chore(deps): bump the production-dependencies group across 1 directory with 11 updates by dependabot[bot] · Pull Request #48 · sidclawhq/platform

dependabot · 2026-04-20T16:14:10Z

Bumps the production-dependencies group with 11 updates in the / directory:

Package	From	To
@modelcontextprotocol/sdk	`1.27.1`	`1.29.0`
@prisma/adapter-pg	`7.5.0`	`7.7.0`
@prisma/client	`7.5.0`	`7.7.0`
fastify	`5.8.4`	`5.8.5`
openid-client	`6.8.2`	`6.8.3`
resend	`6.9.4`	`6.12.1`
@xyflow/react	`12.10.1`	`12.10.2`
react	`19.1.0`	`19.2.5`
react-dom	`19.1.0`	`19.2.5`
fumadocs-mdx	`14.2.11`	`14.3.1`
@openai/agents	`0.0.4`	`0.8.4`

Updates @modelcontextprotocol/sdk from 1.27.1 to 1.29.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @felixweinberger in modelcontextprotocol/typescript-sdk#1749

[v1.x] fix: disallow null (infinite) requested TTL by @LucaButBoring in modelcontextprotocol/typescript-sdk#1339

[v1.x] fix: add missing size field to ResourceSchema by @olaservo in modelcontextprotocol/typescript-sdk#1575

Add typings exports by @tdraier in modelcontextprotocol/typescript-sdk#1623

v1.x npm audit fix by @KKonstantinov in modelcontextprotocol/typescript-sdk#1780

v1.x #1623 follow up -add missing types to package.json by @KKonstantinov in modelcontextprotocol/typescript-sdk#1773

[v1.x backport] Allow servers / clients to advertise extensions in the capability object by @localden in modelcontextprotocol/typescript-sdk#1811

fix(stdio): always set windowsHide on Windows, not just in Electron by @jnMetaCode in modelcontextprotocol/typescript-sdk#1640

chore: bump version to 1.29.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

@tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623

@jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

feat: use scopes_supported from resource metadata by default (fixes #580) by @antogyn in modelcontextprotocol/typescript-sdk#757

[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @pcarleton in modelcontextprotocol/typescript-sdk#1611

fix: reject plain JSON Schema objects passed as inputSchema by @tiluckdave in modelcontextprotocol/typescript-sdk#1596

fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @pcarleton in modelcontextprotocol/typescript-sdk#1462

fix(server/auth): RFC 8252 loopback port relaxation by @poteat in modelcontextprotocol/typescript-sdk#1738

chore: bump version to 1.28.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

@antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757

@tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596

@poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

Commits

e12cbd7 chore: bump version to 1.29.0 (#1820)
3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
364f38c v1.x npm audit fix (#1780)
c95cc09 Add typings exports (#1623)
ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
a056569 chore: bump version to 1.28.0 (#1746)
Additional commits viewable in compare view

Updates @prisma/adapter-pg from 7.5.0 to 7.7.0

Release notes

Sourced from @prisma/adapter-pg's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.

Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.

Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.

Migrate — Runs prisma migrate dev if the schema contains models.

Generate — Runs prisma generate.

Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage
npx prisma@latest bootstrap
With a starter template
npx prisma@latest bootstrap --template nextjs
Non-interactive (CI)
npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"
Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

... (truncated)

Commits

f2ca67e feat: pg statement name generator (#29395)
4131568 fix: set @types/pg to ^8.16.0 (#29390)
33667c3 fix(adapter-pg): handle both quoted/unquoted column names in ColumnNotFound e...
e97b3e0 feat(adapter-pg): accept connection string URL in PrismaPg constructor (#29287)
See full diff in compare view

Updates @prisma/client from 7.5.0 to 7.7.0

Release notes

Sourced from @prisma/client's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.

Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.

Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.

Migrate — Runs prisma migrate dev if the schema contains models.

Generate — Runs prisma generate.

Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage
npx prisma@latest bootstrap
With a starter template
npx prisma@latest bootstrap --template nextjs
Non-interactive (CI)
npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"
Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

... (truncated)

Commits

6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
30f0af6 feat: dmmf streaming with an E2E test (#29377)
14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
ecae3b6 chore(deps): update engines to 7.6.0-1.75cbdc1eb7150937890ad5465d861175c66247...
309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
See full diff in compare view

Updates fastify from 5.8.4 to 5.8.5

Release notes

Sourced from fastify's releases.

v5.8.5

⚠️ Security Release

This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963.

What's Changed

chore: Fix port parsing by @jsumners in fastify/fastify#6603

chore: upgrade to typescript v6.0.2 by @Tony133 in fastify/fastify#6605

fix: restore trustProxy function for number and string types, add null check for socketAddr by @mcollina in fastify/fastify#6613

ci: reduce cron scheduled workflows from daily/weekly to monthly by @Fdawgs in fastify/fastify#6623

chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @dependabot[bot] in fastify/fastify#6629

chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @dependabot[bot] in fastify/fastify#6632

chore: Bump borp from 0.21.0 to 1.0.0 by @dependabot[bot] in fastify/fastify#6633

chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @dependabot[bot] in fastify/fastify#6630

docs(ecosystem): add @pompelmi/fastify-plugin by @SonoTommy in fastify/fastify#6610

New Contributors

@SonoTommy made their first contribution in fastify/fastify#6610

Full Changelog: fastify/fastify@v5.8.4...v5.8.5

Commits

3983cce Bumped v5.8.5
3ce3ae6 Merge commit from fork
b06a196 docs(ecosystem): add @pompelmi/fastify-plugin (#6610)
909c5d5 chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)
4db21a3 chore: Bump borp from 0.21.0 to 1.0.0 (#6633)
0f4e544 chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)
33a2fcd chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)
fd35d82 ci: reduce cron schedules from daily/weekly to monthly (#6623)
8dee9be fix: restore trustProxy function for number and string types, add null check ...
d457aed chore: upgrade to typescript v6.0.2 (#6605)
Additional commits viewable in compare view

Updates openid-client from 6.8.2 to 6.8.3

Release notes

Sourced from openid-client's releases.

v6.8.3

Documentation

note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

passport: delete one-time state on callback (1e7dd2e)

Changelog

Sourced from openid-client's changelog.

6.8.3 (2026-04-13)

Documentation

note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

passport: delete one-time state on callback (1e7dd2e)

Commits

66e4082 chore(release): 6.8.3
fa292f2 test: fix typings build issues
0600c91 test: deflake pollBackchannelAuthenticationGrant
1e7dd2e fix(passport): delete one-time state on callback
da961e2 test: add coverage the passport strategy
14a2d38 chore: bump packages
c64adc8 chore: fix typings in the example
70cc56e chore: node --run format
e9689de docs: note a workaround for redirect_uri with query string or bare origin
a3ffaef example: update dpop example to respect the token_type
Additional commits viewable in compare view

Updates resend from 6.9.4 to 6.12.1

Release notes

Sourced from resend's releases.

v6.12.1

What's Changed

chore(deps): update dependency typescript to v6.0.3 by @renovate[bot] in resend/resend-node#935

chore(deps): update dependency dotenv to v17.4.2 by @renovate[bot] in resend/resend-node#927

chore(deps): update dependency @biomejs/biome to v2.4.12 by @renovate[bot] in resend/resend-node#916

fix(deps): update dependency next to v16.2.4 by @renovate[bot] in resend/resend-node#911

feat: add missing domain types: domains can be partially_verified/partially_failed by @CarolinaMoraes in resend/resend-node#937

Full Changelog: resend/resend-node@v6.12.0...v6.12.1

v6.12.0

What's Changed

chore(ci): use depot by @gabrielmfern in resend/resend-node#931

feat: preview tracking domains in resend/resend-node#932

Full Changelog: resend/resend-node@v6.11.0...v6.12.0

v6.11.0

What's Changed

chore(ci): migrate from BuildJet to Blacksmith runners by @lucasfcosta in resend/resend-node#907

chore(deps): update dependency vitest to v4.1.3 by @renovate[bot] in resend/resend-node#894

chore(deps): update dependency @types/node to v24.12.2 by @renovate[bot] in resend/resend-node#906

fix(deps): update dependency svix to v1.90.0 by @renovate[bot] in resend/resend-node#892

chore(deps): update dependency @biomejs/biome to v2.4.10 by @renovate[bot] in resend/resend-node#885

fix(deps): update dependency next to v16.2.2 by @renovate[bot] in resend/resend-node#893

chore(deps): update dependency typescript to v6 by @renovate[bot] in resend/resend-node#895

chore(deps): update pnpm to v10.33.0 by @renovate[bot] in resend/resend-node#896

fix(deps): update dependency esbuild to v0.28.0 by @renovate[bot] in resend/resend-node#909

chore(deps): update dependency dotenv to v17.4.1 by @renovate[bot] in resend/resend-node#908

chore(deps): update dependency vitest to v4.1.4 by @renovate[bot] in resend/resend-node#913

fix(deps): update react monorepo to v19.2.5 by @renovate[bot] in resend/resend-node#912

fix(deps): update dependency next to v16.2.3 [security] by @renovate[bot] in resend/resend-node#922

feat: add automations and events by @felipefreitag in resend/resend-node#866

chore: bump version by @isabellaaquino in resend/resend-node#925

fix: case conventions by @isabellaaquino in resend/resend-node#926

chore: bump to 6.11.0 for release by @lucasfcosta in resend/resend-node#928

Full Changelog: resend/resend-node@v6.10.0...v6.11.0

v6.10.0

What's Changed

fix(deps): update dependency next to v16.1.7 [security] by @renovate[bot] in resend/resend-node#884

chore(deps): update dependency pkg-pr-new to v0.0.66 by @renovate[bot] in resend/resend-node#880

chore(deps): update dependency vitest to v4.1.0 by @renovate[bot] in resend/resend-node#876

fix(deps): update dependency postal-mime to v2.7.4 by @renovate[bot] in resend/resend-node#886

fix(deps): update dependency esbuild to v0.27.4 by @renovate[bot] in resend/resend-node#875

fix(deps): update dependency next to v16.2.0 by @renovate[bot] in resend/resend-node#882

... (truncated)

Commits

1c10dbe feat: add missing domain types: domains can be partially_verified/partially_f...
168443a fix(deps): update dependency next to v16.2.4 (#911)
93328d9 chore(deps): update dependency @biomejs/biome to v2.4.12 (#916)
135aaaf chore(deps): update dependency dotenv to v17.4.2 (#927)
d7b7f1c chore(deps): update dependency typescript to v6.0.3 (#935)
39241d0 feat: preview tracking domains (#932)
fe864dc chore(ci): use depot (#931)
48b793f chore: bump to 6.11.0 for release (#928)
eb2fafe fix: case conventions (#926)
37eb802 chore: bump version (#925)
Additional commits viewable in compare view

Updates @xyflow/react from 12.10.1 to 12.10.2

Release notes

Sourced from @xyflow/react's releases.

@xyflow/react@12.10.2

Patch Changes

#5735 a6c938fb2 Thanks @nvie! - Allow type field to be missing in BuiltInNode (no type field is the same as type: "default")

#5722 8c9b7e726 Thanks @dfblhmm! - Add snapGrid to screenToFlowPosition options

#5723 82249517a Thanks @moklick! - Pass options to useReactFlow/useSvelteFlow viewport helper functions correctly

#5733 64115cd08 Thanks @AlaricBaraou! - Fix empty store during ReactFlow remount by reordering StoreUpdater before GraphView and using layout effects

#5727 dd54e86b9 Thanks @solastley! - Ensure visual nodes selection state is cleared when zero selected nodes remain in the flow

Updated dependencies [4a278dbbf]:

@xyflow/system@0.0.76

Changelog

Sourced from @xyflow/react's changelog.

12.10.2

Patch Changes

#5735 a6c938fb2 Thanks @nvie! - Allow type field to be missing in BuiltInNode (no type field is the same as type: "default")

#5722 8c9b7e726 Thanks @dfblhmm! - Add snapGrid to screenToFlowPosition options

#5723 82249517a Thanks @moklick! - Pass options to useReactFlow/useSvelteFlow viewport helper functions correctly

#5733 64115cd08 Thanks @AlaricBaraou! - Fix empty store during ReactFlow remount by reordering StoreUpdater before GraphView and using layout effects

#5727 dd54e86b9 Thanks @solastley! - Ensure visual nodes selection state is cleared when zero selected nodes remain in the flow

Updated dependencies [4a278dbbf]:

@xyflow/system@0.0.76

Commits

ba0a361 chore(packages): bump
613ad30 Merge pull request #5733 from AlaricBaraou/fix/store-reset-timing-on-remount
a6c938f Explicitly allow missing type field in BuiltInNode type definition
f2831bd Merge pull request #5727 from unifygtm/clear-nodes-selection-active
0e48d84 Return hasSelectedNodes from adoptUserNodes and use it to update `nodesSe...
6db2bd0 fix(react): prevent empty store during ReactFlow remount
e7b78d1 Merge pull request #5720 from yarikoptic/enh-codespell
38f4fef Merge pull request #5722 from dfblhmm/fix/type-definition
759042d Fix spacing in store/index.ts
52d452b Centralize nodesSelectionActive update in setNodes of store
Additional commits viewable in compare view

Updates react from 19.1.0 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @gnoff, @lubieowoce, @sebmarkbage, @unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

Add extra loop protection to React Server Functions (@sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@eps1lon facebook/react#35290)

Patch Promise cycles and toString on Server Functions (@sebmarkbage, @unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

<Activity>: A new API to hide and restore the UI and internal state of its children.

useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.

cacheSignal (for RSCs) lets your know when the cache() lifetime is over.

React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

Added resume APIs for partial pre-rendering with Web Streams:

resume: to resume a prerender to a stream.

resumeAndPrerender: to resume a prerender to HTML.

Added resume APIs for partial pre-rendering with Node Streams:

resumeToPipeableStream: to resume a prerender to a stream.

resumeAndPrerenderToNodeStream: to resume a prerender to HTML.

Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.

... (truncated)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

<Activity>: A new API to hide and restore the UI and internal state of its children.

useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.

cacheSignal (for RSCs) lets your know when the cache() lifetime is over.

React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

Added resume APIs for partial pre-rendering with Web Streams:

resume: to resume a prerender to a stream.

resumeAndPrerender: to resume a prerender to HTML.

Added resume APIs for partial pre-rendering with Node Streams:

resumeToPipeableStream: to resume a prerender to a stream.

resumeAndPrerenderToNodeStream: to resume a prerender to HTML.

Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.

Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js

Use underscore instead of : IDs generated by useId

All Changes

React

<Activity /> was developed over many years, starting before ClassComponent.setState (@acdlite @sebmarkbage and many others)

Stringify context as "SomeContext" instead of "SomeContext.Provider" (@kassens #33507)

Include stack of cause of React instrumentation errors with %o placeholder (@eps1lon #34198)

Fix infinite useDeferredValue loop in popstate event (@acdlite #32821)

Fix a bug when an initial value was passed to useDeferredValue (@acdlite #34376)

Fix a crash when submitting forms with Client Actions (@sebmarkbage #33055)

Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@sebmarkbage #32900)

Avoid stack overflow on wide trees during Hot Reload (@sophiebits #34145)

Improve Owner and Component stacks in various places (@sebmarkbage, @eps1lon: #33629, #33724, #32735, #33723)

Add cacheSignal (@sebmarkbage #33557)

... (truncated)

Commits

23f4f9f 19.2.5
90ab3f8 Version 19.2.4
612e371 Version 19.2.3
b910fc1 Version 19.2.2
053df4e Version 19.2.1
5667a41 Bump next prerelease version numbers (#34639)
8bb7241 Bump useEffectEvent to Canary (#34610)
e3c9656 Ensure Performance Track are Clamped and Don't overlap (#34509)
68f00c9 Release Activity in Canary (#34374)
0e10ee9 [Reconciler] Set ProfileMode for Host Root Fiber by default in dev (#34432)
Additional commits viewable in compare view

Updates react-dom from 19.1.0 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @gnoff, @lubieowoce, @sebmarkbage, @unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

Add extra loop protection to React Server Functions (@sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@eps1lon facebook/react#35290)

Patch Promise cycles and toString on Server Functions (@sebmarkbage, @unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

<Activity>: A new API to hide and restore the UI and internal state of its children.

useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.

cacheSignal (for RSCs) lets your know when the cache() lifetime is over.

React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

Added resume APIs for partial pre-rendering with Web Streams:

resume: to resume a prerender to a stream.

resumeAndPrerender: to resume a prerender to HTML.

Added resume APIs for partial pre-rendering with Node Streams:

resumeToPipeableStream: to resume a prerender to a stream.

resumeAndPrerenderToNodeStream: to resume a prerender to HTML.

Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (

…y with 11 updates Bumps the production-dependencies group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.27.1` | `1.29.0` | | [@prisma/adapter-pg](https://github.com/prisma/prisma/tree/HEAD/packages/adapter-pg) | `7.5.0` | `7.7.0` | | [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `7.5.0` | `7.7.0` | | [fastify](https://github.com/fastify/fastify) | `5.8.4` | `5.8.5` | | [openid-client](https://github.com/panva/openid-client) | `6.8.2` | `6.8.3` | | [resend](https://github.com/resend/resend-node) | `6.9.4` | `6.12.1` | | [@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react) | `12.10.1` | `12.10.2` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.1.0` | `19.2.5` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.1.0` | `19.2.5` | | [fumadocs-mdx](https://github.com/fuma-nama/fumadocs) | `14.2.11` | `14.3.1` | | [@openai/agents](https://github.com/openai/openai-agents-js) | `0.0.4` | `0.8.4` | Updates `@modelcontextprotocol/sdk` from 1.27.1 to 1.29.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.27.1...v1.29.0) Updates `@prisma/adapter-pg` from 7.5.0 to 7.7.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/adapter-pg) Updates `@prisma/client` from 7.5.0 to 7.7.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/client) Updates `fastify` from 5.8.4 to 5.8.5 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.8.4...v5.8.5) Updates `openid-client` from 6.8.2 to 6.8.3 - [Release notes](https://github.com/panva/openid-client/releases) - [Changelog](https://github.com/panva/openid-client/blob/main/CHANGELOG.md) - [Commits](panva/openid-client@v6.8.2...v6.8.3) Updates `resend` from 6.9.4 to 6.12.1 - [Release notes](https://github.com/resend/resend-node/releases) - [Commits](resend/resend-node@v6.9.4...v6.12.1) Updates `@xyflow/react` from 12.10.1 to 12.10.2 - [Release notes](https://github.com/xyflow/xyflow/releases) - [Changelog](https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md) - [Commits](https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.2/packages/react) Updates `react` from 19.1.0 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react) Updates `react-dom` from 19.1.0 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom) Updates `fumadocs-mdx` from 14.2.11 to 14.3.1 - [Release notes](https://github.com/fuma-nama/fumadocs/releases) - [Commits](https://github.com/fuma-nama/fumadocs/compare/fumadocs-mdx@14.2.11...fumadocs-ui@14.3.1) Updates `@openai/agents` from 0.0.4 to 0.8.4 - [Release notes](https://github.com/openai/openai-agents-js/releases) - [Commits](openai/openai-agents-js@v0.0.4...v0.8.4) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@prisma/adapter-pg" dependency-version: 7.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@prisma/client" dependency-version: 7.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: fastify dependency-version: 5.8.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: openid-client dependency-version: 6.8.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: resend dependency-version: 6.12.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@xyflow/react" dependency-version: 12.10.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: react dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: react-dom dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: fumadocs-mdx dependency-version: 14.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@openai/agents" dependency-version: 0.8.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the production-dependencies group across 1 directory with 11 updates#48

chore(deps): bump the production-dependencies group across 1 directory with 11 updates#48
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-d4bd9030ba

dependabot Bot commented on behalf of github Apr 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 20, 2026

v1.29.0

What's Changed

New Contributors

v1.28.0

What's Changed

New Contributors

7.7.0

Highlights

ORM

prisma bootstrap command

Open roles at Prisma

Enterprise support

7.7.0

Highlights

ORM

prisma bootstrap command

Open roles at Prisma

Enterprise support

v5.8.5

⚠️ Security Release

What's Changed

New Contributors

v6.8.3

Documentation

Fixes

6.8.3 (2026-04-13)

Documentation

Fixes

v6.12.1

What's Changed

v6.12.0

What's Changed

v6.11.0

What's Changed

v6.10.0

What's Changed

@​xyflow/react@​12.10.2

Patch Changes

12.10.2

Patch Changes

19.2.5 (April 8th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

New React Features

New React DOM Features

Notable changes

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

New React Features

New React DOM Features

Notable changes

All Changes

React

19.2.5 (April 8th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

New React Features

New React DOM Features

Notable changes

19.2.1 (Dec 3, 2025)

React Server Components

`prisma bootstrap` command

`prisma bootstrap` command

`@xyflow/react@12`.10.2