build(deps): bump the production-dependencies group across 1 directory with 60 updates

[dependabot]

Bumps the production-dependencies group with 60 updates in the / directory:

Package	From	To
@ai-sdk/openai	3.0.26	3.0.63
@ai-sdk/react	3.0.80	3.0.184
@aws-sdk/client-s3	3.984.0	3.1046.0
@aws-sdk/s3-request-presigner	3.984.0	3.1046.0
@fumadocs/content-collections	1.2.6	1.2.9
@hono/zod-openapi	1.2.1	1.4.0
@hono/zod-validator	0.7.6	0.8.0
@next/third-parties	16.1.6	16.2.6
@paralleldrive/cuid2	2.3.1	3.3.0
@prisma/client	7.3.0	7.8.0
@react-email/components	0.0.41	1.0.12
@react-email/render	1.4.0	2.0.8
@scalar/hono-api-reference	0.9.40	0.10.14
@tanstack/react-query	5.90.20	5.100.10
@tiptap/extension-dropcursor	3.19.0	3.23.4
@tiptap/extension-image	3.19.0	3.23.4
@tiptap/extension-placeholder	3.19.0	3.23.4
@tiptap/react	3.19.0	3.23.4
@tiptap/starter-kit	3.19.0	3.23.4
@uiw/react-md-editor	4.0.11	4.1.0
ai	6.0.78	6.0.182
better-auth	1.4.18	1.6.11
boring-avatars	1.11.2	2.0.4
dompurify	3.3.1	3.4.3
fumadocs-core	16.5.2	16.8.11
fumadocs-ui	16.5.2	16.8.11
geist	1.5.1	1.7.0
hono	4.11.8	4.12.18
hono-openapi	0.4.8	1.3.0
isomorphic-dompurify	2.35.0	3.12.0
jotai	2.12.3	2.20.0
lucide-react	0.542.0	1.14.0
nanoid	5.1.6	5.1.11
next	16.2.4	16.2.6
next-intl	4.8.3	4.12.0
nodemailer	7.0.13	8.0.7
nuqs	2.8.8	2.8.9
openai	6.19.0	6.37.0
react	19.2.4	19.2.6
react-day-picker	9.13.0	10.0.0
react-dom	19.2.4	19.2.6
react-dropzone	14.4.0	15.0.0
react-hook-form	7.71.1	7.75.0
react-qr-code	2.0.18	2.0.21
react-resizable-panels	3.0.6	4.11.1
recharts	2.15.4	3.8.1
sharp	0.34.4	0.34.5
slugify	1.6.6	1.6.9
stripe	18.5.0	22.1.1
tailwind-merge	3.4.0	3.6.0
tencentcloud-sdk-nodejs	4.1.184	4.1.231
ufo	1.6.3	1.6.4
use-debounce	10.1.0	10.1.1
use-intl	4.8.2	4.12.0
uuid	11.1.0	14.0.0
zod	4.3.6	4.4.3
zustand	5.0.11	5.0.13
@prisma/adapter-pg	7.3.0	7.8.0
pg	8.18.0	8.20.0
ws	8.19.0	8.20.1

Updates @ai-sdk/openai from 3.0.26 to 3.0.63

Changelog

Sourced from @​ai-sdk/openai's changelog.

3.0.63

Patch Changes

• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27

3.0.62

Patch Changes

• 65edcca: feat: add allowedTools provider option for OpenAI Responses

3.0.61

Patch Changes

• b93f9b4: feat(provider/openai): forward imageDetail providerOptions on tool-result image content

3.0.60

Patch Changes

• 6dcd8e6: feat(openai): add GPT-5.5 chat model IDs

3.0.59

Patch Changes

• 38966ab: fix(openai, openai-compatible): only send null content for assistant messages with tool calls

3.0.58

Patch Changes

• 2370948: feat(openai): preserve namespace on function_call output items

3.0.57

Patch Changes

• d33e7cc: chore(provider/openai): add type for image model options for type-safe processing

3.0.56

Patch Changes

• Updated dependencies [7beadf0]
  • @​ai-sdk/provider-utils@​4.0.26

... (truncated)

Commits

• e3ccdb5 Version Packages (#15094)
• bf9de31 Version Packages (#15046)
• 65edcca Backport: feat(openai): add allowedTools provider option for Responses (#15044)
• ee37690 Version Packages (#15020)
• b93f9b4 Backport: feat(provider/openai): forward imageDetail providerOptions on tool-...
• c706111 Version Packages (#14971)
• 6dcd8e6 Backport: feat(openai): add GPT-5.5 chat model IDs (#14965)
• a1dddcc Version Packages (#14954)
• 38966ab backport v6: fix(openai, openai-compatible): only send null content for assis...
• 0129eb6 Version Packages (#14912)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ai-sdk/openai since your current version.

Updates @ai-sdk/react from 3.0.80 to 3.0.184

Release notes

Sourced from @​ai-sdk/react's releases.

@​ai-sdk/react@​3.0.184

Patch Changes

• Updated dependencies [e76a29a]
  • [email protected]

Changelog

Sourced from @​ai-sdk/react's changelog.

3.0.184

Patch Changes

• Updated dependencies [e76a29a]
  • [email protected]

3.0.183

Patch Changes

• Updated dependencies [538974a]
  • [email protected]

3.0.182

Patch Changes

• Updated dependencies [253bd5a]
• Updated dependencies [57ec10f]
  • [email protected]

3.0.181

Patch Changes

• [email protected]

3.0.180

Patch Changes

• Updated dependencies [ac6f27e]
  • [email protected]

3.0.179

Patch Changes

• [email protected]

3.0.178

Patch Changes

• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27
  • [email protected]

3.0.177

... (truncated)

Commits

• c76ce9c Version Packages (#15257)
• c0e4fef Version Packages (#15251)
• 43e5359 Version Packages (#15221)
• e2f1bca Version Packages (#15216)
• d37fb1f Version Packages (#15202)
• e70aab9 Version Packages (#15138)
• e3ccdb5 Version Packages (#15094)
• 3015153 Version Packages (#14960)
• 0129eb6 Version Packages (#14912)
• 8a46a3c Version Packages (#14875)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ai-sdk/react since your current version.

Updates @aws-sdk/client-s3 from 3.984.0 to 3.1046.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1046.0

3.1046.0(2026-05-14)

Chores

• build: set compilation config module type to nodenext (#8018) (893d9e61)
• core/util:
  • update tsconfig.types.json (#8016) (b09190e7)
  • migrate minor utility functions to core (#8007) (6a0f061a)
• scripts:
  • optimize codegen build speed (#8012) (3b64aa8f)
  • add submodule variant api surface parity linting (#8006) (3361fb26)
• codegen: dependency version bump (#8008) (9ce20f6d)
• signature-v4-multi-region: invert dependency on middleware-sdk-s3 (#8003) (b41bc62f)
• update smithy/core imports (#7979) (acffbf90)

Documentation Changes

• client-redshift: Added rg.xlarge and rg.4xlarge to valid NodeType values and updated documentation for CreateCluster, ModifyCluster, ResizeCluster, and RestoreFromClusterSnapshot APIs to reflect RG node type support. (fc4437bd)
• client-batch: Adds a billing callout to docs regarding using the CE Scale Down Delay feature (72d87371)
• client-glue: AWS Glue now defaults the job timeout to 480 minutes for Glue version 5.0 and later when no timeout value is specified. The default remains 2,880 minutes for Glue version 4.0 and earlier. (0a44c1f6)
• core: package consolidation plan (#8002) (51d1f8cb)

New Features

• clients: update client endpoints as of 2026-05-14 (0a8e3b77)
• client-sfn: Updated default SDK endpoints for AWS Step Functions in AWS GovCloud (US) regions. The default Dual-Stack endpoints now resolve to "states-fips" prefixed hostnames. There are no changes to service behavior. No customer action is required. (35908544)
• client-quicksight: Adds five new custom permission option for Quick Apps so that these capabilities can be controlled by public SDK and CLI. (8e76717d)
• client-elasticsearch-service: Adds support for AutomatedSnapshotPauseOptions. (e1a722aa)
• client-arc-region-switch: Adds support for enabling and disabling Lambda event source mappings in Region switch plans. (5b7d56f3)
• client-rtbfabric: Customers can now configure custom domain names for their RTB Fabric gateways. This enables partners to use their own branded domain for RTB traffic instead of the default rtbfabric endpoint (b1e0392d)
• client-connectcases: Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. (883cc0f7)
• client-pcs: Add support for Amazon EC2 Interruptible-ODCR (cbd2be24)
• client-securityagent: Add support for code reviews, a new resource type that enables automated security-focused static analysis of source code repositories. (8ae5b437)
• client-sagemaker: Adds execution role session name mode to reflect user identity in Studio. Adds Flexible Training Plans on Studio apps. Adds restricted model packages to control access to proprietary model artifacts via IAM. Fixed instance type parity between inference endpoints and managed shadow tests. (c6c87516)
• client-connect: This change added three new EventSourceName for schedule notification feature (b8f49e23)
• client-socialmessaging: Adds parameters to call the GetWhatsAppMessageTemplate and UpdateWhatsAppMessageTemplate APIs with a template name and language code in place of the template ID. Linked WhatsApp accounts also describe whether the WABA is onboarded to Meta's Marketing Messages API. (085c2dd6)
• client-ec2: Include length limits in the SDK and documentation for text fields in Image (AMI) APIs such as the image name and description (9a5ca595)
• client-partnercentral-account: Added ServiceQuotaExceededExceptions for Profile operations (725a2b6d)
• client-opensearch: Adds support for AutomatedSnapshotPauseOptions. (8bc57f1f)
• client-billingconductor: Add ConflictException to UpdateCustomLineItem operation. (f0f73bae)
• client-bedrock-agentcore-control: Adds support for read-only summary APIs for Policy Engine, Policy, and Policy Generation resources, enabling metadata retrieval without KMS decryption for AWS Config integration. (6d630817)
• client-lightsail: Added OriginIpAddressTypeEnum (ipv4, ipv6, dualstack) and ipAddressType field to Origin and InputOrigin structures for Lightsail CDN distributions. Allows customers to specify how the distribution connects to origins, using IPv4, IPv6, or dualstack networking (eaa98531)
• client-dsql: Added support for Amazon Aurora DSQL change data capture (CDC) streams that deliver row-level database changes to Amazon Kinesis in JSON format. Includes CreateStream, GetStream, ListStreams, and DeleteStream operations. (d071f80a)
• client-connectcampaignsv2: This release added support for Outbound Campaign timezone detection using all available contact methods (1a0d5fee)

Bug Fixes

• core/protocols: corrections for absolute and relative shape id lookup for errors (#8001) (c9921dcb)
• cloudfront-signer: url-encode special characters in URL path (#7763) (e942132d)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1046.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/client-s3

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/client-s3

3.1044.0 (2026-05-06)

Features

• client-s3: Validate outpost access point resource name (bee88a5)

3.1043.0 (2026-05-05)

Note: Version bump only for package @​aws-sdk/client-s3

3.1042.0 (2026-05-04)

Note: Version bump only for package @​aws-sdk/client-s3

3.1041.0 (2026-05-01)

Note: Version bump only for package @​aws-sdk/client-s3

... (truncated)

Commits

• a664335 Publish v3.1046.0
• 9ce20f6 chore(codegen): dependency version bump (#8008)
• acffbf9 chore: update smithy/core imports (#7979)
• b329def Publish v3.1045.0
• 1ccd438 Publish v3.1044.0
• bee88a5 feat(client-s3): Validate outpost access point resource name
• 96baad9 Publish v3.1043.0
• d942e31 Publish v3.1042.0
• 5df4c01 Publish v3.1041.0
• 7736067 Publish v3.1040.0
• Additional commits viewable in compare view

Updates @aws-sdk/s3-request-presigner from 3.984.0 to 3.1046.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1046.0

3.1046.0(2026-05-14)

Chores

• build: set compilation config module type to nodenext (#8018) (893d9e61)
• core/util:
  • update tsconfig.types.json (#8016) (b09190e7)
  • migrate minor utility functions to core (#8007) (6a0f061a)
• scripts:
  • optimize codegen build speed (#8012) (3b64aa8f)
  • add submodule variant api surface parity linting (#8006) (3361fb26)
• codegen: dependency version bump (#8008) (9ce20f6d)
• signature-v4-multi-region: invert dependency on middleware-sdk-s3 (#8003) (b41bc62f)
• update smithy/core imports (#7979) (acffbf90)

Documentation Changes

• client-redshift: Added rg.xlarge and rg.4xlarge to valid NodeType values and updated documentation for CreateCluster, ModifyCluster, ResizeCluster, and RestoreFromClusterSnapshot APIs to reflect RG node type support. (fc4437bd)
• client-batch: Adds a billing callout to docs regarding using the CE Scale Down Delay feature (72d87371)
• client-glue: AWS Glue now defaults the job timeout to 480 minutes for Glue version 5.0 and later when no timeout value is specified. The default remains 2,880 minutes for Glue version 4.0 and earlier. (0a44c1f6)
• core: package consolidation plan (#8002) (51d1f8cb)

New Features

• clients: update client endpoints as of 2026-05-14 (0a8e3b77)
• client-sfn: Updated default SDK endpoints for AWS Step Functions in AWS GovCloud (US) regions. The default Dual-Stack endpoints now resolve to "states-fips" prefixed hostnames. There are no changes to service behavior. No customer action is required. (35908544)
• client-quicksight: Adds five new custom permission option for Quick Apps so that these capabilities can be controlled by public SDK and CLI. (8e76717d)
• client-elasticsearch-service: Adds support for AutomatedSnapshotPauseOptions. (e1a722aa)
• client-arc-region-switch: Adds support for enabling and disabling Lambda event source mappings in Region switch plans. (5b7d56f3)
• client-rtbfabric: Customers can now configure custom domain names for their RTB Fabric gateways. This enables partners to use their own branded domain for RTB traffic instead of the default rtbfabric endpoint (b1e0392d)
• client-connectcases: Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. (883cc0f7)
• client-pcs: Add support for Amazon EC2 Interruptible-ODCR (cbd2be24)
• client-securityagent: Add support for code reviews, a new resource type that enables automated security-focused static analysis of source code repositories. (8ae5b437)
• client-sagemaker: Adds execution role session name mode to reflect user identity in Studio. Adds Flexible Training Plans on Studio apps. Adds restricted model packages to control access to proprietary model artifacts via IAM. Fixed instance type parity between inference endpoints and managed shadow tests. (c6c87516)
• client-connect: This change added three new EventSourceName for schedule notification feature (b8f49e23)
• client-socialmessaging: Adds parameters to call the GetWhatsAppMessageTemplate and UpdateWhatsAppMessageTemplate APIs with a template name and language code in place of the template ID. Linked WhatsApp accounts also describe whether the WABA is onboarded to Meta's Marketing Messages API. (085c2dd6)
• client-ec2: Include length limits in the SDK and documentation for text fields in Image (AMI) APIs such as the image name and description (9a5ca595)
• client-partnercentral-account: Added ServiceQuotaExceededExceptions for Profile operations (725a2b6d)
• client-opensearch: Adds support for AutomatedSnapshotPauseOptions. (8bc57f1f)
• client-billingconductor: Add ConflictException to UpdateCustomLineItem operation. (f0f73bae)
• client-bedrock-agentcore-control: Adds support for read-only summary APIs for Policy Engine, Policy, and Policy Generation resources, enabling metadata retrieval without KMS decryption for AWS Config integration. (6d630817)
• client-lightsail: Added OriginIpAddressTypeEnum (ipv4, ipv6, dualstack) and ipAddressType field to Origin and InputOrigin structures for Lightsail CDN distributions. Allows customers to specify how the distribution connects to origins, using IPv4, IPv6, or dualstack networking (eaa98531)
• client-dsql: Added support for Amazon Aurora DSQL change data capture (CDC) streams that deliver row-level database changes to Amazon Kinesis in JSON format. Includes CreateStream, GetStream, ListStreams, and DeleteStream operations. (d071f80a)
• client-connectcampaignsv2: This release added support for Outbound Campaign timezone detection using all available contact methods (1a0d5fee)

Bug Fixes

• core/protocols: corrections for absolute and relative shape id lookup for errors (#8001) (c9921dcb)
• cloudfront-signer: url-encode special characters in URL path (#7763) (e942132d)

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1046.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1044.0 (2026-05-06)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1043.0 (2026-05-05)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1042.0 (2026-05-04)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1041.0 (2026-05-01)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1040.0 (2026-04-30)

... (truncated)

Commits

• a664335 Publish v3.1046.0
• 6a0f061 chore(core/util): migrate minor utility functions to core (#8007)
• 9ce20f6 chore(codegen): dependency version bump (#8008)
• acffbf9 chore: update smithy/core imports (#7979)
• b329def Publish v3.1045.0
• 1ccd438 Publish v3.1044.0
• 96baad9 Publish v3.1043.0
• d942e31 Publish v3.1042.0
• 5df4c01 Publish v3.1041.0
• 7736067 Publish v3.1040.0
• Additional commits viewable in compare view

Updates @fumadocs/content-collections from 1.2.6 to 1.2.9

Commits

• fa60913 Version Packages (#3202)
• 2d8f596 Chore: fix npm pack skipping nested node_modules
• b5af621 Merge pull request #3200 from fuma-nama/changeset-release/dev
• 79995e9 fix tsdown warnings
• 9518cc8 OpenAPI: remove openapi-sampler dep
• 335b9c1 Chore: bundle more deps
• 498425b UI: pre-calculate TOC item positions
• 7cdde7c UI: improve TOC performance
• 690ddb9 Chore: bundle more deps
• 8999346 Version Packages (#3198)
• Additional commits viewable in compare view

Updates @hono/zod-openapi from 1.2.1 to 1.4.0

Release notes

Sourced from @​hono/zod-openapi's releases.

@​hono/zod-openapi@​1.4.0

Minor Changes

• #1881 e90e4fb30877f3e3f4b0588bdb2bbfc337efbf67 Thanks @​T4ko0522! - fix(zod-openapi): bump peerDependencies.hono to >=4.10.0 to match the runtime requirement coming through @hono/zod-validator.

  @hono/zod-openapi lists @hono/zod-validator as a direct (non-peer) dependency, so its peer range must be at least as strict as @hono/zod-validator's. After the typed-400 fix bumps @hono/zod-validator's peerDependencies.hono to >=4.10.0, leaving @hono/zod-openapi's peer at >=4.3.6 would let consumers install @hono/zod-openapi against e.g. [email protected], where the bundled @hono/zod-validator types reference the 4-argument MiddlewareHandler<E, P, I, R> (introduced in Hono v4.10.0) and fail to compile (TS2707).

Patch Changes

• Updated dependencies [e90e4fb30877f3e3f4b0588bdb2bbfc337efbf67]:
  • @​hono/zod-validator@​0.8.0

@​hono/zod-openapi@​1.3.0

Minor Changes

• #1752 fe0f8e4b44ca8e78d2ed60ed8591f415cd85eaa9 Thanks @​destroSunRay! - This PR adds two new utilities to improve route definition and registration in @hono/zod-openapi:

  • defineOpenAPIRoute: Provides explicit type safety for route definitions
  • openapiRoutes: Enables batch registration of multiple routes with full type safety
  • Registering many routes individually was repetitive and verbose
  • Type inference for complex route configurations was challenging
  • Organizing routes across multiple files was difficult
  • No built-in support for conditional route registration
  • RPC type safety was hard to maintain across scattered route registrations
  • defineOpenAPIRoute: Wraps route definitions with explicit types for better IDE support and type checking
  • openapiRoutes: Accepts an array of route definitions and registers them all at once
  • Supports addRoute flag for conditional registration
  • Maintains full type safety and RPC support through recursive type merging
  • Enables clean modular organization of routes
  • ✅ Reduced boilerplate code
  • ✅ Better type inference and IDE autocomplete
  • ✅ Easier code organization and maintainability
  • ✅ Declarative conditional routes
  • ✅ Full backward compatibility

  See the updated README for usage examples.

  • All existing tests pass (102/102)
  • Added tests for new functionality
  • Verified type inference works correctly
  • Updated package README with usage examples

@​hono/zod-openapi@​1.2.4

Patch Changes

• #1831 40ede9c55abe672798deca6970ef60b945382d34 Thanks @​yusukebe! - fix: publish to JSR

@​hono/zod-openapi@​1.2.3

Patch Changes

... (truncated)

Changelog

Sourced from @​hono/zod-openapi's changelog.

1.4.0

Minor Changes

• #1881 e90e4fb30877f3e3f4b0588bdb2bbfc337efbf67 Thanks @​T4ko0522! - fix(zod-openapi): bump peerDependencies.hono to >=4.10.0 to match the runtime requirement coming through @hono/zod-validator.

  @hono/zod-openapi lists @hono/zod-validator as a direct (non-peer) dependency, so its peer range must be at least as strict as @hono/zod-validator's. After the typed-400 fix bumps @hono/zod-validator's peerDependencies.hono to >=4.10.0, leaving @hono/zod-openapi's peer at >=4.3.6 would let consumers install @hono/zod-openapi against e.g. [email protected], where the bundled @hono/zod-validator types reference the 4-argument MiddlewareHandler<E, P, I, R> (introduced in Hono v4.10.0) and fail to compile (TS2707).

Patch Changes

• Updated dependencies [e90e4fb30877f3e3f4b0588bdb2bbfc337efbf67]:
  • @​hono/zod-validator@​0.8.0

1.3.0

Minor Changes

• #1752 fe0f8e4b44ca8e78d2ed60ed8591f415cd85eaa9 Thanks @​destroSunRay! - This PR adds two new utilities to improve route definition and registration in @hono/zod-openapi:

  • defineOpenAPIRoute: Provides explicit type safety for route definitions
  • openapiRoutes: Enables batch registration of multiple routes with full type safety
  • Registering many routes individually was repetitive and verbose
  • Type inference for complex route configurations was challenging
  • Organizing routes across multiple files was difficult
  • No built-in support for conditional route registration
  • RPC type safety was hard to maintain across scattered route registrations
  • defineOpenAPIRoute: Wraps route definitions with explicit types for better IDE support and type checking
  • openapiRoutes: Accepts an array of route definitions and registers them all at once
  • Supports addRoute flag for conditional registration
  • Maintains full type safety and RPC support through recursive type merging
  • Enables clean modular organization of routes
  • ✅ Reduced boilerplate code
  • ✅ Better type inference and IDE autocomplete
  • ✅ Easier code organization and maintainability
  • ✅ Declarative conditional routes
  • ✅ Full backward compatibility

  See the updated README for usage examples.

  • All existing tests pass (102/102)
  • Added tests for new functionality
  • Verified type inference works correctly
  • Updated package README with usage examples

1.2.4

Patch Changes

• #1831 40ede9c55abe672798deca6970ef60b945382d34 Thanks @​yusukebe! - fix: publish to JSR

1.2.3

... (truncated)

Commits

• a08b023 Version Packages (#1887)
• e90e4fb feat(zod-validator): surface the default 400 on the no-hook overload and keep...
• 5eeca71 Version Packages (#1849)
• fe0f8e4 feat(zod-openapi): add defineOpenAPIRoute and openapiRoutes for batch route r...
• a6f4ef5 Version Packages (#1832)
• 40ede9c fix(zod-openapi): publish to JSR (#1831)
• 38993fa Version Packages (#1811)
• db8fd16 fix(zod-openapi): bump @​asteasolutions/zod-to-openapi to allow nested discrim...
• e762ac0 feat(eslint): ignoring variables and parameters prefixed with _ (#1772)
• 27d8981 Version Packages (#1749)
• Additional commits viewable in compare view

Updates @hono/zod-validator from 0.7.6 to 0.8.0

Release notes

Sourced from @​hono/zod-validator's releases.

@​hono/zod-validator@​0.8.0

Minor Changes

• #1881 e90e4fb30877f3e3f4b0588bdb2bbfc337efbf67 Thanks @​T4ko0522! - fix(zod-validator): surface the default 400 failure response so it propagates to the RPC schema (refs honojs/hono#3746).
  • Widen the no-hook overload return type to MiddlewareHandler<E, P, V, TypedResponse<ZodValidatorFailureBody<T>, 400, 'json'>>, so the default c.json(result, 400) body reaches MergeMiddlewareResponse<M_k> on the Hono side and shows up in hc<typeof app> as a typed 400 branch.
  • Intersect the inferred middleware response with Response (Response & TypedResponse<...>) in both ZodValidatorFailureResponse<T> and ExtractValidationResponse<VF> so a zValidator(...) middleware remains assignable to a plain MiddlewareHandler (avoids a TS2322 regression caused by bare TypedResponse).
  • Collapse the no-hook overload to also accept undefined for the hook parameter together with the options.validationFunction, allowing zValidator(target, schema, undefined, { validationFunction }) to match the typed-failure path.
  • Bump peerDependencies.hono to >=4.10.0 because this PR now relies on the 4-argument MiddlewareHandler<E, P, I, R> signature introduced in Hono v4.10.0; on hono <4.10.0, MiddlewareHandler only accepts 3 type arguments and consumers would hit TS2707 even though peer ranges currently allow it.

Changelog

Sourced from @​hono/zod-validator's changelog.

0.8.0

Minor Changes

• #1881 e90e4fb30877f3e3f4b0588bdb2bbfc337efbf67 Thanks @​T4ko0522! - fix(zod-validator): surface the default 400 failure response so it propagates to the RPC schema (refs honojs/hono#3746).
  • Widen the no-hook overload return type to MiddlewareHandler<E, P, V, TypedResponse<ZodValidatorFailureBody<T>, 400, 'json'>>, so the default c.json(result, 400) body reaches MergeMiddlewareResponse<M_k> on the Hono side and shows up in hc<typeof app> as a typed 400 branch.
  • Intersect the inferred middleware response with Response (Response & TypedResponse<...>) in both ZodValidatorFailureResponse<T> and ExtractValidationResponse<VF> so a zValidator(...) middleware remains assignable to a plain MiddlewareHandler (avoids a TS2322 regression caused by bare TypedResponse).
  • Collapse the no-hook overload to also accept undefined for the hook parameter together with the options.validationFunction, allowing zValidator(target, schema, undefined, { validationFunction }) to match the typed-failure path.
  • Bump peerDependencies.hono to >=4.10.0 because this PR now relies on the 4-argument MiddlewareHandler<E, P, I, R> signature introduced in Hono v4.10.0; on hono <4.10.0, MiddlewareHandler only accepts 3 type arguments and consumers would hit TS2707 even though peer ranges currently allow it.

Commits

• a08b023 Version Packages (#1887)
• e90e4fb feat(zod-validator): surface the default 400 on the no-hook overload and keep...
• e762ac0 feat(eslint): ignoring variables and parameters prefixed with _ (#1772)
• 475cd12 chore: update typescript to 5.9.3 (#1741)
• 96ae310 chore: update Zod/Valibot import examples to use namespace imports in docs an...
• fbec266 chore(deps-dev): bump hono from 4.11.3 to 4.11.4 (#1710)
• c7edf1e chore(deps-dev): upgrade @cloudflare/vitest-pool-workers and vitest (#1714)
• 03a28c5 fix: less strict template expressions (#1681)
• 1f8372e chore(typescript): add @tsconfig/strictest (#1679)
• 49db969 chore(eslint): update suppressions (#1678)
• Additional commits viewable in compare view

Updates @next/third-parties from 16.1.6 to 16.2.6

Release notes

Sourced from @​next/third-parties's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using Web...

  Description has been truncated