chore(deps)(deps): bump the production-dependencies group with 19 updates

[dependabot]

Bumps the production-dependencies group with 19 updates:

Package	From	To
better-sqlite3	12.8.0	12.9.0
lucide-react	1.7.0	1.8.0
@ai-sdk/gateway	3.0.91	3.0.95
@hono/node-server	1.19.12	1.19.14
msw	2.12.14	2.13.2
ai	6.0.149	6.0.158
better-auth	1.5.6	1.6.2
hono	4.12.11	4.12.12
next	16.2.2	16.2.3
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
fumadocs-core	16.7.10	16.7.14
fumadocs-mdx	14.2.11	14.2.13
fumadocs-ui	16.7.10	16.7.14
@ai-sdk/anthropic	3.0.67	3.0.69
@ai-sdk/google	3.0.59	3.0.62
@ai-sdk/openai	3.0.51	3.0.52
@ai-sdk/react	3.0.151	3.0.160
react-resizable-panels	4.9.0	4.10.0

Updates better-sqlite3 from 12.8.0 to 12.9.0

Release notes

Sourced from better-sqlite3's releases.

v12.9.0

What's Changed

• Update SQLite to version 3.53.0 in WiseLibs/better-sqlite3#1464

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

Commits

• 4058d24 12.9.0
• f653513 Update SQLite to version 3.53.0 (#1464)
• See full diff in compare view

Updates lucide-react from 1.7.0 to 1.8.0

Release notes

Sourced from lucide-react's releases.

Version 1.8.0

What's Changed

• docs(packages/angular): add packageDirname for @​lucide/angular by @​rhutchison in lucide-icons/lucide#4211
• chore(icons): Username change knarlix to RajnishKMehta by @​RajnishKMehta in lucide-icons/lucide#4208
• ci(@​lucide/angular): Fix publishing problem by @​ericfennis in lucide-icons/lucide#4213
• docs: fix broken links in pull_request_template.md (got 404 page) by @​whoisBugsbunny in lucide-icons/lucide#4224
• fix(lucide-static): add viewBox to sprite symbol elements by @​TomaTV in lucide-icons/lucide#4223
• docs: Fix link to icon design principles in statement by @​whoisBugsbunny in lucide-icons/lucide#4225
• feat(docs): add Zephyr Cloud to Hero Backers tier by @​karsa-mistmere in lucide-icons/lucide#4226
• fix(icons): fixes gap issues in radio-off.svg by @​karsa-mistmere in lucide-icons/lucide#4227
• fix(icons): renamed text-select to square-dashed-text by @​jguddas in lucide-icons/lucide#3943
• fix(docs): improve mobile layout of v1 banner by @​karsa-mistmere in lucide-icons/lucide#4254
• fix(@​lucide/svelte): aria-hidden="true" was never set by @​blt-r in lucide-icons/lucide#4234
• fix(icons): remove ui/ux tag from heart-minus, add delete instead by @​karsa-mistmere in lucide-icons/lucide#4266
• chore(deps-dev): bump vite from 7.3.1 to 7.3.2 by @​dependabot[bot] in lucide-icons/lucide#4276
• chore(deps): bump lodash-es from 4.17.23 to 4.18.1 by @​dependabot[bot] in lucide-icons/lucide#4251
• chore(deps): bump vite from 5.4.21 to 6.4.2 by @​dependabot[bot] in lucide-icons/lucide#4286
• feat(docs): use initOnMounted: true for useSessionStorage in CarbonAdOverlay by @​karsa-mistmere in lucide-icons/lucide#4275
• feat(icons): added bookmark-off icon by @​ZeenatLawal in lucide-icons/lucide#4283

New Contributors

• @​rhutchison made their first contribution in lucide-icons/lucide#4211
• @​whoisBugsbunny made their first contribution in lucide-icons/lucide#4224
• @​TomaTV made their first contribution in lucide-icons/lucide#4223
• @​blt-r made their first contribution in lucide-icons/lucide#4234
• @​ZeenatLawal made their first contribution in lucide-icons/lucide#4283

Full Changelog: lucide-icons/lucide@1.7.0...1.8.0

Commits

• 7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
• See full diff in compare view

Updates @ai-sdk/gateway from 3.0.91 to 3.0.95

Commits

• 7a373b5 Version Packages (#14286)
• 08c5ac3 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• eaf25cd Version Packages (#14283)
• 06764c5 Backport: fix(ai): skip passing invalid JSON inputs to response messages (#14...
• d372a96 Backport: docs: add zeroentropy models as community provider (#14272)
• 909e564 Backport: docs(devtools): clarify monorepo usage for DevTools viewer (#14271)
• 8191be9 Version Packages (#14269)
• 03a04f6 Backport: feat(google-vertex): add support for streaming tool arguments input...
• 0cbc7cc Version Packages (#14244)
• 72ebb54 Backport: fix (provider/xai): handle error chunks in responses api (#14240)
• Additional commits viewable in compare view

Updates @hono/node-server from 1.19.12 to 1.19.14

Release notes

Sourced from @​hono/node-server's releases.

v1.19.14

What's Changed

• fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @​usualoma in honojs/node-server#340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

Commits

• b5e63a3 1.19.14
• c02d777 fix: add custom inspect to lightweight Request/Response to prevent TypeError ...
• fd64e65 1.19.13
• 025c30f Merge commit from fork
• See full diff in compare view

Updates msw from 2.12.14 to 2.13.2

Release notes

Sourced from msw's releases.

v2.13.2 (2026-04-08)

Bug Fixes

• delay: prevent infinite mode from throwing (#2697) (613d4a1d6cd96e006af126d6a13e32e884f48733) @​kettanaito

v2.13.1 (2026-04-07)

Bug Fixes

• annotate life-cycle events correctly (#2694) (e7890e91627c828bd4d788f09e179bffbc8a8506) @​kettanaito

v2.13.0 (2026-04-06)

Features

• use the network source architecture (defineNetwork) (#2650) (2b73790082d412580047c430519340958025226d) @​kettanaito @​felmonon
• handlers are now grouped internally by kind, making handler lookup a O(1) operation.
• handlers filtering no longer uses an instanceof check. Instead, the kind property of the handler is used.

Bug fixes

• fix an issue where a WebSocket connection would be logged in the console even when there are no matching event handlers for it.

Commits

• 33bf349 chore(release): v2.13.2
• 613d4a1 fix(delay): prevent infinite mode from throwing (#2697)
• 89adbf8 chore(release): v2.13.1
• e7890e9 fix: annotate life-cycle events correctly (#2694)
• e79b04f chore(release): v2.13.0
• 2b73790 feat: use the network source architecture (defineNetwork) (#2650)
• dd5dc3d chore: ignore *.tsbuildinfo files
• ef56f84 chore: add support for windows builds (#2651)
• 6a8d25d test(fallback-mode): move worker to the test (#2680)
• See full diff in compare view

Updates ai from 6.0.149 to 6.0.158

Release notes

Sourced from ai's releases.

ai@6.0.158

Patch Changes

• 295beba: fix(ai): fix lastAssistantMessageIsCompleteWithApprovalResponses to no longer ignore providerExecuted tool approvals

ai@6.0.157

Patch Changes

• ff11aee: fix(ai): fix providerExecuted tool approvals being passed to language model twice

Commits

• 78dd62f Version Packages (#14335)
• 295beba Backport: fix(ai): fix lastAssistantMessageIsCompleteWithApprovalResponses ...
• dce61ca Version Packages (#14324)
• ff11aee Backport: fix(ai): fix providerExecuted tool approvals being passed to lang...
• 9a8d276 Backport: feat(mcp): surface 'serverInfo' exposed from the MCP server (#14321)
• 1eea534 Backport: docs: add zeroentropy as a community provider (#14305)
• 7a373b5 Version Packages (#14286)
• 08c5ac3 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• eaf25cd Version Packages (#14283)
• 06764c5 Backport: fix(ai): skip passing invalid JSON inputs to response messages (#14...
• Additional commits viewable in compare view

Updates better-auth from 1.5.6 to 1.6.2

Release notes

Sourced from better-auth's releases.

v1.6.2

better-auth

❗ Breaking Changes

• Prevented unverified TOTP enrollment from blocking sign-in (#8711)

Migration: Adds a verified column to the twoFactor table (defaults to true). Existing rows are unaffected. No data migration required.

Features

• Included enabled 2FA methods in sign-in redirect response (#8772)

Bug Fixes

• Fixed OAuth state verification against cookie-stored nonce to prevent CSRF (#8949)
• Fixed infinite router refresh loops in nextCookies() by replacing cookie probe with header-based RSC detection (#9059)
• Fixed cross-provider account collision in link-social callback (#8983)
• Included RelayState in signed SAML AuthnRequests (#9058)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

• Fixed multi-valued query params collapsing through prompt redirects (#9060)
• Rejected skip_consent at schema level in dynamic client registration (#8998)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

• Fixed SAMLResponse decoding failures caused by line-wrapped base64 (#8968)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​aarmful, @​cyphercodes, @​dvanmali, @​gustavovalverde, @​jaydeep-pipaliya, @​ping-maxwell

Full changelog: v1.6.1...v1.6.2

v1.6.1

better-auth

Bug Fixes

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.2

Patch Changes

• #8949 9deb793 Thanks @​ping-maxwell! - security: verify OAuth state parameter against cookie-stored nonce to prevent CSRF on cookie-backed flows

• #8983 2cbcb9b Thanks @​jaydeep-pipaliya! - fix(oauth2): prevent cross-provider account collision in link-social callback

  The link-social callback used findAccount(accountId) which matched by account ID across all providers. When two providers return the same numeric ID (e.g. both Google and GitHub assign 99999), the lookup could match the wrong provider's account, causing a spurious account_already_linked_to_different_user error or silently updating the wrong account's tokens.

  Replaced with findAccountByProviderId(accountId, providerId) to scope the lookup to the correct provider, matching the pattern already used in the generic OAuth plugin.

• #9059 b20fa42 Thanks @​gustavovalverde! - fix(next-js): replace cookie probe with header-based RSC detection in nextCookies() to prevent infinite router refresh loops and eliminate leaked __better-auth-cookie-store cookie. Also fix two-factor enrollment flows to set the new session cookie before deleting the old session.

• #9058 608d8c3 Thanks @​gustavovalverde! - fix(sso): include RelayState in signed SAML AuthnRequests per SAML 2.0 Bindings §3.4.4.1

  • RelayState is now passed to samlify's ServiceProvider constructor so it is included in the redirect binding signature. Previously it was appended after the signature, causing spec-compliant IdPs to reject signed AuthnRequests.
  • authnRequestsSigned: true without a private key now throws instead of silently sending unsigned requests.

• #8772 8409843 Thanks @​aarmful! - feat(two-factor): include enabled 2fa methods in sign-in redirect response

  The 2FA sign-in redirect now returns twoFactorMethods (e.g. ["totp", "otp"]) so frontends can render the correct verification UI without guessing. The onTwoFactorRedirect client callback receives twoFactorMethods as a context parameter.

  • TOTP is included only when the user has a verified TOTP secret and TOTP is not disabled in config.
  • OTP is included when otpOptions.sendOTP is configured.
  • Unverified TOTP enrollments are excluded from the methods list.

• #8711 e78a7b1 Thanks @​aarmful! - fix(two-factor): prevent unverified TOTP enrollment from gating sign-in

  Adds a verified boolean column to the twoFactor table that tracks whether a TOTP secret has been confirmed by the user.

  • First-time enrollment: enableTwoFactor creates the row with verified: false. The row is promoted to verified: true only after verifyTOTP succeeds with a valid code.
  • Re-enrollment (calling enableTwoFactor when TOTP is already verified): the new row preserves verified: true, so the user is never locked out of sign-in while rotating their TOTP secret.
  • Sign-in: verifyTOTP rejects rows where verified === false, preventing abandoned enrollments from blocking authentication. Backup codes and OTP are unaffected and work as fallbacks during unfinished enrollment.

  Migration: The new column defaults to true, so existing twoFactor rows are treated as verified. No data migration is required. skipVerificationOnEnable: true is also unaffected — the row is created as verified: true in that mode.

• Updated dependencies []:

  • @​better-auth/core@​1.6.2
  • @​better-auth/drizzle-adapter@​1.6.2
  • @​better-auth/kysely-adapter@​1.6.2
  • @​better-auth/memory-adapter@​1.6.2
  • @​better-auth/mongo-adapter@​1.6.2
  • @​better-auth/prisma-adapter@​1.6.2
  • @​better-auth/telemetry@​1.6.2

1.6.1

Patch Changes

• #9023 2e537df Thanks @​jonathansamines! - Update endpoint instrumentation to always use endpoint routes

• #8902 f61ad1c Thanks @​ping-maxwell! - use INVALID_PASSWORD for all checkPassword failures

... (truncated)

Commits

• 700d298 chore: version packages (#9052)
• b20fa42 fix(next-js): replace cookie probe with header-based RSC detection in nextCoo...
• 2cbcb9b fix(oauth2): prevent cross-provider account collision in link-social callback...
• 9deb793 fix: cookie store strategy should verify oauth state (#8949)
• 8409843 feat(two-factor): include enabled 2fa methods in sign-in redirect response (#...
• e78a7b1 fix(two-factor): prevent unverified TOTP enrollment from gating sign-in (#8711)
• 85bb710 chore: version packages (#9018)
• 7495830 fix(api): restore getSession accessibility in generic Auth<O> context (#9017)
• 2e537df fix: endpoint instrumentation to always use route template (#9023)
• f61ad1c fix: use INVALID_PASSWORD for all checkPassword failures (#8902)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for better-auth since your current version.

Updates hono from 4.12.11 to 4.12.12

Release notes

Sourced from hono's releases.

v4.12.12

Security fixes

This release includes fixes for the following security issues:

Middleware bypass via repeated slashes in serveStatic

Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (//) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c

Path traversal in toSSG() allows writing files outside the output directory

Affects: toSSG() for Static Site Generation. Fixes a path traversal issue where crafted ssgParams values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx

Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g

Missing validation of cookie name on write path in setCookie()

Affects: setCookie(), serialize(), and serializeSigned() from hono/cookie. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm

Non-breaking space prefix bypass in cookie name handling in getCookie()

Affects: getCookie() from hono/cookie. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4

---

Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.

Commits

• c37ba26 4.12.12
• cc067c8 Merge commit from fork
• a586cd7 Merge commit from fork
• 48fa223 Merge commit from fork
• b470278 Merge commit from fork
• 9aff14b Merge commit from fork
• See full diff in compare view

Updates next from 16.2.2 to 16.2.3

Release notes

Sourced from next's releases.

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

Commits

• d5f649b v16.2.3
• 2873928 [16.x] Avoid consuming cyclic models multiple times (#75)
• d7c7765 [backport]: Ensure app-page reports stale ISR revalidation errors via onReque...
• c573e8c fix(server-hmr): metadata routes overwrite page runtime HMR handler (#92273)
• 57b8f65 next-core: deduplicate output assets and detect content conflicts on emit (#9...
• f158df1 Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• 356d605 turbo-tasks-backend: stability fixes for task cancellation and error handling...
• 3b77a6e Fix DashMap read-write self-deadlock in task_cache causing hangs (#92210)
• b2f208a Backport: new view-transitions guide, update and fixes (#92264)
• See full diff in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates fumadocs-core from 16.7.10 to 16.7.14

Release notes

Sourced from fumadocs-core's releases.

fumadocs-core@16.7.14

Patch Changes

• 2d8f596: fix npm pack skipping nested node_modules

fumadocs-core@16.7.13

Patch Changes

• 690ddb9: bundle more deps

fumadocs-core@16.7.12

No release notes provided.

fumadocs-core@16.7.11

Patch Changes

• 5524927: extend page tree root scope
• d47c4f1: LLMs: support generating section for a specific page tree node

Commits

• fa60913 Version Packages (#3202)
• 2d8f596 Chore: fix npm pack skipping nested node_modules
• b5af621 Merge pull request #3200 from fuma-nama/changeset-release/dev
• 79995e9 fix tsdown warnings
• 9518cc8 OpenAPI: remove openapi-sampler dep
• 335b9c1 Chore: bundle more deps
• 498425b UI: pre-calculate TOC item positions
• 7cdde7c UI: improve TOC performance
• 690ddb9 Chore: bundle more deps
• 8999346 Version Packages (#3198)
• Additional commits viewable in compare view

Updates fumadocs-mdx from 14.2.11 to 14.2.13

Release notes

Sourced from fumadocs-mdx's releases.

fumadocs-mdx@14.2.13

Patch Changes

• 2d8f596: fix npm pack skipping nested node_modules
• Updated dependencies [2d8f596]
  • @​fumadocs/mdx-remote@​1.4.8
  • fumadocs-core@16.7.14

fumadocs-mdx@14.2.12

Patch Changes

• 690ddb9: bundle more deps
• Updated dependencies [690ddb9]
  • @​fumadocs/mdx-remote@​1.4.7
  • fumadocs-core@16.7.13

Commits

• fa60913 Version Packages (#3202)
• 2d8f596 Chore: fix npm pack skipping nested node_modules
• b5af621 Merge pull request #3200 from fuma-nama/changeset-release/dev
• 79995e9 fix tsdown warnings
• 9518cc8 OpenAPI: remove openapi-sampler dep
• 335b9c1 Chore: bundle more deps
• 498425b UI: pre-calculate TOC item positions
• 7cdde7c UI: improve TOC performance
• 690ddb9 Chore: bundle more deps
• 8999346 Version Packages (#3198)
• Additional commits viewable in compare view

Updates fumadocs-ui from 16.7.10 to 16.7.14

Release notes

Sourced from fumadocs-ui's releases.

fumadocs-ui@16.7.14

Patch Changes

• 2d8f596: fix npm pack skipping nested node_modules
• Updated dependencies [2d8f596]
  • @​fumadocs/tailwind@​0.0.5
  • fumadocs-core@16.7.14

fumadocs-ui@16.7.13

Patch Changes

• 690ddb9: bundle more deps
• Updated dependencies [690ddb9]
  • @​fumadocs/tailwind@​0.0.4
  • fumadocs-core@16.7.13

fumadocs-ui@16.7.12

Patch Changes

• a5dcc11: allow to specify <TOCItems /> props
• 56f7e5b: Improve TOC thumb box
  • fumadocs-core@16.7.12

fumadocs-ui@16.7.11

Patch Changes

• Updated dependencies [5524927]
• Updated dependencies [d47c4f1]
  • fumadocs-core@16.7.11

Commits

• fa60913 Version Packages (#3202)
• 2d8f596 Chore: fix npm pack skipping nested node_modules
• b5af621 Merge pull request #3200 from fuma-nama/changeset-release/dev
• 79995e9 fix tsdown warnings
• 9518cc8 OpenAPI: remove openapi-sampler dep
• 335b9c1 Chore: bundle more deps
• 498425b UI: pre-calculate TOC item positions
• 7cdde7c UI: improve TOC performance
• 690ddb9 Chore: bundle more deps
• 8999346 Version Packages (#3198)
• Additional commits viewable in compare view

Updates @ai-sdk/anthropic from 3.0.67 to 3.0.69

Release notes

Sourced from @​ai-sdk/anthropic's releases.

@​ai-sdk/anthropic@​3.0.69

Patch Changes

• 61f1a61: feat (provider/anthropic): add support for inference_geo provider option

Commits

• 5d213ea Version Packages (#14346)
• 61f1a61 Backport: feat (provider/anthropic): add support for inference_geo provider o...
• 78dd62f Version Packages (#14335)
• 295beba Backport: fix(ai): fix lastAssistantMessageIsCompleteWithApprovalResponses ...
• dce61ca Version Packages (#14324)
• ff11aee Backport: fix(ai): fix providerExecuted tool approvals being passed to lang...
• 9a8d276 Backport: feat(mcp): surface 'serverInfo' exposed from the MCP server (#14321)
• 1eea534 Backport: docs: add zeroentropy as a community provider (#14305)
• 7a373b5 Version Packages (#14286)
• 08c5ac3 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• Additional commits viewable in compare view

Updates @ai-sdk/google from 3.0.59 to 3.0.62

Release notes

Sourced from @​ai-sdk/google's releases.

@​ai-sdk/google@​3.0.62

Patch Changes

• 46a3584: fix(google-vertex): don't send streamFunctionCallArguments for unary API calls and change default to false

Commits

• 534a4f1 Version Packages (#14355)
• 46a3584 Backport: fix(google-vertex): don't send streamFunctionCallArguments for vert...
• 5d213ea Version Packages (#14346)
• 61f1a61 Backport: feat (provider/anthropic): add support for inference_geo provider o...
• 78dd62f Version Packages (#14335)
• 295beba Backport: fix(ai): fix lastAssistantMessageIsCompleteWithApprovalResponses ...
• dce61ca Version Packages (#14324)
• ff11aee Backport: fix(ai): fix providerExecuted tool approvals being passed to lang...
• 9a8d276 Backport: feat(mcp): surface 'serverInfo' exposed from the MCP server (#14321)
• 1eea534 Backport: docs: add zeroentropy as a community provider (#14305)
• Additional commits viewable in compare view

Updates @ai-sdk/openai from 3.0.51 to 3.0.52

Commits

• 99327b1 Version Packages (#14212)
• d42076d Backport: Add AI Gateway hint to provider READMEs (#14199)
• 700ed7f Version Packages (#14206)
• ec18852 Backport: feat(gateway): add reranking model support (#14204)
• 5b155e6 Version Packages (#14202)
• 1003609 Backport: fix(ai): skip stringifying text when streaming partial text (#14200)
• 9de7d7b Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• 563c26a Version Packages (#14190)
• ac80bc7 Backport: fix(amazon-bedrock): preserve empty text blocks when reasoning cont...
• 10afede Version Packages (#14176)
• Additional commits viewable in compare view

Updates @ai-sdk/react from 3.0.151 to 3.0.160

Release notes

Sourced from @​ai-sdk/react's releases.

@​ai-sdk/react@​3.0.160

Patch Changes

• Updated dependencies [295beba]
  • ai@6.0.158

@​ai-sdk/react@​3.0.159

Patch Changes

• Updated dependencies [ff11aee]
  • ai@6.0.157

Commits

• 78dd62f Version Packages (#14335)
• 295beba Backport: fix(ai): fix lastAssistantMessageIsCompleteWithApprovalResponses ...
• dce61ca Version Packages (#14324)
• ff11aee Backport: fix(ai): fix providerExecuted tool approvals being passed to lang...
• 9a8d276 Backport: feat(mcp): surface 'serverInfo' exposed from the MCP server (#14321)
• 1eea534 Backport: docs: add zeroentropy as a community provider (#14305)
• 7a373b5 Version Packages (#14286)
• 08c5ac3 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• eaf25cd Version Packages (#14283)
• 06764c5 Backport: fix(ai): skip passing invalid JSON inputs to response messages (#14...
• Additional commits viewable in compare view

Updates react-resizable-panels from 4.9.0 to 4.10.0

Changelog

Sourced from react-resizable-panels's changelog.

4.10.0

• 705: Add data-separator="focus" state for Separator elements for more consistent custom CSS styles.

Commits

• fa27133 4.9.0 -> 4.10.0
• b58ed97 Add data-separator "focus" state (#706)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
objectstack-play	Ready	Preview, Comment	Apr 13, 2026 2:42am
spec	Ready	Preview, Comment	Apr 13, 2026 2:42am