review the package contents before updating.


Updates bonjour-service from 1.3.0 to 1.4.0

Release notes

Sourced from bonjour-service's releases.

1.4.0

What's Changed

New Contributors

Full Changelog: onlxltd/bonjour-service@1.3.0...1.4.0

Commits

Updates livekit-server-sdk from 2.15.2 to 2.15.3

Release notes

Sourced from livekit-server-sdk's releases.

livekit-server-sdk@2.15.3

Patch Changes

  • Bump @livekit/protocol to 1.45.6 and surface new fields on the agent dispatch and connector clients: - #657 (@​anunaym14)

    • AgentDispatchClient.createDispatch: new restartPolicy option (cloud only)
    • ConnectorClient.dialWhatsAppCall / acceptWhatsAppCall: new ringingTimeout option (and waitUntilAnswered on accept)
    • ConnectorClient.disconnectWhatsAppCall: new optional disconnectReason parameter
    • Re-export JobRestartPolicy and DisconnectWhatsAppCallRequest_DisconnectReason

  • Add canManageAgentSession to VideoGrant - #661 (@​theomonnom)

Changelog

Sourced from livekit-server-sdk's changelog.

2.15.3

Patch Changes

  • Bump @livekit/protocol to 1.45.6 and surface new fields on the agent dispatch and connector clients: - #657 (@​anunaym14)

    • AgentDispatchClient.createDispatch: new restartPolicy option (cloud only)
    • ConnectorClient.dialWhatsAppCall / acceptWhatsAppCall: new ringingTimeout option (and waitUntilAnswered on accept)
    • ConnectorClient.disconnectWhatsAppCall: new optional disconnectReason parameter
    • Re-export JobRestartPolicy and DisconnectWhatsAppCallRequest_DisconnectReason

  • Add canManageAgentSession to VideoGrant - #661 (@​theomonnom)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the production-deps group with 8 updates
cc72665 
Bumps the production-deps group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@langchain/core](https://github.com/langchain-ai/langchainjs) | `1.1.46` | `1.1.48` |
| [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.34.2` | `5.35.1` |
| [undici](https://github.com/nodejs/undici) | `8.2.0` | `8.3.0` |
| [ws](https://github.com/websockets/ws) | `8.20.1` | `8.21.0` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.3` |
| [@whiskeysockets/baileys](https://github.com/WhiskeySockets/Baileys) | `6.7.21` | `6.7.23` |
| [bonjour-service](https://github.com/onlxltd/bonjour-service) | `1.3.0` | `1.4.0` |
| [livekit-server-sdk](https://github.com/livekit/node-sdks/tree/HEAD/packages/livekit-server-sdk) | `2.15.2` | `2.15.3` |


Updates `@langchain/core` from 1.1.46 to 1.1.48
- [Release notes](https://github.com/langchain-ai/langchainjs/releases)
- [Commits](https://github.com/langchain-ai/langchainjs/compare/@langchain/core@1.1.46...@langchain/core@1.1.48)

Updates `posthog-node` from 5.34.2 to 5.35.1
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/commits/posthog-node@5.35.1/packages/node)

Updates `undici` from 8.2.0 to 8.3.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v8.2.0...v8.3.0)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `tsx` from 4.21.0 to 4.22.3
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.21.0...v4.22.3)

Updates `@whiskeysockets/baileys` from 6.7.21 to 6.7.23
- [Release notes](https://github.com/WhiskeySockets/Baileys/releases)
- [Changelog](https://github.com/WhiskeySockets/Baileys/blob/master/CHANGELOG.md)
- [Commits](WhiskeySockets/Baileys@v6.7.21...v6.7.23)

Updates `bonjour-service` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/onlxltd/bonjour-service/releases)
- [Commits](onlxltd/bonjour-service@1.3.0...1.4.0)

Updates `livekit-server-sdk` from 2.15.2 to 2.15.3
- [Release notes](https://github.com/livekit/node-sdks/releases)
- [Changelog](https://github.com/livekit/node-sdks/blob/main/packages/livekit-server-sdk/CHANGELOG.md)
- [Commits](https://github.com/livekit/node-sdks/commits/livekit-server-sdk@2.15.3/packages/livekit-server-sdk)

---
updated-dependencies:
- dependency-name: "@langchain/core"
  dependency-version: 1.1.48
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-deps
- dependency-name: posthog-node
  dependency-version: 5.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: undici
  dependency-version: 8.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: tsx
  dependency-version: 4.22.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: "@whiskeysockets/baileys"
  dependency-version: 6.7.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-deps
- dependency-name: bonjour-service
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: livekit-server-sdk
  dependency-version: 2.15.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants