Bump the npm_and_yarn group across 2 directories with 14 updates by dependabot[bot] · Pull Request #32 · Crossmint/agent-launchpad-starter-kit

dependabot · 2026-02-20T11:04:00Z

Bumps the npm_and_yarn group with 9 updates in the /agent-tee-phala/image directory:

Package	From	To
ai	`4.1.24`	`5.0.52`
@smithy/config-resolver	`4.0.1`	`4.4.6`
axios	`1.7.9`	`1.13.5`
base-x	`3.0.10`	`3.0.11`
brace-expansion	`1.1.11`	`1.1.12`
diff	`4.0.2`	`4.0.4`
form-data	`4.0.1`	`4.0.5`
js-yaml	`4.1.0`	`4.1.1`
jws	`4.0.0`	`4.0.1`

Bumps the npm_and_yarn group with 7 updates in the /launchpad-starter-next-app directory:

Package	From	To
base-x	`3.0.10`	`3.0.11`
brace-expansion	`2.0.1`	`2.0.2`
glob	`10.4.5`	`10.5.0`
next	`15.1.6`	`15.5.10`
h3	`1.14.0`	`1.15.5`
lodash	`4.17.21`	`4.17.23`
sha.js	`2.4.11`	`2.4.12`

Updates ai from 4.1.24 to 5.0.52

Commits

63d5f66 Version Packages (#8895)
930399b Backport: fix(ai): download files when intermediate file cannot be downloaded...
7ca78f1 Backport: feat(provider/gateway): Add new Qwen models to Gateway model string...
1cfc209 Backport: feat(provider/openai): OpenAILanguageModelOptions type (#8858)
347b7ec ci: rename v5.0 branch to release-v*
85909a9 Backport: chore(ai): update test message (#8875)
c56822d Backport: fix(ai): update uiMessageChunkSchema to satisfy the `UIMessageChu...
1461adf Backport: chore(examples): remove redundant OpenAI reasoning examples (#8871)
6bd07df Version Packages (#8853)
a45d61a ci(release): remove incorrect changeset bump for @ai-sdk/baseten
Additional commits viewable in compare view

Updates @smithy/config-resolver from 4.0.1 to 4.4.6

Release notes

Sourced from @smithy/config-resolver's releases.

@smithy/util-defaults-mode-browser@4.3.32

Patch Changes

@smithy/smithy-client@4.11.5

@smithy/middleware-compression@4.3.31

Patch Changes

Updated dependencies [c5db01c]

@smithy/core@3.23.2

@smithy/util-defaults-mode-browser@4.3.31

Patch Changes

@smithy/smithy-client@4.11.4

@smithy/util-defaults-mode-browser@4.3.30

Patch Changes

@smithy/smithy-client@4.11.3

@smithy/middleware-compression@4.3.30

Patch Changes

Updated dependencies [6f96c01]

@smithy/core@3.23.1

@smithy/util-defaults-mode-browser@4.3.29

Patch Changes

@smithy/smithy-client@4.11.2

@smithy/middleware-compression@4.3.29

Patch Changes

Updated dependencies [4f05c6a]

@smithy/core@3.23.0

@smithy/util-defaults-mode-browser@4.3.28

Patch Changes

@smithy/smithy-client@4.11.1

@smithy/middleware-compression@4.3.28

Patch Changes

@smithy/core@3.22.1

@smithy/middleware-compression@4.3.27

Patch Changes

... (truncated)

Changelog

Sourced from @smithy/config-resolver's changelog.

4.4.6

Patch Changes

Updated dependencies [745867a]

@smithy/types@4.12.0

@smithy/node-config-provider@4.3.8

@smithy/util-endpoints@3.2.8

@smithy/util-middleware@4.2.8

4.4.5

Patch Changes

Updated dependencies [9ccb841]

@smithy/types@4.11.0

@smithy/node-config-provider@4.3.7

@smithy/util-endpoints@3.2.7

@smithy/util-middleware@4.2.7

4.4.4

Patch Changes

Updated dependencies [5a56762]

@smithy/types@4.10.0

@smithy/node-config-provider@4.3.6

@smithy/util-endpoints@3.2.6

@smithy/util-middleware@4.2.6

4.4.3

Patch Changes

Updated dependencies [3926fd7]

@smithy/types@4.9.0

@smithy/node-config-provider@4.3.5

@smithy/util-endpoints@3.2.5

@smithy/util-middleware@4.2.5

4.4.2

Patch Changes

372b46f: allow * region with warning

4.4.1

Patch Changes

... (truncated)

Commits

0e8cc49 Version NPM packages
7e4bbf6 chore: upgrade rimraf to v5.0.10 (#1829)
521d67c Version NPM packages
8b90f36 Version NPM packages
cc0124e Version NPM packages
07f95d9 Version NPM packages
372b46f fix(config-resolver): allow asterisk region with warning (#1760)
472a5ea Version NPM packages
8af2d33 Version NPM packages
13c5cd9 chore(config-resolver): add region validation cache (#1750)
Additional commits viewable in compare view

Updates axios from 1.7.9 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates base-x from 3.0.10 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits

f06f3e4 v4.0.4
0179a48 v4.0.3
4568cae Backport kpdecker/jsdiff#649
4de0ffa Backport kpdecker/jsdiff#647
See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates form-data from 4.0.1 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

[Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076

[Dev Deps] update @ljharb/eslint-config, eslint 5822467

[Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

... (truncated)

Commits

68ff7dd v4.0.5
5822467 [Dev Deps] update @ljharb/eslint-config, eslint
76d0dee [Fix] set Symbol.toStringTag in the proper place
16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
41996f5 v4.0.4
316c82b [meta] actually ensure the readme backup isn’t published
2300ca1 [meta] fix readme capitalization
811f682 [meta] add auto-changelog
5e34080 [Tests] fix linting errors
1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
Additional commits viewable in compare view

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates jws from 4.0.0 to 4.0.1

Release notes

Sourced from jws's releases.

v4.0.1

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 2.0.1, addressing a compatibility issue for Node >= 25.

Changelog

Sourced from jws's changelog.

[4.0.1]

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 2.0.1, adressing a compatibility issue for Node >= 25.

[3.2.3]

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

BREAKING: jwt.verify now requires an algorithm parameter, and jws.createVerify requires an algorithm option. The "alg" field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by jwt.verify. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ for details.

2.0.0 - 2015-01-30

Changed

BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. ([6b6de48])

Code reorganization, thanks [@fearphage]! (7880050)

Added

Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. ([6b6de48])

... (truncated)

Commits

34c45b2 Merge commit from fork
49bc39b version 4.0.1
d42350c Enhance tests for HMAC streaming sign and verify
5cb007c Improve secretOrKey initialization in VerifyStream
f9a2e1c Improve secret handling in SignStream
b9fb8d3 Merge pull request #102 from auth0/SRE-57-Upload-opslevel-yaml
95b75ee Upload OpsLevel YAML
8857ee7 test: remove unused variable (#96)
See full diff in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.

Updates base-x from 3.0.10 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
See full diff in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates glob from 10.4.5 to 10.5.0

Commits

56774ef 10.5.0
1e4e297 bin: Do not expose filenames to shell expansion
See full diff in compare view

Updates next from 15.1.6 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates h3 from 1.14.0 to 1.15.5

Release notes

Sourced from h3's releases.

v1.15.5

compare changes

[!IMPORTANT] Security: Fixed a bug in readBody(event) and readRawBody(event) utils where certain Transfer-Encoding header formats could cause the request body to be ignored.

In some deployments (for example, behind TCP load balancers or non-normalizing proxies), this could allow request smuggling. The handling is now safe and fully compliant. (read more)

🩹 Fixes

readRawBody: Fix case-sensitive Transfer-Encoding check causing request smuggling risk (618ccf4)

v1.15.4

compare changes

🩹 Fixes

getRequestHost: Return first host from x-forwarded-host (#1175)

💅 Refactors

useSession: Backport SessionManager interface to fix types (#1058)

🏡 Chore

docs: Fix typos (#1108)

❤️ Contributors

Pooya Parsa (@pi0)

Kricsleo (@kricsleo)

Izoukhai (@izoukhai)

v1.15.3

compare changes

🩹 Fixes

serveStatic: Omit decoded id from statusMessage (#1044)

v1.15.2

compare changes

🩹 Fixes

Handle FormData body (3757072 f38dd03 0c9b276)

cache: Correct comparison in cache headers (#1034)

Handle Headers when merging proxy headers (#1027)

setCookie: Unique by name, domain, and path only (#1042)

... (truncated)

Changelog

Sourced from h3's changelog.

v1.15.5

compare changes

🩹 Fixes

readRawBody: Fix case-sensitive Transfer-Encoding check causing request smuggling risk (618ccf4)

🏡 Chore

Update deps (e2462ec)

Update ci (c934599)

Add test:types script (0a4a115)

Update ci (b4dce71)

Update publish tag to 1.x (589625c)

Fix ts issue (c9ebf80)

Update deps (d18c074)

Fix more ts/lint issues (bd92b74)

🤖 CI

Fix publish tag (401c9b8)

❤️ Contributors

Pooya Parsa (@pi0)

v1.15.4

compare changes

🩹 Fixes

serveStatic: Omit decoded id from statusMessage (#1044)

getRequestHost: Return first host from x-forwarded-host (#1175)

💅 Refactors

useSession: Backport SessionManager interface to fix types (#1058)

📦 Build

Update repository field (d94b09a)

🏡 Chore

release: V1.15.3 (3d0f4d5)

docs: Fix typos (#1108)

Apply automated updates (774956a)

Update deps (18d0bb7)

... (truncated)

Commits

24231b9 chore(release): v1.15.5
bd92b74 chore: fix more ts/lint issues
d18c074 chore: update deps
c9ebf80 chore: fix ts issue
618ccf4 fix(readRawBody): fix case-sensitive Transfer-Encoding check causing reques...
401c9b8 ci: fix publish tag
589625c chore: update publish tag to 1.x
b4dce71 chore: update ci
0a4a115 chore: add test:types script
c934599 chore: update ci
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.co...
Description has been truncated

Bumps the npm_and_yarn group with 9 updates in the /agent-tee-phala/image directory: | Package | From | To | | --- | --- | --- | | [ai](https://github.com/vercel/ai) | `4.1.24` | `5.0.52` | | [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) | `4.0.1` | `4.4.6` | | [axios](https://github.com/axios/axios) | `1.7.9` | `1.13.5` | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.10` | `3.0.11` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` | | [form-data](https://github.com/form-data/form-data) | `4.0.1` | `4.0.5` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` | Bumps the npm_and_yarn group with 7 updates in the /launchpad-starter-next-app directory: | Package | From | To | | --- | --- | --- | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.10` | `3.0.11` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.0.2` | | [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` | | [next](https://github.com/vercel/next.js) | `15.1.6` | `15.5.10` | | [h3](https://github.com/h3js/h3) | `1.14.0` | `1.15.5` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Updates `ai` from 4.1.24 to 5.0.52 - [Release notes](https://github.com/vercel/ai/releases) - [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md) - [Commits](https://github.com/vercel/ai/compare/ai@4.1.24...ai@5.0.52) Updates `@smithy/config-resolver` from 4.0.1 to 4.4.6 - [Release notes](https://github.com/smithy-lang/smithy-typescript/releases) - [Changelog](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md) - [Commits](https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@4.4.6/packages/config-resolver) Updates `axios` from 1.7.9 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.9...v1.13.5) Updates `base-x` from 3.0.10 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.10...v3.0.11) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `form-data` from 4.0.1 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.1...v4.0.5) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `jws` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v4.0.0...v4.0.1) Updates `base-x` from 3.0.10 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.10...v3.0.11) Updates `brace-expansion` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `glob` from 10.4.5 to 10.5.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.4.5...v10.5.0) Updates `next` from 15.1.6 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.1.6...v15.5.10) Updates `h3` from 1.14.0 to 1.15.5 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.14.0...v1.15.5) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) --- updated-dependencies: - dependency-name: ai dependency-version: 5.0.52 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@smithy/config-resolver" dependency-version: 4.4.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 4.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 10.5.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

greptile-apps

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 20, 2026

This was referenced Feb 20, 2026

Bump base-x from 3.0.10 to 3.0.11 in /launchpad-starter-next-app in the npm_and_yarn group across 1 directory #29

Closed

Bump next from 15.1.6 to 15.2.4 in /launchpad-starter-next-app in the npm_and_yarn group across 1 directory #30

Closed

greptile-apps Bot reviewed Feb 20, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 14 updates#32

Bump the npm_and_yarn group across 2 directories with 14 updates#32
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/agent-tee-phala/image/npm_and_yarn-765153f9ca

dependabot Bot commented on behalf of github Feb 20, 2026

Uh oh!

greptile-apps Bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Feb 20, 2026

@​smithy/util-defaults-mode-browser@​4.3.32

Patch Changes

@​smithy/middleware-compression@​4.3.31

Patch Changes

@​smithy/util-defaults-mode-browser@​4.3.31

Patch Changes

@​smithy/util-defaults-mode-browser@​4.3.30

Patch Changes

@​smithy/middleware-compression@​4.3.30

Patch Changes

@​smithy/util-defaults-mode-browser@​4.3.29

Patch Changes

@​smithy/middleware-compression@​4.3.29

Patch Changes

@​smithy/util-defaults-mode-browser@​4.3.28

Patch Changes

@​smithy/middleware-compression@​4.3.28

Patch Changes

@​smithy/middleware-compression@​4.3.27

Patch Changes

4.4.6

Patch Changes

4.4.5

Patch Changes

4.4.4

Patch Changes

4.4.3

Patch Changes

4.4.2

Patch Changes

4.4.1

Patch Changes

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v1.1.12

v4.0.4 - January 2026

v4.0.3 (deprecated)

v4.0.4

v4.0.4 - 2025-07-16

Commits

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

v4.0.5 - 2025-11-17

Commits

v4.0.4 - 2025-07-16

Commits

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2 - 2025-02-14

Merged

Fixed

[4.1.1] - 2025-11-12

`@smithy/util-defaults-mode-browser@4`.3.32

`@smithy/middleware-compression@4`.3.31

`@smithy/util-defaults-mode-browser@4`.3.31

`@smithy/util-defaults-mode-browser@4`.3.30

`@smithy/middleware-compression@4`.3.30

`@smithy/util-defaults-mode-browser@4`.3.29

`@smithy/middleware-compression@4`.3.29

`@smithy/util-defaults-mode-browser@4`.3.28

`@smithy/middleware-compression@4`.3.28

`@smithy/middleware-compression@4`.3.27