Skip to content

deps: bump the minor-and-patch group with 27 updates#5745

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/main/minor-and-patch-87271be7e8
Closed

deps: bump the minor-and-patch group with 27 updates#5745
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/main/minor-and-patch-87271be7e8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 27 updates:

Package From To
@adcp/sdk 9.2.0 9.3.0
@anthropic-ai/sdk 0.104.1 0.106.0
@contentauth/c2pa-node 0.5.5 0.6.0
@opentelemetry/api-logs 0.218.0 0.219.0
@opentelemetry/exporter-logs-otlp-http 0.218.0 0.219.0
@opentelemetry/resources 2.7.1 2.8.0
@opentelemetry/sdk-logs 0.218.0 0.219.0
@slack/web-api 7.16.0 7.17.0
@workos-inc/node 10.2.0 10.7.0
@workos-inc/widgets 1.14.0 1.14.1
google-auth-library 10.7.0 10.9.0
isomorphic-dompurify 3.16.0 3.18.0
multer 2.1.1 2.2.0
pg 8.21.0 8.22.0
posthog-node 5.36.15 5.38.6
resend 6.12.4 6.16.0
semver 7.8.4 7.8.5
sharp 0.34.5 0.35.2
stripe 22.2.0 22.3.0
svix 1.95.2 1.96.1
tldts 7.0.30 7.4.5
undici 8.4.1 8.5.0
@types/yauzl 3.3.0 3.4.0
concurrently 10.0.0 10.0.3
mintlify 4.2.614 4.2.647
puppeteer 25.1.0 25.2.1
vitest 4.1.8 4.1.9

Updates @adcp/sdk from 9.2.0 to 9.3.0

Release notes

Sourced from @​adcp/sdk's releases.

@​adcp/sdk@​9.3.0

Minor Changes

  • 931ee0f: Add RegistryClient brand hierarchy resolution APIs and a RegistrySync brand hierarchy index.

  • de2907a: Add the registry feed SSE transport and resilience to RegistrySync (adcp#5733).

    RegistryClient.streamFeed(query, { signal }) opens GET /api/registry/feed/stream and yields typed feed / heartbeat / error messages over a fetch-based SSE reader (carries the bearer, runs under Node, bounded per-frame buffer that fails closed on a runaway stream). RegistryClient.getFeed now maps a real HTTP 410 to a recoverable { cursor_expired: true } response so the polling path recovers too.

    RegistrySync defaults to transport: 'auto': it tails the feed over SSE and falls back to polling /api/registry/feed on an unsupported endpoint (404/406), proxy/network failure, or stream parse failure. The persisted cursor advances only on feed events (never heartbeats), reconnects resume from the last persisted cursor, a cursor_expired error event (or getFeed 410) re-bootstraps then resumes, and cursors stay scoped to the configured types subscription. Resilience details: stop()/reset() are honored even mid-bootstrap/rebootstrap (generation-guarded — no stale loop resumes after the caller stops); a failed re-bootstrap keeps reconnecting in 'stream' mode and counts toward fallback in 'auto'; repeated cursor_expired recovery backs off rather than tight-looping; a permanent 400/401 is terminal (no hot reconnect/poll loop); and feedPageLimit / streamPollIntervalSeconds are range-validated at construction.

    Feed freshness metadata (generated_at, latest_event_created_at, lag_seconds, retention_days) is exposed via a freshness event plus getFreshness() / getLagSeconds() for lag monitoring. The SDK never fabricates it — freshness is surfaced iff the server sent it (the type stays optional to accommodate the synthetic cursor_expired marker).

    The SSE parser is O(n) regardless of chunk size (an un-terminated line is held as fragments, joined once on completion — no growing-buffer re-scan), and registry-supplied error strings are escaped (sanitizeStreamText) before reaching Error messages/logs. RegistrySync lookups return last-synced state — state and getLagSeconds() / getFreshness() are the staleness signals to gate enforcement decisions on.

    New RegistrySync config: transport, types, feedPageLimit, streamPollIntervalSeconds, streamIdleTimeoutMs, streamReconnectMinMs, streamReconnectMaxMs, maxStreamFailures. New events: freshness, transport. New accessors: getTransport(), getFreshness(), getLagSeconds(). New exports: openFeedStream, parseSseStream, FeedStreamError / FeedStreamUnsupportedError / FeedStreamCursorExpiredError / FeedStreamHttpError / FeedStreamParseError, and the FeedStreamQuery / FeedStreamMessage / FeedHeartbeat / FeedStreamErrorData / FeedFreshness / RegistrySyncTransport types.

  • cbcfd8c: Expose RegistryClient.requestManagerRevalidation() and add maxBodyBytes to validateAdAgents() discovery options.

@​adcp/sdk@​9.2.2

Patch Changes

  • 0ef4dd6: Add assetType to resolveCanonicalFormatKind and canonicalDeclarationFromBareId so under-specified bare format ids can be disambiguated with the asset type adopters already store. assetTypeHint remains accepted as a backwards-compatible alias.
Commits
  • ba0891e chore: release package
  • 931ee0f feat(registry): add brand hierarchy resolution
  • de2907a feat(registry): SSE feed stream transport + RegistrySync resilience (#2297)
  • cbcfd8c feat: expose manager revalidation and body cap option (#2295)
  • 35c8659 chore: release package
  • feb27d5 chore: release package (#2287)
  • 0ef4dd6 feat(v2): add assetType bare format resolver hint (#2290)
  • 26c7053 fix: support seed_account comply controller (#2288)
  • 6763cf8 fix: accept AdCP 3.0 webhook envelopes that omit operation_id (#2286)
  • See full diff in compare view

Updates @anthropic-ai/sdk from 0.104.1 to 0.106.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.106.0

0.106.0 (2026-06-24)

Full Changelog: sdk-v0.105.0...sdk-v0.106.0

Features

  • client: add support for system.message streaming events (a7c14b7)

Bug Fixes

  • helpers: single source for x-stainless-helper, append semantics, and tag the fallback middleware (#107) (106bea0)

Chores

  • api: add support for new refusal category (b38fd01)
  • api: add support for sending User Profile ID in request headers (198583e)

sdk: v0.105.0

0.105.0 (2026-06-18)

Full Changelog: sdk-v0.104.2...sdk-v0.105.0

Features

  • api: add support for new code_execution_20260120 tool (8dc2b54)
  • stream: lazily parse partial tool json input (#99) (e55ceee)

Chores

  • internal/deps: bump swc to 1.15.40 (#97) (a1d4d75)
  • internal: use are the types wrong directly (#94) (3d362af)
  • tests: stop using deprecated models (#98) (65ae1af)

sdk: v0.104.2

0.104.2 (2026-06-15)

Full Changelog: sdk-v0.104.1...sdk-v0.104.2

Chores

  • api: remove retired models from API and SDKs (a942876)
Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.106.0 (2026-06-24)

Full Changelog: sdk-v0.105.0...sdk-v0.106.0

Features

  • client: add support for system.message streaming events (a7c14b7)

Bug Fixes

  • helpers: single source for x-stainless-helper, append semantics, and tag the fallback middleware (#107) (106bea0)

Chores

  • api: add support for new refusal category (b38fd01)
  • api: add support for sending User Profile ID in request headers (198583e)

0.105.0 (2026-06-18)

Full Changelog: sdk-v0.104.2...sdk-v0.105.0

Features

  • api: add support for new code_execution_20260120 tool (8dc2b54)
  • stream: lazily parse partial tool json input (#99) (e55ceee)

Chores

  • internal/deps: bump swc to 1.15.40 (#97) (a1d4d75)
  • internal: use are the types wrong directly (#94) (3d362af)
  • tests: stop using deprecated models (#98) (65ae1af)

0.104.2 (2026-06-15)

Full Changelog: sdk-v0.104.1...sdk-v0.104.2

Chores

  • api: remove retired models from API and SDKs (a942876)
Commits
  • 0ffdbfa chore: release main (#1098)
  • ab700dc chore: release main
  • a322517 feat(api): add support for new code_execution_20260120 tool
  • 65a0106 feat(stream): lazily parse partial tool json input (#99)
  • 384ab51 chore(tests): stop using deprecated models (#98)
  • a49a191 chore(internal/deps): bump swc to 1.15.40 (#97)
  • 7ac63f3 chore(internal): use are the types wrong directly (#94)
  • fbee0d1 chore: release main
  • e984ba4 chore(api): remove retired models from API and SDKs
  • See full diff in compare view

Updates @contentauth/c2pa-node from 0.5.5 to 0.6.0

Changelog

Sourced from @​contentauth/c2pa-node's changelog.

0.6.0

Minor Changes

  • 40d779d: Release v0.6.0 from c2pa-node's new home in the c2pa-js monorepo.

Note: As of v0.6.0, development has moved to the contentauth/c2pa-js monorepo under packages/c2pa-node. History prior to that migration was preserved from contentauth/c2pa-node-v2 (now archived).

Commits
Maintainer changes

This version was pushed to npm by ale-adobe, a new releaser for @​contentauth/c2pa-node since your current version.

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.


Updates @opentelemetry/api-logs from 0.218.0 to 0.219.0

Release notes

Sourced from @​opentelemetry/api-logs's releases.

experimental/v0.219.0

0.219.0

💥 Breaking Changes

  • fix(configuration)!: stop removing null values from parsed config object #6679 @​trentm
    • It is now the responsibility of the user of a parsed declarative config object, typically just the sdk-node package, to handle null values.
  • fix(api-logs)!: Removed NOOP_LOGGER and NoopLogger exports from @opentelemetry/api-logs. Use createNoopLogger(): Logger instead. #6713 @​dyladan
  • feat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions #6573 @​pichlermarc
  • fix(sdk-node)!: remove buildSamplerFromConfig export #6784 @​trentm

🚀 Features

🐛 Bug Fixes

  • fix(sdk-node): pass all config properties to log record exporters in declarative config #6708 @​MikeGoldsmith
  • fix(sdk-node): warn and ignore zero exporter timeout in declarative config #6711 @​MikeGoldsmith
  • fix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config #6705 @​MikeGoldsmith
  • fix(otlp-transformer): do not attempt to skip groups #6704 @​pichlermarc
  • fix(otlp-grpc-exporter-base): recreate client after 5 consecutive DEADLINE_EXCEEDED to recover from connection dropped deadlock #6296 @​afharo
  • fix(browser-detector): use the right semantic convention for user agent resource attribute #6729 @​david-luna
  • fix(browser-detector): user agent resource attribute always #6754 @​david-luna
  • fix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion #6727 @​cjihrig
  • fix(sdk-logs): avoid null dereference in BatchLogRecordProcessor._flushAll when an in-flight export completes between awaits #6763 @​Janealter
  • fix(configuration): improve environment variable substitution to handle all the cases shown in the spec #6757 @​trentm

📚 Documentation

  • docs(otlp-exporter-base): index the package's public API in generated docs so types like OTLPExporterNodeConfigBase resolve and link from consumer exporter pages #6725 @​devareddy05

🏠 Internal

  • refactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory #6710 @​MikeGoldsmith
Commits
  • 13a035b chore: prepare next release (#6756)
  • 4b13587 Merge commit from fork
  • 71d195c chore(renovate): set minimumReleaseAge to 3 days (#6792)
  • 555fca6 Update renovate.json to use matchManagers (#6141)
  • b711a81 docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...
  • da70402 fix(ci): supply-chain sec: disable caching in release-related workflow (#6790)
  • 002267b chore: complete the move to the smaller SPDX license header (#6791)
  • 056ef9c feat(sdk-metrics): implement metric reader metrics (#6449)
  • 3bd69ce fix(configuration): improve environment variable substitution to handle all t...
  • bfbda7c docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...
  • Additional commits viewable in compare view

Updates @opentelemetry/exporter-logs-otlp-http from 0.218.0 to 0.219.0

Release notes

Sourced from @​opentelemetry/exporter-logs-otlp-http's releases.

experimental/v0.219.0

0.219.0

💥 Breaking Changes

  • fix(configuration)!: stop removing null values from parsed config object #6679 @​trentm
    • It is now the responsibility of the user of a parsed declarative config object, typically just the sdk-node package, to handle null values.
  • fix(api-logs)!: Removed NOOP_LOGGER and NoopLogger exports from @opentelemetry/api-logs. Use createNoopLogger(): Logger instead. #6713 @​dyladan
  • feat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions #6573 @​pichlermarc
  • fix(sdk-node)!: remove buildSamplerFromConfig export #6784 @​trentm

🚀 Features

🐛 Bug Fixes

  • fix(sdk-node): pass all config properties to log record exporters in declarative config #6708 @​MikeGoldsmith
  • fix(sdk-node): warn and ignore zero exporter timeout in declarative config #6711 @​MikeGoldsmith
  • fix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config #6705 @​MikeGoldsmith
  • fix(otlp-transformer): do not attempt to skip groups #6704 @​pichlermarc
  • fix(otlp-grpc-exporter-base): recreate client after 5 consecutive DEADLINE_EXCEEDED to recover from connection dropped deadlock #6296 @​afharo
  • fix(browser-detector): use the right semantic convention for user agent resource attribute #6729 @​david-luna
  • fix(browser-detector): user agent resource attribute always #6754 @​david-luna
  • fix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion #6727 @​cjihrig
  • fix(sdk-logs): avoid null dereference in BatchLogRecordProcessor._flushAll when an in-flight export completes between awaits #6763 @​Janealter
  • fix(configuration): improve environment variable substitution to handle all the cases shown in the spec #6757 @​trentm

📚 Documentation

  • docs(otlp-exporter-base): index the package's public API in generated docs so types like OTLPExporterNodeConfigBase resolve and link from consumer exporter pages #6725 @​devareddy05

🏠 Internal

  • refactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory #6710 @​MikeGoldsmith
Commits
  • 13a035b chore: prepare next release (#6756)
  • 4b13587 Merge commit from fork
  • 71d195c chore(renovate): set minimumReleaseAge to 3 days (#6792)
  • 555fca6 Update renovate.json to use matchManagers (#6141)
  • b711a81 docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...
  • da70402 fix(ci): supply-chain sec: disable caching in release-related workflow (#6790)
  • 002267b chore: complete the move to the smaller SPDX license header (#6791)
  • 056ef9c feat(sdk-metrics): implement metric reader metrics (#6449)
  • 3bd69ce fix(configuration): improve environment variable substitution to handle all t...
  • bfbda7c docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...
  • Additional commits viewable in compare view

Updates @opentelemetry/resources from 2.7.1 to 2.8.0

Release notes

Sourced from @​opentelemetry/resources's releases.

v2.8.0

2.8.0

🚀 Features

  • feat(sdk-trace-base): pretty-print SpanImpl, Tracer, and BasicTracerProvider via util.inspect so they render through diag and console.log #6690 @​mcollina
  • feat(sdk-metrics): implement metric reader self-observability metrics #6449 @​anuraaga
  • feat(core): add hrTimeToSeconds #6449 @​anuraaga

🐛 Bug Fixes

  • fix(core): limit processing of incoming "baggage" header to 8192 bytes @​pichlermarc
Changelog

Sourced from @​opentelemetry/resources's changelog.

2.8.0

🚀 Features

  • feat(sdk-trace-base): pretty-print SpanImpl, Tracer, and BasicTracerProvider via util.inspect so they render through diag and console.log #6690 @​mcollina
  • feat(sdk-metrics): implement metric reader self-observability metrics #6449 @​anuraaga
  • feat(core): add hrTimeToSeconds #6449 @​anuraaga

🐛 Bug Fixes

  • fix(core): limit processing of incoming "baggage" header to 8192 bytes @​pichlermarc
Commits
  • 13a035b chore: prepare next release (#6756)
  • 4b13587 Merge commit from fork
  • 71d195c chore(renovate): set minimumReleaseAge to 3 days (#6792)
  • 555fca6 Update renovate.json to use matchManagers (#6141)
  • b711a81 docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...
  • da70402 fix(ci): supply-chain sec: disable caching in release-related workflow (#6790)
  • 002267b chore: complete the move to the smaller SPDX license header (#6791)
  • 056ef9c feat(sdk-metrics): implement metric reader metrics (#6449)
  • 3bd69ce fix(configuration): improve environment variable substitution to handle all t...
  • bfbda7c docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...
  • Additional commits viewable in compare view

Updates @opentelemetry/sdk-logs from 0.218.0 to 0.219.0

Release notes

Sourced from @​opentelemetry/sdk-logs's releases.

experimental/v0.219.0

0.219.0

💥 Breaking Changes

  • fix(configuration)!: stop removing null values from parsed config object #6679 @​trentm
    • It is now the responsibility of the user of a parsed declarative config object, typically just the sdk-node package, to handle null values.
  • fix(api-logs)!: Removed NOOP_LOGGER and NoopLogger exports from @opentelemetry/api-logs. Use createNoopLogger(): Logger instead. #6713 @​dyladan
  • feat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions #6573 @​pichlermarc
  • fix(sdk-node)!: remove buildSamplerFromConfig export #6784 @​trentm

🚀 Features

🐛 Bug Fixes

  • fix(sdk-node): pass all config properties to log record exporters in declarative config #6708 @​MikeGoldsmith
  • fix(sdk-node): warn and ignore zero exporter timeout in declarative config #6711 @​MikeGoldsmith
  • fix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config #6705 @​MikeGoldsmith
  • fix(otlp-transformer): do not attempt to skip groups #6704 @​pichlermarc
  • fix(otlp-grpc-exporter-base): recreate client after 5 consecutive DEADLINE_EXCEEDED to recover from connection dropped deadlock #6296 @​afharo
  • fix(browser-detector): use the right semantic convention for user agent resource attribute #6729 @​david-luna
  • fix(browser-detector): user agent resource attribute always #6754 @​david-luna
  • fix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion #6727 @​cjihrig
  • fix(sdk-logs): avoid null dereference in BatchLogRecordProcessor._flushAll when an in-flight export completes between awaits #6763 @​Janealter
  • fix(configuration): improve environment variable substitution to handle all the cases shown in the spec #6757 @​trentm

📚 Documentation

  • docs(otlp-exporter-base): index the package's public API in generated docs so types like OTLPExporterNodeConfigBase resolve and link from consumer exporter pages #6725 @​devareddy05

🏠 Internal

  • refactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory #6710 @​MikeGoldsmith
Commits
  • 13a035b chore: prepare next release (#6756)
  • 4b13587 Merge commit from fork
  • 71d195c chore(renovate): set minimumReleaseAge to 3 days (#6792)
  • 555fca6 Update renovate.json to use matchManagers (#6141)
  • b711a81 docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...
  • da70402 fix(ci): supply-chain sec: disable caching in release-related workflow (#6790)
  • 002267b chore: complete the move to the smaller SPDX license header (#6791)
  • 056ef9c feat(sdk-metrics): implement metric reader metrics (#6449)
  • 3bd69ce fix(configuration): improve environment variable substitution to handle all t...
  • bfbda7c docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...
  • Additional commits viewable in compare view

Updates @slack/web-api from 7.16.0 to 7.17.0

Release notes

Sourced from @​slack/web-api's releases.

@​slack/web-api@​7.17.0

Minor Changes

  • 2085900: feat: expose public read-only ts getter on ChatStreamer for fallback to chat.update when a stream expires server-side

    import { WebClient } from "@slack/web-api";
    const client = new WebClient(process.env.SLACK_BOT_TOKEN);
    const streamer = client.chatStream({
    channel: "C0123456789",
    thread_ts: "1700000001.123456",
    recipient_team_id: "T0123456789",
    recipient_user_id: "U0123456789",
    });
    await streamer.append({ markdown_text: "hello!" });
    // streamer.ts is now set after the first flush
    console.log(streamer.ts);
    await streamer.stop();

Commits
  • 2d370dc chore: release (#2612)
  • e8fbfd5 fix(cli-test)!: remove default "--app deployed" global flag from commands (#2...
  • b06909d chore(deps): bump changesets/action from 1.8.0 to 1.9.0 (#2623)
  • 65d23cb chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0 (#2622)
  • 058bd1e chore(deps): bump changesets/action from 1.7.0 to 1.8.0 (#2619)
  • 030ed92 chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 (#2620)
  • 5915300 chore(deps): bump actions/stale from 10.2.0 to 10.3.0 (#2617)
  • 5457fce chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#2618)
  • efacdb4 Upload required SECURITY.md file for compliance
  • 32633d8 Upload required SECURITY.md file for compliance
  • Additional commits viewable in compare view

Updates @workos-inc/node from 10.2.0 to 10.7.0

Release notes

Sourced from @​workos-inc/node's releases.

v10.7.0

10.7.0 (2026-06-25)

Features

  • Add source to role assignments to distinguish group grants (#1646) (574f5ca)

v10.6.0

10.6.0 (2026-06-25)

Features

  • user-management: add max_age parameter to getAuthorizationUrl (#1643) (730404e)

v10.5.0

10.5.0 (2026-06-24)

Features

v10.4.1

10.4.1 (2026-06-23)

Bug Fixes

  • events: Add resourceTypeSlug to RoleEvent deserialization (#1638) (d478595)

v10.4.0

10.4.0 (2026-06-18)

Features

  • user-management: Add invitationToken to getAuthorizationUrl options (#1612) (a2d516f)

v10.3.0

10.3.0 (2026-06-17)

Features

  • authorization: Add group role assignment endpoints (#1619) (df60af3)

v10.2.1

10.2.1 (2026-06-16)

... (truncated)

Changelog

Sourced from @​workos-inc/node's changelog.

10.7.0 (2026-06-25)

Features

  • Add source to role assignments to distinguish group grants (#1646) (574f5ca)

10.6.0 (2026-06-25)

Features

  • user-management: add max_age parameter to getAuthorizationUrl (#1643) (730404e)

10.5.0 (2026-06-24)

Features

10.4.1 (2026-06-23)

Bug Fixes

  • events: Add resourceTypeSlug to RoleEvent deserialization (#1638) (d478595)

10.4.0 (2026-06-18)

Features

  • user-management: Add invitationToken to getAuthorizationUrl options (#1612) (a2d516f)

10.3.0 (2026-06-17)

Features

  • authorization: Add group role assignment endpoints (#1619) (df60af3)

10.2.1 (2026-06-16)

Bug Fixes

  • Prevent handleParseError from double-reading response body (#1622) (e1cdb7f)
Commits
  • 13855f9 chore(main): release 10.7.0 (#1647)
  • 574f5ca feat: Add source to role assignments to distinguish group grants (#1646)
  • 5d89bd7 chore(main): release 10.6.0 (#1645)
  • 730404e feat(user-management): add max_age parameter to getAuthorizationUrl (#1643)
  • 511b691 chore(main): release 10.5.0 (#1641)
  • b6e7944 feat: Add signalsId to user management APIs (#1618)
  • 1bea908 chore(main): release 10.4.1 (#1639)
  • d478595 fix(events): Add resourceTypeSlug to RoleEvent deserialization (#1638)
  • e2607ed chore(main): release 10.4.0 (#1632)
  • 4d2193e refactor(feature-flags): replace eventemitter3 with internal typed emitter (#...
  • Additional commits viewable in compare view

Updates @workos-inc/widgets from 1.14.0 to 1.14.1

Commits

Updates google-auth-library from 10.7.0 to 10.9.0

Release notes

Sourced from google-auth-library's releases.

google-auth-library: v10.9.0

10.9.0 (2026-06-24)

Features

  • auth: Regional access boundaries main merge (#8665) (76e6d3b)

Bug Fixes

  • Correct repository URLs in core package.json files (#8722) (368f18e)

google-auth-library: v10.8.1

10.8.1 (2026-06-23)

Bug Fixes

  • Strip trailing slashes from automatic GDCH audience (

Bumps the minor-and-patch group with 27 updates:

| Package | From | To |
| --- | --- | --- |
| [@adcp/sdk](https://github.com/adcontextprotocol/adcp-client) | `9.2.0` | `9.3.0` |
| [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.104.1` | `0.106.0` |
| [@contentauth/c2pa-node](https://github.com/contentauth/c2pa-js/tree/HEAD/packages/c2pa-node) | `0.5.5` | `0.6.0` |
| [@opentelemetry/api-logs](https://github.com/open-telemetry/opentelemetry-js) | `0.218.0` | `0.219.0` |
| [@opentelemetry/exporter-logs-otlp-http](https://github.com/open-telemetry/opentelemetry-js) | `0.218.0` | `0.219.0` |
| [@opentelemetry/resources](https://github.com/open-telemetry/opentelemetry-js) | `2.7.1` | `2.8.0` |
| [@opentelemetry/sdk-logs](https://github.com/open-telemetry/opentelemetry-js) | `0.218.0` | `0.219.0` |
| [@slack/web-api](https://github.com/slackapi/node-slack-sdk) | `7.16.0` | `7.17.0` |
| [@workos-inc/node](https://github.com/workos/workos-node) | `10.2.0` | `10.7.0` |
| [@workos-inc/widgets](https://github.com/workos/widgets/tree/HEAD/packages/widgets) | `1.14.0` | `1.14.1` |
| [google-auth-library](https://github.com/googleapis/google-cloud-node/tree/HEAD/core/packages/google-auth-library-nodejs) | `10.7.0` | `10.9.0` |
| [isomorphic-dompurify](https://github.com/kkomelin/isomorphic-dompurify) | `3.16.0` | `3.18.0` |
| [multer](https://github.com/expressjs/multer) | `2.1.1` | `2.2.0` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.21.0` | `8.22.0` |
| [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.36.15` | `5.38.6` |
| [resend](https://github.com/resend/resend-node) | `6.12.4` | `6.16.0` |
| [semver](https://github.com/npm/node-semver) | `7.8.4` | `7.8.5` |
| [sharp](https://github.com/lovell/sharp) | `0.34.5` | `0.35.2` |
| [stripe](https://github.com/stripe/stripe-node) | `22.2.0` | `22.3.0` |
| [svix](https://github.com/svix/svix-webhooks) | `1.95.2` | `1.96.1` |
| [tldts](https://github.com/remusao/tldts) | `7.0.30` | `7.4.5` |
| [undici](https://github.com/nodejs/undici) | `8.4.1` | `8.5.0` |
| [@types/yauzl](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/yauzl) | `3.3.0` | `3.4.0` |
| [concurrently](https://github.com/open-cli-tools/concurrently) | `10.0.0` | `10.0.3` |
| [mintlify](https://github.com/mintlify/mint/tree/HEAD/packages/mintlify) | `4.2.614` | `4.2.647` |
| [puppeteer](https://github.com/puppeteer/puppeteer) | `25.1.0` | `25.2.1` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.9` |


Updates `@adcp/sdk` from 9.2.0 to 9.3.0
- [Release notes](https://github.com/adcontextprotocol/adcp-client/releases)
- [Commits](https://github.com/adcontextprotocol/adcp-client/compare/@adcp/sdk@9.2.0...@adcp/sdk@9.3.0)

Updates `@anthropic-ai/sdk` from 0.104.1 to 0.106.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.104.1...sdk-v0.106.0)

Updates `@contentauth/c2pa-node` from 0.5.5 to 0.6.0
- [Release notes](https://github.com/contentauth/c2pa-js/releases)
- [Changelog](https://github.com/contentauth/c2pa-js/blob/main/packages/c2pa-node/CHANGELOG.md)
- [Commits](https://github.com/contentauth/c2pa-js/commits/@contentauth/c2pa-node@0.6.0/packages/c2pa-node)

Updates `@opentelemetry/api-logs` from 0.218.0 to 0.219.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.218.0...experimental/v0.219.0)

Updates `@opentelemetry/exporter-logs-otlp-http` from 0.218.0 to 0.219.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.218.0...experimental/v0.219.0)

Updates `@opentelemetry/resources` from 2.7.1 to 2.8.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.7.1...v2.8.0)

Updates `@opentelemetry/sdk-logs` from 0.218.0 to 0.219.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.218.0...experimental/v0.219.0)

Updates `@slack/web-api` from 7.16.0 to 7.17.0
- [Release notes](https://github.com/slackapi/node-slack-sdk/releases)
- [Commits](https://github.com/slackapi/node-slack-sdk/compare/@slack/web-api@7.16.0...@slack/web-api@7.17.0)

Updates `@workos-inc/node` from 10.2.0 to 10.7.0
- [Release notes](https://github.com/workos/workos-node/releases)
- [Changelog](https://github.com/workos/workos-node/blob/main/CHANGELOG.md)
- [Commits](workos/workos-node@v10.2.0...v10.7.0)

Updates `@workos-inc/widgets` from 1.14.0 to 1.14.1
- [Commits](https://github.com/workos/widgets/commits/HEAD/packages/widgets)

Updates `google-auth-library` from 10.7.0 to 10.9.0
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/core/packages/google-auth-library-nodejs/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/google-auth-library-v10.9.0/core/packages/google-auth-library-nodejs)

Updates `isomorphic-dompurify` from 3.16.0 to 3.18.0
- [Release notes](https://github.com/kkomelin/isomorphic-dompurify/releases)
- [Commits](kkomelin/isomorphic-dompurify@3.16.0...3.18.0)

Updates `multer` from 2.1.1 to 2.2.0
- [Release notes](https://github.com/expressjs/multer/releases)
- [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md)
- [Commits](expressjs/multer@v2.1.1...v2.2.0)

Updates `pg` from 8.21.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `posthog-node` from 5.36.15 to 5.38.6
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/commits/posthog-node@5.38.6/packages/node)

Updates `resend` from 6.12.4 to 6.16.0
- [Release notes](https://github.com/resend/resend-node/releases)
- [Commits](resend/resend-node@v6.12.4...v6.16.0)

Updates `semver` from 7.8.4 to 7.8.5
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.8.4...v7.8.5)

Updates `sharp` from 0.34.5 to 0.35.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.2)

Updates `stripe` from 22.2.0 to 22.3.0
- [Release notes](https://github.com/stripe/stripe-node/releases)
- [Changelog](https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md)
- [Commits](stripe/stripe-node@v22.2.0...v22.3.0)

Updates `svix` from 1.95.2 to 1.96.1
- [Release notes](https://github.com/svix/svix-webhooks/releases)
- [Changelog](https://github.com/svix/svix-webhooks/blob/main/ChangeLog.md)
- [Commits](svix/svix-webhooks@v1.95.2...v1.96.1)

Updates `tldts` from 7.0.30 to 7.4.5
- [Release notes](https://github.com/remusao/tldts/releases)
- [Changelog](https://github.com/remusao/tldts/blob/master/CHANGELOG.md)
- [Commits](remusao/tldts@v7.0.30...v7.4.5)

Updates `undici` from 8.4.1 to 8.5.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v8.4.1...v8.5.0)

Updates `@types/yauzl` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/yauzl)

Updates `concurrently` from 10.0.0 to 10.0.3
- [Release notes](https://github.com/open-cli-tools/concurrently/releases)
- [Commits](open-cli-tools/concurrently@v10.0.0...v10.0.3)

Updates `mintlify` from 4.2.614 to 4.2.647
- [Commits](https://github.com/mintlify/mint/commits/HEAD/packages/mintlify)

Updates `puppeteer` from 25.1.0 to 25.2.1
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](puppeteer/puppeteer@puppeteer-v25.1.0...puppeteer-v25.2.1)

Updates `vitest` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

---
updated-dependencies:
- dependency-name: "@adcp/sdk"
  dependency-version: 9.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.106.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@contentauth/c2pa-node"
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@opentelemetry/api-logs"
  dependency-version: 0.219.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@opentelemetry/exporter-logs-otlp-http"
  dependency-version: 0.219.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@opentelemetry/resources"
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@opentelemetry/sdk-logs"
  dependency-version: 0.219.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@slack/web-api"
  dependency-version: 7.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@workos-inc/node"
  dependency-version: 10.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@workos-inc/widgets"
  dependency-version: 1.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: google-auth-library
  dependency-version: 10.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: isomorphic-dompurify
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: multer
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: posthog-node
  dependency-version: 5.38.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: resend
  dependency-version: 6.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: semver
  dependency-version: 7.8.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: stripe
  dependency-version: 22.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: svix
  dependency-version: 1.96.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: tldts
  dependency-version: 7.4.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: undici
  dependency-version: 8.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@types/yauzl"
  dependency-version: 3.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: concurrently
  dependency-version: 10.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: mintlify
  dependency-version: 4.2.647
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: puppeteer
  dependency-version: 25.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 28, 2026
@mintlify

mintlify Bot commented Jun 28, 2026

Copy link
Copy Markdown

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
adcp 🟢 Ready View Preview Jun 28, 2026, 4:27 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

@dependabot @github

dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 30, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/main/minor-and-patch-87271be7e8 branch June 30, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants