chore(deps): bump the production-dependencies group with 13 updates

[dependabot]

Bumps the production-dependencies group with 13 updates:

Package	From	To
@langchain/core	1.1.41	1.1.44
@langchain/openai	1.4.4	1.4.5
@mixedbread/sdk	0.62.0	0.64.0
@sentry/nextjs	10.50.0	10.51.0
@tavily/core	0.7.2	0.7.3
inngest	4.2.4	4.2.6
langchain	1.3.4	1.3.5
lucide-react	1.11.0	1.14.0
mongoose	9.5.0	9.6.1
posthog-js	1.372.1	1.372.6
react-hook-form	7.74.0	7.75.0
react-resizable-panels	4.10.0	4.11.0
zod	4.3.6	4.4.3

Updates @langchain/core from 1.1.41 to 1.1.44

Commits

• See full diff in compare view

Updates @langchain/openai from 1.4.4 to 1.4.5

Commits

• See full diff in compare view

Updates @mixedbread/sdk from 0.62.0 to 0.64.0

Release notes

Sourced from @​mixedbread/sdk's releases.

v0.64.0

0.64.0 (2026-04-29)

Full Changelog: v0.63.0...v0.64.0

Features

• api: api update (6caf05e)

v0.63.0

0.63.0 (2026-04-28)

Full Changelog: v0.62.0...v0.63.0

Features

• support setting headers via env (9f574b1)

Chores

• internal: codegen related update (15ef319)

Changelog

Sourced from @​mixedbread/sdk's changelog.

0.64.0 (2026-04-29)

Full Changelog: v0.63.0...v0.64.0

Features

• api: api update (6caf05e)

0.63.0 (2026-04-28)

Full Changelog: v0.62.0...v0.63.0

Features

• support setting headers via env (9f574b1)

Chores

• internal: codegen related update (15ef319)

Commits

• c42a7b9 release: 0.64.0
• d75bf78 feat(api): api update
• 4334ceb codegen metadata
• 03d9759 release: 0.63.0
• 5ff383e feat: support setting headers via env
• 5d5afbb chore(internal): codegen related update
• 21a1317 codegen metadata
• See full diff in compare view

Updates @sentry/nextjs from 10.50.0 to 10.51.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.51.0

Important Changes

• feat(cloudflare): Add trace propagation for RPC method calls (#20343)

  Trace context is now propagated across Cloudflare Workers RPC calls, connecting traces between Workers and Durable Objects. This feature is opt-in and requires setting enableRpcTracePropagation: true in your SDK configuration:

  // Worker
  export default Sentry.withSentry(
    env => ({
      dsn: env.SENTRY_DSN,
      enableRpcTracePropagation: true,
    }),
    handler,
  );
  // Durable Object
  export const MyDurableObject = Sentry.instrumentDurableObjectWithSentry(
  env => ({
  dsn: env.SENTRY_DSN,
  enableRpcTracePropagation: true,
  }),
  MyDurableObjectBase,
  );

• feat(hono)!: Change setup for @sentry/hono/node (init in external file) (#20497)

  To improve Node.js instrumentation, the sentry() middleware exported from @sentry/hono/node no longer accepts configuration options. Instead, you must configure the SDK by calling Sentry.init() in a dedicated instrumentation file that runs before your application code (read more in the Hono SDK readme:

  // instrument.mjs (or instrument.ts)
  import * as Sentry from '@sentry/hono/node';
  Sentry.init({
  dsn: 'DSN',
  tracesSampleRate: 1.0,
  });

• feat(nitro): Add @sentry/nitro SDK (#19224)

  A new @sentry/nitro package provides first-class Sentry support for Nitro applications, with HTTP handler and error instrumentation, middleware tracing, request isolation, and build-time source map uploading via withSentryConfig. Read more in the Nitro SDK docs and the Nitro SDK readme.

Other Changes

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.51.0

Important Changes

• feat(cloudflare): Add trace propagation for RPC method calls (#20343)

  Trace context is now propagated across Cloudflare Workers RPC calls, connecting traces between Workers and Durable Objects. This feature is opt-in and requires setting enableRpcTracePropagation: true in your SDK configuration:

  // Worker
  export default Sentry.withSentry(
    env => ({
      dsn: env.SENTRY_DSN,
      enableRpcTracePropagation: true,
    }),
    handler,
  );
  // Durable Object
  export const MyDurableObject = Sentry.instrumentDurableObjectWithSentry(
  env => ({
  dsn: env.SENTRY_DSN,
  enableRpcTracePropagation: true,
  }),
  MyDurableObjectBase,
  );

• feat(hono)!: Change setup for @sentry/hono/node (init in external file) (#20497)

  To improve Node.js instrumentation, the sentry() middleware exported from @sentry/hono/node no longer accepts configuration options. Instead, you must configure the SDK by calling Sentry.init() in a dedicated instrumentation file that runs before your application code (read more in the Hono SDK readme:

  // instrument.mjs (or instrument.ts)
  import * as Sentry from '@sentry/hono/node';
  Sentry.init({
  dsn: 'DSN',
  tracesSampleRate: 1.0,
  });

• feat(nitro): Add @sentry/nitro SDK (#19224)

  A new @sentry/nitro package provides first-class Sentry support for Nitro applications, with HTTP handler and error instrumentation, middleware tracing, request isolation, and build-time source map uploading via withSentryConfig. Read more in the Nitro SDK docs and the Nitro SDK readme.

Other Changes

... (truncated)

Commits

• dc0b839 release: 10.51.0
• b3cabee Merge pull request #20599 from getsentry/prepare-release/10.51.0
• 3be99a9 meta(changelog): Update changelog for 10.51.0
• bea1aad test(browser): Unflake some more tests (#20591)
• 50aa085 test(node): Unflake postgres tests (#20593)
• 1166839 fix(hono): Distinguish .use() middleware in sub-apps from .all() handlers...
• 217ad4a test(node): Fix flaky ANR test (#20592)
• 91ffb3f test(node): Fix flaky worker thread integration test (#20588)
• c4e3902 chore(ci): Do not report flaky test issues if we cannot find a test name (#20...
• c0005cd test(node): Update timeout for cron integration tests (#20586)
• Additional commits viewable in compare view

Updates @tavily/core from 0.7.2 to 0.7.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by tomer-yaacoby, a new releaser for @​tavily/core since your current version.

Updates inngest from 4.2.4 to 4.2.6

Release notes

Sourced from inngest's releases.

inngest@4.2.6

Patch Changes

• #1492 68dcd8aa Thanks @​amh4r! - Reduce response info when unauthorized

• #1490 a8027116 Thanks @​amh4r! - Authed introspection returns partial signing key hash

inngest@4.2.5

Patch Changes

• #1479 6b9769ca Thanks @​scottnuma! - Fix step.sendSignal() return type to match runtime: Promise<InngestApi.SendSignalResponse> ({ runId: string | undefined }) instead of Promise<null>

• #1483 d0a59629 Thanks @​Linell! - Fix run IDs not URL encoded in Durable Endpoints

• #1481 970ded9b Thanks @​Linell! - Improves HMAC signature verification by using a constant-time comparison, which mitigates a potential timing-based signature-recovery attack against the request signature. Also improves handling of timestamps in signatures, including malformed or future-dated values.

• #1472 9df36dee Thanks @​Linell! - Fix empty body on Vercel serverless Node handlers

• #1482 e34972d3 Thanks @​Linell! - Hash the signing key used when exporting OTel traces

Changelog

Sourced from inngest's changelog.

4.2.6

Patch Changes

• #1492 68dcd8aa Thanks @​amh4r! - Reduce response info when unauthorized

• #1490 a8027116 Thanks @​amh4r! - Authed introspection returns partial signing key hash

4.2.5

Patch Changes

• #1479 6b9769ca Thanks @​scottnuma! - Fix step.sendSignal() return type to match runtime: Promise<InngestApi.SendSignalResponse> ({ runId: string | undefined }) instead of Promise<null>

• #1483 d0a59629 Thanks @​Linell! - Fix run IDs not URL encoded in Durable Endpoints

• #1481 970ded9b Thanks @​Linell! - Improves HMAC signature verification by using a constant-time comparison, which mitigates a potential timing-based signature-recovery attack against the request signature. Also improves handling of timestamps in signatures, including malformed or future-dated values.

• #1472 9df36dee Thanks @​Linell! - Fix empty body on Vercel serverless Node handlers

• #1482 e34972d3 Thanks @​Linell! - Hash the signing key used when exporting OTel traces

Commits

• e13fb37 Skip a flaky test (#1502)
• 335710e Fix test (#1498)
• 26aec30 Release @​latest (#1494)
• 68dcd8a Reduce response info when unauthorized (#1492)
• a802711 Authed introspection sends partial signing key hash (#1490)
• 31d1720 Release @​latest (#1476)
• 2521d9e Whitelist env vars that are stored in memory (#1487)
• d0a5962 fix: use encodeURIComponent for runIDs (#1483)
• e34972d fix: hash otel exporter signing key (#1482)
• 970ded9 fix: HMAC signature verification tweak (#1481)
• Additional commits viewable in compare view

Updates langchain from 1.3.4 to 1.3.5

Commits

• daece6d chore: version packages (#10560)
• 9781bff fix(google): align ChatGoogle mediaResolution with Gemini scalar type (#10550)
• 3bd85c1 feat(langchain): add ChatGoogle support to initChatModel (#10654)
• d3d0922 feat(core): support for headless tools (#10430)
• 793bc69 feat(aws): impute file name for document content blocks#963 (#10658)
• d6bf4fc feat(openai): impute placeholder filenames for openai file inputs (#10614)
• 0a7a729 fix(examples): update dependencies (#10651)
• 6f8dafc Bump vitest (#10649)
• e89cfd2 chore(deps): bump @​cloudflare/workers-types from 4.20260207.0 to 4.20260402.1...
• 0de2c14 chore(deps): bump @​aws-sdk/client-bedrock-agent-runtime from 3.1006.0 to 3.10...
• Additional commits viewable in compare view

Updates lucide-react from 1.11.0 to 1.14.0

Release notes

Sourced from lucide-react's releases.

Version 1.14.0

What's Changed

• feat(icons): added repeat-off icon by @​jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

• fix(docs): sync URL params with UI state on categories page by @​taimar in lucide-icons/lucide#4111
• feat(icons): add waves-vertical icon by @​jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

• feat(icon): add folder-bookmark icon by @​swastik7805 in lucide-icons/lucide#4262
• docs(readme): Update readme files by @​ericfennis in lucide-icons/lucide#4320
• feat(icons): added astroid icon by @​whoisBugsbunny in lucide-icons/lucide#4217

Full Changelog: lucide-icons/lucide@1.10.0...1.12.0

Commits

• 50d8af5 docs(readme): Update readme files (#4320)
• See full diff in compare view

Updates mongoose from 9.5.0 to 9.6.1

Release notes

Sourced from mongoose's releases.

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

Changelog

Sourced from mongoose's changelog.

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

Commits

• 00c14c7 chore: release 9.6.1
• 704ce83 Merge pull request #16251 from noseworthy/fix-object-id-getter-type-augmentation
• 76f464f types(objectid): fix _id getter helper on ObjectId
• 96b7de2 chore: release 9.6.0
• 909a5e7 Merge pull request #16245 from Automattic/vkarpov15/mongodb-7.2
• f5b7a43 feat: upgrade mongodb node driver to 7.2
• 33007eb Merge pull request #16242 from Automattic/vkarpov15/gh-16240
• 2b3d129 Merge pull request #16243 from Automattic/vkarpov15/gh-16235
• 890cad9 types: export Projector and ArrayProjectionOperators
• 128eb8a Merge pull request #16237 from Automattic/vkarpov15/gh-15905
• Additional commits viewable in compare view

Updates posthog-js from 1.372.1 to 1.372.6

Release notes

Sourced from posthog-js's releases.

posthog-js@1.372.6

1.372.6

Patch Changes

• #3492 cf56753 Thanks @​lucasheriques! - Add translated survey rendering support in React Native and share survey translation logic through @posthog/core. (2026-05-01)
• Updated dependencies [cf56753, 04db756]:
  • @​posthog/core@​1.28.0
  • @​posthog/types@​1.372.6

posthog-js@1.372.5

1.372.5

Patch Changes

• #3448 c726aae Thanks @​posthog! - fix(exceptions): avoid cross-origin property access when calling the previous window.onunhandledrejection handler (2026-04-29)
• Updated dependencies []:
  • @​posthog/types@​1.372.5
  • @​posthog/core@​1.27.9

posthog-js@1.372.4

1.372.4

Patch Changes

• #3495 5a6b2a5 Thanks @​posthog! - Fix copy autocapture when copying or cutting text from Shadow DOM or document fragment contexts. (2026-04-29)
• Updated dependencies []:
  • @​posthog/types@​1.372.4
  • @​posthog/core@​1.27.8

posthog-js@1.372.3

1.372.3

Patch Changes

• #3488 5b8efc3 Thanks @​lucasheriques! - Add browser survey translation rendering and language tracking. (2026-04-27)
• Updated dependencies []:
  • @​posthog/types@​1.372.3
  • @​posthog/core@​1.27.7

posthog-js@1.372.2

1.372.2

Patch Changes

• #3484 cba2570 Thanks @​veryayskiy! - Fix autofocus

... (truncated)

Commits

• c1ac939 chore: update versions and lockfile [version bump]
• 9ee2c9c docs(ai): drop resource-level distinct_id from vercel-ai examples (#3501)
• cf56753 feat(surveys): support translations on react native (#3492)
• 04db756 feat(logs): flush RN logs queue to /i/v1/logs with batching (#3480)
• ee12365 chore: upload browser source maps to S3 (#3509)
• 466612d chore: update versions and lockfile [version bump]
• 38e85c9 perf(ai): drop O(N²) prompt trim and reuse encoder/decoder (#3507)
• b02194b chore: update versions and lockfile [version bump]
• 70ba8f8 feat(flags): support mixed targeting in local evaluation (#3474)
• a65a8be chore: update versions and lockfile [version bump]
• Additional commits viewable in compare view

Updates react-hook-form from 7.74.0 to 7.75.0

Release notes

Sourced from react-hook-form's releases.

Version 7.75.0

🦧 feat: improve get dirty fields prune empty fields (#13363)

+ dirtyFields: { test: [{ data: false }] }
- dirtyFields: {} // removed the empty node with false value

🎹 typescript 6.0 (#13330) 🌡️ chore: minor improvement on setValue & reset (#13366) 🐞 fix #13403: include setValues in FormProvider context value (#13404) 🐞 fix: recompute isDirty after re-registering a previously unregistered field (#13399) 🐞 fix: preserve watch updates on field array unmount fixes #13375 (#13385) 🐞 fix: prevent useWatch re-render when unrelated field validation is … (#13398)

thanks to @​dfedoryshchev, @​cyky & @​gkarabelos

Changelog

Sourced from react-hook-form's changelog.

[7.75.0] - 2026-05-02

Added

• Improve getDirtyFields to prune empty fields
• TypeScript 6.0 support

Fixed

• Include setValues in FormProvider context value
• Preserve watch updates on field array unmount
• Prevent useWatch re-render when unrelated field validation occurs
• Recompute isDirty after re-registering a previously unregistered field

Commits

• 24bde23 7.75.0
• aa6f795 🐞 fix #13403: include setValues in FormProvider context value (#13404)
• c2b22f9 🥊 all ts-ignores removed
• 3165a52 🧸 fix more @​ts-ignores
• 7c51590 🧸 fix more @​ts-ignores
• b16b4fa 🎹 typescript 6.0 (#13330)
• 4bace71 🐞 fix: preserve watch updates on field array unmount fixes #13375 (#13385)
• 2adb9c0 🐞 fix: prevent useWatch re-render when unrelated field validation is … (#13398)
• f5a234d 🦧 feat: improve get dirty fields prune empty fields (#13363)
• def8fd5 🐞 fix: recompute isDirty after re-registering a previously unregistered field...
• Additional commits viewable in compare view

Updates react-resizable-panels from 4.10.0 to 4.11.0

Changelog

Sourced from react-resizable-panels's changelog.

4.11.0

• 712: Separator supports :focus-visible pseudo-class
• 703: Fix: edge case scenarios when collapsing the last panel
• 711: Improve legacy browser support wrt global stylesheets

Commits

• 85714d9 4.11.0
• 640b88d Fix typo on Min/max sizes doc page (#710)
• e434898 Upgrade react-lib-tools to improve site-search
• ab61ee9 Upgrade react-lib-tools to improve site-search
• 5985041 Update overflow style example
• See full diff in compare view

Updates zod from 4.3.6 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

• 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
• 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
• 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
• 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
• 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
• b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
• f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
• 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

• 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
• 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
• 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
• 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
• bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
• cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
• 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
• 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
• 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
• e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
• e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
• 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
• bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
• 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
• 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
• 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
• c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

• 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
• 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
• cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
• edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
• 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits

• 1fb56a5 docs: document release procedure in AGENTS.md
• f3c9ec0 4.4.3
• c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
• 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 9195250 docs: remove Mintlify from bronze sponsors (churned)
• 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
• 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
• 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
• 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: vectorMindsAI. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.