chore(deps): bump the npm_and_yarn group across 2 directories with 16 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the /temp-ai-chat directory:

Package	From	To
ai	4.0.20	5.0.52
nanoid	5.0.8	5.0.9
next	15.0.3-canary.2	15.4.7
next-auth	5.0.0-beta.25	5.0.0-beta.30
brace-expansion	1.1.11	1.1.12
cross-spawn	7.0.3	7.0.6
js-yaml	4.1.0	4.1.1
undici	5.28.4	5.29.0

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package	From	To
next	14.2.23	14.2.33
brace-expansion	1.1.11	1.1.12
glob	10.3.10	10.5.0
js-yaml	4.1.0	4.1.1
vitest	2.1.8	2.1.9
@babel/helpers	7.26.0	7.28.4
form-data	4.0.1	4.0.5
form-data	2.5.2	2.5.5
playwright	1.49.1	1.57.0
tar-fs	2.1.1	2.1.4
tar	4.4.18	6.2.1
vite	5.4.11	5.4.21

Updates ai from 4.0.20 to 5.0.52

Commits

• 63d5f66 Version Packages (#8895)
• 930399b Backport: fix(ai): download files when intermediate file cannot be downloaded...
• 7ca78f1 Backport: feat(provider/gateway): Add new Qwen models to Gateway model string...
• 1cfc209 Backport: feat(provider/openai): OpenAILanguageModelOptions type (#8858)
• 347b7ec ci: rename v5.0 branch to release-v*
• 85909a9 Backport: chore(ai): update test message (#8875)
• c56822d Backport: fix(ai): update uiMessageChunkSchema to satisfy the `UIMessageChu...
• 1461adf Backport: chore(examples): remove redundant OpenAI reasoning examples (#8871)
• 6bd07df Version Packages (#8853)
• a45d61a ci(release): remove incorrect changeset bump for @ai-sdk/baseten
• Additional commits viewable in compare view

Updates nanoid from 5.0.8 to 5.0.9

Release notes

Sourced from nanoid's releases.

5.0.9

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Changelog

Sourced from nanoid's changelog.

5.0.9

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 65a38ac Release 5.0.9 version
• b00d120 Merge after 3.3.8 release
• 3044cd5 Release 3.3.8 version
• cdc3edc Update size limit
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• 0daa00f Additional fixes and tests for #508 (#509)
• 313a14e Update dependencies
• eb2db95 Fix size limit and linting
• 9da8f60 Fix pool pollution, infinite loop (#508)
• Additional commits viewable in compare view

Updates next from 15.0.3-canary.2 to 15.4.7

Commits

• f30d815 v15.4.7
• 1a026e3 fix router handling when setting a location response header (#82588)
• be4aafd v15.4.6
• 91e5b6b Backport "fix: add ?dpl to fonts in /_next/static/media (#82384)" (#82421)
• f1629d9 Backport "[Pages] fix: _error page's req.url can be overwritten t… (#82377)
• b9aab5d v15.4.5
• a8c93c4 Disable test new tests jobs
• ed2a6c7 [backport]: fix(next/image): improve and simplify detect-content-type (#82118...
• f00fcc9 [backport]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82175)
• 55a7568 Backport: Turbopack: update mimalloc (#81993) (#82166)
• Additional commits viewable in compare view

Updates next-auth from 5.0.0-beta.25 to 5.0.0-beta.30

Release notes

Sourced from next-auth's releases.

next-auth@5.0.0-beta.29

What's Changed

• fix: always check typeof BroadcastChannel by @​maiconcarraro in nextauthjs/next-auth#12937
• fix(providers): enable OIDC capabilities for Keycloak by @​jvllmr in nextauthjs/next-auth#12964
• Fix typo: succesful -> successful by @​changeworld in nextauthjs/next-auth#12973
• Fix undefined providerId by @​Regloom in nextauthjs/next-auth#12947
• docs: fix typo profie -> profile by @​changeworld in nextauthjs/next-auth#12987
• docs: Fix typo initalization -> initialization by @​changeworld in nextauthjs/next-auth#12989
• docs: Fix typo depencies -> dependencies by @​changeworld in nextauthjs/next-auth#12983
• docs: add missing "key" prop for form element in providerMap iterator by @​frshaad in nextauthjs/next-auth#13023
• chore(docs): fix typo Minmum -> Minimum by @​changeworld in nextauthjs/next-auth#13007
• chore(docs): fix typo Avaliable Scopes -> Available Scopes by @​changeworld in nextauthjs/next-auth#13009
• fix(adapter): transistion to surrealdb@^1.0.0 by @​dvanmali in nextauthjs/next-auth#11911
• Fix(provider): Mailgun region selection by @​benhovinga in nextauthjs/next-auth#13027
• fix(next-auth): add missing middleware wrapper type to auth function by @​k-taro56 in nextauthjs/next-auth#13026
• Update extending-the-session.mdx by @​adriancuadrado in nextauthjs/next-auth#13064
• fix(adapters): handle P2025 errors without importing Prisma namespace by @​karl-barbour in nextauthjs/next-auth#13061
• chore(docs): Fix syntax error in RBAC guide by @​benhovinga in nextauthjs/next-auth#12733
• fix(provider): Microsoft Entra ID by @​benhovinga in nextauthjs/next-auth#12616
• Update index.ts by @​adriancuadrado in nextauthjs/next-auth#13066

New Contributors

• @​maiconcarraro made their first contribution in nextauthjs/next-auth#12937
• @​jvllmr made their first contribution in nextauthjs/next-auth#12964
• @​Regloom made their first contribution in nextauthjs/next-auth#12947
• @​frshaad made their first contribution in nextauthjs/next-auth#13023
• @​dvanmali made their first contribution in nextauthjs/next-auth#11911
• @​adriancuadrado made their first contribution in nextauthjs/next-auth#13064
• @​karl-barbour made their first contribution in nextauthjs/next-auth#13061

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.28...next-auth@5.0.0-beta.29

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates undici from 5.28.4 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

• Fix tests in v5.x for Node 20 by @​mcollina in nodejs/undici#4104
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

Commits

• 9528f68 Bumped v5.29.0
• f1d75a4 increase timeout for redirect test
• 2d31ed6 remove fuzzing tests
• 6b36d49 fix redirect test in Node v16
• 648dd8f more fix for the wpt runner on Windows
• a0516ba don't use internal header state for cookies (#3295)
• 87ce4af fix test/client for node 20
• c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
• 82200bd [v6.x] fix wpts on windows (#4093)
• 47546fa test: fix windows wpt (#4050)
• Additional commits viewable in compare view

Updates next from 14.2.23 to 14.2.33

Commits

• f30d815 v15.4.7
• 1a026e3 fix router handling when setting a location response header (#82588)
• be4aafd v15.4.6
• 91e5b6b Backport "fix: add ?dpl to fonts in /_next/static/media (#82384)" (#82421)
• f1629d9 Backport "[Pages] fix: _error page's req.url can be overwritten t… (#82377)
• b9aab5d v15.4.5
• a8c93c4 Disable test new tests jobs
• ed2a6c7 [backport]: fix(next/image): improve and simplify detect-content-type (#82118...
• f00fcc9 [backport]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82175)
• 55a7568 Backport: Turbopack: update mimalloc (#81993) (#82166)
• Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates glob from 10.3.10 to 10.5.0

Changelog

Sourced from glob's changelog.

changeglob

13

• Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

• Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

• Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
• Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
• Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

• Drop support for node before v20

10.4

• Add includeChildMatches: false option
• Export the Ignore class

10.3

• Add --default -p flag to provide a default pattern
• exclude symbolic links to directories when follow and nodir are both set

10.2

• Add glob cli

10.1

• Return '.' instead of the empty string '' when the current working directory is returned as a match.
• Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

• 56774ef 10.5.0
• 1e4e297 bin: Do not expose filenames to shell expansion
• 1f0c1ca 10.4.5
• eaf31dc whatever, just allow any engines
• 7827516 10.4.4
• d06c8f8 restore support for node 14.latest and 16.latest
• c14b787 10.4.3
• 8a69def node 14 no longer supported
• eef7ea3 10.4.2
• c76a7d2 use package-json-from-dist to look up package.json
• Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates vitest from 2.1.8 to 2.1.9

Release notes

Sourced from vitest's releases.

v2.1.9

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963
• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport vitest-dev/vitest#7317 to v2 - by @​hi-ogawa in vitest-dev/vitest#7318
• (backport #7340 to v2) restrict served files from /__screenshot-error - by @​hi-ogawa in vitest-dev/vitest#7343

    View changes on GitHub

Commits

• c9e59a0 chore: release v2.1.9
• e0fe1d8 fix: backport #7317 to v2 (#7318)
• See full diff in compare view

Updates @babel/helpers from 7.26.0 to 7.28.4

Release notes

Sourced from @​babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

Committers: 5

• Babel Bot (@​babel-bot)
• Bill Collins (@​mrginglymus)
• Glenn Willen (@​gwillen)
• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Jam Balaya (@​JamBalaya56562)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• easrng (@​easrng)

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

• babel-types
  • #17445 [babel 7] Make operator param in t.tsTypeOperator optional (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17441 fix: regeneratorDefine compatibility with es5 strict mode (@​liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

• babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator
  • #17426 fix: regenerator correctly handles throw outside of try (@​liuxingbaoyu)

📝 Documentation

• babel-types
  • #17422 Add missing FunctionParameter docs (@​JLHwung)

... (truncated)

Commits

• 35055e3 v7.28.4
• 18d88b8 Improve @​babel/core typings (#17471)
• ef155f5 v7.28.3
• 741cbd2 chore: fix various typos across codebase (#17476)
• cac0ff4 v7.28.2
• f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
• baa4cb8 v7.27.6
• fdbf1b3 fix: finally causes unexpected return value (#17366)
• 7d06930 v7.27.4
• 5b9468d Reduce regenerator size more (#17287)
• Additional commits viewable in compare view

Updates form-data from 4.0.1 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

• [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
• [Dev Deps] update @ljharb/eslint-config, eslint 5822467
• [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

... (truncated)

Commits

• 68ff7dd v4.0.5
• 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
• 76d0dee [Fix] set Symbol.toStringTag in the proper place
• 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
• 41996f5 v4.0.4
• 316c82b [meta] actually ensure the readme backup isn’t published
• 2300ca1 [meta] fix readme capitalization
• 811f682 [meta] add auto-changelog
• 5e34080 [Tests] fix linting errors
• 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
• Additional commits viewable in compare view

Updates form-data from 2.5.2 to 2.5.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469<...

  Description has been truncated

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	server-only@​0.0.1
	next-themes@​0.3.0
	eslint-config-next@​14.2.16 ⏵ 14.2.5	+1			+1
	class-variance-authority@​0.7.1 ⏵ 0.7.0	+1		-1
	@​radix-ui/​react-label@​2.1.0
	@​radix-ui/​react-visually-hidden@​1.1.1 ⏵ 1.1.0
	@​radix-ui/​react-separator@​1.1.0
	@​radix-ui/​react-slot@​1.1.1 ⏵ 1.1.0
	eslint-config-prettier@​9.1.0
	@​types/​pdf-parse@​1.1.4
	codemirror@​6.0.1
	@​radix-ui/​react-dropdown-menu@​2.1.2
	@​radix-ui/​react-dialog@​1.1.2
	@​radix-ui/​react-alert-dialog@​1.1.2
	@​radix-ui/​react-tooltip@​1.1.6 ⏵ 1.1.3
	@​types/​react-dom@​18.3.5 ⏵ 18.3.1
	diff-match-patch@​1.0.5
	@​radix-ui/​react-select@​2.1.4 ⏵ 2.1.2			+1
	@​types/​d3-scale@​4.0.8
	next-auth@​5.0.0-beta.30
	prosemirror-schema-basic@​1.2.3
	prosemirror-schema-list@​1.4.1
	prosemirror-inputrules@​1.4.0
	@​types/​react@​18.3.18 ⏵ 18.3.12
	sonner@​1.5.0
	@​codemirror/​state@​6.5.0
	tailwindcss-animate@​1.0.7
	prosemirror-example-setup@​1.2.3
	orderedmap@​2.1.1
	@​codemirror/​view@​6.35.3
	prosemirror-markdown@​1.13.1
	eslint-plugin-tailwindcss@​3.17.5
See 40 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm geist under OFL-1.1 License: OFL-1.1 - the applicable license policy does not allow this license (4) (package/LICENSE.TXT) From: temp-ai-chat/package.json → npm/geist@1.3.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/geist@1.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm typescript License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) From: temp-ai-chat/package.json → npm/typescript@5.6.3 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@5.6.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report