chore(deps): update all non-major dependencies#719
Conversation
|
📝 WalkthroughWalkthroughThis PR updates pinned GitHub Action commit SHAs and performs coordinated dependency version bumps across workflows, root config, example projects, internal packages, codemod tooling, and testing manifests. ChangesMonorepo dependency and workflow action updates
Estimated code review effort 🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@examples/ts-vue-chat/package.json`:
- Line 28: Replace Tailwind v3's focus:outline-none usages with the v4
equivalent focus:outline-hidden in the listed Vue components: update the class
strings in VueUIView.vue (around the element at ~line 91), ChatView.vue (around
~line 111), and ChatInput.vue (around ~lines 64 and 72) to use
focus:outline-hidden; search those files for any remaining "outline-none"
occurrences and update them, and run the dev build to verify no other Tailwind
v3-specific utilities remain.
In `@package.json`:
- Line 8: The packageManager value ("packageManager": "pnpm@11.5.2") and
engines.pnpm (currently ">=11.5.2") are inconsistent with the repo guideline
requiring pnpm@10.17.0; update them to match the chosen source of truth: either
change packageManager to "pnpm@10.17.0" and set engines.pnpm to ">=10.17.0", or
update the CLAUDE.md/AGENTS.md docs to require pnpm 11.5.x so both
packageManager and engines.pnpm reflect pnpm@11.5.2 consistently; ensure you
update both packageManager and engines.pnpm together so they stay aligned.
In `@packages/ai-anthropic/live-tests/package.json`:
- Line 14: The live-tests package incorrectly depends on zod "^3.25.76" which
conflicts with the parent `@tanstack/ai-anthropic`'s zod ^4.x peer dependency;
update the "zod" entry in the live-tests package.json (the dependency in
packages/ai-anthropic/live-tests/package.json) to a compatible ^4.x version
(e.g., "^4.4.3" or "^4.0.0") so it matches the parent package's declared peer,
then reinstall/update lockfile to ensure a single Zod major version is used
across the workspace.
In `@packages/ai-isolate-node/package.json`:
- Line 52: Extend probeIsolatedVm to perform not only construction/disposal of
an ivm.Isolate but also createContext() on the isolate, create and use a new
ivm.Reference (including exercising applySyncPromise), and compile+run a trivial
script via isolate.compileScript(...).run(..., { promise: true }) inside the
subprocess; update the lightweight smoke/integration test invoked by
probeIsolatedVm to spawn the subprocess that exercises these calls under
isolated-vm@^6.1.2 and surface any runtime/return-shape changes so failures are
detected at execution-time rather than init-time.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 804973d0-b104-4cbe-a640-92f2007dc569
📒 Files selected for processing (57)
.github/workflows/autofix.yml.github/workflows/e2e.yml.github/workflows/pr.yml.github/workflows/release.yml.github/workflows/sync-models.yml.github/workflows/zizmor.ymlcodemods/package.jsonexamples/ts-code-mode-web/package.jsonexamples/ts-group-chat/package.jsonexamples/ts-react-chat/package.jsonexamples/ts-react-media/package.jsonexamples/ts-react-native-chat/package.jsonexamples/ts-react-search/package.jsonexamples/ts-solid-chat/package.jsonexamples/ts-svelte-chat/package.jsonexamples/ts-vue-chat/package.jsonexamples/vanilla-chat/package.jsonpackage.jsonpackages/ai-anthropic/live-tests/package.jsonpackages/ai-anthropic/package.jsonpackages/ai-client/package.jsonpackages/ai-code-mode-skills/package.jsonpackages/ai-code-mode/models-eval/package.jsonpackages/ai-code-mode/package.jsonpackages/ai-devtools/package.jsonpackages/ai-elevenlabs/package.jsonpackages/ai-event-client/package.jsonpackages/ai-fal/package.jsonpackages/ai-gemini/package.jsonpackages/ai-grok/package.jsonpackages/ai-groq/package.jsonpackages/ai-isolate-cloudflare/package.jsonpackages/ai-isolate-node/package.jsonpackages/ai-isolate-quickjs/package.jsonpackages/ai-mcp/package.jsonpackages/ai-ollama/package.jsonpackages/ai-openai/live-tests/package.jsonpackages/ai-openai/package.jsonpackages/ai-openrouter/package.jsonpackages/ai-preact/package.jsonpackages/ai-react-ui/package.jsonpackages/ai-react/package.jsonpackages/ai-solid-ui/package.jsonpackages/ai-solid/package.jsonpackages/ai-svelte/package.jsonpackages/ai-utils/package.jsonpackages/ai-vue-ui/package.jsonpackages/ai-vue/package.jsonpackages/ai/package.jsonpackages/openai-base/package.jsonpackages/preact-ai-devtools/package.jsonpackages/react-ai-devtools/package.jsonpackages/solid-ai-devtools/package.jsonpnpm-workspace.yamltesting/e2e/package.jsontesting/panel/package.jsontesting/react-native-smoke/package.json
| }, | ||
| "devDependencies": { | ||
| "@tailwindcss/vite": "^4.1.18", | ||
| "@tailwindcss/vite": "^4.3.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Check for Tailwind v3 patterns incompatible with v4
echo "=== Checking for old important modifier syntax (v3: !text-*) ==="
rg -n --type=vue --type=ts -C1 'className=.*!text-|class=.*!text-|className=.*!bg-|class=.*!bg-' examples/ts-vue-chat/src/
echo -e "\n=== Checking for removed opacity utilities (bg-opacity-*, text-opacity-*) ==="
rg -n --type=vue --type=ts -C1 'bg-opacity-|text-opacity-|border-opacity-|ring-opacity-' examples/ts-vue-chat/src/
echo -e "\n=== Checking for old CSS variable syntax with brackets ==="
rg -n --type=vue --type=ts -C1 'bg-\[--.*\]|text-\[--.*\]' examples/ts-vue-chat/src/
echo -e "\n=== Checking for outline-none (behavior changed in v4) ==="
rg -n --type=vue --type=ts -C1 'outline-none' examples/ts-vue-chat/src/Repository: TanStack/ai
Length of output: 449
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== package.json (tailwind/tailwind plugin versions) ==="
nl -ba examples/ts-vue-chat/package.json | sed -n '1,120p'
echo
echo "=== Search Tailwind v3 patterns in examples/ts-vue-chat/src (important modifier, opacity, bracketed CSS vars) ==="
cd examples/ts-vue-chat/src
# Important modifier (v3-style prefix: !text-*, !bg-*, etc.)
echo -e "\n--- v3 important prefix (!text- / !bg- / !border- / !ring-) ---"
rg -n --glob '*.{ts,tsx,js,jsx,vue,html}' '!((text|bg|border|ring|stroke|fill)-)' . || true
# Opacity utilities removed (v3-style)
echo -e "\n--- v3 opacity utilities (bg-opacity-*, text-opacity-*, border-opacity-*, ring-opacity-*) ---"
rg -n --glob '*.{ts,tsx,js,jsx,vue,html}' '(bg|text|border|ring)-opacity-' . || true
# Bracketed CSS variable syntax (v3/old style)
echo -e "\n--- bracketed CSS vars: [--*] (e.g., bg-[--color]) ---"
rg -n --glob '*.{ts,tsx,js,jsx,vue,html}' '(bg|text|border|ring)-\[\-\-[^]]+\]|\[\-\-[^]]+\]' . || true
echo -e "\n--- generic bracketed CSS vars: [- -] style in class-like strings ---"
rg -n --glob '*.{ts,tsx,js,jsx,vue,html}' '\[\-\-' . || true
echo
echo "=== outline-none occurrences ==="
rg -n --glob '*.{ts,tsx,js,jsx,vue,html}' 'outline-none' . || trueRepository: TanStack/ai
Length of output: 173
🌐 Web query:
Tailwind CSS v4 outline-none behavior changed
💡 Result:
In Tailwind CSS v4, the behavior of outline-none was changed to resolve inconsistencies and improve accessibility [1][2]. Key changes: - New outline-none behavior: The outline-none utility now strictly applies outline-style: none [1][3]. In Tailwind v3, this utility used a "clever" implementation that created a 2px invisible outline to ensure focus states remained visible in forced-colors mode [1][2]. - Introduction of outline-hidden: To replicate the v3 behavior—where an outline is removed in standard rendering but remains visible for accessibility in forced-colors mode—Tailwind v4 introduced the outline-hidden utility [1][4]. - Upgrade recommendation: Projects migrating from v3 to v4 should generally replace instances of outline-none with outline-hidden to maintain accessibility for users relying on forced-colors modes [1][4]. The outline-none utility should only be used if you explicitly intend to remove the outline entirely without any fallback [1][3]. Additionally, the outline utility itself was updated in v4 to set outline-width: 1px by default for better consistency with other border and ring utilities [1][5]. Top results: [1], [2], [3], [4]
Citations:
- 1: https://tailwindcss.com/docs/upgrade-guide
- 2: Replace
outline-nonewithoutline-hidden, add newoutline-nonetailwindlabs/tailwindcss#14926 - 3: [v4] :focus-visible no longer overrides default outline for some reason tailwindlabs/tailwindcss#15152
- 4: [bug]: v4 registry incomplete outline-none to outline-hidden migration (19 components) shadcn-ui/ui#10101
- 5: v3 -> v4 upgrade tool should replace
outlinewithoutline-solidtailwindlabs/tailwindcss#15861
🌐 Web query:
Tailwind CSS v4 important modifier syntax text-xl! instead of !text-xl
💡 Result:
In Tailwind CSS v4, the important modifier syntax has officially changed to place the exclamation mark (!) at the end of the utility class (e.g., text-xl!) rather than at the beginning (e.g., !text-xl) [1][2][3]. Key details regarding this change include: * Standard Syntax: The new convention is to append the ! suffix to the class name, which mimics the behavior of native CSS where !important follows the rule [1][3][4]. * Backward Compatibility: While the new syntax is the recommended approach, the previous prefix syntax (e.g., !text-xl) remains supported for backward compatibility, though it is considered deprecated [2][3]. * Design Reasoning: Placing the modifier at the end makes it easier to read and reason about, particularly when combining utilities with variants [5]. * Global Important: If you need to make all utility classes !important globally, Tailwind CSS v4 uses an import-level flag instead of the old tailwind.config.js setting [6][7]. You can achieve this by adding important to your CSS import [6][4]: @import "tailwindcss" important; This syntax change applies to standard utility classes used in HTML as well as utility classes used within @apply directives in your CSS files [5][8].
Citations:
- 1: https://stackoverflow.com/questions/75664539/tailwind-css-class-precedence-is-not-respected
- 2: https://combray.prose.sh/2025-11-30-tailwind-best-practices
- 3: https://tailwindcss.com/docs/upgrade-guide
- 4: https://tailwindcss.com/docs/styling-with-utility-classes
- 5: Add initial codemod tooling tailwindlabs/tailwindcss#14434
- 6: Add support for
importantin v4 tailwindlabs/tailwindcss#14448 - 7: How to make all the classes important by default tailwindlabs/tailwindcss#17994
- 8: PostCSS + TailwindCSS 4 throws error on important! and ! modifiers tailwindlabs/tailwindcss#18570
🌐 Web query:
Tailwind CSS v4 CSS variable syntax parentheses bg-(--color) instead of brackets bg-[--color]
💡 Result:
In Tailwind CSS v4, you can use parentheses syntax, such as bg-(--color), as a shorthand for referencing CSS variables as arbitrary values [1][2]. This syntax automatically wraps the value in a var function, serving as a more concise alternative to the traditional square bracket syntax (bg-[var(--color)]) used in previous versions [2][3]. Key aspects of this syntax include: - Convenience: It functions as a shorthand for bg-[var(--my-color)], automatically adding the required var wrapper for you [2]. - Ambiguity Resolution: If a variable name is ambiguous or requires specific type handling, you can use a type hint prefix within the parentheses [2]. For example, to ensure the utility is treated as a length or color, you can use: - text-(length:--my-var) [2] - text-(color:--my-var) [2] - Technical Change: The introduction of this syntax in v4 is part of a broader engine change, where tokenization now treats parentheses differently than in Tailwind CSS v3 [4]. This shorthand is specifically designed for CSS variables and simplifies the process of applying custom design tokens that are defined via the @theme directive or as standard CSS custom properties [2][5].
Citations:
- 1: https://github.com/tailwindlabs/tailwindcss/blob/14b13378cb9966af11dce6e37a22c1fc5cead16a/CHANGELOG.md
- 2: https://tailwindcss.com/docs/adding-custom-styles
- 3: https://github.com/tailwindlabs/tailwindcss/releases/tag/v4.0.0-alpha.35
- 4: Tailwind 4 doesn't detect classes in parenthesis tailwindlabs/tailwindcss#18431
- 5: https://tailwindcss.com/docs/theme
🌐 Web query:
Tailwind CSS v4 opacity utilities removed bg-opacity- use slash syntax bg-blue-500/20
💡 Result:
In Tailwind CSS v4, the standalone opacity utility classes—such as bg-opacity-, text-opacity-, and border-opacity-—have been removed [1][2]. To control the opacity of specific properties, you must now use the slash-based opacity modifier syntax directly on the color utility [1][3]. How to use the new syntax: * Background colors: Use bg-blue-500/20 instead of bg-blue-500 bg-opacity-20 [1][4][2]. * Text colors: Use text-blue-500/20 instead of text-blue-500 text-opacity-20 [1][2]. * Border colors: Use border-blue-500/20 instead of border-blue-500 border-opacity-20 [1][2]. This syntax works by using the CSS color-mix function under the hood, which applies the opacity only to the specific color rather than the entire element [5][3][6]. If you need to adjust opacity based on state or dynamic conditions (a common use case for the old classes), you can use arbitrary CSS variables [7][8]. For example:
Note that the standalone opacity- classes (e.g., opacity-50) still exist in Tailwind CSS v4, but they are used to control the opacity of an entire element (including its children) rather than just a specific color property [9][10].Citations:
- 1: https://tailwindcss.com/docs/upgrade-guide
- 2: https://wowhow.cloud/blogs/tailwind-css-v4-everything-changed-migration-guide-2026
- 3: https://learn.bemorex.com/en/cursos/tailwind-css-v4/colors-and-theming
- 4: https://tailwindcss.com/docs/background-color
- 5: https://tailwindcss.com/docs/colors
- 6: https://tailwindcss.com/blog/tailwindcss-v4
- 7: Use CSS variables for color opacity instead of hard coding it! tailwindlabs/tailwindcss#9942
- 8: [v4] What's the v4 way to do bg-opacity? tailwindlabs/tailwindcss#15097
- 9: https://tailwindcss.com/docs/opacity
- 10: https://frontend-hero.com/tailwind-opacity-scale
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== examples/ts-vue-chat/package.json tailwind-related deps ==="
# show relevant lines without relying on `nl`
sed -n '1,120p' examples/ts-vue-chat/package.json | sed -n '/tailwind/p;/@tailwindcss/p;/postcss/p;/autoprefixer/p'
echo
echo "=== Tailwind v3-era patterns in examples/ts-vue-chat/src ==="
ROOT="examples/ts-vue-chat/src"
# important modifier prefix syntax (!text-*, !bg-*, etc.)
echo -e "\n--- prefix important (!text- / !bg- / !border- / !ring-) ---"
rg -n -S -g'*.{ts,tsx,js,jsx,vue,html}' '!(text|bg|border|ring|stroke|fill)-' "$ROOT" || true
# old standalone opacity utilities
echo -e "\n--- standalone opacity utilities (bg-opacity-, text-opacity-, border-opacity-, ring-opacity-) ---"
rg -n -S -g'*.{ts,tsx,js,jsx,vue,html}' '(bg|text|border|ring)-(opacity)-' "$ROOT" || true
# bracketed CSS variable arbitrary values: bg-[--...] or text-[--...]
echo -e "\n--- bracketed CSS variable arbitrary values: (bg|text|border|ring)-[--...] ---"
rg -n -S -g'*.{ts,tsx,js,jsx,vue,html}' '(bg|text|border|ring|stroke|fill)-\[\s*--[^]]+\]' "$ROOT" || true
echo -e "\n--- generic bracketed CSS vars: \\[--... ---"
rg -n -S -g'*.{ts,tsx,js,jsx,vue,html}' '\[\s*--[^]]+\]' "$ROOT" || true
# outline-none
echo -e "\n--- outline-none occurrences ---"
rg -n -S -g'*.{ts,tsx,js,jsx,vue,html}' 'outline-none' "$ROOT" || true
echo
echo "=== Optional: check for v4 parentheses variable syntax bg-(--...) / text-(--...) ==="
rg -n -S -g'*.{ts,tsx,js,jsx,vue,html}' '(bg|text|border|ring|stroke|fill)-\(\s*--[^)]+\s*\)' "$ROOT" || trueRepository: TanStack/ai
Length of output: 1712
Tailwind v4.3: migrate focus:outline-none to focus:outline-hidden
outline-none has a behavior change in Tailwind v4; the example still uses focus:outline-none in:
examples/ts-vue-chat/src/views/VueUIView.vue:91examples/ts-vue-chat/src/views/ChatView.vue:111examples/ts-vue-chat/src/components/ChatInput.vue:64and72
Other v3→v4 breaking syntax patterns from the comment (!text-*/!bg-* important prefix, bg-opacity-*/etc, and bracketed CSS vars like bg-[--...]) don’t appear in examples/ts-vue-chat/src.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@examples/ts-vue-chat/package.json` at line 28, Replace Tailwind v3's
focus:outline-none usages with the v4 equivalent focus:outline-hidden in the
listed Vue components: update the class strings in VueUIView.vue (around the
element at ~line 91), ChatView.vue (around ~line 111), and ChatInput.vue (around
~lines 64 and 72) to use focus:outline-hidden; search those files for any
remaining "outline-none" occurrences and update them, and run the dev build to
verify no other Tailwind v3-specific utilities remain.
| "url": "git+https://github.com/TanStack/ai.git" | ||
| }, | ||
| "packageManager": "pnpm@11.1.1", | ||
| "packageManager": "pnpm@11.5.2", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check packageManager fields across the monorepo
rg -n '"packageManager":\s*"pnpm@' --type json -C 1Repository: TanStack/ai
Length of output: 160
Align pnpm version in package.json with the repo’s pnpm guideline/docs
- Root
package.jsonsetspackageManager: "pnpm@11.5.2"(andengines.pnpm: ">=11.5.2"), while the repo guidance requirespnpm@10.17.0(CLAUDE.md/AGENTS.md). - Update the guideline/docs to 11.5.x or revert
packageManagerback topnpm@10.17.0if 10.17.0 is intentionally required.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 8, The packageManager value ("packageManager":
"pnpm@11.5.2") and engines.pnpm (currently ">=11.5.2") are inconsistent with the
repo guideline requiring pnpm@10.17.0; update them to match the chosen source of
truth: either change packageManager to "pnpm@10.17.0" and set engines.pnpm to
">=10.17.0", or update the CLAUDE.md/AGENTS.md docs to require pnpm 11.5.x so
both packageManager and engines.pnpm reflect pnpm@11.5.2 consistently; ensure
you update both packageManager and engines.pnpm together so they stay aligned.
Source: Coding guidelines
| "@tanstack/ai": "workspace:*", | ||
| "@tanstack/ai-anthropic": "workspace:*", | ||
| "zod": "^3.24.1" | ||
| "zod": "^3.25.76" |
There was a problem hiding this comment.
Critical: Zod version mismatch with parent package.
This live-tests package uses zod ^3.25.76, but the parent @tanstack/ai-anthropic package (line 63) uses zod ^4.4.3 and declares a peer dependency of ^4.0.0. If this test package imports any schemas or validators from @tanstack/ai-anthropic, runtime errors will occur due to incompatible zod instances across major versions.
🔧 Proposed fix
- "zod": "^3.25.76"
+ "zod": "^4.4.3"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "zod": "^3.25.76" | |
| "zod": "^4.4.3" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/ai-anthropic/live-tests/package.json` at line 14, The live-tests
package incorrectly depends on zod "^3.25.76" which conflicts with the parent
`@tanstack/ai-anthropic`'s zod ^4.x peer dependency; update the "zod" entry in the
live-tests package.json (the dependency in
packages/ai-anthropic/live-tests/package.json) to a compatible ^4.x version
(e.g., "^4.4.3" or "^4.0.0") so it matches the parent package's declared peer,
then reinstall/update lockfile to ensure a single Zod major version is used
across the workspace.
| ], | ||
| "dependencies": { | ||
| "isolated-vm": "^6.0.2" | ||
| "isolated-vm": "^6.1.2" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Check for isolated-vm API usage
# Find isolated-vm API calls in the implementation
rg -n --type ts -C3 "from ['\"]isolated-vm['\"]" packages/ai-isolate-node/src/
# Look for specific isolated-vm API patterns
rg -nP --type ts '(Isolate|Context|Reference|ExternalCopy|\.create|\.compile|\.run)' packages/ai-isolate-node/src/Repository: TanStack/ai
Length of output: 4630
Isolated-vm bump: broaden compatibility checks from init-time to execution-time.
probeIsolatedVm only exercises native-addon loading by constructing/dispose-ing an ivm.Isolate in a subprocess, but the runtime path used by the driver also calls isolate.createContext(), new ivm.Reference(...) + applySyncPromise, and isolate.compileScript(...).run(..., { promise: true }). Add/extend a lightweight smoke/integration test for these execution steps under isolated-vm@^6.1.2 so any behavior/return-shape changes are caught.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/ai-isolate-node/package.json` at line 52, Extend probeIsolatedVm to
perform not only construction/disposal of an ivm.Isolate but also
createContext() on the isolate, create and use a new ivm.Reference (including
exercising applySyncPromise), and compile+run a trivial script via
isolate.compileScript(...).run(..., { promise: true }) inside the subprocess;
update the lightweight smoke/integration test invoked by probeIsolatedVm to
spawn the subprocess that exercises these calls under isolated-vm@^6.1.2 and
surface any runtime/return-shape changes so failures are detected at
execution-time rather than init-time.
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
69d6799 to
0930f35
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/sync-models.yml:
- Line 22: The pinned actions/checkout commit SHA in the workflow step "uses:
actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3" is
incorrect; update the pinned SHA to the real v6.0.3 tag commit SHA
(9f698171ed81b15d1823a05fc7211befd50c8ae0) or change the trailing comment to
match the current pinned SHA so the "uses: actions/checkout@..." line and its
comment are consistent and supply-chain-safe.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: bbed66ef-28c9-4cf6-bdf3-cc58624d53a6
📒 Files selected for processing (57)
.github/workflows/autofix.yml.github/workflows/e2e.yml.github/workflows/pr.yml.github/workflows/release.yml.github/workflows/sync-models.yml.github/workflows/zizmor.ymlcodemods/package.jsonexamples/ts-code-mode-web/package.jsonexamples/ts-group-chat/package.jsonexamples/ts-react-chat/package.jsonexamples/ts-react-media/package.jsonexamples/ts-react-native-chat/package.jsonexamples/ts-react-search/package.jsonexamples/ts-solid-chat/package.jsonexamples/ts-svelte-chat/package.jsonexamples/ts-vue-chat/package.jsonexamples/vanilla-chat/package.jsonpackage.jsonpackages/ai-anthropic/live-tests/package.jsonpackages/ai-anthropic/package.jsonpackages/ai-client/package.jsonpackages/ai-code-mode-skills/package.jsonpackages/ai-code-mode/models-eval/package.jsonpackages/ai-code-mode/package.jsonpackages/ai-devtools/package.jsonpackages/ai-elevenlabs/package.jsonpackages/ai-event-client/package.jsonpackages/ai-fal/package.jsonpackages/ai-gemini/package.jsonpackages/ai-grok/package.jsonpackages/ai-groq/package.jsonpackages/ai-isolate-cloudflare/package.jsonpackages/ai-isolate-node/package.jsonpackages/ai-isolate-quickjs/package.jsonpackages/ai-mcp/package.jsonpackages/ai-ollama/package.jsonpackages/ai-openai/live-tests/package.jsonpackages/ai-openai/package.jsonpackages/ai-openrouter/package.jsonpackages/ai-preact/package.jsonpackages/ai-react-ui/package.jsonpackages/ai-react/package.jsonpackages/ai-solid-ui/package.jsonpackages/ai-solid/package.jsonpackages/ai-svelte/package.jsonpackages/ai-utils/package.jsonpackages/ai-vue-ui/package.jsonpackages/ai-vue/package.jsonpackages/ai/package.jsonpackages/openai-base/package.jsonpackages/preact-ai-devtools/package.jsonpackages/react-ai-devtools/package.jsonpackages/solid-ai-devtools/package.jsonpnpm-workspace.yamltesting/e2e/package.jsontesting/panel/package.jsontesting/react-native-smoke/package.json
✅ Files skipped from review due to trivial changes (32)
- pnpm-workspace.yaml
- examples/vanilla-chat/package.json
- packages/ai-ollama/package.json
- packages/ai-preact/package.json
- packages/ai-openai/package.json
- packages/ai-anthropic/package.json
- packages/preact-ai-devtools/package.json
- packages/openai-base/package.json
- packages/ai-isolate-node/package.json
- packages/ai-grok/package.json
- packages/ai-isolate-cloudflare/package.json
- packages/ai-devtools/package.json
- .github/workflows/zizmor.yml
- packages/ai-code-mode/package.json
- packages/ai-openai/live-tests/package.json
- packages/react-ai-devtools/package.json
- packages/ai-fal/package.json
- packages/ai-gemini/package.json
- .github/workflows/release.yml
- packages/ai-client/package.json
- .github/workflows/pr.yml
- packages/solid-ai-devtools/package.json
- packages/ai-code-mode/models-eval/package.json
- examples/ts-react-media/package.json
- packages/ai-solid/package.json
- packages/ai-svelte/package.json
- packages/ai-elevenlabs/package.json
- packages/ai-anthropic/live-tests/package.json
- examples/ts-group-chat/package.json
- examples/ts-svelte-chat/package.json
- packages/ai-openrouter/package.json
- examples/ts-react-chat/package.json
🚧 Files skipped from review as they are similar to previous changes (21)
- packages/ai-event-client/package.json
- packages/ai-solid-ui/package.json
- packages/ai-utils/package.json
- packages/ai-code-mode-skills/package.json
- examples/ts-react-native-chat/package.json
- packages/ai-isolate-quickjs/package.json
- packages/ai-react-ui/package.json
- packages/ai-vue/package.json
- .github/workflows/e2e.yml
- packages/ai-react/package.json
- packages/ai-vue-ui/package.json
- packages/ai/package.json
- .github/workflows/autofix.yml
- testing/react-native-smoke/package.json
- examples/ts-vue-chat/package.json
- codemods/package.json
- testing/e2e/package.json
- package.json
- examples/ts-code-mode-web/package.json
- examples/ts-react-search/package.json
- examples/ts-solid-chat/package.json
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Verify that the pinned SHA corresponds to actions/checkout v6.0.3
# Fetch the SHA for the v6.0.3 tag from the actions/checkout repository
EXPECTED_SHA=$(gh api repos/actions/checkout/git/ref/tags/v6.0.3 --jq '.object.sha')
echo "Expected SHA for v6.0.3: $EXPECTED_SHA"
echo "Pinned SHA in workflow: df4cb1c069e1874edd31b4311f1884172cec0e10"
if [ "$EXPECTED_SHA" = "df4cb1c069e1874edd31b4311f1884172cec0e10" ]; then
echo "✓ SHA matches v6.0.3 tag"
else
echo "✗ SHA mismatch - please verify the correct SHA for v6.0.3"
fiRepository: TanStack/ai
Length of output: 244
Fix pinned actions/checkout SHA mismatch (supply-chain risk)
In .github/workflows/sync-models.yml line 22, actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 does not match the v6.0.3 tag commit SHA (9f698171ed81b15d1823a05fc7211befd50c8ae0). Update the pinned SHA (or the comment) so it reflects the real v6.0.3 tag.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/sync-models.yml at line 22, The pinned actions/checkout
commit SHA in the workflow step "uses:
actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3" is
incorrect; update the pinned SHA to the real v6.0.3 tag commit SHA
(9f698171ed81b15d1823a05fc7211befd50c8ae0) or change the trailing comment to
match the current pinned SHA so the "uses: actions/checkout@..." line and its
comment are consistent and supply-chain-safe.
0930f35 to
cb952ac
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
cb952ac to
fbdcf75
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@codemods/package.json`:
- Around line 17-20: The package bumps in codemods/package.json aren’t reflected
in pnpm-lock.yaml’s codemods block (prettier still resolves to 3.7.4 and vitest
to 4.1.4); regenerate the lockfile so the codemods section resolves to the
declared versions (jscodeshift ^17.3.0, prettier ^3.8.3, vitest ^4.1.8) by
reinstalling/updating pnpm dependencies for the codemods workspace (or run a
repo-level pnpm install / update filtered to the codemods workspace), commit the
updated pnpm-lock.yaml, and then run the codemod test suite (pnpm test:pr) to
verify everything passes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 02b6b29c-9e01-4494-9def-f8e788c9cb65
📒 Files selected for processing (57)
.github/workflows/autofix.yml.github/workflows/e2e.yml.github/workflows/pr.yml.github/workflows/release.yml.github/workflows/sync-models.yml.github/workflows/zizmor.ymlcodemods/package.jsonexamples/ts-code-mode-web/package.jsonexamples/ts-group-chat/package.jsonexamples/ts-react-chat/package.jsonexamples/ts-react-media/package.jsonexamples/ts-react-native-chat/package.jsonexamples/ts-react-search/package.jsonexamples/ts-solid-chat/package.jsonexamples/ts-svelte-chat/package.jsonexamples/ts-vue-chat/package.jsonexamples/vanilla-chat/package.jsonpackage.jsonpackages/ai-anthropic/live-tests/package.jsonpackages/ai-anthropic/package.jsonpackages/ai-client/package.jsonpackages/ai-code-mode-skills/package.jsonpackages/ai-code-mode/models-eval/package.jsonpackages/ai-code-mode/package.jsonpackages/ai-devtools/package.jsonpackages/ai-elevenlabs/package.jsonpackages/ai-event-client/package.jsonpackages/ai-fal/package.jsonpackages/ai-gemini/package.jsonpackages/ai-grok/package.jsonpackages/ai-groq/package.jsonpackages/ai-isolate-cloudflare/package.jsonpackages/ai-isolate-node/package.jsonpackages/ai-isolate-quickjs/package.jsonpackages/ai-mcp/package.jsonpackages/ai-ollama/package.jsonpackages/ai-openai/live-tests/package.jsonpackages/ai-openai/package.jsonpackages/ai-openrouter/package.jsonpackages/ai-preact/package.jsonpackages/ai-react-ui/package.jsonpackages/ai-react/package.jsonpackages/ai-solid-ui/package.jsonpackages/ai-solid/package.jsonpackages/ai-svelte/package.jsonpackages/ai-utils/package.jsonpackages/ai-vue-ui/package.jsonpackages/ai-vue/package.jsonpackages/ai/package.jsonpackages/openai-base/package.jsonpackages/preact-ai-devtools/package.jsonpackages/react-ai-devtools/package.jsonpackages/solid-ai-devtools/package.jsonpnpm-workspace.yamltesting/e2e/package.jsontesting/panel/package.jsontesting/react-native-smoke/package.json
✅ Files skipped from review due to trivial changes (29)
- packages/preact-ai-devtools/package.json
- packages/react-ai-devtools/package.json
- packages/openai-base/package.json
- packages/ai-anthropic/package.json
- examples/vanilla-chat/package.json
- packages/ai-utils/package.json
- packages/ai-openai/live-tests/package.json
- pnpm-workspace.yaml
- packages/ai-openrouter/package.json
- .github/workflows/autofix.yml
- packages/ai-solid/package.json
- examples/ts-react-media/package.json
- packages/ai-gemini/package.json
- packages/ai-grok/package.json
- .github/workflows/sync-models.yml
- packages/ai-openai/package.json
- packages/ai-solid-ui/package.json
- packages/ai-event-client/package.json
- packages/ai-preact/package.json
- packages/ai-client/package.json
- packages/ai-fal/package.json
- testing/react-native-smoke/package.json
- packages/ai-vue/package.json
- packages/ai-anthropic/live-tests/package.json
- packages/ai-code-mode/models-eval/package.json
- packages/ai-isolate-node/package.json
- examples/ts-vue-chat/package.json
- testing/panel/package.json
- packages/ai-svelte/package.json
🚧 Files skipped from review as they are similar to previous changes (24)
- packages/ai-mcp/package.json
- .github/workflows/release.yml
- .github/workflows/e2e.yml
- packages/ai-vue-ui/package.json
- packages/ai-elevenlabs/package.json
- packages/ai-react/package.json
- packages/ai-code-mode/package.json
- packages/ai-groq/package.json
- packages/ai-isolate-cloudflare/package.json
- packages/ai-isolate-quickjs/package.json
- testing/e2e/package.json
- packages/ai-react-ui/package.json
- packages/ai-ollama/package.json
- examples/ts-group-chat/package.json
- packages/solid-ai-devtools/package.json
- .github/workflows/zizmor.yml
- packages/ai-code-mode-skills/package.json
- .github/workflows/pr.yml
- examples/ts-code-mode-web/package.json
- package.json
- examples/ts-solid-chat/package.json
- packages/ai-devtools/package.json
- examples/ts-react-search/package.json
- examples/ts-react-chat/package.json
| "jscodeshift": "^17.3.0", | ||
| "prettier": "^3.8.3", | ||
| "typescript": "5.9.3", | ||
| "vitest": "^4.0.14" | ||
| "vitest": "^4.1.8" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify jscodeshift, prettier, and vitest versions exist and check for security issues
echo "=== Checking jscodeshift 17.3.0 ==="
npm view jscodeshift@17.3.0 version 2>/dev/null || echo "Version not found"
echo -e "\n=== Checking prettier 3.8.3 ==="
npm view prettier@3.8.3 version 2>/dev/null || echo "Version not found"
echo -e "\n=== Checking vitest 4.1.8 ==="
npm view vitest@4.1.8 version 2>/dev/null || echo "Version not found"
echo -e "\n=== Checking for security advisories ==="
gh api graphql -f query='
{
securityVulnerabilities(first: 10, ecosystem: NPM, package: "jscodeshift") {
nodes {
advisory { summary severity publishedAt }
vulnerableVersionRange
firstPatchedVersion { identifier }
}
}
}'
gh api graphql -f query='
{
securityVulnerabilities(first: 10, ecosystem: NPM, package: "prettier") {
nodes {
advisory { summary severity publishedAt }
vulnerableVersionRange
firstPatchedVersion { identifier }
}
}
}'
gh api graphql -f query='
{
securityVulnerabilities(first: 10, ecosystem: NPM, package: "vitest") {
nodes {
advisory { summary severity publishedAt }
vulnerableVersionRange
firstPatchedVersion { identifier }
}
}
}'Repository: TanStack/ai
Length of output: 1715
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 1) Confirm exact versions in codemods/package.json
if [ -f codemods/package.json ]; then
echo "=== codemods/package.json (lines 1-60) ==="
nl -ba codemods/package.json | sed -n '1,80p'
else
echo "codemods/package.json not found"
exit 1
fi
# 2) Find vitest config / test setup in codemods
echo "=== Search for vitest config in codemods/ ==="
rg -n --hidden --no-ignore \
-S "vitest|test:|describe\(|it\(|setupFiles|globals|environment|ui|server" \
codemods -g'*.ts' -g'*.js' -g'*.mts' -g'*.cts' -g'*.mjs' -g'*.cjs' -g'*.json' -g'*.config.*' -g'*.md' || true
echo "=== Search for vitest.config.* under repo (limited) ==="
fd -t f -H "vitest.config" . || true
fd -t f -H "vite*.config" codemods || trueRepository: TanStack/ai
Length of output: 159
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 1) Confirm exact versions in codemods/package.json (use cat -n since nl is unavailable)
if [ -f codemods/package.json ]; then
echo "=== codemods/package.json (lines 1-60) ==="
cat -n codemods/package.json | sed -n '1,80p'
else
echo "codemods/package.json not found"
exit 1
fi
# 2) Search for vitest/test runner config / usage in codemods/
echo "=== Search for vitest/test config keywords in codemods/ ==="
rg -n --hidden --no-ignore \
-S "vitest|test:|describe\(|it\(|setupFiles|globals|environment|ui|server|vitest\.config" \
codemods || trueRepository: TanStack/ai
Length of output: 8662
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Check pnpm lockfile to confirm what versions actually resolve for vitest/jscodeshift/prettier
if [ -f pnpm-lock.yaml ]; then
echo "=== pnpm-lock.yaml: resolved vitest/jscodeshift/prettier entries ==="
rg -n "vitest@|jscodeshift@|prettier@" pnpm-lock.yaml | head -n 80
else
echo "pnpm-lock.yaml not found"
fi
# Also look for vitest version specifically (resolved version patterns)
if [ -f pnpm-lock.yaml ]; then
echo "=== Find occurrences of 'vitest:' block (first 120 matches) ==="
rg -n "vitest:" pnpm-lock.yaml | head -n 120
fiRepository: TanStack/ai
Length of output: 9774
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Check pnpm-lock.yaml for resolved vitest@4.1.8 ==="
rg -n "vitest@4\.1\.8" pnpm-lock.yaml || echo "not found"
echo "=== Check pnpm-lock.yaml for resolved prettier@3.8.3 ==="
rg -n "prettier@3\.8\.3" pnpm-lock.yaml || echo "not found"
echo "=== Check pnpm-lock.yaml for codemods package identity ==="
rg -n "`@tanstack/ai-codemods`|ai-codemods" pnpm-lock.yaml | head -n 50
echo "=== Search for vitest config files in repo ==="
fd -t f -H "vitest.config" . || true
fd -t f -H "*vitest*" codemods || true
echo "=== Search codemods/ for vitest --ui / server usage ==="
rg -n --hidden --no-ignore -S "(--ui|ui\.|server|listen\(|createServer|happy-dom|jsdom)" codemods || trueRepository: TanStack/ai
Length of output: 246
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Find `@tanstack/ai-codemods` entries in pnpm-lock.yaml ==="
rg -n "`@tanstack/ai-codemods`" pnpm-lock.yaml | head -n 50
echo "=== Around the ai-codemods block (if present) ==="
# If the lockfile contains a package snapshot for ai-codemods, print a small window around the first match
line=$(rg -n "`@tanstack/ai-codemods`" pnpm-lock.yaml | head -n 1 | cut -d: -f1 || true)
if [ -n "${line:-}" ]; then
start=$((line-40))
if [ $start -lt 1 ]; then start=1; fi
end=$((line+120))
sed -n "${start},${end}p" pnpm-lock.yaml | sed -n '1,200p'
else
echo "No `@tanstack/ai-codemods` string found to window."
fi
echo "=== Search lockfile for prettier@3.8.3 / vitest@4.1.8 occurrences (confirm absence) ==="
rg -n "prettier@3\.8\.3|vitest@4\.1\.8" pnpm-lock.yaml || echo "No exact prettier@3.8.3 or vitest@4.1.8 found"
echo "=== Search codemods for vitest UI/server usage indicators ==="
rg -n --hidden --no-ignore -S "(--ui|vitest.*ui|server\.listen|ui\.listen|createServer|happy-dom|jsdom|listen\()" codemods || trueRepository: TanStack/ai
Length of output: 116
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Check if codemods has its own pnpm-lock.yaml ==="
find . -maxdepth 3 -name "pnpm-lock.yaml" -print
echo "=== Check pnpm-workspace.yaml for codemods ==="
if [ -f pnpm-workspace.yaml ]; then
rg -n "codemods" pnpm-workspace.yaml || echo "No 'codemods' in pnpm-workspace.yaml"
cat -n pnpm-workspace.yaml | sed -n '1,120p'
else
echo "pnpm-workspace.yaml not found"
fi
echo "=== Search for prettier usage in codemods/ ==="
rg -n --hidden --no-ignore -S "prettier" codemods || true
echo "=== Search for vitest config / UI usage in codemods/ ==="
rg -n --hidden --no-ignore -S "vitest\.config|--ui|ui\.|createServer|listen\(" codemods || trueRepository: TanStack/ai
Length of output: 2668
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Find codemods importer block in pnpm-lock.yaml ==="
line=$(rg -n "^\\s*codemods:" pnpm-lock.yaml | head -n 1 | cut -d: -f1 || true)
if [ -n "${line:-}" ]; then
start=$((line-20))
end=$((line+120))
if [ $start -lt 1 ]; then start=1; fi
echo "--- pnpm-lock.yaml lines ${start}-${end} ---"
sed -n "${start},${end}p" pnpm-lock.yaml
else
echo "No 'codemods:' importer key found (lockfile format may differ)."
echo "Searching for 'codemods' occurrences near importer section:"
rg -n "codemods" pnpm-lock.yaml | head -n 20
fi
echo "=== Show which importer brings vitest 4.0.14/4.0.15 (vulnerable by range <4.1.0) ==="
rg -n "vitest@4\.0\.(14|15)|vitest: 4\.0\.(14|15)" pnpm-lock.yaml | head -n 80
echo "=== Show importer blocks that mention vitest (first 120 matches) ==="
rg -n "vitest" pnpm-lock.yaml | head -n 120Repository: TanStack/ai
Length of output: 23748
Update pnpm-lock.yaml to reflect the intended dev tooling bumps (then run codemod tests).
jscodeshift@17.3.0, prettier@3.8.3, and vitest@4.1.8 exist on npm. GitHub’s security advisory feed shows no entries for jscodeshift/prettier; for vitest, the reported CRITICAL issues are limited to older version ranges (notably <4.1.0, patched at 4.1.0).
However, pnpm-lock.yaml’s codemods: block still resolves:
prettierto3.7.4(not3.8.3)vitestto4.1.4(not4.1.8)
so the dependency bumps in codemods/package.json aren’t actually reflected in the locked versions (which also matters for the security posture). Update the lockfile and run pnpm test:pr.
File: codemods/package.json (Lines: 17-20)
"jscodeshift": "^17.3.0",
"prettier": "^3.8.3",
"typescript": "5.9.3",
"vitest": "^4.1.8"🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@codemods/package.json` around lines 17 - 20, The package bumps in
codemods/package.json aren’t reflected in pnpm-lock.yaml’s codemods block
(prettier still resolves to 3.7.4 and vitest to 4.1.4); regenerate the lockfile
so the codemods section resolves to the declared versions (jscodeshift ^17.3.0,
prettier ^3.8.3, vitest ^4.1.8) by reinstalling/updating pnpm dependencies for
the codemods workspace (or run a repo-level pnpm install / update filtered to
the codemods workspace), commit the updated pnpm-lock.yaml, and then run the
codemod test suite (pnpm test:pr) to verify everything passes.
This PR contains the following updates:
^0.0.52→^0.0.55^0.97.1→^0.102.0^2.30.0→^2.31.0^4.20241230.0→^4.20260608.1^1.3.1→^1.9.0^2.44.0→^2.51.0^10.1.0→^10.4.0^1.43.0→^1.52.0^1.19.6→^1.19.140.12.35→0.12.79^1.9.0→^1.9.1^1.9.0→^1.9.1^1.57.0→^1.60.0^1.1.2→^1.1.13^1.2.4→^1.2.5^2.15.10→^2.63.1^2.3.10→^2.5.8^4.1.18→^4.3.0^4.1.18→^4.3.0^4.1.18→^4.3.0^0.4.1→^0.4.3^0.4.1→^0.4.3^0.5.1→^0.5.2^0.4.0→^0.5.0^0.5.3→^0.7.0^1.154.7→^1.155.0^1.0.6→^1.0.39^0.1.55→^0.1.86^0.9.10→^0.10.5^0.9.10→^0.10.5^5.90.12→^5.101.0^1.158.4→^1.170.15^1.158.4→^1.170.15^1.158.4→^1.167.0^1.158.4→^1.167.0^1.158.4→^1.167.1^1.158.4→^1.167.1^1.159.0→^1.168.25^1.159.0→^1.168.25^0.8.0→^0.11.0^1.158.4→^1.168.18^1.158.4→^1.168.18^0.7.15→^0.8.5^1.139.10→^1.170.15^1.139.10→^1.167.0^1.139.10→^1.167.1^1.139.10→^1.168.25^0.8.0→^0.11.0^0.8.0→^0.11.00.3.1→0.3.30.4.1→0.5.2^1.140.1→^1.167.0^16.3.0→^16.3.2^5.1.2→^5.2.0^6.0.2→^6.0.74.0.14→4.1.8^2.4.6→^2.4.11^3.0.0→^3.0.1v6.0.2→v6.0.3^2.1.28→^2.2.0^2.1.28→^2.2.0^10.4.21→^10.5.0^0.1.0→^0.8.0v1.7.0→v1.9.0^9.1.2→^9.2.1^9.1.2→^9.2.1^17.2.3→^17.4.2^17.2.3→^17.4.2^0.25.12→^0.28.0^0.25.12→^0.28.0^9.39.1→^9.39.4^4.3.0→^4.4.1~56.0.5→~56.0.9^5.1.0→^5.2.1^11.15.0→^11.18.2^2.1.18→^2.1.19^20.0.10→^20.10.2^4.10.6→^4.12.24^6.0.2→^6.1.2^2.4.2→^2.7.0^17.1.1→^17.3.0^27.2.0→^27.4.0^5.70.2→^5.88.1^0.561.0→^0.577.0^0.554.0→^0.577.0^0.468.0→^0.577.0^15.0.6→^15.0.12^2.2.0→^2.2.422.1.2→22.7.5^6.41.0→^6.42.011.1.1→11.5.2>=11.0.0→>=11.5.2^10.26.9→^10.29.2^3.7.4→^3.8.3^3.4.0→^3.5.2^0.3.15→^0.3.21^24.34.0→^24.43.1^0.31.0→^0.32.0^1.4.3→^1.5.0^9.12.0→^9.14.0^2.15.0→^2.15.4^1.9.0→^1.11.1^1.9.10→^1.9.13^1.9.10→^1.9.13^2.1.0→^2.1.1^5.20.0→^5.56.3^4.2.0→^4.6.0^3.4.0→^3.6.0^4.1.18→^4.3.0^4.1.18→^4.3.0^4.1.18→^4.3.0^0.2.15→^0.2.17^0.17.0-beta.6→^0.22.2^4.21.0→^4.22.4^4.19.2→^4.22.4^7.3.3→^7.3.5^7.3.3→^7.3.5^2.11.10→^2.11.12^4.0.14→^4.1.8^4.0.14→^4.1.8^4.5.0→^4.6.4^2.2.10→^2.2.12^5.1.0→^5.3.0^4.88.0→^4.98.0^8.18.3→^8.21.0v0.5.3→v0.5.6^4.2.0→^4.4.3^4.2.0→^4.4.3^4.2.0→^4.4.3^4.2.0→^4.4.3^3.24.1→^3.25.76Release Notes
ag-ui-protocol/ag-ui (@ag-ui/core)
v0.0.55Compare Source
anthropics/anthro
Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.