build(deps): bump the production-dependencies group across 1 directory with 59 updates

[dependabot]

Bumps the production-dependencies group with 59 updates in the / directory:

Package	From	To
@ai-sdk/openai	3.0.26	3.0.55
@ai-sdk/react	3.0.80	3.0.174
@aws-sdk/client-s3	3.984.0	3.1040.0
@aws-sdk/s3-request-presigner	3.984.0	3.1040.0
@fumadocs/content-collections	1.2.6	1.2.9
@hono/zod-openapi	1.2.1	1.3.0
@next/third-parties	16.1.6	16.2.4
@paralleldrive/cuid2	2.3.1	3.3.0
@prisma/client	7.3.0	7.8.0
@react-email/components	0.0.41	1.0.12
@react-email/render	1.4.0	2.0.8
@scalar/hono-api-reference	0.9.40	0.10.13
@tanstack/react-query	5.90.20	5.100.7
@tiptap/extension-dropcursor	3.19.0	3.22.5
@tiptap/extension-image	3.19.0	3.22.5
@tiptap/extension-placeholder	3.19.0	3.22.5
@tiptap/react	3.19.0	3.22.5
@tiptap/starter-kit	3.19.0	3.22.5
@uiw/react-md-editor	4.0.11	4.1.0
ai	6.0.78	6.0.172
better-auth	1.4.18	1.6.9
boring-avatars	1.11.2	2.0.4
dompurify	3.3.1	3.4.2
fumadocs-core	16.5.2	16.8.5
fumadocs-ui	16.5.2	16.8.5
geist	1.5.1	1.7.0
hono	4.11.8	4.12.16
hono-openapi	0.4.8	1.3.0
isomorphic-dompurify	2.35.0	3.11.0
jotai	2.12.3	2.19.1
lucide-react	0.542.0	1.14.0
nanoid	5.1.6	5.1.11
next	16.1.6	16.2.4
next-intl	4.8.3	4.11.0
nodemailer	7.0.13	8.0.7
nuqs	2.8.8	2.8.9
openai	6.19.0	6.35.0
react	19.2.4	19.2.5
react-day-picker	9.13.0	9.14.0
react-dom	19.2.4	19.2.5
react-dropzone	14.4.0	15.0.0
react-hook-form	7.71.1	7.74.0
react-qr-code	2.0.18	2.0.21
react-resizable-panels	3.0.6	4.10.0
recharts	2.15.4	3.8.1
sharp	0.34.4	0.34.5
slugify	1.6.6	1.6.9
stripe	18.5.0	22.1.0
tailwind-merge	3.4.0	3.5.0
tencentcloud-sdk-nodejs	4.1.184	4.1.224
ufo	1.6.3	1.6.4
use-debounce	10.1.0	10.1.1
use-intl	4.8.2	4.11.0
uuid	11.1.0	14.0.0
zod	4.3.6	4.4.1
zustand	5.0.11	5.0.12
@prisma/adapter-pg	7.3.0	7.8.0
pg	8.18.0	8.20.0
ws	8.19.0	8.20.0

Updates @ai-sdk/openai from 3.0.26 to 3.0.55

Release notes

Sourced from @​ai-sdk/openai's releases.

@​ai-sdk/openai@​3.0.55

Patch Changes

• a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles
• Updated dependencies [a727da4]
  • @​ai-sdk/provider-utils@​4.0.25
  • @​ai-sdk/provider@​3.0.10

Changelog

Sourced from @​ai-sdk/openai's changelog.

3.0.55

Patch Changes

• a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles
• Updated dependencies [a727da4]
  • @​ai-sdk/provider-utils@​4.0.25
  • @​ai-sdk/provider@​3.0.10

3.0.54

Patch Changes

• a7f3c72: trigger release for all packages after provenance setup
• 408a2ad: patch - send content: null instead of empty string for tool-only assistant messages
• c71ad14: feat(provider/openai): add gpt-image-2 model support
• Updated dependencies [a7f3c72]
  • @​ai-sdk/provider@​3.0.9
  • @​ai-sdk/provider-utils@​4.0.24

3.0.53

Patch Changes

• 953385d: fix(openai): default undefined tool-call input to empty object before serializing tool arguments

3.0.52

Patch Changes

• d42076d: Add AI Gateway hint to provider READMEs

3.0.51

Patch Changes

• Updated dependencies [6247886]
  • @​ai-sdk/provider-utils@​4.0.23

3.0.50

Patch Changes

• Updated dependencies [0469aed]
  • @​ai-sdk/provider-utils@​4.0.22

3.0.49

Patch Changes

... (truncated)

Commits

• 8e650ab Version Packages (#14824)
• a727da4 backport of chore: ensure consistent import handling and avoid import duplica...
• 77a4e05 Version Packages (#14802)
• a7f3c72 Re-enable v6 releases (#14799)
• c71ad14 Backport: feat(provider/openai): add gpt-image-2 model support (#14682)
• 408a2ad Backport: fix(openai, openai-compatible): send null content for tool-only ass...
• f4faec7 Version Packages (#14440)
• 953385d Backport: fix(ai): default undefined tool-call input to empty object in conve...
• 99327b1 Version Packages (#14212)
• d42076d Backport: Add AI Gateway hint to provider READMEs (#14199)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ai-sdk/openai since your current version.

Updates @ai-sdk/react from 3.0.80 to 3.0.174

Release notes

Sourced from @​ai-sdk/react's releases.

@​ai-sdk/react@​3.0.174

Patch Changes

• ai@6.0.172

@​ai-sdk/react@​3.0.173

Patch Changes

• a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles
• Updated dependencies [48f842a]
• Updated dependencies [a727da4]
• Updated dependencies [5fee301]
  • ai@6.0.171
  • @​ai-sdk/provider-utils@​4.0.25

Changelog

Sourced from @​ai-sdk/react's changelog.

3.0.174

Patch Changes

• ai@6.0.172

3.0.173

Patch Changes

• a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles
• Updated dependencies [48f842a]
• Updated dependencies [a727da4]
• Updated dependencies [5fee301]
  • ai@6.0.171
  • @​ai-sdk/provider-utils@​4.0.25

3.0.172

Patch Changes

• Updated dependencies [19d587a]
  • ai@6.0.170

3.0.171

Patch Changes

• a7f3c72: trigger release for all packages after provenance setup
• Updated dependencies [2662bb5]
• Updated dependencies [a7f3c72]
  • ai@6.0.169
  • @​ai-sdk/provider-utils@​4.0.24

3.0.170

Patch Changes

• ai@6.0.168

3.0.169

Patch Changes

• ai@6.0.167

3.0.168

Patch Changes

... (truncated)

Commits

• 29c80ec Version Packages (#14868)
• 8e650ab Version Packages (#14824)
• a727da4 backport of chore: ensure consistent import handling and avoid import duplica...
• 7ab1e18 Version Packages (#14815)
• 77a4e05 Version Packages (#14802)
• a7f3c72 Re-enable v6 releases (#14799)
• c38119a Version Packages (#14574)
• db2a49b Version Packages (#14558)
• c76f57a Version Packages (#14553)
• 1072e57 Version Packages (#14535)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ai-sdk/react since your current version.

Updates @aws-sdk/client-s3 from 3.984.0 to 3.1040.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1040.0

3.1040.0(2026-04-30)

New Features

• clients: update client endpoints as of 2026-04-30 (2620ccbd)
• client-bedrock-agentcore-control: AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. (6b9d13e3)
• client-route53globalresolver: Adds support for regions in the UpdateGlobalResolver input. (84b15b2e)
• client-sagemaker: Add InstancePools support to Endpoint for flexible provisioning across a prioritized list of instance types. Add Specifications support to InferenceComponent for per-instance-type model configurations. (05c49aa9)
• client-sso-admin: Add InstanceArn and IdentityStoreArn in the response of CreateApplication API and IdentityStoreArn in the response of DescribeApplication API (d46aaf53)
• client-payment-cryptography: Adds support for resource-based policies on AWS Payment Cryptography keys, enabling cross-account key sharing. Also adds Multi-Party Approval (MPA) team association APIs for protecting sensitive import root public key operations. (4d7fdfa8)
• client-datazone: Adds support for asynchronous notebook runs (e562cc0f)
• client-kafka: Adds support for ZookeeperAccess field to control the Client-Zookeeper connectivity. (34de26bd)
• client-observabilityadmin: Observability Admin enablement launch for AWS Kafka, Bedrock Agent Core Workload Identity and OTel metric enablement. (8cea5eb6)
• client-eks: Vended logs update param for capability vended logs feature (7741c8f5)
• client-bedrock-agentcore: AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. (948fd098)

Tests

• client-dynamodb: fix table cleanup criteria (#7976) (856c9c0e)

---

For list of updated packages, view updated-packages.md in assets-3.1040.0.zip

v3.1039.0

3.1039.0(2026-04-29)

Chores

• codegen:
  • smithy-aws-typescript-codegen 0.49.0 (#7972) (799fdc7b)
  • sync for adaptive retry fixes (#7970) (3dfb72b7)
• xml-builder: manual version bump for 3.972.21 release (#7969) (99bfb4b8)

Documentation Changes

• client-ecr: Removes support for registry policy V1 (0fc28e9f)

New Features

• clients: update client endpoints as of 2026-04-29 (2c0c0979)
• client-workspaces-web: Allow admins to configure IPv6 ranges on IP Access Settings. (a1d8beb2)
• client-account: Adds AccountState in the response for the GetAccountInformation API. Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes. (dc283531)
• client-gamelift: Amazon GameLift Servers adds a new DescribeContainerGroupPortMappings API for container fleets, making it easy to discover which connection ports map to your container ports without needing to remotely access the compute. (71e95d8f)
• client-transfer: This launch will increase the limits for customers to list the contents from the remote directories from 10k to 200k. (58052c95)
• client-cloudfront: Amazon CloudFront now supports cache tag. Tag objects via response headers and invalidate all matching objects in a single request, replacing manual URL tracking and broad wildcards. (fac83987)
• client-mediapackagev2: This feature adds configuration for specifying SCTE marker handling and allow greater control over generated manifest and segment URIs (cd814f6b)
• client-bedrock-agentcore-control: Adds configuration bundles for versioned, immutable agent configuration snapshots with branch-based lineage (480b6517)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1040.0 (2026-04-30)

Note: Version bump only for package @​aws-sdk/client-s3

3.1039.0 (2026-04-29)

Note: Version bump only for package @​aws-sdk/client-s3

3.1038.0 (2026-04-27)

Bug Fixes

• xml-builder: use xml 1.1 parsing behavior for entities (#7964) (7a30bce)

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-s3

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/client-s3

3.1035.0 (2026-04-22)

Bug Fixes

• client-s3: retry errors with 200 status code (#7945) (7d9d8d1)

... (truncated)

Commits

• 7736067 Publish v3.1040.0
• 51c8215 Publish v3.1039.0
• 3dfb72b chore(codegen): sync for adaptive retry fixes (#7970)
• 3fbf6c5 Publish v3.1038.0
• e9f8d8a chore(codegen): sync for typed waiter-result values (#7965)
• 7a30bce fix(xml-builder): use xml 1.1 parsing behavior for entities (#7964)
• 7babd8b Publish v3.1037.0
• 46e4ac5 Publish v3.1036.0
• 107aefc chore(codegen): sync for http2 session closure, retry longpoll backoff, and f...
• d8fbfbc Publish v3.1035.0
• Additional commits viewable in compare view

Updates @aws-sdk/s3-request-presigner from 3.984.0 to 3.1040.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1040.0

3.1040.0(2026-04-30)

New Features

• clients: update client endpoints as of 2026-04-30 (2620ccbd)
• client-bedrock-agentcore-control: AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. (6b9d13e3)
• client-route53globalresolver: Adds support for regions in the UpdateGlobalResolver input. (84b15b2e)
• client-sagemaker: Add InstancePools support to Endpoint for flexible provisioning across a prioritized list of instance types. Add Specifications support to InferenceComponent for per-instance-type model configurations. (05c49aa9)
• client-sso-admin: Add InstanceArn and IdentityStoreArn in the response of CreateApplication API and IdentityStoreArn in the response of DescribeApplication API (d46aaf53)
• client-payment-cryptography: Adds support for resource-based policies on AWS Payment Cryptography keys, enabling cross-account key sharing. Also adds Multi-Party Approval (MPA) team association APIs for protecting sensitive import root public key operations. (4d7fdfa8)
• client-datazone: Adds support for asynchronous notebook runs (e562cc0f)
• client-kafka: Adds support for ZookeeperAccess field to control the Client-Zookeeper connectivity. (34de26bd)
• client-observabilityadmin: Observability Admin enablement launch for AWS Kafka, Bedrock Agent Core Workload Identity and OTel metric enablement. (8cea5eb6)
• client-eks: Vended logs update param for capability vended logs feature (7741c8f5)
• client-bedrock-agentcore: AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. (948fd098)

Tests

• client-dynamodb: fix table cleanup criteria (#7976) (856c9c0e)

---

For list of updated packages, view updated-packages.md in assets-3.1040.0.zip

v3.1039.0

3.1039.0(2026-04-29)

Chores

• codegen:
  • smithy-aws-typescript-codegen 0.49.0 (#7972) (799fdc7b)
  • sync for adaptive retry fixes (#7970) (3dfb72b7)
• xml-builder: manual version bump for 3.972.21 release (#7969) (99bfb4b8)

Documentation Changes

• client-ecr: Removes support for registry policy V1 (0fc28e9f)

New Features

• clients: update client endpoints as of 2026-04-29 (2c0c0979)
• client-workspaces-web: Allow admins to configure IPv6 ranges on IP Access Settings. (a1d8beb2)
• client-account: Adds AccountState in the response for the GetAccountInformation API. Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes. (dc283531)
• client-gamelift: Amazon GameLift Servers adds a new DescribeContainerGroupPortMappings API for container fleets, making it easy to discover which connection ports map to your container ports without needing to remotely access the compute. (71e95d8f)
• client-transfer: This launch will increase the limits for customers to list the contents from the remote directories from 10k to 200k. (58052c95)
• client-cloudfront: Amazon CloudFront now supports cache tag. Tag objects via response headers and invalidate all matching objects in a single request, replacing manual URL tracking and broad wildcards. (fac83987)
• client-mediapackagev2: This feature adds configuration for specifying SCTE marker handling and allow greater control over generated manifest and segment URIs (cd814f6b)
• client-bedrock-agentcore-control: Adds configuration bundles for versioned, immutable agent configuration snapshots with branch-based lineage (480b6517)

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1040.0 (2026-04-30)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1039.0 (2026-04-29)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1038.0 (2026-04-27)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1035.0 (2026-04-22)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1034.0 (2026-04-21)

... (truncated)

Commits

• 7736067 Publish v3.1040.0
• 51c8215 Publish v3.1039.0
• 3fbf6c5 Publish v3.1038.0
• 7babd8b Publish v3.1037.0
• 46e4ac5 Publish v3.1036.0
• 107aefc chore(codegen): sync for http2 session closure, retry longpoll backoff, and f...
• d8fbfbc Publish v3.1035.0
• d08b5a7 Publish v3.1034.0
• 273ad5b chore(codegen): sync for http2 session concurrency fixes (#7942)
• a62021b Publish v3.1033.0
• Additional commits viewable in compare view

Updates @fumadocs/content-collections from 1.2.6 to 1.2.9

Release notes

Sourced from @​fumadocs/content-collections's releases.

@​fumadocs/content-collections@​1.2.9

Patch Changes

• 2d8f596: fix npm pack skipping nested node_modules
• Updated dependencies [2d8f596]
  • fumadocs-core@16.7.14

@​fumadocs/content-collections@​1.2.8

Patch Changes

• 690ddb9: bundle more deps
• Updated dependencies [690ddb9]
  • fumadocs-core@16.7.13

Commits

• fa60913 Version Packages (#3202)
• 2d8f596 Chore: fix npm pack skipping nested node_modules
• b5af621 Merge pull request #3200 from fuma-nama/changeset-release/dev
• 79995e9 fix tsdown warnings
• 9518cc8 OpenAPI: remove openapi-sampler dep
• 335b9c1 Chore: bundle more deps
• 498425b UI: pre-calculate TOC item positions
• 7cdde7c UI: improve TOC performance
• 690ddb9 Chore: bundle more deps
• 8999346 Version Packages (#3198)
• Additional commits viewable in compare view

Updates @hono/zod-openapi from 1.2.1 to 1.3.0

Release notes

Sourced from @​hono/zod-openapi's releases.

@​hono/zod-openapi@​1.3.0

Minor Changes

• #1752 fe0f8e4b44ca8e78d2ed60ed8591f415cd85eaa9 Thanks @​destroSunRay! - This PR adds two new utilities to improve route definition and registration in @hono/zod-openapi:

  • defineOpenAPIRoute: Provides explicit type safety for route definitions
  • openapiRoutes: Enables batch registration of multiple routes with full type safety
  • Registering many routes individually was repetitive and verbose
  • Type inference for complex route configurations was challenging
  • Organizing routes across multiple files was difficult
  • No built-in support for conditional route registration
  • RPC type safety was hard to maintain across scattered route registrations
  • defineOpenAPIRoute: Wraps route definitions with explicit types for better IDE support and type checking
  • openapiRoutes: Accepts an array of route definitions and registers them all at once
  • Supports addRoute flag for conditional registration
  • Maintains full type safety and RPC support through recursive type merging
  • Enables clean modular organization of routes
  • ✅ Reduced boilerplate code
  • ✅ Better type inference and IDE autocomplete
  • ✅ Easier code organization and maintainability
  • ✅ Declarative conditional routes
  • ✅ Full backward compatibility

  See the updated README for usage examples.

  • All existing tests pass (102/102)
  • Added tests for new functionality
  • Verified type inference works correctly
  • Updated package README with usage examples

@​hono/zod-openapi@​1.2.4

Patch Changes

• #1831 40ede9c55abe672798deca6970ef60b945382d34 Thanks @​yusukebe! - fix: publish to JSR

@​hono/zod-openapi@​1.2.3

Patch Changes

• #1810 db8fd160d0685cda0d874a5908326c004f72522a Thanks @​dirkluijk! - fix: bump @​asteasolutions/zod-to-openapi to allow nested discriminated unions

@​hono/zod-openapi@​1.2.2

Patch Changes

• #1748 82701be9e1bfd2b0830555119cf89315501386e2 Thanks @​yusukebe! - fix: bump zod-to-openapi to fix the memory leak

Changelog

Sourced from @​hono/zod-openapi's changelog.

1.3.0

Minor Changes

• #1752 fe0f8e4b44ca8e78d2ed60ed8591f415cd85eaa9 Thanks @​destroSunRay! - This PR adds two new utilities to improve route definition and registration in @hono/zod-openapi:

  • defineOpenAPIRoute: Provides explicit type safety for route definitions
  • openapiRoutes: Enables batch registration of multiple routes with full type safety
  • Registering many routes individually was repetitive and verbose
  • Type inference for complex route configurations was challenging
  • Organizing routes across multiple files was difficult
  • No built-in support for conditional route registration
  • RPC type safety was hard to maintain across scattered route registrations
  • defineOpenAPIRoute: Wraps route definitions with explicit types for better IDE support and type checking
  • openapiRoutes: Accepts an array of route definitions and registers them all at once
  • Supports addRoute flag for conditional registration
  • Maintains full type safety and RPC support through recursive type merging
  • Enables clean modular organization of routes
  • ✅ Reduced boilerplate code
  • ✅ Better type inference and IDE autocomplete
  • ✅ Easier code organization and maintainability
  • ✅ Declarative conditional routes
  • ✅ Full backward compatibility

  See the updated README for usage examples.

  • All existing tests pass (102/102)
  • Added tests for new functionality
  • Verified type inference works correctly
  • Updated package README with usage examples

1.2.4

Patch Changes

• #1831 40ede9c55abe672798deca6970ef60b945382d34 Thanks @​yusukebe! - fix: publish to JSR

1.2.3

Patch Changes

• #1810 db8fd160d0685cda0d874a5908326c004f72522a Thanks @​dirkluijk! - fix: bump @​asteasolutions/zod-to-openapi to allow nested discriminated unions

1.2.2

Patch Changes

• #1748 82701be9e1bfd2b0830555119cf89315501386e2 Thanks @​yusukebe! - fix: bump zod-to-openapi to fix the memory leak

Commits

• 5eeca71 Version Packages (#1849)
• fe0f8e4 feat(zod-openapi): add defineOpenAPIRoute and openapiRoutes for batch route r...
• a6f4ef5 Version Packages (#1832)
• 40ede9c fix(zod-openapi): publish to JSR (#1831)
• 38993fa Version Packages (#1811)
• db8fd16 fix(zod-openapi): bump @​asteasolutions/zod-to-openapi to allow nested discrim...
• e762ac0 feat(eslint): ignoring variables and parameters prefixed with _ (#1772)
• 27d8981 Version Packages (#1749)
• 82701be fix(zod-openapi): bump zod-to-openapi to fix the memory leak (#1748)
• 475cd12 chore: update typescript to 5.9.3 (#1741)
• See full diff in compare view

Updates @next/third-parties from 16.1.6 to 16.2.4

Release notes

Sourced from @​next/third-parties's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
• Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
• Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• Compiler: Support boolean and number primtives in next.config defines (#92731)
• turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
• Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
• Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

... (truncated)

Commits

• 2275bd8 v16.2.4
• d5f649b v16.2.3
• 52faae3 v16.2.2
• ed7d2ce v16.2.1
• c5c94df v16.2.0
• 3683192 v16.2.0-canary.104
• 6689814 v16.2.0-canary.103
• ad66dbc v16.2.0-canary.102
• b856498 v16.2.0-canary.101
• 136b77e v16.2.0-canary.100
• Additional commits viewable in compare view

Updates @paralleldrive/cuid2 from 2.3.1 to 3.3.0

Changelog

Sourced from @​paralleldrive/cuid2's changelog.

[3.3.0] - 2026-01-25

Fixed

• Fix typo in package.json exports field: ./package.json path was incorrectly specified
• Fix TypeScript compilation error (TS1203) by replacing export = with named exports in index.d.ts

Updated

• Update AI development framework (aidd) to v2.5.0 for enhanced security reviews
• Update all devDependencies to latest versions (@​types/node, @​types/react, eslint, eslint-config-next, eslint-config-prettier, eslint-plugin-prettier, next, prettier, react, react-dom, release-it, riteway, updtr, watch)

[3.0.2] - 2025-10-27

Changed

• Remove collision-test from pre-commit hook to unblock release process

Fixed

• Replace BigInt with bignumber.js for broader browser support (legacy browsers)
• Add export module field to package.json for better ESM compatibility

Added

• Implement CSPRNG using crypto.getRandomValues for enhanced security
• Add validation to throw error when length > 32

Documentation

• Fix typo: Change "Pseudo" to "Pseudo" in README.md
• Update link for PleaseRobMe.com

[3.0.0] - 2025-10-18

⚠️ BREAKING CHANGES

• Convert entire project from CommonJS to ES modules
  • Changed from require()/module.exports to import/export
  • Added "type": "module" to package.json
  • Users must use ESM imports or upgrade to this version carefully
  • For CommonJS compatibility, use v2.3.1 instead

Commits

• 2275e80 chore(release): v3.3.0
• 3af6f1b chore: update CHANGELOG for v3.2.1
• ee1ff97 Merge pull request #119 from paralleldrive/update
• 59541b5 chore: downgrade packages for security
• aebdc31 chore: remove legacy Travis CI config
• 71b5d09 ci: add GitHub Actions workflow
• d044cfe chore: update dependencies and AI framework
• 3bec9b1 Merge pull request #116 from paralleldrive/copilot/fix-typescript-error-ts1203
• a910d6e Delete REVIEW.md
• 76b5c83 docs: add comprehensive code review for TS1203 fix
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @prisma/client from 7.3.0 to 7.8.0

Release notes

Sourced from @​prisma/client's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

• Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

• Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
• Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
• Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
• Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
• Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

• Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-u...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.