Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Bump the npm_and_yarn group across 2 directories with 4 updates#3

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-e49b384dfe
Open

Bump the npm_and_yarn group across 2 directories with 4 updates#3
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-e49b384dfe

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps the npm_and_yarn group with 4 updates in the / directory: vercel, @modelcontextprotocol/sdk, ai and next.
Bumps the npm_and_yarn group with 4 updates in the /packages/gitbook directory: vercel, @modelcontextprotocol/sdk, ai and next.

Updates vercel from 50.44.0 to 53.2.0

Release notes

Sourced from vercel's releases.

[email protected]

Minor Changes

  • 3898acb: Add vercel firewall command for managing project firewall configuration. Supports custom rules (add, edit, delete, enable, disable, reorder), IP blocking, system bypass rules, attack challenge mode, and system mitigations.

Patch Changes

  • 0cf132c: vercel connex create now accepts a --triggers flag. When passed, the request body includes triggers: { enabled: true } so the server wires webhook triggers into the created client. Without the flag, triggers: { enabled: false } is sent.
  • 1d766af: Let --yes enable the browser recovery flow for vercel connex token even in non-TTY contexts (e.g., coding agents), so a single command can open the browser, poll, and return the token without round-tripping through the agent's chat.
  • dd27e25: Added vercel deploy continue --error to mark manual deployments as failed with an optional error message.
  • 2f2b3f1: Added --filter/-f <NAME> flag to vercel project ls for filtering projects by name (substring match).
  • b2c2541: Avoid resolving the configured default team before unscoped vercel link --yes --project cross-team search, so team-scoped tokens can still link projects they can access.
  • 5f3cf99: Skip SAML-protected ("limited") teams during vercel link's cross-team auto-detect so it no longer forces device-code re-authentication for scopes the user did not explicitly choose. The project is still linked from any accessible team where it's found, and limited scopes remain available through the standard scope picker (selectOrg) or --scope <slug>.
    • @​vercel/python@​6.38.0

[email protected]

Patch Changes

  • 4a5be0b: Fixed vc env update failing when updating sensitive environment variables.
  • 2ffd7bc: Tighten the SdkKey type so plaintext keyValue, tokenValue, and connectionString can no longer appear on list responses. flags sdk-keys ls --json already omitted these via an explicit allowlist; the type split makes the guarantee static. Create-time output from flags sdk-keys add is unaffected.
  • e6cb5bc: Hide --token from help output for commands that don't support it (login, switch).
  • 8a5aa6a: Ensure synthetic SPA fallbacks are merged after builder-produced routes.
  • bab5a60: Handle stale Claude Code Vercel plugin registry entries during plugin migration.
  • Updated dependencies [34e7b09]
  • Updated dependencies [8e29c9c]
  • Updated dependencies [2da36f3]
  • Updated dependencies [fa5f57a]
  • Updated dependencies [97f87f7]
    • @​vercel/next@​4.17.1
    • @​vercel/python@​6.38.0
    • @​vercel/remix-builder@​5.8.1
    • @​vercel/static-build@​2.9.22

[email protected]

Minor Changes

  • 5cf1179: Use services orchestrator for single web services in local dev.

Patch Changes

  • 3aa821e: Allow adding Development Environment Variables on teams that enforce sensitive Environment Variables.

[email protected]

Patch Changes

  • Updated dependencies [f7b5377]
    • @​vercel/node@​5.7.15
    • @​vercel/elysia@​0.1.73
    • @​vercel/express@​0.1.83
    • @​vercel/fastify@​0.1.76

... (truncated)

Changelog

Sourced from vercel's changelog.

53.2.0

Minor Changes

  • 3898acb: Add vercel firewall command for managing project firewall configuration. Supports custom rules (add, edit, delete, enable, disable, reorder), IP blocking, system bypass rules, attack challenge mode, and system mitigations.

Patch Changes

  • 0cf132c: vercel connex create now accepts a --triggers flag. When passed, the request body includes triggers: { enabled: true } so the server wires webhook triggers into the created client. Without the flag, triggers: { enabled: false } is sent.
  • 1d766af: Let --yes enable the browser recovery flow for vercel connex token even in non-TTY contexts (e.g., coding agents), so a single command can open the browser, poll, and return the token without round-tripping through the agent's chat.
  • dd27e25: Added vercel deploy continue --error to mark manual deployments as failed with an optional error message.
  • 2f2b3f1: Added --filter/-f <NAME> flag to vercel project ls for filtering projects by name (substring match).
  • b2c2541: Avoid resolving the configured default team before unscoped vercel link --yes --project cross-team search, so team-scoped tokens can still link projects they can access.
  • 5f3cf99: Skip SAML-protected ("limited") teams during vercel link's cross-team auto-detect so it no longer forces device-code re-authentication for scopes the user did not explicitly choose. The project is still linked from any accessible team where it's found, and limited scopes remain available through the standard scope picker (selectOrg) or --scope <slug>.
    • @​vercel/python@​6.38.0

53.1.1

Patch Changes

  • 4a5be0b: Fixed vc env update failing when updating sensitive environment variables.
  • 2ffd7bc: Tighten the SdkKey type so plaintext keyValue, tokenValue, and connectionString can no longer appear on list responses. flags sdk-keys ls --json already omitted these via an explicit allowlist; the type split makes the guarantee static. Create-time output from flags sdk-keys add is unaffected.
  • e6cb5bc: Hide --token from help output for commands that don't support it (login, switch).
  • 8a5aa6a: Ensure synthetic SPA fallbacks are merged after builder-produced routes.
  • bab5a60: Handle stale Claude Code Vercel plugin registry entries during plugin migration.
  • Updated dependencies [34e7b09]
  • Updated dependencies [8e29c9c]
  • Updated dependencies [2da36f3]
  • Updated dependencies [fa5f57a]
  • Updated dependencies [97f87f7]
    • @​vercel/next@​4.17.1
    • @​vercel/python@​6.38.0
    • @​vercel/remix-builder@​5.8.1
    • @​vercel/static-build@​2.9.22

53.1.0

Minor Changes

  • 5cf1179: Use services orchestrator for single web services in local dev.

Patch Changes

  • 3aa821e: Allow adding Development Environment Variables on teams that enforce sensitive Environment Variables.

53.0.1

Patch Changes

  • Updated dependencies [f7b5377]

... (truncated)

Commits
  • 23540b5 Version Packages (#16226)
  • b2c2541 fix(cli): avoid default scope lookup during link (#16231)
  • 5f3cf99 Skip limited teams during vercel link auto detect (#16220)
  • 7fc11eb ci: remove redundant build step and fix VITEST_WORKER_ID (#16229)
  • 3f0e9b7 Revert "ci: improve E2E log ergonomics in GitHub Actions" (#16225)
  • 9bf71cc ci: improve E2E log ergonomics in GitHub Actions
  • dd27e25 [cli] Allow continuing a deployment to error (#16203)
  • da93fcc Replace Jest with Vitest across workspace tests (#16215)
  • 0cf132c feat(cli): add --triggers to connex create behind FF_CONNEX_TRIGGERS (#16102)
  • c6b49e4 [ci] Shard vercel CLI unit tests into 7 chunks via VITEST_TEST_FILES (#16208)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vercel since your current version.


Updates @modelcontextprotocol/sdk from 1.17.5 to 1.26.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

... (truncated)

Commits
  • fe9c07b chore: bump version to 1.26.0 (#1479)
  • 4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
  • a05be17 Merge commit from fork
  • 50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
  • aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
  • 6aba065 chore: bump v1.25.3 for backport fixes (#1412)
  • 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
  • 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
  • b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
  • a0c9b13 fix: README badges links destinations (#907)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @​modelcontextprotocol/sdk since your current version.


Updates ai from 4.3.19 to 6.0.176

Release notes

Sourced from ai's releases.

[email protected]

Patch Changes

  • f591416: feat(ai): add toolMetadata for tool specific metdata
  • Updated dependencies [f591416]
    • @​ai-sdk/provider-utils@​4.0.27
    • @​ai-sdk/gateway@​3.0.111
Changelog

Sourced from ai's changelog.

6.0.176

Patch Changes

  • f591416: feat(ai): add toolMetadata for tool specific metdata
  • Updated dependencies [f591416]
    • @​ai-sdk/provider-utils@​4.0.27
    • @​ai-sdk/gateway@​3.0.111

6.0.175

Patch Changes

  • Updated dependencies [9a88b1d]
    • @​ai-sdk/gateway@​3.0.110

6.0.174

Patch Changes

  • Updated dependencies [49f6d44]
    • @​ai-sdk/gateway@​3.0.109

6.0.173

Patch Changes

  • 7beadf0: feat(mcp): propagate the server name through dynamic tool parts
  • Updated dependencies [7beadf0]
    • @​ai-sdk/provider-utils@​4.0.26
    • @​ai-sdk/gateway@​3.0.108

6.0.172

Patch Changes

  • Updated dependencies [982af78]
    • @​ai-sdk/gateway@​3.0.107

6.0.171

Patch Changes

  • 48f842a: fix(ai): enforce callOptionsSchema at runtime in ToolLoopAgent

    ToolLoopAgentSettings.callOptionsSchema was declared and documented as a runtime schema for options, but tool-loop-agent.ts never invoked it. Any invariant a developer encoded in the schema was silently bypassed at runtime, and unchecked options flowed straight into prepareCall and any instructions template that interpolated them.

    ToolLoopAgent.prepareCall now validates caller-supplied options against callOptionsSchema (when set) via safeValidateTypes, throwing InvalidArgumentError on failure before forwarding to prepareCall / generateText / streamText.

  • a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for ai since your current version.


Updates next from 15.4.11 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

Commits
  • 412eb90 v15.5.15
  • cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
  • fffef9e Fix CI for glibc linux builds
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • Additional commits viewable in compare view

Updates vercel from 50.44.0 to 53.2.0

Release notes

Sourced from vercel's releases.

[email protected]

Minor Changes

  • 3898acb: Add vercel firewall command for managing project firewall configuration. Supports custom rules (add, edit, delete, enable, disable, reorder), IP blocking, system bypass rules, attack challenge mode, and system mitigations.

Patch Changes

  • 0cf132c: vercel connex create now accepts a --triggers flag. When passed, the request body includes triggers: { enabled: true } so the server wires webhook triggers into the created client. Without the flag, triggers: { enabled: false } is sent.
  • 1d766af: Let --yes enable the browser recovery flow for vercel connex token even in non-TTY contexts (e.g., coding agents), so a single command can open the browser, poll, and return the token without round-tripping through the agent's chat.
  • dd27e25: Added vercel deploy continue --error to mark manual deployments as failed with an optional error message.
  • 2f2b3f1: Added --filter/-f <NAME> flag to vercel project ls for filtering projects by name (substring match).
  • b2c2541: Avoid resolving the configured default team before unscoped vercel link --yes --project cross-team search, so team-scoped tokens can still link projects they can access.
  • 5f3cf99: Skip SAML-protected ("limited") teams during vercel link's cross-team auto-detect so it no longer forces device-code re-authentication for scopes the user did not explicitly choose. The project is still linked from any accessible team where it's found, and limited scopes remain available through the standard scope picker (selectOrg) or --scope <slug>.
    • @​vercel/python@​6.38.0

[email protected]

Patch Changes

  • 4a5be0b: Fixed vc env update failing when updating sensitive environment variables.
  • 2ffd7bc: Tighten the SdkKey type so plaintext keyValue, tokenValue, and connectionString can no longer appear on list responses. flags sdk-keys ls --json already omitted these via an explicit allowlist; the type split makes the guarantee static. Create-time output from flags sdk-keys add is unaffected.
  • e6cb5bc: Hide --token from help output for commands that don't support it (login, switch).
  • 8a5aa6a: Ensure synthetic SPA fallbacks are merged after builder-produced routes.
  • bab5a60: Handle stale Claude Code Vercel plugin registry entries during plugin migration.
  • Updated dependencies [34e7b09]
  • Updated dependencies [8e29c9c]
  • Updated dependencies [2da36f3]
  • Updated dependencies [fa5f57a]
  • Updated dependencies [97f87f7]
    • @​vercel/next@​4.17.1
    • @​vercel/python@​6.38.0
    • @​vercel/remix-builder@​5.8.1
    • @​vercel/static-build@​2.9.22

[email protected]

Minor Changes

  • 5cf1179: Use services orchestrator for single web services in local dev.

Patch Changes

  • 3aa821e: Allow adding Development Environment Variables on teams that enforce sensitive Environment Variables.

[email protected]

Patch Changes

  • Updated dependencies [f7b5377]
    • @​vercel/node@​5.7.15
    • @​vercel/elysia@​0.1.73
    • @​vercel/express@​0.1.83
    • @​vercel/fastify@​0.1.76

... (truncated)

Changelog

Sourced from vercel's changelog.

53.2.0

Minor Changes

  • 3898acb: Add vercel firewall command for managing project firewall configuration. Supports custom rules (add, edit, delete, enable, disable, reorder), IP blocking, system bypass rules, attack challenge mode, and system mitigations.

Patch Changes

  • 0cf132c: vercel connex create now accepts a --triggers flag. When passed, the request body includes triggers: { enabled: true } so the server wires webhook triggers into the created client. Without the flag, triggers: { enabled: false } is sent.
  • 1d766af: Let --yes enable the browser recovery flow for vercel connex token even in non-TTY contexts (e.g., coding agents), so a single command can open the browser, poll, and return the token without round-tripping through the agent's chat.
  • dd27e25: Added vercel deploy continue --error to mark manual deployments as failed with an optional error message.
  • 2f2b3f1: Added --filter/-f <NAME> flag to vercel project ls for filtering projects by name (substring match).
  • b2c2541: Avoid resolving the configured default team before unscoped vercel link --yes --project cross-team search, so team-scoped tokens can still link projects they can access.
  • 5f3cf99: Skip SAML-protected ("limited") teams during vercel link's cross-team auto-detect so it no longer forces device-code re-authentication for scopes the user did not explicitly choose. The project is still linked from any accessible team where it's found, and limited scopes remain available through the standard scope picker (selectOrg) or --scope <slug>.
    • @​vercel/python@​6.38.0

53.1.1

Patch Changes

  • 4a5be0b: Fixed vc env update failing when updating sensitive environment variables.
  • 2ffd7bc: Tighten the SdkKey type so plaintext keyValue, tokenValue, and connectionString can no longer appear on list responses. flags sdk-keys ls --json already omitted these via an explicit allowlist; the type split makes the guarantee static. Create-time output from flags sdk-keys add is unaffected.
  • e6cb5bc: Hide --token from help output for commands that don't support it (login, switch).
  • 8a5aa6a: Ensure synthetic SPA fallbacks are merged after builder-produced routes.
  • bab5a60: Handle stale Claude Code Vercel plugin registry entries during plugin migration.
  • Updated dependencies [34e7b09]
  • Updated dependencies [8e29c9c]
  • Updated dependencies [2da36f3]
  • Updated dependencies [fa5f57a]
  • Updated dependencies [97f87f7]
    • @​vercel/next@​4.17.1
    • @​vercel/python@​6.38.0
    • @​vercel/remix-builder@​5.8.1
    • @​vercel/static-build@​2.9.22

53.1.0

Minor Changes

  • 5cf1179: Use services orchestrator for single web services in local dev.

Patch Changes

  • 3aa821e: Allow adding Development Environment Variables on teams that enforce sensitive Environment Variables.

53.0.1

Patch Changes

  • Updated dependencies [f7b5377]

... (truncated)

Commits
  • 23540b5 Version Packages (#16226)
  • b2c2541 fix(cli): avoid default scope lookup during link (#16231)
  • 5f3cf99 Skip limited teams during vercel link auto detect (#16220)
  • 7fc11eb ci: remove redundant build step and fix VITEST_WORKER_ID (#16229)
  • 3f0e9b7 Revert "ci: improve E2E log ergonomics in GitHub Actions" (#16225)
  • 9bf71cc ci: improve E2E log ergonomics in GitHub Actions
  • dd27e25 [cli] Allow continuing a deployment to error (#16203)
  • da93fcc Replace Jest with Vitest across workspace tests (#16215)
  • 0cf132c feat(cli): add --triggers to connex create behind FF_CONNEX_TRIGGERS (#16102)
  • c6b49e4 [ci] Shard vercel CLI unit tests into 7 chunks via VITEST_TEST_FILES (#16208)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vercel since your current version.


Updates @modelcontextprotocol/sdk from 1.17.5 to 1.26.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

... (truncated)

Commits
  • fe9c07b chore: bump version to 1.26.0 (#1479)
  • 4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
  • a05be17 Merge commit from fork
  • 50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
  • aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
  • 6aba065 chore: bump v1.25.3 for backport fixes (#1412)
  • 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
  • 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
  • b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
  • a0c9b13 fix: README badges links destinations (#907)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @​modelcontextprotocol/sdk since your current version.


Updates ai from 4.3.19 to 6.0.176

Release notes

Sourced from ai's releases.

[email protected]

Patch Changes

  • f591416: feat(ai): add toolMetadata for tool specific metdata
  • Updated dependencies [f591416]
    • @​ai-sdk/provider-utils@​4.0.27
    • @​ai-sdk/gateway@​3.0.111
Changelog

Sourced from ai's changelog.

6.0.176

Patch Changes

  • f591416: feat(ai): add toolMetadata for tool specific metdata
  • Updated dependencies [f591416]
    • @​ai-sdk/provider-utils@​4.0.27
    • @​ai-sdk/gateway@​3.0.111

6.0.175

Patch Changes

  • Updated dependencies [9a88b1d]
    • @​ai-sdk/gateway@​3.0.110

6.0.174

Patch Changes

  • Updated dependencies [49f6d44]
    • @​ai-sdk/gateway@​3.0.109

6.0.173

Patch Changes

  • 7beadf0: feat(mcp): propagate the server name through dynamic tool parts
  • Updated dependencies [7beadf0]
    • @​ai-sdk/provider-utils@​4.0.26
    • @​ai-sdk/gateway@​3.0.108

6.0.172

Patch Changes

  • Updated dependencies [982af78]
    • @​ai-sdk/gateway@​3.0.107

6.0.171

Patch Changes

  • 48f842a: fix(ai): enforce callOptionsSchema at runtime in ToolLoopAgent

    ToolLoopAgentSettings.callOptionsSchema was declared and documented as a runtime schema for options, but tool-loop-agent.ts never invoked it. Any invariant a developer encoded in the schema was silently bypassed at runtime, and unchecked options flowed straight into prepareCall and any instructions template that interpolated them.

    ToolLoopAgent.prepareCall now validates caller-supplied options against callOptionsSchema (when set) via safeValidateTypes, throwing InvalidArgumentError on failure before forwarding to prepareCall / generateText / streamText.

  • a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for ai since your current version.


Updates next from 15.4.11 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

Commits
  • 412eb90 v15.5.15
  • cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
  • fffef9e Fix CI for glibc linux builds
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 2 directories with 4 updates
5c5be62 
Bumps the npm_and_yarn group with 4 updates in the / directory: [vercel](https://github.com/vercel/vercel/tree/HEAD/packages/cli), [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [ai](https://github.com/vercel/ai/tree/HEAD/packages/ai) and [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 4 updates in the /packages/gitbook directory: [vercel](https://github.com/vercel/vercel/tree/HEAD/packages/cli), [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [ai](https://github.com/vercel/ai/tree/HEAD/packages/ai) and [next](https://github.com/vercel/next.js).


Updates `vercel` from 50.44.0 to 53.2.0
- [Release notes](https://github.com/vercel/vercel/releases)
- [Changelog](https://github.com/vercel/vercel/blob/main/packages/cli/CHANGELOG.md)
- [Commits](https://github.com/vercel/vercel/commits/[email protected]/packages/cli)

Updates `@modelcontextprotocol/sdk` from 1.17.5 to 1.26.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.17.5...v1.26.0)

Updates `ai` from 4.3.19 to 6.0.176
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/[email protected]/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/[email protected]/packages/ai)

Updates `next` from 15.4.11 to 15.5.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.4.11...v15.5.15)

Updates `vercel` from 50.44.0 to 53.2.0
- [Release notes](https://github.com/vercel/vercel/releases)
- [Changelog](https://github.com/vercel/vercel/blob/main/packages/cli/CHANGELOG.md)
- [Commits](https://github.com/vercel/vercel/commits/[email protected]/packages/cli)

Updates `@modelcontextprotocol/sdk` from 1.17.5 to 1.26.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.17.5...v1.26.0)

Updates `ai` from 4.3.19 to 6.0.176
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/[email protected]/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/[email protected]/packages/ai)

Updates `next` from 15.4.11 to 15.5.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.4.11...v15.5.15)

---
updated-dependencies:
- dependency-name: vercel
  dependency-version: 53.2.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.26.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ai
  dependency-version: 6.0.176
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.15
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vercel
  dependency-version: 53.2.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.26.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ai
  dependency-version: 6.0.176
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.15
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 8, 2026
@dependabot dependabot Bot mentioned this pull request May 8, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants