chore(deps)(deps): bump the production-minor-and-patch group across 1 directory with 7 updates

[dependabot]

Bumps the production-minor-and-patch group with 7 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.94.0	0.102.0
@browserbasehq/stagehand	3.3.0	3.5.0
axe-core	4.11.4	4.12.0
better-sqlite3	12.9.0	12.10.0
playwright	1.59.1	1.60.0
playwright-core	1.59.1	1.60.0
yaml	2.8.4	2.9.0

Updates @anthropic-ai/sdk from 0.94.0 to 0.102.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.102.0

0.102.0 (2026-06-06)

Full Changelog: sdk-v0.101.0...sdk-v0.102.0

Features

• api: small updates to Managed Agents types (8ba4f92)

Bug Fixes

• client: run middleware before request signing (#45) (95f1a4a)

sdk: v0.101.0

0.101.0 (2026-06-05)

Full Changelog: sdk-v0.100.1...sdk-v0.101.0

Features

• client: add support for middleware (9b01120)

Bug Fixes

• apply request timeout to inner fetch only, not middleware chain (#40) (25c13f6)
• streaming: carry stop_details through beta message_delta accumulation (ed3fec7)
• streaming: correctly parse json numbers with scientific notation (#9) (7d5e642)

Chores

• internal: fix artifact url (925ec27)
• internal: fix branch names (fa3cf2c)
• internal: update private repo name (a8ac213)

Documentation

• point security reports to Anthropic's HackerOne program (#16) (5c7912c)

sdk: v0.100.1

0.100.1 (2026-05-29)

Full Changelog: sdk-v0.100.0...sdk-v0.100.1

Bug Fixes

• streaming: carry encrypted_content on beta compaction blocks (#1025) (eccddf3)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.102.0 (2026-06-06)

Full Changelog: sdk-v0.101.0...sdk-v0.102.0

Features

• api: small updates to Managed Agents types (8ba4f92)

Bug Fixes

• client: run middleware before request signing (#45) (95f1a4a)

0.101.0 (2026-06-05)

Full Changelog: sdk-v0.100.1...sdk-v0.101.0

Features

• client: add support for middleware (9b01120)

Bug Fixes

• apply request timeout to inner fetch only, not middleware chain (#40) (25c13f6)
• streaming: carry stop_details through beta message_delta accumulation (ed3fec7)
• streaming: correctly parse json numbers with scientific notation (#9) (7d5e642)

Chores

• internal: fix artifact url (925ec27)
• internal: fix branch names (fa3cf2c)
• internal: update private repo name (a8ac213)

Documentation

• point security reports to Anthropic's HackerOne program (#16) (5c7912c)

0.100.1 (2026-05-29)

Full Changelog: sdk-v0.100.0...sdk-v0.100.1

Bug Fixes

• streaming: carry encrypted_content on beta compaction blocks (#1025) (eccddf3)

Chores

... (truncated)

Commits

• f7dfb97 chore: release main
• a3f3c97 feat(api): small updates to Managed Agents types
• a5c98d1 fix(client): run middleware before request signing (#45)
• 185ec06 chore: release main
• fab8910 codegen metadata
• 7ff4036 fix: apply request timeout to inner fetch only, not middleware chain (#40)
• 257bc1f feat(client): add support for middleware
• 5b3ace5 chore(internal): fix artifact url
• 70966be fix(streaming): correctly parse json numbers with scientific notation (#9)
• 7e22f20 docs: point security reports to Anthropic's HackerOne program (#16)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​anthropic-ai/sdk since your current version.

Updates @browserbasehq/stagehand from 3.3.0 to 3.5.0

Release notes

Sourced from @​browserbasehq/stagehand's releases.

@​browserbasehq/stagehand@​3.5.0

Minor Changes

• #2149 6e75725 Thanks @​miguelg719! - Added a screenshot option to extract() that sends the current viewport screenshot with the a11y tree for extraction.

• #2127 78bcde8 Thanks @​seanmcguire12! - Add ignoreDefaultArgs option to selectively remove chrome-launcher's built-in default flags (e.g. --disable-extensions) when running locally

• #2160 49575d6 Thanks @​monadoid! - Forward constructor and request model configuration when initializing API-backed sessions.

• #2171 dc1445d Thanks @​seanmcguire12! - add native clipboard API

Patch Changes

• #2146 3a53ed4 Thanks @​shriyatheunicorn! - Pass local browser launch options through when attaching over CDP so explicit viewport settings are respected.

• #2107 8fc16d2 Thanks @​miguelg719! - Fix Anthropic CUA triple_click action mapping.

• #2118 3e95a87 Thanks @​monadoid! - Add Vertex auth parameters to the core and server API schemas.

• #2126 ebbdcd3 Thanks @​seanmcguire12! - fix(core): import ToolSet from ai public export

• #2120 12703a6 Thanks @​miguelg719! - Fix structuredOutputMode for newer Anthropic models

• #2170 1db5f1c Thanks @​Kylejeong2! - Add Claude Opus 4.8 to the supported CUA model whitelist.

• #2116 cb586a1 Thanks @​seanmcguire12! - include "[selected]" or "[checked]" state in snapshot

• #2129 765861c Thanks @​miguelg719! - Add a backend-selectable v3 evaluator facade while preserving the legacy evaluator path.

• #2157 2cd60a3 Thanks @​miguelg719! - Add verifier trajectory, rubric, and evaluation-result types with normalized public naming.

• #2131 e102a89 Thanks @​miguelg719! - Capture verifier trajectory evidence from agent evidence callbacks for offline scoring.

@​browserbasehq/stagehand@​3.4.0

Minor Changes

• #2084 0641d44 Thanks @​seanmcguire12! - add ignoreSelectors param to extract()

• #2096 a11603d Thanks @​seanmcguire12! - add ignoreSelectors to observe()

Patch Changes

• #2080 21c78b3 Thanks @​miguelg719! - Add variables support to v3 agentExecute API schema and remove experimental requirement

• #2077 f437f73 Thanks @​monadoid! - Fix frame registry handling for OOPIF pages

• #2098 a783b99 Thanks @​seanmcguire12! - bump transitive deps to patched versions

• #2089 8d2f354 Thanks @​shrey150! - Strengthen observe prompts so LLMs return complete encoded element IDs.

... (truncated)

Changelog

Sourced from @​browserbasehq/stagehand's changelog.

3.5.0

Minor Changes

• #2149 6e75725 Thanks @​miguelg719! - Added a screenshot option to extract() that sends the current viewport screenshot with the a11y tree for extraction.

• #2127 78bcde8 Thanks @​seanmcguire12! - Add ignoreDefaultArgs option to selectively remove chrome-launcher's built-in default flags (e.g. --disable-extensions) when running locally

• #2160 49575d6 Thanks @​monadoid! - Forward constructor and request model configuration when initializing API-backed sessions.

• #2171 dc1445d Thanks @​seanmcguire12! - add native clipboard API

Patch Changes

• #2146 3a53ed4 Thanks @​shriyatheunicorn! - Pass local browser launch options through when attaching over CDP so explicit viewport settings are respected.

• #2107 8fc16d2 Thanks @​miguelg719! - Fix Anthropic CUA triple_click action mapping.

• #2118 3e95a87 Thanks @​monadoid! - Add Vertex auth parameters to the core and server API schemas.

• #2126 ebbdcd3 Thanks @​seanmcguire12! - fix(core): import ToolSet from ai public export

• #2120 12703a6 Thanks @​miguelg719! - Fix structuredOutputMode for newer Anthropic models

• #2170 1db5f1c Thanks @​Kylejeong2! - Add Claude Opus 4.8 to the supported CUA model whitelist.

• #2116 cb586a1 Thanks @​seanmcguire12! - include "[selected]" or "[checked]" state in snapshot

• #2129 765861c Thanks @​miguelg719! - Add a backend-selectable v3 evaluator facade while preserving the legacy evaluator path.

• #2157 2cd60a3 Thanks @​miguelg719! - Add verifier trajectory, rubric, and evaluation-result types with normalized public naming.

• #2131 e102a89 Thanks @​miguelg719! - Capture verifier trajectory evidence from agent evidence callbacks for offline scoring.

3.4.0

Minor Changes

• #2084 0641d44 Thanks @​seanmcguire12! - add ignoreSelectors param to extract()

• #2096 a11603d Thanks @​seanmcguire12! - add ignoreSelectors to observe()

Patch Changes

• #2080 21c78b3 Thanks @​miguelg719! - Add variables support to v3 agentExecute API schema and remove experimental requirement

• #2077 f437f73 Thanks @​monadoid! - Fix frame registry handling for OOPIF pages

• #2098 a783b99 Thanks @​seanmcguire12! - bump transitive deps to patched versions

... (truncated)

Commits

• a784d2a Version Packages (#2110)
• 0dd242f [fix]: rm timeout from clipboard APIs (#2183)
• dc1445d [feat]: add clipboard API (#2171)
• 1db5f1c feat: Add Claude Opus 4.8 CUA support (#2170)
• 49575d6 [STG-1756] forward Vertex model config (#2160)
• bf9d449 [chore]: bump ws dep (#2169)
• e102a89 feat(verifier): record agent trajectories (#2131)
• 2cd60a3 feat(verifier): add verifier evaluator shell and types (#2157)
• 765861c feat(verifier): add evaluator backend facade (#2129)
• 6e75725 Add screenshot option to Extract (#2149)
• Additional commits viewable in compare view

Updates axe-core from 4.11.4 to 4.12.0

Release notes

Sourced from axe-core's releases.

Release 4.12.0

In this release you'll find:

1. A new aria-tab-name rule that tests role="tab" elements have an accessible name
2. The landmark-complementary-is-top-level rule is deprecated, as ARIA no longer requires this
3. Preparations for Element Internal support (behind a feature flag)
4. Various other bug fixes for target-size, scrollable-region-focusable, and more

This release can see reveal new issues, as well as close out a few existing ones that might have come from false positives or the now deprecated rule.

Features

• add gather-internals.js external script (#5099) (c61d58b), closes #5080
• aria-allowed/prohibited-attr, aria-required-parent/children: partially support element internals role (#5080) (417b48a), closes #5039 #4259
• axe.externalAPIs: add public api for setting elementInternal data (#5105) (63bab8f)
• core: expose normalizeRunOptions (#4998) (b8e6a59)
• expose axe.resetLocale() to restore the default locale (#5108) (c2b5292), closes #5107
• getRules: include rule enabled state in returned objects (#5118) (75bf772), closes #5116
• list,listitem: support element internals role (#5119) (7d9d696)
• new-rule: check that aria-tab have an accessible name (#5001) (0d4e4e7), closes #4842
• rules: deprecate landmark-complementary-is-top-level rules (#4992) (9e09139), closes #4950
• utils: add getElementInternals function (#5077) (1c15f82)

Bug Fixes

• aria-allowed-attr: restrict br and wbr elements to aria-hidden only (#4974) (c6245e7)
• aria-conditional-attr: add support for radio (#5100) (8223c98)
• aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (0489e30)
• aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (48ca955), closes #4840
• commons/text: exclude natively hidden elements from aria-labelledby accessible name (#5076) (ea7202c), closes #4704
• DqElement: avoid calling constructors with cloneNode (#5013) (0281fa1)
• existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (2067b87)
• helpUrl: ensure axe.configure always updates the help URLs (#5114) (c4f60ff)
• label-content-name-mismatch: match visible text with aria-label and exclude invisible text (#5096) (3a012a1)
• locale: ensure all subtags are correctly set (#5112) (13005ed)
• scrollable-region-focusable: clarify the issue is in safari (#4995) (4ec5211), closes WebKit#190870 WebKit#277290
• scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (838707a)
• target-size: determine offset using clientRects if target is display:inline (#5012) (a4b8091)
• target-size: ignore position: fixed elements that are offscreen when page is scrolled (#5066) (1229a6e), closes #5065
• target-size: ignore widgets that are inline with other inline elements (#5000) (a8dd81b)
• utils/getAncestry: escape node name (#5079) (d1fabaa), closes #5078
• utils: Add null check to parseCrossOriginStylesheet, closes #5074 (#5075) (f12ef32)
• utils: update isShadowRoot to use spec-compliant custom element regex (#5059) (edc6ce2), closes #5030

Changelog

Sourced from axe-core's changelog.

4.12.0 (2026-06-01)

Features

• add gather-internals.js external script (#5099) (c61d58b), closes #5080
• aria-allowed/prohibited-attr, aria-required-parent/children: partially support element internals role (#5080) (417b48a), closes #5039 #4259
• axe.externalAPIs: add public api for setting elementInternal data (#5105) (63bab8f)
• core: expose normalizeRunOptions (#4998) (b8e6a59)
• expose axe.resetLocale() to restore the default locale (#5108) (c2b5292), closes #5107
• getRules: include rule enabled state in returned objects (#5118) (75bf772), closes #5116
• list,listitem: support element internals role (#5119) (7d9d696)
• new-rule: check that aria-tab have an accessible name (#5001) (0d4e4e7), closes #4842
• rules: deprecate landmark-complementary-is-top-level rules (#4992) (9e09139), closes #4950
• utils: add getElementInternals function (#5077) (1c15f82)

Bug Fixes

• aria-allowed-attr: restrict br and wbr elements to aria-hidden only (#4974) (c6245e7)
• aria-conditional-attr: add support for radio (#5100) (8223c98)
• aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (0489e30)
• aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (48ca955), closes #4840
• commons/text: exclude natively hidden elements from aria-labelledby accessible name (#5076) (ea7202c), closes #4704
• DqElement: avoid calling constructors with cloneNode (#5013) (0281fa1)
• existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (2067b87)
• helpUrl: ensure axe.configure always updates the help URLs (#5114) (c4f60ff)
• label-content-name-mismatch: match visible text with aria-label and exclude invisible text (#5096) (3a012a1)
• locale: ensure all subtags are correctly set (#5112) (13005ed)
• scrollable-region-focusable: clarify the issue is in safari (#4995) (4ec5211), closes WebKit#190870 WebKit#277290
• scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (838707a)
• target-size: determine offset using clientRects if target is display:inline (#5012) (a4b8091)
• target-size: ignore position: fixed elements that are offscreen when page is scrolled (#5066) (1229a6e), closes #5065
• target-size: ignore widgets that are inline with other inline elements (#5000) (a8dd81b)
• utils/getAncestry: escape node name (#5079) (d1fabaa), closes #5078
• utils: Add null check to parseCrossOriginStylesheet, closes #5074 (#5075) (f12ef32)
• utils: update isShadowRoot to use spec-compliant custom element regex (#5059) (edc6ce2), closes #5030

Commits

• e260c7e ci: continue-on-error for text_examples (#5124)
• 90e6c45 ci: continue-on-error for text_examples
• 0016ef9 chore(release): v4.12.0 (#5122)
• 1e9df5a chore(release): 4.12.0
• 75bf772 feat(getRules): include rule enabled state in returned objects (#5118)
• c621011 docs(check-options): fix duplicate "the" (passLength/failLength rows) (#5113)
• f12ef32 fix(utils): Add null check to parseCrossOriginStylesheet, closes #5074 (#5075)
• 7d9d696 feat(list,listitem): support element internals role (#5119)
• c01a37d ci: ignore gather-internals.js from import deploy validation (#5110)
• edc6ce2 fix(utils): update isShadowRoot to use spec-compliant custom element regex (#...
• Additional commits viewable in compare view

Updates better-sqlite3 from 12.9.0 to 12.10.0

Release notes

Sourced from better-sqlite3's releases.

v12.10.0

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in WiseLibs/better-sqlite3#1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in WiseLibs/better-sqlite3#1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1470
• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447
• Add support for electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1466

New Contributors

• @​Maxime-J made their first contribution in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

Commits

• d8885f9 12.10.0
• 3f89324 Temporarily rollback support for Electron v42 prebuilds (#1470)
• a640028 Add support for Node.js v26 prebuilds and remove EOL builds (#1468)
• a69f03c Update SQLite to version 3.53.1 (#1467)
• d116f32 12.9.1
• 04d9b65 Add support for electron v42 prebuilds (#1466)
• ef7d940 Enable percentile functions (#1447)
• See full diff in compare view

Updates playwright from 1.59.1 to 1.60.0

Release notes

Sourced from playwright's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits

• 87bb9dd cherry-pick(#40747): fix(yauzl): vendor yauzl with destroy-lifecycle fix
• 9a9c51c cherry-pick(#40733): chore(electron): revert #40184 (move Electron API to a s...
• 4b3b628 cherry-pick(#40736): Revert "feat(electron): add timeout option to electronAp...
• f869f96 chore: bump version to v1.60.0 (#40714)
• 7eb6918 cherry-pick(#40710): docs: release notes v1.60
• 118d2aa cherry-pick(#40693): chore(python): formdata path type
• 54012f5 chore(deps): bump ip-address and express-rate-limit (#40680)
• 9fa531d fix(screencast): unblock frame ack when an async client disconnects (#40674)
• 3649db5 chore(mcp): bump default extension protocol to v2 (#40678)
• bb6c009 chore(extension): mark 0.2.1 (#40679)
• Additional commits viewable in compare view

Updates playwright-core from 1.59.1 to 1.60.0

Release notes

Sourced from playwright-core's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the sh...
Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.