chore(deps): bump the production-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the production-dependencies group with 10 updates in the / directory:

Package	From	To
react	19.2.4	19.2.7
react-dom	19.2.4	19.2.7
react-router	7.16.0	8.0.1
@hono/node-server	1.19.13	2.0.5
@slack/web-api	7.15.0	7.17.0
better-sqlite3	12.8.0	12.11.1
commander	14.0.3	15.0.0
js-yaml	4.1.1	4.2.0
safe-regex2	5.0.0	5.1.1
zod	4.3.6	4.4.3

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates react-router from 7.16.0 to 8.0.1

Release notes

Sourced from react-router's releases.

v8.0.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v801

v8.0.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v800

v7.18.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7180

v7.17.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7170

Changelog

Sourced from react-router's changelog.

v8.0.1

Patch Changes

• Remove the obsolete AppLoadContext type export accidentally left over from v7 now that middleware is always enabled and server request context is provided through RouterContextProvider. (#15207)

v8.0.0

Major Changes

• Remove the future.v8_trailingSlashAwareDataRequests flag (#15100)
  • Trailing slash-aware data request URLs are now the default behavior.
• Update tsconfig.json target/lib from ES2020 -> ES2022 (591853e)
• Switch the published packages in packages/ to ESM-only. (#14895) (59ebcf1)
• Remove deprecated data parameter in favor of loaderData for meta APIs (to align with Route.ComponentProps) (#14931)
  • Route.MetaArgs, Route.MetaMatch, MetaArgs, MetaMatch, Route.ComponentProps.matches, UIMatch
• Remove future.v8_passThroughRequests flag - the raw incoming request is now always passed through to loader/action. Use url for the normalized URL without React Router-specific implementation details (.data suffixes, index/_routes search params). (#15079)
• Remove internal hasErrorBoundary field added to router.routes when using a data router (#15074)
  • This should not impact user-facing code since this was an internal prop and was computed based on the presence of ErrorBoundary or errorElement on your route
  • hasErrorBoundary is no longer accepted on RouteObject (IndexRouteObject/NonIndexRouteObject), DataRouteObject, <Route> JSX props, or as a key in lazy route definitions.
  • The MapRoutePropertiesFunction signature no longer requires returning hasErrorBoundary; the router infers it directly.
• Remove react-router-dom package (#15076)
  • In v7 everything DOM-specific was collapsed into react-router/dom
    • react-router-dom was kept around as a convenience so existing v6 app imports would still work
  • For v8, you will need to swap react-router-dom imports:
    • RouterProvider/HydratedRouter should be imported from react-router/dom
    • Everything else should be imported from react-router
• Remove future.v8_middleware flag — middleware is always enabled in v8 (#15078)
  • The future.v8_middleware flag has been removed; middleware is now always enabled
  • The context parameter passed to loader, action, and middleware functions is always a RouterContextProvider instance
  • getLoadContext functions in custom servers must return a RouterContextProvider — returning a plain object is no longer supported
  • The MiddlewareEnabled type (previously exported as UNSAFE_MiddlewareEnabled) has been removed since the conditional it gated is now unconditional
  • The Future module augmentation pattern (interface Future { v8_middleware: true }) is no longer needed to type context in Data Mode
• Update minimum Node version to 22.22.0 (#14928)
• Update minimum React version to 19.2.7 (#15062)

Minor Changes

• Bump dependencies (#15080)
  • Bumped cookie from ^1.0.1 to ^1.1.1
  • Bumped set-cookie-parser from ^2.6.0 to ^3.1.0

Patch Changes

• Ensure client middleware errors load lazy route error boundaries before bubbling (#15086)
• Remove explicit onSubmit type override from SharedFormProps to fix deprecation warning with @types/react@19.x (#14932) (59ebcf1)
• Update package builds to preserve individual module files in published artifacts. Public APIs and documented import paths are unchanged. (#15092)
  • Updated package TypeScript configs to support modern module syntax used by the build configuration.
• Migrate package builds from tsup to tsdown. Published package entry points and public APIs are unchanged. (#15092)
• Upgrade React Router's TypeScript tooling to TypeScript 6. Runtime behavior and public APIs are unchanged. (#15092)

... (truncated)

Commits

• d10df2d Release v8.0.1 (#15210)
• 31370cb Remove AppLoadContext (#15207)
• da102b5 Fix globals dependency for lint config (#15208)
• 36122b3 Release v8.0.0 (#15198)
• 89b7a8d v8 docs updates (#15199)
• 8fc707d chore: format
• 689981c Use bullet details for trailing slash change notes
• 9acb00e Bump react to 19.2.7 (#15191)
• 7e9be69 Version 8.0.0-pre.1
• a3b7eef fix merge conflict
• Additional commits viewable in compare view

Updates @hono/node-server from 1.19.13 to 2.0.5

Release notes

Sourced from @​hono/node-server's releases.

v2.0.5

Security Fix

Fixed a security issue in Serve Static Middleware where prefix-mounted middleware could be bypassed on Windows. This only affects applications running on Windows that use Serve Static Middleware. Affected users are encouraged to upgrade to this version.

See GHSA-frvp-7c67-39w9 for details.

v2.0.4

What's Changed

• fix: stub ws types to prevent them leaking in public types by @​BlankParticle in honojs/node-server#359

Full Changelog: honojs/node-server@v2.0.3...v2.0.4

v2.0.3

What's Changed

• chore(ci): update GitHub Actions versions by @​BlankParticle in honojs/node-server#352
• docs: Align the ServeStaticOptions comment with the current spec by @​kakkokari-gtyih in honojs/node-server#356
• fix: preserve headers mutated after raw Response construction by @​abdulmunimjemal in honojs/node-server#357

New Contributors

• @​kakkokari-gtyih made their first contribution in honojs/node-server#356
• @​abdulmunimjemal made their first contribution in honojs/node-server#357

Full Changelog: honojs/node-server@v2.0.2...v2.0.3

v2.0.2

What's Changed

• fix(serve-static): stop using file birthtime for Date header by @​usualoma in honojs/node-server#350
• fix: handle serveStatic stream fallback backpressure by @​usualoma in honojs/node-server#351

Full Changelog: honojs/node-server@v2.0.1...v2.0.2

v2.0.1

What's Changed

• fix: forward Hono response headers during WebSocket upgrade by @​gentamura in honojs/node-server#346

New Contributors

• @​gentamura made their first contribution in honojs/node-server#346

Full Changelog: honojs/node-server@v2.0.0...v2.0.1

v2.0.0

Now, we release the second major version of the Hono Node.js adapter 🎉 🎉 🎉

The Hono Node.js adapter is now up to 2.3x faster

v2 of the Hono Node.js adapter reaches up to 2.3x the throughput of v1 — that's the peak number, measured on the body-parsing scenario of bun-http-framework-benchmark. The other scenarios (Ping, Query) get a smaller but real boost too.

... (truncated)

Commits

• 9d56900 2.0.5
• cd076e1 Merge commit from fork
• 9e1cdee 2.0.4
• b4ca622 fix: stub ws types to prevent them leaking in public types (#359)
• 9d87987 2.0.3
• 9463250 fix: preserve headers mutated after raw Response construction (#357)
• cee5e81 docs: Align the ServeStaticOption command with the current specification (#...
• 4aa0650 chore(ci): update GitHub Actions versions (#352)
• 808159c 2.0.2
• 1a9748e fix: handle serveStatic stream fallback backpressure (#351)
• Additional commits viewable in compare view

Updates @slack/web-api from 7.15.0 to 7.17.0

Release notes

Sourced from @​slack/web-api's releases.

@​slack/web-api@​7.17.0

Minor Changes

• 2085900: feat: expose public read-only ts getter on ChatStreamer for fallback to chat.update when a stream expires server-side

  import { WebClient } from "@slack/web-api";
  const client = new WebClient(process.env.SLACK_BOT_TOKEN);
  const streamer = client.chatStream({
  channel: "C0123456789",
  thread_ts: "1700000001.123456",
  recipient_team_id: "T0123456789",
  recipient_user_id: "U0123456789",
  });
  await streamer.append({ markdown_text: "hello!" });
  // streamer.ts is now set after the first flush
  console.log(streamer.ts);
  await streamer.stop();

@​slack/web-api@​7.16.0

Minor Changes

• 2814969: feat: add highlight_type to files.completeUploadExternal and filesUploadV2 for optimistic rendering

  import { WebClient } from "@slack/web-api";
  const client = new WebClient(process.env.SLACK_BOT_TOKEN);
  await client.filesUploadV2({
  channel_id: "C0123456789",
  file: "./image.png",
  filename: "image.png",
  title: "Image Upload",
  highlight_type: "png",
  });

@​slack/web-api@​7.15.2

Patch Changes

• 4b6fe3a: feat: add authorship arguments - icon_emoji, icon_url, and username - to the assistant.threads.setStatus and chat.startStream methods
• Updated dependencies [4f03ee8]
  • @​slack/types@​2.21.0

... (truncated)

Commits

• 2d370dc chore: release (#2612)
• e8fbfd5 fix(cli-test)!: remove default "--app deployed" global flag from commands (#2...
• b06909d chore(deps): bump changesets/action from 1.8.0 to 1.9.0 (#2623)
• 65d23cb chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0 (#2622)
• 058bd1e chore(deps): bump changesets/action from 1.7.0 to 1.8.0 (#2619)
• 030ed92 chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 (#2620)
• 5915300 chore(deps): bump actions/stale from 10.2.0 to 10.3.0 (#2617)
• 5457fce chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#2618)
• efacdb4 Upload required SECURITY.md file for compliance
• 32633d8 Upload required SECURITY.md file for compliance
• Additional commits viewable in compare view

Updates better-sqlite3 from 12.8.0 to 12.11.1

Release notes

Sourced from better-sqlite3's releases.

v12.11.1

What's Changed

• Fix Electron v42 build errors on Windows by @​m4heshd in WiseLibs/better-sqlite3#1488

Full Changelog: WiseLibs/better-sqlite3@v12.11.0...v12.11.1

v12.11.0

⚠️CAUTION: NOT A VIABLE RELEASE

Use v12.11.1 instead.

What's Changed

• Add missing Electron v42 build target by @​m4heshd in WiseLibs/better-sqlite3#1486

Full Changelog: WiseLibs/better-sqlite3@v12.10.1...v12.11.0

v12.10.1

What's Changed

• Bump the github-actions group across 1 directory with 4 updates by @​dependabot[bot] in WiseLibs/better-sqlite3#1451
• Fix V8 external API usage for Electron 42 by @​tstone-1 in WiseLibs/better-sqlite3#1475

Full Changelog: WiseLibs/better-sqlite3@v12.10.0...v12.10.1

v12.10.0

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in WiseLibs/better-sqlite3#1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in WiseLibs/better-sqlite3#1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1470
• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447
• Add support for electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1466

New Contributors

• @​Maxime-J made their first contribution in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

... (truncated)

Commits

• 4cbc39c 12.11.1
• 02b743f Fix Electron v42 build errors on Windows (#1488)
• 39a6e55 12.11.0
• f36d8c6 Add missing Electron v42 build target (#1486)
• da6152c 12.10.1
• 5bb63a2 Fix V8 external API usage for Electron 42 (#1475)
• ca60e36 Bump the github-actions group across 1 directory with 4 updates (#1451)
• f93f490 Update SQLite to version 3.53.2 (#1483)
• d8885f9 12.10.0
• 3f89324 Temporarily rollback support for Electron v42 prebuilds (#1470)
• Additional commits viewable in compare view

Updates commander from 14.0.3 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

Changed

• Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
• Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
• dev: switch tests from Jest to node:test test runner (#2463)

Deleted

• Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

Changed

• Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
• Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
• dev: switch tests from Jest to node:test test runner (#2463)

Deleted

• Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

Commits

• ba6d13d Fix release dates in changelog (#2523)
• a752ed9 Pin GitHub actions with hash (#2521)
• 74d5dfe Drop EOL node 20 from test matrix, and add node 26 (#2520)
• 6df9b68 Update details for 15.0.0 release (#2519)
• 01ce5d0 Remove jest esm examples (#2517)
• d785d8b Update dependencies (#2518)
• 9098b48 Update dependencies (#2506)
• 373f660 Use node:util stripVTControlCharacters instead of own code (#2486)
• 987f289 Use simple match in test (to avoid warning about expensive regex) (#2485)
• 0ea3bb3 Update dependecies and lint (#2489)
• Additional commits viewable in compare view

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280.
• Ensure numbers survive round-trip, #737.
• Fix test coverage for issue #221.
• Fix flow scalar trailing whitespace folding, #307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

Commits

• See full diff in compare view

Updates safe-regex2 from 5.0.0 to 5.1.1

Release notes

Sourced from safe-regex2's releases.

v5.1.1

What's Changed

• build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @​dependabot[bot] in fastify/safe-regex2#72
• build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @​dependabot[bot] in fastify/safe-regex2#74
• ci: add lock-threads workflow by @​Fdawgs in fastify/safe-regex2#75
• fix: detect alternation inside REPETITION groups by @​deepview-autofix in fastify/safe-regex2#76

New Contributors

• @​deepview-autofix made their first contribution in fastify/safe-regex2#76

Full Changelog: fastify/safe-regex2@v5.1.0...v5.1.1

v5.1.0

What's Changed

• ci: set permissions at workflow level by @​Fdawgs in fastify/safe-regex2#56
• ci: restore job level permissions by @​Fdawgs in fastify/safe-regex2#57
• build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @​dependabot[bot] in fastify/safe-regex2#58
• test: migrate to node:test by @​inyourtime in fastify/safe-regex2#59
• feat: make it possible to be run via packageRunner by @​Uzlopak in fastify/safe-regex2#60
• feat: extract walk function out of safeRegex by @​Uzlopak in fastify/safe-regex2#61
• chore(license): update date ranges; standardise style by @​Fdawgs in fastify/safe-regex2#62
• build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in fastify/safe-regex2#63
• chore(.npmrc): ignore scripts by @​Fdawgs in fastify/safe-regex2#64
• build(deps-dev): remove @​fastify/pre-commit by @​Fdawgs in fastify/safe-regex2#65
• ci(ci): add concurrency config by @​Fdawgs in fastify/safe-regex2#66
• build(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @​dependabot[bot] in fastify/safe-regex2#68
• chore(license): standardise license notice by @​Fdawgs in fastify/safe-regex2#67
• ci: remove stale.yml by @​Tony133 in fastify/safe-regex2#71

New Contributors

• @​inyourtime made their first contribution in fastify/safe-regex2#59
• @​Tony133 made their first contribution in fastify/safe-regex2#71

Full Changelog: fastify/safe-regex2@v5.0.0...v5.1.0

Commits

• 35dd3a7 Bumped v5.1.1
• 29c58ae fix: detect alternation inside REPETITION groups (#76)
• 58d5872 ci: add lock-threads workflow (#75)
• d19f1f3 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#74)
• 5f9d306 build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#72)
• 96f8f0a 5.1.0
• ca60981 ci: remove stale.yml (#71)
• 9f69b95 chore(license): standardise license notice (#67)
• 5567b6d build(deps-dev): bump c8 from 10.1.3 to 11.0.0 (#68)
• 90c2fdc ci(ci): add concurrency config (#66)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by climba03003, a new releaser for safe-regex2 since your current version.

Updates zod from 4.3.6 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

• 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
• 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
• 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
• 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
• 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
• b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
• f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
• 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

• 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
• 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
• 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
• 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
• bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
• cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
• 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
• 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
• 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
• e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
• e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
• 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
• bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
• 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
• 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
• 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
• c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

• 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
• 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
• cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
• edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
• 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits

• 1fb56a5 docs: document release procedure in AGENTS.md
• f3c9ec0 4.4.3
• c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
• 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 9195250 docs: remove Mintlify from bronze sponsors (churned)
• 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
• 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
• 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
• 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions