chore(deps): bump the patch-updates group across 1 directory with 10 updates

[dependabot]

Bumps the patch-updates group with 9 updates in the / directory:

Package	From	To
@langchain/classic	1.0.32	1.0.34
@langchain/langgraph	1.3.0	1.3.2
@langchain/openai	1.4.5	1.4.7
@pyroscope/nodejs	0.4.10	0.4.11
geist	1.7.0	1.7.1
isbot	5.1.35	5.1.40
publint	0.3.17	0.3.21
rolldown	1.0.0-rc.17	1.0.2
vite	8.0.10	8.0.14

Updates @langchain/classic from 1.0.32 to 1.0.34

Release notes

Sourced from @​langchain/classic's releases.

@​langchain/classic@​1.0.34

Patch Changes

• Updated dependencies [3999fab, fce9ab4]:
  • @​langchain/openai@​1.4.7

@​langchain/classic@​1.0.33

Patch Changes

• #10872 a640079 Thanks @​hntrl! - chore(deps): remove redundant @​types/uuid declarations

  Remove @types/uuid from package manifests that rely on @langchain/core/utils/uuid or do not require uuid type stubs directly, and refresh the lockfile entries accordingly.

• Updated dependencies [229a7ad, 36fb0ef]:

  • @​langchain/openai@​1.4.6

Commits

• See full diff in compare view

Updates @langchain/langgraph from 1.3.0 to 1.3.2

Release notes

Sourced from @​langchain/langgraph's releases.

@​langchain/langgraph@​1.3.2

Patch Changes

• #2415 9d3c9dd Thanks @​christian-bromann! - Move @langchain/core from a runtime dependency back to a required peer dependency so installing the SDK alone no longer pulls in @langchain/core (and js-tiktoken, etc.). Consumers that use streaming or message coercion must install @langchain/core explicitly or via @langchain/langgraph.

• Updated dependencies [9d3c9dd]:

  • @​langchain/langgraph-sdk@​1.9.4

@​langchain/langgraph@​1.3.1

Patch Changes

• #2339 2b88da4 Thanks @​vigneshpatel14! - fix(langgraph): surface structuredResponse parse failures in createReactAgent

• #2406 e54ae90 Thanks @​christian-bromann! - fix(langgraph-core): keep tool results out of v3 message streams

• #2376 4fd1e9f Thanks @​hntrl! - fix(langgraph): prefer configurable assistant and graph IDs for runtime server info

  Update runtime serverInfo construction to read assistant_id and graph_id from config.configurable first, with fallback to config.metadata for compatibility. Also expands execution_info tests to cover configurable sourcing, precedence, and metadata fallback behavior.

• Updated dependencies [44746b1, 4cc6491, ae8af2d, 01dd046, 2ad1aa4, 75e651b, f1d651a]:

  • @​langchain/langgraph-sdk@​1.9.3

Changelog

Sourced from @​langchain/langgraph's changelog.

1.3.2

Patch Changes

• #2415 9d3c9dd Thanks @​christian-bromann! - Move @langchain/core from a runtime dependency back to a required peer dependency so installing the SDK alone no longer pulls in @langchain/core (and js-tiktoken, etc.). Consumers that use streaming or message coercion must install @langchain/core explicitly or via @langchain/langgraph.

• Updated dependencies [9d3c9dd]:

  • @​langchain/langgraph-sdk@​1.9.4

1.3.1

Patch Changes

• #2339 2b88da4 Thanks @​vigneshpatel14! - fix(langgraph): surface structuredResponse parse failures in createReactAgent

• #2406 e54ae90 Thanks @​christian-bromann! - fix(langgraph-core): keep tool results out of v3 message streams

• #2376 4fd1e9f Thanks @​hntrl! - fix(langgraph): prefer configurable assistant and graph IDs for runtime server info

  Update runtime serverInfo construction to read assistant_id and graph_id from config.configurable first, with fallback to config.metadata for compatibility. Also expands execution_info tests to cover configurable sourcing, precedence, and metadata fallback behavior.

• Updated dependencies [44746b1, 4cc6491, ae8af2d, 01dd046, 2ad1aa4, 75e651b, f1d651a]:

  • @​langchain/langgraph-sdk@​1.9.3

1.3.1-rc.0

Patch Changes

• #2376 4fd1e9f Thanks @​hntrl! - fix(langgraph): prefer configurable assistant and graph IDs for runtime server info

  Update runtime serverInfo construction to read assistant_id and graph_id from config.configurable first, with fallback to config.metadata for compatibility. Also expands execution_info tests to cover configurable sourcing, precedence, and metadata fallback behavior.

• Updated dependencies [44746b1, 4cc6491, ae8af2d, 2ad1aa4, 75e651b, f1d651a]:

  • @​langchain/langgraph-sdk@​1.9.3-rc.0

Commits

• 4a7d9a7 chore: version packages (#2416)
• 1b5ce0f chore: version packages (#2405)
• e54ae90 fix(core): keep tool results out of v3 message streams (#2406)
• 2b88da4 fix(langgraph): surface structuredResponse parse failures in createReactAgent...
• 22c4541 chore: version packages (rc) (#2385)
• 4fd1e9f fix(langgraph): source serverInfo ids from configurable first (#2376)
• eea2e42 docs: update README.md (#2369)
• 1f11df2 chore: version packages (#2364)
• 085a07f feat(core): event based streaming (#2314)
• fe09385 chore(deps): bump the langchain group across 1 directory with 9 updates (#2358)
• See full diff in compare view

Updates @langchain/openai from 1.4.5 to 1.4.7

Release notes

Sourced from @​langchain/openai's releases.

@​langchain/openai@​1.4.7

Patch Changes

• #10918 3999fab Thanks @​christian-bromann! - fix(openai): stream custom tool calls through Responses API chunks

• #10791 fce9ab4 Thanks @​Genmin! - fix(openai): preserve top-level Responses API ids on AI messages

@​langchain/openai@​1.4.6

Patch Changes

• #10902 229a7ad Thanks @​christian-bromann! - fix(openai): preserve v1 assistant tool calls

• #10895 36fb0ef Thanks @​BertBR! - fix(openai): guard bare JSON.parse in Responses API converter against trailing non-whitespace characters

  convertResponsesDeltaToChatGenerationChunk previously called JSON.parse(msg.text) directly when response.text.format.type === "json_schema". Some models (observed with gpt-5-mini on service_tier: "auto") intermittently emit trailing non-whitespace characters (extra tokens, control characters) after a valid JSON object, causing a SyntaxError that propagates as an unhandled exception and kills the entire streaming response mid-flight. The parse is now wrapped in a try/catch: on failure, additional_kwargs.parsed is left undefined, the stream completes normally, and the existing withStructuredOutput pipeline handles the typed failure — includeRaw: true returns { raw, parsed: null } via its withFallbacks wrapper, includeRaw: false throws a typed OutputParserException that the caller can catch and retry. Closes #10894.

Commits

• See full diff in compare view

Updates @pyroscope/nodejs from 0.4.10 to 0.4.11

Commits

• 354d494 Bump package version (#251)
• 8db5077 fix: CVE-2026-33672 in picomatch (#249)
• 0e7df81 chore: enable corepack and specify yarn version (#250)
• 146ebe9 chore(deps): update dependency brace-expansion to v5 (#234)
• 3f1b495 chore(deps): lock file maintenance (#235)
• 072dedf chore(deps): update dependency fastify to ^5.7.4 (#233)
• See full diff in compare view

Updates geist from 1.7.0 to 1.7.1

Changelog

Sourced from geist's changelog.

1.7.1

Patch Changes

• c8ed578: Fix Geist Mono rendering source-code text with unintended programming ligatures.

  v1.7.0 unintentionally activated programming-ligature substitutions (-->, ==, !=, ..., --, etc.) under the liga (Standard Ligatures) OpenType feature, which is on by default in every renderer. As a result, text like --debug-prerender, [id...], [...id], or NODE_OPTIONS='--debug-prerender' node rendered with ligated glyphs and broke monospace alignment in code.

  The source-level fix is in #217; this release ships the rebuilt binaries.

Commits

• 8b8b75f fix(release): sync package.json version and unignore packages/**/package.json...
• 88309a4 Version Packages (#223)
• 6af2e7f ci: harden release workflow (#222)
• c8ed578 chore: add changeset for geist@1.7.1 (Mono liga regression fix) (#221)
• a0a06a3 make build
• 855f609 Fix broken link in README.md
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for geist since your current version.

Updates isbot from 5.1.35 to 5.1.40

Changelog

Sourced from isbot's changelog.

5.1.40

• Browser entry. Use Object.defineProperty instead of direct assignment

5.1.39

• Pattern updates

5.1.38

• Pattern updates

5.1.37

• Better checking for non empty strings in the interface functions
• [Internal] Build with tsup

5.1.36

• [Pattern] Pattern updates

Commits

• See full diff in compare view

Updates publint from 0.3.17 to 0.3.21

Release notes

Sourced from publint's releases.

publint@0.3.21

Patch Changes

• Suggest adding "sideEffects": false when bundler-oriented package fields or conditions are detected and the field is missing. (#228)

publint@0.3.20

Patch Changes

• Suggest adding engines.node when it is missing from detected Node.js packages (#226)

• Loosen "breaking change" wording in lint messages (7bb3f4f)

publint@0.3.19

Patch Changes

• Add NESTED_PACKAGE_JSON_FIELD_IGNORED to warn when published nested package.json files define "exports" or "imports", which Node.js ignores outside the package root. (#224)

• Fix internal browser directory traversal logic (#224)

publint@0.3.18

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

Changelog

Sourced from publint's changelog.

0.3.21

Patch Changes

• Suggest adding "sideEffects": false when bundler-oriented package fields or conditions are detected and the field is missing. (#228)

0.3.20

Patch Changes

• Suggest adding engines.node when it is missing from detected Node.js packages (#226)

• Loosen "breaking change" wording in lint messages (7bb3f4f)

0.3.19

Patch Changes

• Add NESTED_PACKAGE_JSON_FIELD_IGNORED to warn when published nested package.json files define "exports" or "imports", which Node.js ignores outside the package root. (#224)

• Fix internal browser directory traversal logic (#224)

0.3.18

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

Commits

• 3de8eb3 Release packages (#231)
• 5f9f3ac Suggest sideEffects when missing for bundler packages (#228)
• 05278fa Release packages (#227)
• 7bb3f4f Loosen breaking change wording
• d92247a Suggest adding engines.node when missing (#226)
• 351d9ed Fix flaky windows CI
• 2412a19 Release packages (#225)
• e2a3030 Warn nested package.json exports (#224)
• a52bfc3 Disable color for CLI snapshot
• 9324624 Add simple CLI tests
• Additional commits viewable in compare view

Updates rolldown from 1.0.0-rc.17 to 1.0.2

Release notes

Sourced from rolldown's releases.

v1.0.2

[1.0.2] - 2026-05-20

🚀 Features

• devtools: emit package size in PackageGraphReady (#9434) by @​IWANABETHATGUY
• devtools: classify package dependency types (#9427) by @​IWANABETHATGUY
• devtools: map packages to modules and chunks (#9426) by @​IWANABETHATGUY
• devtools: mark used packages (#9423) by @​IWANABETHATGUY
• devtools: make duplicate packages discoverable (#9422) by @​IWANABETHATGUY
• devtools: emit package metadata (#9421) by @​IWANABETHATGUY
• update oxc to 0.132.0 (#9449) by @​shulaoda
• update oxc to 0.131.0 (#9424) by @​shulaoda
• allow checks.* to escalate emissions to hard errors (#9388) by @​IWANABETHATGUY
• dev: support watcher options include and exclude (#9395) by @​h-a-n-a
• emit warnings for invalid pure annotations (#9381) by @​Kyujenius

🐛 Bug Fixes

• hash: keep chunk file names stable when an unrelated entry is added (#9444) by @​hyf0
• call codeSplitting.groups[].name in deterministic order (#9457) by @​sapphi-red
• dev/lazy: make resolve_id idempotent when the resolved id is already a lazy entry (#9439) by @​h-a-n-a
• chunk-optimization: publish absorbed dynamic-entry namespace cross-chunk (#9448) by @​IWANABETHATGUY
• treeshake: propagate pure annotation through compound exprs (#9431) by @​Dunqing
• finalizer: skip redundant init call when barrel executes in same chunk (#9354) by @​IWANABETHATGUY
• linking: initialize wrapped ESM re-export owners (#9353) by @​IWANABETHATGUY
• do not inherit __toESM across chunks for named-only external imports (#9333) (#9415) by @​IWANABETHATGUY
• watcher: don't write output or emit events after close() (#9328) by @​situ2001
• chunk-optimization: avoid unsafe dynamic-only merges (#9398) by @​IWANABETHATGUY
• cjs: rename CJS-wrapped locals that would shadow chunk-scope names (#9392) by @​hyf0
• dev/lazy: watch lazy modules added in rebuilds (#9391) by @​h-a-n-a

🚜 Refactor

• rolldown_dev: move dev example to break publish cycle (#9465) by @​Boshen
• binding: drop unsafe napi string helper, hoist transform ArcStr (#9456) by @​hyf0
• ecmascript_utils: split rewrite_ident_reference off JsxExt trait (#9417) by @​IWANABETHATGUY
• use ThreadsafeFunction::call_async_catch (#9390) by @​sapphi-red

📚 Documentation

• devtools: document @​rolldown/debug usage and package graph consumption (#9435) by @​IWANABETHATGUY
• replace Inter with system font stack in OG template SVG (#9240) by @​yvbopeng
• remove output.comments warning as all issues have been resolved (#9393) by @​sapphi-red
• in-depth: clarify @PURE scope and document positions (#9389) by @​Kyujenius
• readme: remove release candidate notice (#9387) by @​shulaoda

⚡ Performance

• vite-resolve: cache importer existence checks (#9443) by @​Brooooooklyn

... (truncated)

Changelog

Sourced from rolldown's changelog.

[1.0.2] - 2026-05-20

🚀 Features

• devtools: emit package size in PackageGraphReady (#9434) by @​IWANABETHATGUY
• devtools: classify package dependency types (#9427) by @​IWANABETHATGUY
• devtools: map packages to modules and chunks (#9426) by @​IWANABETHATGUY
• devtools: mark used packages (#9423) by @​IWANABETHATGUY
• devtools: make duplicate packages discoverable (#9422) by @​IWANABETHATGUY
• devtools: emit package metadata (#9421) by @​IWANABETHATGUY
• update oxc to 0.132.0 (#9449) by @​shulaoda
• update oxc to 0.131.0 (#9424) by @​shulaoda
• allow checks.* to escalate emissions to hard errors (#9388) by @​IWANABETHATGUY
• dev: support watcher options include and exclude (#9395) by @​h-a-n-a
• emit warnings for invalid pure annotations (#9381) by @​Kyujenius

🐛 Bug Fixes

• hash: keep chunk file names stable when an unrelated entry is added (#9444) by @​hyf0
• call codeSplitting.groups[].name in deterministic order (#9457) by @​sapphi-red
• dev/lazy: make resolve_id idempotent when the resolved id is already a lazy entry (#9439) by @​h-a-n-a
• chunk-optimization: publish absorbed dynamic-entry namespace cross-chunk (#9448) by @​IWANABETHATGUY
• treeshake: propagate pure annotation through compound exprs (#9431) by @​Dunqing
• finalizer: skip redundant init call when barrel executes in same chunk (#9354) by @​IWANABETHATGUY
• linking: initialize wrapped ESM re-export owners (#9353) by @​IWANABETHATGUY
• do not inherit __toESM across chunks for named-only external imports (#9333) (#9415) by @​IWANABETHATGUY
• watcher: don't write output or emit events after close() (#9328) by @​situ2001
• chunk-optimization: avoid unsafe dynamic-only merges (#9398) by @​IWANABETHATGUY
• cjs: rename CJS-wrapped locals that would shadow chunk-scope names (#9392) by @​hyf0
• dev/lazy: watch lazy modules added in rebuilds (#9391) by @​h-a-n-a

🚜 Refactor

• rolldown_dev: move dev example to break publish cycle (#9465) by @​Boshen
• binding: drop unsafe napi string helper, hoist transform ArcStr (#9456) by @​hyf0
• ecmascript_utils: split rewrite_ident_reference off JsxExt trait (#9417) by @​IWANABETHATGUY
• use ThreadsafeFunction::call_async_catch (#9390) by @​sapphi-red

📚 Documentation

• devtools: document @​rolldown/debug usage and package graph consumption (#9435) by @​IWANABETHATGUY
• replace Inter with system font stack in OG template SVG (#9240) by @​yvbopeng
• remove output.comments warning as all issues have been resolved (#9393) by @​sapphi-red
• in-depth: clarify @PURE scope and document positions (#9389) by @​Kyujenius
• readme: remove release candidate notice (#9387) by @​shulaoda

⚡ Performance

• vite-resolve: cache importer existence checks (#9443) by @​Brooooooklyn
• binding: reduce plugin string clones (#9436) by @​Brooooooklyn

... (truncated)

Commits

• f2757ed release: v1.0.2 (#9478)
• b88de34 docs(devtools): document @​rolldown/debug usage and package graph consumption ...
• 0f811f4 fix(hash): keep chunk file names stable when an unrelated entry is added (#9444)
• ed010fa feat(devtools): emit package size in PackageGraphReady (#9434)
• 2b0bb7f feat(devtools): classify package dependency types (#9427)
• ff6fff2 fix: call codeSplitting.groups[].name in deterministic order (#9457)
• 81fcc89 feat(devtools): map packages to modules and chunks (#9426)
• 98619dd feat(devtools): mark used packages (#9423)
• 0c7ac80 feat(devtools): make duplicate packages discoverable (#9422)
• 98e0620 feat(devtools): emit package metadata (#9421)
• Additional commits viewable in compare view

Updates vite from 8.0.10 to 8.0.14

Release notes

Sourced from vite's releases.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.14 (2026-05-21)

Features

• update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

• deps: update all non-major dependencies (#22471) (98b8163)
• dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
• html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
• optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22470) (7cb728e)
• remove irrelevant commits from changelog (2c69495)

Code Refactoring

• glob: do not rewrite import path for absolute base (#22310) (0ae2844)

Tests

• css: sass does not use main field (#22449) (ebf39a0)

8.0.13 (2026-05-14)

Features

• bundled-dev: add lazy bundling support (#21406) (4f0949f)
• optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)
• update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

• build: copy public directory after building same environment with write=false (#22328) (158e8ae)
• css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)
• css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)
• make isBundled per environment (#22257) (a576326)
• ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

• remove irrelevant commits from changelog (#22430) (6ea3838)
• update changelog (#22413) (fcdc87c)

8.0.12 (2026-05-11)

Features

• update rolldown to 1.0.0 (#22401) (cf0ff41)

... (truncated)

Commits

• c917f1e release: v8.0.14
• 5d94d1b fix(html): handle trailing slash paths in transformIndexHtml (#22480)
• 98b8163 fix(deps): update all non-major dependencies (#22471)
• 96efc88 feat: update rolldown to 1.0.2 (#22484)
• ebf39a0 test(css): sass does not use main field (#22449)
• 0ae2844 refactor(glob): do not rewrite import path for absolute base (#22310)
• 7cb728e chore(deps): update rolldown-related dependencies (#22470)
• b3132da fix(optimizer): pass oxc jsx options to transformSync in dependency scan ...
• e8e9a34 fix(dev): handle errors when sending messages to vite server (#22450)
• 2c69495 chore: remove irrelevant commits from changelog
• Additional commits viewable in compare view

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

• Backported 2b2abd45 to the 7.x release line (e14c4586).

Commits

• fd36cd8 [dist] 7.5.11
• e14c458 [security] Limit retained message parts
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for taucad-staging canceled.

Name	Link
🔨 Latest commit	ccbe59a
🔍 Latest deploy log	https://app.netlify.com/projects/taucad-staging/deploys/6a14569752170c0008977899