Skip to content

chore(deps): bump the npm_and_yarn group across 4 directories with 8 updates#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/typescript/npm_and_yarn-2d19eaa335
Open

chore(deps): bump the npm_and_yarn group across 4 directories with 8 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/typescript/npm_and_yarn-2d19eaa335

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026

Bumps the npm_and_yarn group with 4 updates in the /typescript directory: @x402/svm, @modelcontextprotocol/sdk, @langchain/core and ai.
Bumps the npm_and_yarn group with 1 update in the /typescript/examples/vercel-ai-sdk-smart-wallet-chatbot directory: ai.
Bumps the npm_and_yarn group with 1 update in the /typescript/examples/langchain-farcaster-chatbot directory: @langchain/core.
Bumps the npm_and_yarn group with 2 updates in the /typescript/create-onchain-agent/templates/next directory: @langchain/core and ai.

Updates @x402/svm from 2.4.0 to 2.6.0

Commits

Updates @modelcontextprotocol/sdk from 1.8.0 to 1.26.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

... (truncated)

Commits
  • fe9c07b chore: bump version to 1.26.0 (#1479)
  • 4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
  • a05be17 Merge commit from fork
  • 50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
  • aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
  • 6aba065 chore: bump v1.25.3 for backport fixes (#1412)
  • 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
  • 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
  • b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
  • a0c9b13 fix: README badges links destinations (#907)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @​modelcontextprotocol/sdk since your current version.


Updates @langchain/core from 0.3.30 to 0.3.80

Commits
Maintainer changes

This version was pushed to npm by hntrl, a new releaser for @​langchain/core since your current version.


Updates ai from 4.2.6 to 5.0.52

Commits
  • 63d5f66 Version Packages (#8895)
  • 930399b Backport: fix(ai): download files when intermediate file cannot be downloaded...
  • 7ca78f1 Backport: feat(provider/gateway): Add new Qwen models to Gateway model string...
  • 1cfc209 Backport: feat(provider/openai): OpenAILanguageModelOptions type (#8858)
  • 347b7ec ci: rename v5.0 branch to release-v*
  • 85909a9 Backport: chore(ai): update test message (#8875)
  • c56822d Backport: fix(ai): update uiMessageChunkSchema to satisfy the `UIMessageChu...
  • 1461adf Backport: chore(examples): remove redundant OpenAI reasoning examples (#8871)
  • 6bd07df Version Packages (#8853)
  • a45d61a ci(release): remove incorrect changeset bump for @ai-sdk/baseten
  • Additional commits viewable in compare view

Updates axios from 1.9.0 to 1.12.2

Release notes

Sourced from axios's releases.

Release v1.12.2

Release notes:

Bug Fixes

  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

Release v1.12.1

Release notes:

Bug Fixes

Contributors to this release

Release v1.12.0

Release notes:

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.2 (2025-09-14)

Bug Fixes

  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

1.12.1 (2025-09-12)

Bug Fixes

Contributors to this release

1.12.0 (2025-09-11)

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

... (truncated)

Commits

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits
Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.


Updates qs from 6.13.0 to 6.14.0

Changelog

Sourced from qs's changelog.

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup
  • [Tests] utils.merge: add some coverage
  • [Tests] fix a test case
  • [actions] split out node 10-20, and 20+
  • [Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape
Commits
  • 32dcc63 v6.14.0
  • 4ec582b [Dev Deps] update es-value-fixtures, has-bigints
  • a240c52 [Tests] increase coverage
  • 25956a7 [Refactor] parse: use utils.combine more
  • b189ed4 [patch] parse: add explicit throwOnLimitExceeded default
  • 1d590de [actions] simplify finisher
  • 6cd60a5 [actions] use shared action
  • 89edfd2 [Deps] update side-channel
  • e26e7a8 [Dev Deps] update has-proto, has-symbols
  • 51fdc98 [actions] re-add finishers
  • Additional commits viewable in compare view

Updates sha.js from 2.4.11 to 2.4.12

Changelog

Sourced from sha.js's changelog.

v2.4.12 - 2025-07-01

Commits

  • [eslint] switch to eslint 7acadfb
  • [meta] add auto-changelog b46e711
  • [eslint] fix package.json indentation df9d521
  • [Tests] migrate from travis to GHA c43c64a
  • [Fix] support multi-byte wide typed arrays f2a258e
  • [meta] reorder package.json d8d77c0
  • [meta] add npmignore 35aec35
  • [Tests] avoid console logs 73e33ae
  • [Tests] fix tests run in batch 2629130
  • [Tests] drop node requirement to 0.10 00c7f23
  • [Dev Deps] update buffer, hash-test-vectors, standard, tape, typedarray 92b5de5
  • [Tests] drop node requirement to v3 9b5eca8
  • [meta] set engines to >= 4 807084c
  • Only apps should have lockfiles c72789c
  • [Deps] update inherits, safe-buffer 5428cfc
  • [Dev Deps] update @ljharb/eslint-config 2dbe0aa
  • update README to reflect LICENSE 8938256
  • [Dev Deps] add missing peer dep d528896
  • [Dev Deps] remove unused buffer dep 94ca724
Commits
  • eb4ea2f v2.4.12
  • d8d77c0 [meta] reorder package.json
  • df9d521 [eslint] fix package.json indentation
  • 35aec35 [meta] add npmignore
  • d528896 [Dev Deps] add missing peer dep
  • b46e711 [meta] add auto-changelog
  • 94ca724 [Dev Deps] remove unused buffer dep
  • 2dbe0aa [Dev Deps] update @ljharb/eslint-config
  • 73e33ae [Tests] avoid console logs
  • f2a258e [Fix] support multi-byte wide typed arrays
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for sha.js since your current version.


Updates ai from 4.2.6 to 5.0.52

Commits
  • 63d5f66 Version Packages (#8895)
  • 930399b Backport: fix(ai): download files when intermediate file cannot be downloaded...
  • 7ca78f1 Backport: feat(provider/gateway): Add new Qwen models to Gateway model string...
  • 1cfc209 Backport: feat(provider/openai): OpenAILanguageModelOptions type (#8858)
  • 347b7ec ci: rename v5.0 branch to release-v*
  • 85909a9 Backport: chore(ai): update test message (#8875)
  • c56822d Backport: fix(ai): update uiMessageChunkSchema to satisfy the `UIMessageChu...
  • 1461adf Backport: chore(examples): remove redundant OpenAI reasoning examples (#8871)
  • 6bd07df Version Packages (#8853)
  • a45d61a ci(release): remove incorrect changeset bump for @ai-sdk/baseten
  • Additional commits viewable in compare view

Updates @langchain/core from 0.3.30 to 0.3.80

Commits
Maintainer changes

This version was pushed to npm by hntrl, a new releaser for @​langchain/core since your current version.


Updates @langchain/core from 0.3.30 to 0.3.80

Commits
Maintainer changes

This version was pushed to npm by hntrl, a new releaser for @​langchain/core since your current version.


Updates ai from 4.2.6 to 5.0.52

Commits
  • 63d5f66 Version Packages (#8895)
  • 930399b Backport: fix(ai): download files when intermediate file cannot be downloaded...
  • 7ca78f1 Backport: feat(provider/gateway): Add new Qwen models to Gateway model string...
  • 1cfc209 Backport: feat(provider/openai): OpenAILanguageModelOptions type (#8858)
  • 347b7ec ci: rename v5.0 branch to release-v*
  • 85909a9 Backport: chore(ai): update test message (#8875)
  • c56822d Backport: fix(ai): update uiMessageChunkSchema to satisfy the `UIMessageChu...
  • 1461adf Backport: chore(examples): remove redundant OpenAI reasoning examples (#8871)
  • 6bd07df Version Packages (#8853)
  • a45d61a ci(release): remove incorrect changeset bump for @ai-sdk/baseten
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 4 directories with 8 …
d598594 
…updates

Bumps the npm_and_yarn group with 4 updates in the /typescript directory: [@x402/svm](https://github.com/coinbase/x402), [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [@langchain/core](https://github.com/langchain-ai/langchainjs) and [ai](https://github.com/vercel/ai).
Bumps the npm_and_yarn group with 1 update in the /typescript/examples/vercel-ai-sdk-smart-wallet-chatbot directory: [ai](https://github.com/vercel/ai).
Bumps the npm_and_yarn group with 1 update in the /typescript/examples/langchain-farcaster-chatbot directory: [@langchain/core](https://github.com/langchain-ai/langchainjs).
Bumps the npm_and_yarn group with 2 updates in the /typescript/create-onchain-agent/templates/next directory: [@langchain/core](https://github.com/langchain-ai/langchainjs) and [ai](https://github.com/vercel/ai).


Updates `@x402/svm` from 2.4.0 to 2.6.0
- [Commits](https://github.com/coinbase/x402/compare/npm-@x402/svm@v2.4.0...npm-@x402/svm@v2.6.0)

Updates `@modelcontextprotocol/sdk` from 1.8.0 to 1.26.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.8.0...v1.26.0)

Updates `@langchain/core` from 0.3.30 to 0.3.80
- [Release notes](https://github.com/langchain-ai/langchainjs/releases)
- [Commits](https://github.com/langchain-ai/langchainjs/compare/langchain==0.3.30...@langchain/core==0.3.80)

Updates `ai` from 4.2.6 to 5.0.52
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/compare/ai@4.2.6...ai@5.0.52)

Updates `axios` from 1.9.0 to 1.12.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.9.0...v1.12.2)

Updates `diff` from 4.0.2 to 4.0.4
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4)

Updates `qs` from 6.13.0 to 6.14.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.13.0...v6.14.0)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `ai` from 4.2.6 to 5.0.52
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/compare/ai@4.2.6...ai@5.0.52)

Updates `@langchain/core` from 0.3.30 to 0.3.80
- [Release notes](https://github.com/langchain-ai/langchainjs/releases)
- [Commits](https://github.com/langchain-ai/langchainjs/compare/langchain==0.3.30...@langchain/core==0.3.80)

Updates `@langchain/core` from 0.3.30 to 0.3.80
- [Release notes](https://github.com/langchain-ai/langchainjs/releases)
- [Commits](https://github.com/langchain-ai/langchainjs/compare/langchain==0.3.30...@langchain/core==0.3.80)

Updates `ai` from 4.2.6 to 5.0.52
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/compare/ai@4.2.6...ai@5.0.52)

---
updated-dependencies:
- dependency-name: "@x402/svm"
  dependency-version: 2.6.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.26.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@langchain/core"
  dependency-version: 0.3.80
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ai
  dependency-version: 5.0.52
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.12.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.14.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ai
  dependency-version: 5.0.52
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@langchain/core"
  dependency-version: 0.3.80
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@langchain/core"
  dependency-version: 0.3.80
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ai
  dependency-version: 5.0.52
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants