chore(deps): bump the production-dependencies group across 1 directory with 21 updates

[dependabot]

Bumps the production-dependencies group with 21 updates in the / directory:

Package	From	To
@langchain/community	1.1.27	1.1.28
@langchain/core	1.1.41	1.1.45
@langchain/openai	1.4.4	1.4.5
@mixedbread/sdk	0.62.0	0.65.0
@sentry/nextjs	10.50.0	10.52.0
@tavily/core	0.7.2	0.7.3
express-rate-limit	8.4.1	8.5.1
inngest	4.2.4	4.3.0
langchain	1.3.4	1.4.0
lucide-react	1.11.0	1.14.0
mongoose	9.5.0	9.6.2
next	16.2.4	16.2.6
npm	11.13.0	11.14.1
posthog-js	1.372.1	1.372.10
react	19.2.5	19.2.6
react-day-picker	9.14.0	10.0.0
react-dom	19.2.5	19.2.6
react-hook-form	7.74.0	7.75.0
react-resizable-panels	4.10.0	4.11.0
tailwind-merge	3.5.0	3.6.0
zod	4.3.6	4.4.3

Updates @langchain/community from 1.1.27 to 1.1.28

Release notes

Sourced from @​langchain/community's releases.

@​langchain/community@​1.1.28

Patch Changes

• #44 f9a922e Thanks @​dependabot! - chore(deps): bump fast-xml-parser from 5.5.9 to 5.7.0

• #30 9cd006c Thanks @​christian-bromann! - fix(pdf-loader): support both pdf-parse v1 and v2

• #36 1e2e4bf Thanks @​hntrl! - Fix Milvus collection loading before delete operations (#9749) and partition name handling in search/delete (#9748)

  • Added loadCollectionSync() call in the delete() method to ensure collection is loaded before delete operations
  • Added partition_names parameter to search() call in similaritySearchVectorWithScore()
  • Added partition_name parameter to both deleteEntities() and delete() calls
  • Updated error message in delete method from "before search" to "before deletion"

• #41 5bd4246 Thanks @​RaschidJFR! - Expose basePath option in VoyageEmbeddings class

• #43 b835751 Thanks @​jkennedyvz! - chore(deps): bump transitive dependencies to patch 6 security alerts

  Updates pnpm overrides to resolve critical and high severity Dependabot alerts in transitive dependencies reached via optional peerDependencies and dev tooling:

  • protobufjs ^7.2.5 -> ^7.5.5 (CVE-2026-41242)
  • basic-ftp >=5.2.0 -> ^5.3.0 (CVE-2026-39983, GHSA-rp42-5vxx-qpwr, GHSA-6v7q-wjvx-w8wg)
  • vite new override ^7.3.2 (CVE-2026-39363, CVE-2026-39364, plus CVE-2026-39365 as a side effect)

  No workspace package has these as direct dependencies; overrides affect the monorepo lockfile only and do not change published package contents.

• #42 3657e90 Thanks @​RaschidJFR! - surface Voyage AI API errors in VoyageEmbeddings

Commits

• See full diff in compare view

Updates @langchain/core from 1.1.41 to 1.1.45

Commits

• See full diff in compare view

Updates @langchain/openai from 1.4.4 to 1.4.5

Commits

• See full diff in compare view

Updates @mixedbread/sdk from 0.62.0 to 0.65.0

Release notes

Sourced from @​mixedbread/sdk's releases.

v0.65.0

0.65.0 (2026-05-08)

Full Changelog: v0.64.0...v0.65.0

Features

• api: api update (50ebe58)

Chores

• format: run eslint and prettier separately (6e4a29d)
• redact api-key headers in debug logs (8768041)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website 📚 Read the docs 🙋 Reach out for help or questions

v0.64.0

0.64.0 (2026-04-29)

Full Changelog: v0.63.0...v0.64.0

Features

• api: api update (6caf05e)

v0.63.0

0.63.0 (2026-04-28)

Full Changelog: v0.62.0...v0.63.0

Features

• support setting headers via env (9f574b1)

Chores

• internal: codegen related update (15ef319)

Changelog

Sourced from @​mixedbread/sdk's changelog.

0.65.0 (2026-05-08)

Full Changelog: v0.64.0...v0.65.0

Features

• api: api update (50ebe58)

Chores

• format: run eslint and prettier separately (6e4a29d)
• redact api-key headers in debug logs (8768041)

0.64.0 (2026-04-29)

Full Changelog: v0.63.0...v0.64.0

Features

• api: api update (6caf05e)

0.63.0 (2026-04-28)

Full Changelog: v0.62.0...v0.63.0

Features

• support setting headers via env (9f574b1)

Chores

• internal: codegen related update (15ef319)

Commits

• aa10a2f release: 0.65.0
• b062be1 codegen metadata
• 7955f53 chore: redact api-key headers in debug logs
• 64229c9 feat(api): api update
• 0bfc3fd codegen metadata
• 0ed457e codegen metadata
• e0e1024 codegen metadata
• 50b6f67 codegen metadata
• fbab5e3 chore(format): run eslint and prettier separately
• c42a7b9 release: 0.64.0
• Additional commits viewable in compare view

Updates @sentry/nextjs from 10.50.0 to 10.52.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.52.0

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the Sentry Hono SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#20523)
• feat(cloudflare): Support tracing for queue producer (#20529)
• feat(core): Apply request data to segment spans in span streaming (#20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#20613)
• feat(http): Portable node:http client instrumentation (#20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#20615)
• feat(node-core): Add processSegmentSpan to node context integration (#20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#20573)
• feat(node): Vendor ioredis, redis instrumentations (#20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• fix: Bump fast-xml-parser to fix vulnerability (#20644)
• fix: Bump vite versions to fix vulnerability (#20646)
• fix(core): Drain buffers in flush() when there is no transport (#20207)
• fix(core): Guard against undefined chained in copyProps (#20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)
• fix(deps): Bump transitive deps for medium security fixes (#20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#20640)
• fix(nextjs): Skip build modification when SRI is enabled (#20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#20509)

• chore: Remove bundle-analyzer-scenarios dev packages (#20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#20696)
• chore(deps): Bump vulnerable testem version (#20634)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.52.0

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the Sentry Hono SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#20523)
• feat(cloudflare): Support tracing for queue producer (#20529)
• feat(core): Apply request data to segment spans in span streaming (#20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#20613)
• feat(http): Portable node:http client instrumentation (#20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#20615)
• feat(node-core): Add processSegmentSpan to node context integration (#20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#20573)
• feat(node): Vendor ioredis, redis instrumentations (#20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• fix: Bump fast-xml-parser to fix vulnerability (#20644)
• fix: Bump vite versions to fix vulnerability (#20646)
• fix(core): Drain buffers in flush() when there is no transport (#20207)
• fix(core): Guard against undefined chained in copyProps (#20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)
• fix(deps): Bump transitive deps for medium security fixes (#20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#20640)
• fix(nextjs): Skip build modification when SRI is enabled (#20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#20509)

• chore: Remove bundle-analyzer-scenarios dev packages (#20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#20696)

... (truncated)

Commits

• 4b911e0 release: 10.52.0
• 781f31c Merge pull request #20707 from getsentry/prepare-release/10.52.0
• 11a64f6 meta(changelog): Update changelog for 10.52.0
• e185818 feat(node-core): Add processSegmentSpan to node context integration (#20678)
• 7e49571 feat(node): use diagnostics_channel for redis >= 5.12.0 (#20573)
• a8ab715 feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• 7efc03f feat(core): Apply request data to segment spans in span streaming (#20654)
• 01d0a70 feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• 12cd3e5 fix(nextjs): Skip build modification when SRI is enabled (#20694)
• f1f534c fix(deps): Bump transitive deps for medium security fixes (#20683)
• Additional commits viewable in compare view

Updates @tavily/core from 0.7.2 to 0.7.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by tomer-yaacoby, a new releaser for @​tavily/core since your current version.

Updates express-rate-limit from 8.4.1 to 8.5.1

Release notes

Sourced from express-rate-limit's releases.

v8.5.1

You can view the changelog here.

v8.5.0

You can view the changelog here.

Commits

• 50cc3f6 8.5.1
• 92c8e3e chore: bump ip-address library to latest (#626)
• 807e383 8.5.0
• b844137 v8.5.0 changelog
• ceaffab feat: async store init (#621)
• See full diff in compare view

Updates inngest from 4.2.4 to 4.3.0

Release notes

Sourced from inngest's releases.

inngest@4.3.0

Minor Changes

• #1504 5c8f50e1 Thanks @​scottnuma! - Accept Temporal.Duration, Temporal.Instant, and Temporal.ZonedDateTime (and their *Like variants) wherever a timeout or sleep duration is taken: step.sleep(), step.waitForEvent(), step.waitForSignal(), step.invoke(), and function-level cancelOn timeouts. Durations are treated as relative waits; instants and zoned date-times as absolute deadlines.

Patch Changes

• #1480 60cda73f Thanks @​mar-inngest! - Fix Connect shutdown getting stuck when a late lease-extension ACK recreates a stale in-flight lease entry after request completion or lease loss

inngest@4.2.6

Patch Changes

• #1492 68dcd8aa Thanks @​amh4r! - Reduce response info when unauthorized

• #1490 a8027116 Thanks @​amh4r! - Authed introspection returns partial signing key hash

inngest@4.2.5

Patch Changes

• #1479 6b9769ca Thanks @​scottnuma! - Fix step.sendSignal() return type to match runtime: Promise<InngestApi.SendSignalResponse> ({ runId: string | undefined }) instead of Promise<null>

• #1483 d0a59629 Thanks @​Linell! - Fix run IDs not URL encoded in Durable Endpoints

• #1481 970ded9b Thanks @​Linell! - Improves HMAC signature verification by using a constant-time comparison, which mitigates a potential timing-based signature-recovery attack against the request signature. Also improves handling of timestamps in signatures, including malformed or future-dated values.

• #1472 9df36dee Thanks @​Linell! - Fix empty body on Vercel serverless Node handlers

• #1482 e34972d3 Thanks @​Linell! - Hash the signing key used when exporting OTel traces

Changelog

Sourced from inngest's changelog.

4.3.0

Minor Changes

• #1504 5c8f50e1 Thanks @​scottnuma! - Accept Temporal.Duration, Temporal.Instant, and Temporal.ZonedDateTime (and their *Like variants) wherever a timeout or sleep duration is taken: step.sleep(), step.waitForEvent(), step.waitForSignal(), step.invoke(), and function-level cancelOn timeouts. Durations are treated as relative waits; instants and zoned date-times as absolute deadlines.

Patch Changes

• #1480 60cda73f Thanks @​mar-inngest! - Fix Connect shutdown getting stuck when a late lease-extension ACK recreates a stale in-flight lease entry after request completion or lease loss

4.2.6

Patch Changes

• #1492 68dcd8aa Thanks @​amh4r! - Reduce response info when unauthorized

• #1490 a8027116 Thanks @​amh4r! - Authed introspection returns partial signing key hash

4.2.5

Patch Changes

• #1479 6b9769ca Thanks @​scottnuma! - Fix step.sendSignal() return type to match runtime: Promise<InngestApi.SendSignalResponse> ({ runId: string | undefined }) instead of Promise<null>

• #1483 d0a59629 Thanks @​Linell! - Fix run IDs not URL encoded in Durable Endpoints

• #1481 970ded9b Thanks @​Linell! - Improves HMAC signature verification by using a constant-time comparison, which mitigates a potential timing-based signature-recovery attack against the request signature. Also improves handling of timestamps in signatures, including malformed or future-dated values.

• #1472 9df36dee Thanks @​Linell! - Fix empty body on Vercel serverless Node handlers

• #1482 e34972d3 Thanks @​Linell! - Hash the signing key used when exporting OTel traces

Commits

• 1f58838 Release @​latest (#1505)
• 5c8f50e EXE-1708: Support Temporal.* types for .Timeout fields (#1504)
• 60cda73 [SYS-815] Connect - Log Remaining In Flight and Remove Phantom Leases (#1480)
• e13fb37 Skip a flaky test (#1502)
• 335710e Fix test (#1498)
• 26aec30 Release @​latest (#1494)
• 68dcd8a Reduce response info when unauthorized (#1492)
• a802711 Authed introspection sends partial signing key hash (#1490)
• 31d1720 Release @​latest (#1476)
• 2521d9e Whitelist env vars that are stored in memory (#1487)
• Additional commits viewable in compare view

Updates langchain from 1.3.4 to 1.4.0

Commits

• b57760c chore: version packages (#10516)
• 6e2d29e tests(@​langchain/google): Lyria 3 (#10522)
• 68e0a19 fix(langchain): revert zod import in utils.ts to fix v3/v4 interop (#10545)
• 50d5f32 revert: Revert "feat(core): Add all chat model/llm invocation params to metad...
• 8331833 fix(core): normalize single-block content in mergeContent (#10528)
• 976d689 chore(deps): bump yaml from 2.8.2 to 2.8.3 (#10531)
• 39cdf81 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#10530)
• 5a7a079 chore(deps): bump yaml from 2.8.2 to 2.8.3
• 7782d84 chore(deps): bump handlebars from 4.7.8 to 4.7.9
• 3408008 fix(langchain): export createAgent and middleware from browser entry point (#...
• Additional commits viewable in compare view

Updates lucide-react from 1.11.0 to 1.14.0

Release notes

Sourced from lucide-react's releases.

Version 1.14.0

What's Changed

• feat(icons): added repeat-off icon by @​jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

• fix(docs): sync URL params with UI state on categories page by @​taimar in lucide-icons/lucide#4111
• feat(icons): add waves-vertical icon by @​jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

• feat(icon): add folder-bookmark icon by @​swastik7805 in lucide-icons/lucide#4262
• docs(readme): Update readme files by @​ericfennis in lucide-icons/lucide#4320
• feat(icons): added astroid icon by @​whoisBugsbunny in lucide-icons/lucide#4217

Full Changelog: lucide-icons/lucide@1.10.0...1.12.0

Commits

• 50d8af5 docs(readme): Update readme files (#4320)
• See full diff in compare view

Updates mongoose from 9.5.0 to 9.6.2

Release notes

Sourced from mongoose's releases.

9.6.2 / 2026-05-08

• fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
• types: handle compiling with exactOptionalPropertyTypes #16277 #16273
• chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

Changelog

Sourced from mongoose's changelog.

9.6.2 / 2026-05-08

• fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
• types: handle compiling with exactOptionalPropertyTypes #16277 #16273
• chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

Commits

• 45230cc chore: release 9.6.2
• ccac981 Merge pull request #16277 from Automattic/vkarpov15/gh-16273
• a917973 types: handle compiling with exactOptionalPropertyTypes
• 2b7bb96 Merge pull request #16271 from Automattic/vkarpov15/gh-16252
• ca7f2a0 new affiliate links
• aa9a2e3 Merge branch 'master' into vkarpov15/affiliate
• 5f86a12 Merge pull request #16232 from Automattic/vkarpov15/website-relayout
• 378f90b increment latest release numbers
• bef3027 color cleanup and minor fixes from review
• 70f0699 use Mongoose red for links
• Additional commits viewable in compare view

Updates next from 16.2.4 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.5

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Commits

• ee6e79b v16.2.6
• afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
• 97a154e Turbopack: Fix middleware matcher suffix (#93590)
• 83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
• 7b222b9 [backport][test] Pin package manager to patch versions (#93595)
• a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
• 766148f v16.2.5
• 0dd9483 fix: add explicit checks for RSC header (#83) (#98)
• d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
• 9d50c0b Strip next-resume header from incoming requests (#92)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates npm from 11.13.0 to 11.14.1

Release notes

Sourced from npm's releases.

v11.14.1

11.14.1 (2026-05-08)

Bug Fixes

• dca12cb #9328 remove settings (#9328) (@​github-actions[bot], @​owlstronaut)

v11.14.0

11.14.0 (2026-05-06)

Features

• 45fc5e0 #9288 add allow-directory, allow-file, and allow-remote (#9288) (@​github-actions[bot], @​wraithgar)

Bug Fixes

• 6c17544 #9318 sbom: dedupe per-node dependsOn / relationships (#9318) (@​github-actions[bot], @​mikaelkristiansson)

Dependencies

• 840fe18 #9322 socks@10.1.1
• b771289 #9322 ip-address@10.1.1
• addffcb #9322 cidr-regex@5.0.5

Chores

• 041fd58 #9322 dev dependency updates (@​owlstronaut)
• 89c505a

[dependabot]

Assignees

The following users could not be added as assignees: vectorMindsAI. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.