Skip to content

chore(deps): bump the typescript-runtime-deps group across 1 directory with 9 updates#395

Merged
erichare merged 1 commit into
mainfrom
dependabot/npm_and_yarn/runtimes/typescript/typescript-runtime-deps-64a9a6b679
Jul 2, 2026
Merged

chore(deps): bump the typescript-runtime-deps group across 1 directory with 9 updates#395
erichare merged 1 commit into
mainfrom
dependabot/npm_and_yarn/runtimes/typescript/typescript-runtime-deps-64a9a6b679

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the typescript-runtime-deps group with 9 updates in the /runtimes/typescript directory:

Package From To
@hono/node-server 2.0.5 2.0.8
@langchain/core 1.2.0 1.2.1
@langchain/openai 1.5.1 1.5.3
@scalar/hono-api-reference 0.11.4 0.11.8
hono 4.12.26 4.12.27
pdfjs-dist 6.0.227 6.1.200
@types/node 25.9.3 26.1.0
knip 6.17.1 6.24.0
tsx 4.22.4 4.22.5

Updates @hono/node-server from 2.0.5 to 2.0.8

Release notes

Sourced from @​hono/node-server's releases.

v2.0.8

What's Changed

Full Changelog: honojs/node-server@v2.0.7...v2.0.8

v2.0.7

What's Changed

Full Changelog: honojs/node-server@v2.0.6...v2.0.7

v2.0.6

What's Changed

Full Changelog: honojs/node-server@v2.0.5...v2.0.6

Commits
  • 114c15e 2.0.8
  • 5db2d5d ci(release): add --no-git-checks option for pnpm stage publish (#369)
  • a528a77 2.0.7
  • b2d610c chore: bump supertest (#368)
  • 1b0040a fix(serve-static): serve precompressed files for application/octet-stream (#366)
  • ad5b13a chore: migrate to pnpm (#367)
  • ff75c61 2.0.6
  • 814720f fix: preserve status and statusText when cloning a Response with live headers...
  • a76209a ci: use npm Staged publishing (#364)
  • 44c365a ci: publish to npm from CI with OIDC trusted publishing and bump np (#361)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​hono/node-server since your current version.


Updates @langchain/core from 1.2.0 to 1.2.1

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.2.1

Patch Changes

  • #10674 f017708 Thanks @​christian-bromann! - fix: classify provider 429s before retrying

  • #11092 7918bbd Thanks @​aolsenjazz! - fix(core): only treat arrays of content blocks as ToolMessage content

    Fix tool outputs that are arrays of plain objects being forwarded as malformed message content. An array is now only treated as message content blocks when every element is an object with a type; otherwise it is JSON-stringified.

Commits
  • 1ee0df0 chore: version packages (#11097)
  • f017708 fix(core): better 429 error handling (#10674)
  • 05936ab fix(openai): omit empty reasoning item id in Responses API input (#11045)
  • 798cb70 fix(openai): route standard url file blocks to native input_file in Responses...
  • 80c790b fix(openai): stream built-in tool progress events (#11090)
  • d2e6afc fix(groq): require @​langchain/core >= 1.1.30 in peer dependency (#11072)
  • c66870e feat(weaviate): add X-Weaviate-Client-Integration telemetry header (#11088)
  • baa57ba fix(anthropic): omit default disabled thinking from requests (#11073)
  • 04edb8d docs(ibm): fix "Recieved" typo in tool_choice error message (#11066)
  • 2b7f368 chore(deps): bump uuid from 14.0.0 to 14.0.1 (#11094)
  • Additional commits viewable in compare view

Updates @langchain/openai from 1.5.1 to 1.5.3

Release notes

Sourced from @​langchain/openai's releases.

@​langchain/openai@​1.5.3

Patch Changes

@​langchain/openai@​1.5.2

Patch Changes

  • #11045 05936ab Thanks @​jackjin1997! - fix(openai): omit empty id and content on reasoning items in Responses API input

    Reasoning blocks reassembled from streaming chunks (e.g. via streamEvents) never carry an id, since OpenAI's streaming protocol only includes it in non-streaming responses. When such a message was replayed as Responses API input on the next turn, the reasoning item was emitted with id: "", which OpenAI rejects with 400 Invalid 'input[n].id': ''. The id field is now omitted when absent.

    A second error surfaced immediately after that fix: the same converter set a populated content array on the reasoning input item, which the Responses API also rejects (400 Invalid 'input[n].content': array too long. Expected an array with maximum length 0). Reasoning input items only carry summary, so content is no longer forwarded. Thanks to @​csrujanreddy for catching the second issue and verifying both fixes against the live API.

  • #11065 798cb70 Thanks @​rxits! - fix(openai): route standard url file blocks to native input_file in Responses API

  • #11090 80c790b Thanks @​nikhilpakhloo! - fix(openai): stream built-in tool progress events

Commits
  • f1d64ff chore: version packages (#11101)
  • 72ffc4b fix(aws): add Bedrock stream idle timeout (#11098)
  • 3205b35 fix(langchain, openai): decouple strict tools from strict structured output r...
  • 1ee0df0 chore: version packages (#11097)
  • f017708 fix(core): better 429 error handling (#10674)
  • 05936ab fix(openai): omit empty reasoning item id in Responses API input (#11045)
  • 798cb70 fix(openai): route standard url file blocks to native input_file in Responses...
  • 80c790b fix(openai): stream built-in tool progress events (#11090)
  • d2e6afc fix(groq): require @​langchain/core >= 1.1.30 in peer dependency (#11072)
  • c66870e feat(weaviate): add X-Weaviate-Client-Integration telemetry header (#11088)
  • Additional commits viewable in compare view

Updates @scalar/hono-api-reference from 0.11.4 to 0.11.8

Changelog

Sourced from @​scalar/hono-api-reference's changelog.

0.11.8

0.11.7

0.11.6

0.11.5

Commits

Updates hono from 4.12.26 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

Commits

Updates pdfjs-dist from 6.0.227 to 6.1.200

Release notes

Sourced from pdfjs-dist's releases.

v6.1.200

This release contains improvements for annotation rendering, annotation editing, font conversion, image conversion, merging files, SMask rendering and the viewer.

Changes since v6.0.227

... (truncated)

Commits
  • 6353ace Merge pull request #21508 from Snuffleupagus/optional-chaining-not-length
  • b7b3a4c Use more optional chaining in the src/ and web/ folders
  • 8bdd159 Merge pull request #21505 from Snuffleupagus/StructTreeRoot-rm-init
  • 195226e Merge pull request #21500 from calixteman/bug2050191
  • d852613 Merge pull request #21487 from calixteman/issue17333
  • 8232440 Inline the init method in the StructTreeRoot constructor
  • 86ffd68 Merge pull request #21504 from nicolo-ribaudo/move-selection-styles
  • 5d81fe5 Move SVG text selection styles to pdf_viewer.css
  • a1953e7 Merge pull request #21502 from Snuffleupagus/issue17906-test-forms
  • beb332a Change issue17906 to test "forms" rendering
  • Additional commits viewable in compare view

Updates @types/node from 25.9.3 to 26.1.0

Commits

Updates knip from 6.17.1 to 6.24.0

Release notes

Sourced from knip's releases.

Release 6.24.0

  • chore: update year in license (#1833) (32bc844dfd3895884b11fea5ef94bf3fa1974946) - thanks @​trueberryless!
  • ci: pin github actions (#1835) (82a8d0913105a637e9eeccfe3b785be90c873e2a) - thanks @​trueberryless!
  • Assume Node 24+/Bun and remove compilation step (d9ef038429bec06c37fdb520e5c7353c8cae6ce7)
  • Don't report working-directory scripts as unlisted binaries (resolve #1834) (aea7923438f0a8f459458578526f358b02497f77)
  • Add pnpm run lint to CI workflow (ec9aa1cabb58c97b8ecc4815e6cdd6421fe2a89e)
  • feat: add settings for Zed editor to use oxlint and oxfmt (#1836) (111f2e0a17999e3ffdf4c097cd42ba08acd48508) - thanks @​trueberryless!
  • fix: remove format_on_save: true settings from Zed settings to respect user settings (#1838) (dc2a64043035d426eb99a9d1e0eb873d02a09e7d) - thanks @​trueberryless!
  • feat: add Renovate for GitHub actions only (#1839) (ffce88c86f95822ee2a7cf8407e987a3ec79b097) - thanks @​trueberryless!
  • Ignore import() in JSDoc examples (#1844) (6f090f90f04e8202700ed68977faa1dc626ff235) - thanks @​cyphercodes!
  • Don't report types used only in module augmentations as unused (resolve #1843) (7901abd3c4b496f212445bff9768efc9548ded61)
  • Restore CI intent (0d739beab2e224385f449d62d6cc7d904107946e)
  • feat: add less, stylus compilers and astro, svelte, vue import resolution (#1845) (5525759f33a5664e4882aebe239e9c17eeb29f92) - thanks @​trueberryless!
  • Don't report built-in compiler dependencies as unused (3c9d4adf369f0064399d9da7b4f11f0467180bf5)
  • feat: add scss handling to stencil plugin (#1846) (acba6b85ab05f70385228872fafea2b08290d0f6) - thanks @​johnjenkins!
  • fix(reporters): always print the issue-type title for a single group (#1848) (cf997b2408cc0814c2d310d1e8c8680340153fa1) - thanks @​morgan-coded!
  • Export Issue, IssueRecords and IssueType types (resolve #1840) (260f19230f42c9dceaac97d55bf34d17902c5b38)
  • Squeeze every bit of perf out around compilers (bb0eeb6e33d050dab736134b5b692a3d6413f358)

Release 6.23.0

  • feat: add customCss to Starlight plugin (#1828) (f85d96f84a47f10c34df95a5246ee1ddefd95db5) - thanks @​trueberryless!
  • fix: enable vite and vitest plugins when vite-plus is found (#1830) (62e97538fca8dff3d152326b114ffc4b7241a0d2) - thanks @​ghostdevv!
  • feat: add support for @​astrojs/markdoc (#1829) (94e2863308947f19f5e759cc12666952c8f683d7) - thanks @​trueberryless!
  • Support nub (resolve #1831) (8a6050e6a92da81d4875f730f852fb7d9252a018)
  • Don't report optimizeDeps and dedupe deps as unlisted (resolve #1832) (849b5ac230e7a8c103b6e1b1e2ddb333d2da3ca0)

Release 6.22.0

  • Support XO v1+ (#1819) (1dffe368b5c336d190e358ab4c2e2240e3d50e26) - thanks @​patrik-csak!
  • feat: detect execaNode scripts in execa visitor (#1824) (5095ae1ccd0ceb083d4434e827443f03ba19a1ff) - thanks @​gwagjiug!
  • Skip optional peerDeps referenced only via a host (resolve #1823) (7759a9894f2ac1d9425cf682e1e3c400f0976080)
  • docs: update npmjs.com links to npmx.dev (#1826) (11fe8bd248c839c6eeb95b06c8204c25294e0adb) - thanks @​serhalp!
  • docs: fix semi-broken link to DEVELOPMENT.md in CONTRIBUTING.md (#1827) (a5302b2466be1294633b1f40e86ca81a00605293) - thanks @​serhalp!
  • feat: add support for Lunaria (#1825) (3e1b8212086dfae26fa7f368f245285ec82af14d) - thanks @​trueberryless!
  • Fix lint issues (76c92e2328a94257afead6ae497a747a9e2944ea)

Release 6.21.0

  • Detect Vite config dependencies (resolve #1721) (8754c43368112922c6f80d1f8d1d8ddb6cb29f25)
  • fix: Update timerifyMethods to include resolveFromAST (#1814) (3c8deac3b856def31c16372f85525bf867105132) - thanks @​gwagjiug!
  • Fix crash on null root export in package.json (resolve #1815) (9b8af2b343e1aacae46fedcb155252f56f9bae61)
  • Fix unresolved subpath imports with a colon prefix (resolve #1816) (f89db4192ff7ff6c873828ed19fe40d379566b49)
  • Detect Next.js entry files in subdirectory (resolve #1817) (f32c6ea215dde54a59af7b91fd8bdd2177cc2881)

Release 6.20.0

  • Add raw transfer opt-out (resolve #1813) (6f08c680ac4acd6edf0806ba3c1c5c8f7bca24cd)
  • Fix cached plugin config cycles (resolve #1811) (2bc2f2420ca71db1ae70846626c6152896d270ee)

Release 6.19.0

  • feat: support new optional sveltekit config pattern via vite config (#1810) (3fee8bf608e0862d7bcdd1377cfb859a9185f17d) - thanks @​fubits1!
  • Optimize hot path string scanning (e30cfe796423e3ecd9adff42291f3c4de6604d2b)
  • Update astro snapshot (71e71a71b888a1b8034d4438635e94831d62b330)

... (truncated)

Commits
  • 2979803 Release knip@6.24.0
  • bb0eeb6 Squeeze every bit of perf out around compilers
  • 260f192 Export Issue, IssueRecords and IssueType types (resolve #1840)
  • cf997b2 fix(reporters): always print the issue-type title for a single group (#1848)
  • acba6b8 feat: add scss handling to stencil plugin (#1846)
  • 3c9d4ad Don't report built-in compiler dependencies as unused
  • 5525759 feat: add less, stylus compilers and astro, svelte, vue import resolution (#1...
  • 7901abd Don't report types used only in module augmentations as unused (resolve #1843)
  • 6f090f9 Ignore import() in JSDoc examples (#1844)
  • aea7923 Don't report working-directory scripts as unlisted binaries (resolve #1834)
  • Additional commits viewable in compare view

Updates tsx from 4.22.4 to 4.22.5

Release notes

Sourced from tsx's releases.

v4.22.5

4.22.5 (2026-07-02)

Bug Fixes

  • isolate hook state per async module.register() registration (a305f36)

This release is also available on:

Commits
  • a305f36 fix: isolate hook state per async module.register() registration
  • ca501a9 chore: upgrade skills-npm to v1.2.0
  • 596cd1f test: cover __dirname, __filename, & require.cache in CJS TS file
  • 75d9bf0 test: lock in lenient ESM for ambiguous and CJS-typed packages
  • 1472f3e test: cover ESM-syntax dependency with omitted "type" field
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…y with 9 updates

Bumps the typescript-runtime-deps group with 9 updates in the /runtimes/typescript directory:

| Package | From | To |
| --- | --- | --- |
| [@hono/node-server](https://github.com/honojs/node-server) | `2.0.5` | `2.0.8` |
| [@langchain/core](https://github.com/langchain-ai/langchainjs) | `1.2.0` | `1.2.1` |
| [@langchain/openai](https://github.com/langchain-ai/langchainjs) | `1.5.1` | `1.5.3` |
| [@scalar/hono-api-reference](https://github.com/scalar/scalar/tree/HEAD/integrations/hono) | `0.11.4` | `0.11.8` |
| [hono](https://github.com/honojs/hono) | `4.12.26` | `4.12.27` |
| [pdfjs-dist](https://github.com/mozilla/pdf.js) | `6.0.227` | `6.1.200` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.3` | `26.1.0` |
| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `6.17.1` | `6.24.0` |
| [tsx](https://github.com/privatenumber/tsx) | `4.22.4` | `4.22.5` |



Updates `@hono/node-server` from 2.0.5 to 2.0.8
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v2.0.5...v2.0.8)

Updates `@langchain/core` from 1.2.0 to 1.2.1
- [Release notes](https://github.com/langchain-ai/langchainjs/releases)
- [Commits](https://github.com/langchain-ai/langchainjs/compare/@langchain/core@1.2.0...@langchain/core@1.2.1)

Updates `@langchain/openai` from 1.5.1 to 1.5.3
- [Release notes](https://github.com/langchain-ai/langchainjs/releases)
- [Commits](https://github.com/langchain-ai/langchainjs/compare/@langchain/openai@1.5.1...@langchain/openai@1.5.3)

Updates `@scalar/hono-api-reference` from 0.11.4 to 0.11.8
- [Release notes](https://github.com/scalar/scalar/releases)
- [Changelog](https://github.com/scalar/scalar/blob/main/integrations/hono/CHANGELOG.md)
- [Commits](https://github.com/scalar/scalar/commits/HEAD/integrations/hono)

Updates `hono` from 4.12.26 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.26...v4.12.27)

Updates `pdfjs-dist` from 6.0.227 to 6.1.200
- [Release notes](https://github.com/mozilla/pdf.js/releases)
- [Commits](mozilla/pdf.js@v6.0.227...v6.1.200)

Updates `@types/node` from 25.9.3 to 26.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `knip` from 6.17.1 to 6.24.0
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.24.0/packages/knip)

Updates `tsx` from 4.22.4 to 4.22.5
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.22.4...v4.22.5)

---
updated-dependencies:
- dependency-name: "@hono/node-server"
  dependency-version: 2.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: typescript-runtime-deps
- dependency-name: "@langchain/core"
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: typescript-runtime-deps
- dependency-name: "@langchain/openai"
  dependency-version: 1.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: typescript-runtime-deps
- dependency-name: "@scalar/hono-api-reference"
  dependency-version: 0.11.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: typescript-runtime-deps
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: typescript-runtime-deps
- dependency-name: pdfjs-dist
  dependency-version: 6.1.200
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: typescript-runtime-deps
- dependency-name: "@types/node"
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: typescript-runtime-deps
- dependency-name: knip
  dependency-version: 6.24.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: typescript-runtime-deps
- dependency-name: tsx
  dependency-version: 4.22.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: typescript-runtime-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@erichare erichare merged commit ad40c4a into main Jul 2, 2026
10 checks passed
@erichare erichare deleted the dependabot/npm_and_yarn/runtimes/typescript/typescript-runtime-deps-64a9a6b679 branch July 2, 2026 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant