Sourced from @​ai-sdk/react's releases.

@​ai-sdk/react@​3.0.205

Patch Changes

• Updated dependencies [bfa5864]
• Updated dependencies [f42aa79]
• Updated dependencies [5291f7e]
• Updated dependencies [b4b575a]
  • @​ai-sdk/provider-utils@​4.0.29
  • [email protected]

• See full diff in compare view

This version was pushed to npm by GitHub Actions, a new releaser for @​ai-sdk/react since your current version.

Sourced from @​openrouter/ai-sdk-provider's releases.

2.9.1

What's Changed

• fix: send null content for tool-only assistant messages by @​robert-j-y in OpenRouterTeam/ai-sdk-provider#506
• Version Packages by @​github-actions[bot] in OpenRouterTeam/ai-sdk-provider#507

Full Changelog: OpenRouterTeam/ai-sdk-provider@2.9.0...2.9.1

2.9.0

What's Changed

• fix: allow query strings and fragments in image URL regex (#484) by @​robert-j-y in OpenRouterTeam/ai-sdk-provider#485
• fix: allow opting out of response_format strict mode (#483) by @​robert-j-y in OpenRouterTeam/ai-sdk-provider#486
• fix: stop emitting duplicate tool-call events on trailing-whitespace deltas by @​0age in OpenRouterTeam/ai-sdk-provider#489
• Version Packages by @​github-actions[bot] in OpenRouterTeam/ai-sdk-provider#490

New Contributors

• @​0age made their first contribution in OpenRouterTeam/ai-sdk-provider#489

Full Changelog: OpenRouterTeam/ai-sdk-provider@2.8.1...2.9.0

2.8.1

What's Changed

• fix: preserve empty reasoning_details arrays in multi-turn conversations by @​louisgv in OpenRouterTeam/ai-sdk-provider#487
• Version Packages by @​github-actions[bot] in OpenRouterTeam/ai-sdk-provider#488

Full Changelog: OpenRouterTeam/ai-sdk-provider@2.8.0...2.8.1

Sourced from @​openrouter/ai-sdk-provider's changelog.

2.9.1

Patch Changes

• #506 e9cff3a Thanks @​robert-j-y! - Send content: null instead of content: "" for assistant messages that contain only tool calls. Fixes AWS Bedrock Nova rejecting requests with "The text field in the ContentBlock object is blank."

2.9.0

Minor Changes

• #486 82e8014 Thanks @​robert-j-y! - Add structuredOutputs.strict setting to opt out of response_format.json_schema.strict (issue #483).

  Previously the SDK hardcoded strict: true whenever a JSON schema response format was used, which made it impossible to route requests to providers that don't advertise support for strict json_schema. Models like moonshotai/kimi-k2.6 (routed through Parasail/Venice/Io Net) returned HTTP 404 "No endpoints available matching your guardrail restrictions and data policy" because the strict flag eliminated every eligible endpoint.

  Users can now opt out per-model:

  const model = openrouter.chat("moonshotai/kimi-k2.6", {
    structuredOutputs: { strict: false },
  });

  The default remains strict: true for backward compatibility.

Patch Changes

• #485 bf664b1 Thanks @​robert-j-y! - Fix supportedUrls['image/*'] regex to accept image URLs with query strings or fragments (e.g. https://cdn.example.com/photo.png?height=200, .../photo.webp#frag). Previously the $ anchor on the extension caused such URLs to be treated as unsupported, forcing the AI SDK runtime to download and base64-inline them, which bloated conversation history and inflated token usage.

• #489 bb2d4cb Thanks @​0age! - fix: stop emitting duplicate tool-call events when a trailing-whitespace argument delta arrives after a complete tool call

  In the streaming chat handler, the merge-into-existing-tool-call path enqueues a tool-call stream event whenever the accumulated function.arguments is parsable JSON. Because JSON.parse accepts trailing whitespace, any subsequent argument delta for the same tool-call index (e.g. a stray space, newline, or closing-token chunk) leaves the arguments parsable and would re-trigger the emit, producing a second tool-call event with the same toolCallId. Downstream tool runners (e.g. Vercel AI SDK streamText) then execute the tool twice. Observed in production with moonshotai/kimi-k2.6 via OpenRouter, where the user-visible effect was every outbound message being delivered twice.

  src/chat/index.ts:

  • Merge-path tool-call emit is now gated on !toolCall.sent, mirroring the new-path behavior. The sent flag was already being set after the first emit but was never read on this path.

  src/chat/index.test.ts:

  • Adds a regression test that streams a complete tool call followed by a trailing-whitespace-only argument delta for the same index and asserts exactly one tool-call event is emitted.

2.8.1

Patch Changes

• #487 4588197 Thanks @​louisgv! - fix: preserve empty reasoning_details arrays in multi-turn conversations

  Some providers (notably DeepSeek V4 in thinking mode) return reasoning_details: [] on turns where they produced no visible reasoning tokens. They require this empty array to be sent back in subsequent requests to maintain conversation state; omitting it causes 4xx errors on follow-up turns.

... (truncated)

• 07a98d6 Version Packages (#507)
• e9cff3a fix: send null content for tool-only assistant messages (#506)
• 5cef3c5 Version Packages (#490)
• bb2d4cb fix: stop emitting duplicate tool-call events on trailing-whitespace deltas (...
• 82e8014 fix: allow opting out of response_format strict mode (#483) (#486)
• bf664b1 fix: allow query strings and fragments in image URL regex (#484) (#485)
• 310ba3d Version Packages (#488)
• 4588197 fix: preserve empty reasoning_details arrays in multi-turn conversations (#487)
• See full diff in compare view

Sourced from @​radix-ui/react-presence's changelog.

1.1.6

• Fixed a "Maximum update depth exceeded" infinite loop in React 19 that could occur when Presence was given a child with an unstable ref.
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/[email protected]

• See full diff in compare view

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-presence since your current version.

Sourced from ai's releases.

[email protected]

Patch Changes

• Updated dependencies [c5d4716]
  • @​ai-sdk/gateway@​3.0.130

[email protected]

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

Sourced from ai's changelog.

6.0.204

Patch Changes

• Updated dependencies [c5d4716]
  • @​ai-sdk/gateway@​3.0.130

6.0.203

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

6.0.202

Patch Changes

• 942f2f8: fix(security): re-validate tool approvals from client message history before execution

  The approval-replay path in generateText/streamText reconstructed approved tool calls from the client-supplied messages array and executed them without re-validating input against the tool's schema or re-checking that the tool actually requires approval. A client could forge an assistant message with a pre-approved tool-call part and have the server execute a tool with attacker-chosen arguments.

  The replay path now verifies the HMAC signature (when experimental_toolApprovalSecret is configured), re-validates tool-call input against the tool's input schema, and re-resolves whether the tool requires approval before execution.

• Updated dependencies [942f2f8]

  • @​ai-sdk/provider-utils@​4.0.28
  • @​ai-sdk/gateway@​3.0.128

6.0.201

... (truncated)

• 63b3f60 Version Packages (#16086)
• bae9bab Version Packages (#16026)
• b4b575a Backport: fix(ai): redact server error details from UI message streams by def...
• f42aa79 Backport: fix(provider-utils,ai): harden download SSRF guard against hostname...
• 5291f7e Backport: fix: Harden stream text processing and middleware against prototype...
• 9ef2c3c Version Packages (#15998)
• 942f2f8 Backport: fix(security): harden tool approval replay path against client-forg...
• dca8c38 Version Packages (#15992)
• 0c8c0ed Backport: fix(ai): return schema-transformed elements in array output mode (#...
• a340536 Version Packages (#15965)
• Additional commits viewable in compare view

This version was pushed to npm by GitHub Actions, a new releaser for ai since your current version.

Sourced from framer-motion's changelog.

[12.40.0] 2026-05-21

Added

• path option to transition.
• arc() for motion along an arc.

[12.39.0] 2026-05-18

Added

• Support for repeatType and repeatDelay in animation sequences.

Fixed

• Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.
• Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so dragSnapToOrigin no longer leaves the drag transform stranded after a layout swap.
• LazyMotion: Share React contexts between the framer-motion and framer-motion/m (and therefore motion/react and motion/react-m) CJS bundles so that <m.div> from the /m subpath picks up features loaded by <LazyMotion> from the main entry point.
• useScroll: Support hydrating target and container refs from anywhere in the tree.
• Drag: Gesture no longer starts from incorrect start point when rendered inside <AnimatePresence initial={false} />.
• Drag: dragConstraints, when set as viewport-relative ref, no longer break on scroll.§
• Updated visualElement hydration order.
• useAnimate: Now respects skipAnimations.
• AnimatePresence: Fix object-form initial values not applied on re-entry after exit completes.
• scroll: Fixed callback progress when tracking an element.
• useScroll: Fix hardware acceleration when tracking an element.

• 38ebb94 v12.40.0
• b1f766c Latest
• bca5544 Merge pull request #3699 from motiondivision/lochie/arcs-injectable
• f1a96cf arc(): rename amp/rotate, expose MotionPath, fix explicit cw/ccw
• b4aaba0 pathRotation: non-destructive orientToPath rotation channel
• 8604ef3 Make arcs injectable via transition.path = arc()
• f90fe29 add orientToPath
• 9ebe999 fix: test
• bc2107e Revert "no should"
• 6eeb92d no should
• Additional commits viewable in compare view

Sourced from fumadocs-core's releases.

[email protected]

Patch Changes

• 7e9548b: Fix infinite re-render where (1) a React transition is triggered, (2) the search dialog is inside <Suspense />. This causes the loading state to be false even after setLoading(true), as transition will freeze state updates, and break the render-time state checks of useDocsSearch().
• 0997dd6: Deprecate type: "xxx" usage of useDocsSearch(), pass the client object instead. The allows a smaller bundle size with improved performance.
• 71d58b8: Add $infer to content loader instance for easier type inference.

[email protected]

No release notes provided.

[email protected]

Patch Changes

• 9b9545f: Add package issue tracker metadata.

[email protected]

Patch Changes

• 42f0255: Support invalidate & revalidate on dynamic loader
• a807798: Improve source API utils & types

[email protected]

Patch Changes

• e77b9b3: Introduce pagesIndex property to explicitly define the index page for folder
• 334c8fd: [i18n] support different orders of preset() calls

[email protected]

Patch Changes

• 768b676: Standardize structuredData in page data

[email protected]

Patch Changes

• 1dc86c7: loosen the range for waku

[email protected]

Patch Changes

• 062beab: fix internal types
• 505cfe0: Add remark-block-id plugin

[email protected]

No release notes provided.

[email protected]

No release notes provided.

[email protected]

... (truncated)

• See full diff in compare view

Sourced from fumadocs-ui's releases.

[email protected]

Patch Changes

• e977acf: Change the TOC variants

  The "clerk" TOC variant will revert to the original Clerk-like style, the redesigned TOC (the one you see on official docs) will be the new default.

• 0997dd6: Deprecate type: "xxx" usage of useDocsSearch(), pass the client object instead. The allows a smaller bundle size with improved performance.

• Updated dependencies [7e9548b]

• Updated dependencies [0997dd6]

• Updated dependencies [71d58b8]

  • [email protected]

[email protected]

Patch Changes

• 5017289: Use stable fuma-translate
• 7a77722: fix display name of languages
  • [email protected]

[email protected]

Minor Changes

• 779efff: Introduce new translations API

  It is now powered by fuma-translate. Be careful: while the API surface is same, some translation keys are changed, unused labels will be ignored.

Patch Changes

• 0cc1fac: Make uiTranslations() optional for translations API
• Updated dependencies [9b9545f]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies [42f0255]
• Updated dependencies [a807798]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies [e77b9b3]
• Updated dependencies [334c8fd]
  • [email protected]

[email protected]

Patch Changes

... (truncated)

• See full diff in compare view

Sourced from geist's changelog.

1.7.2

Patch Changes

• a4195ae: Update Geist Pixel webfonts with Google Fonts validation fixes.

  Resyncs the published Geist Pixel static webfonts (Circle, Grid, Line, Square, Triangle) with the source build, picking up the non-visual fixes made for the Google Fonts release (#229): ligature caret anchors (fi, fl, f_i, A_I, U_I), a meta table with ScriptLangTags, line/paragraph separator glyphs and removal of the visible soft hyphen, and 1-unit on-curve point alignment fixes on e, eogonek, and hungarumlautcomb. No visible letterforms change.

1.7.1

Patch Changes

• c8ed578: Fix Geist Mono rendering source-code text with unintended programming ligatures.

  v1.7.0 unintentionally activated programming-ligature substitutions (-->, ==, !=, ..., --, etc.) under the liga (Standard Ligatures) OpenType feature, which is on by default in every renderer. As a result, text like --debug-prerender, [id...], [...id], or NODE_OPTIONS='--debug-prerender' node rendered with ligated glyphs and broke monospace alignment in code.

  The source-level fix is in #217; this release ships the rebuilt binaries.

• 31b2359 Version Packages (#230)
• a4195ae Geist Pixel on Google Fonts (#229)
• 8b8b75f fix(release): sync package.json version and unignore packages/**/package.json...
• 88309a4 Version Packages (#223)
• 6af2e7f ci: harden release workflow (#222)
• c8ed578 chore: add changeset for [email protected] (Mono liga regression fix) (#221)
• a0a06a3 make build
• 855f609 Fix broken link in README.md
• See full diff in compare view

This version was pushed to npm by GitHub Actions, a new releaser for geist since your current version.

Sourced from lucide-react's releases.

Version 1.18.0

What's Changed

• chore(site): Remove survey from site by @​ericfennis in lucide-icons/lucide#4417
• feat(icons): added play-off icon by @​Ahmed-Dghaies in lucide-icons/lucide#4412
• fix(metadata): add missing use-cases prop on play-off.json by @​karsa-mistmere in lucide-icons/lucide#4423
• fix(docs): force hide #bb-banner, if html.has-bb-banner is missing by @​karsa-mistmere in lucide-icons/lucide#4422
• fix(docs): Remove @next from installation instructions for@lucide/svelte by @​alecglassford in lucide-icons/lucide#4432
• feat(packages/angular): add support for Angular v22 and onwards by @​karsa-mistmere in lucide-icons/lucide#4450
• fix(ci): add check to skip release if latest tag was created today by @​ericfennis in lucide-icons/lucide#4085
• feat(icons): added webcam-off icon by @​jordan-burnett in lucide-icons/lucide#4242

New Contributors

• @​alecglassford made their first contribution in lucide-icons/lucide#4432
• @​jordan-burnett made their first contribution in lucide-icons/lucide#4242

Full Changelog: lucide-icons/lucide@1.17.0...1.18.0

Version 1.17.0

What's Changed

• chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove deprecated packages by @​ericfennis in lucide-icons/lucide#4376
• chore(repo): Update issue templates and documentation for package ren… by @​ericfennis in lucide-icons/lucide#4379
• feat(site): Adds survey overlay to website by @​ericfennis in lucide-icons/lucide#4380
• feat(site): Certificate dev links by @​ericfennis in lucide-icons/lucide#4390
• fix(icons): changed martini icon by @​jamiemlaw in lucide-icons/lucide#4335
• chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by @​dependabot[bot] in lucide-icons/lucide#4386
• chore(deps): bump @​tootallnate/once from 2.0.0 to 2.0.1 by @​dependabot[bot] in lucide-icons/lucide#4404
• chore(deps): bump devalue from 5.8.0 to 5.8.1 by @​dependabot[bot] in lucide-icons/lucide#4391
• chore(deps): bump ws from 8.18.0 to 8.20.1 by @​dependabot[bot] in lucide-icons/lucide#4392
• fix(gh-icon): limit icon size to a maximum of 256 pixels by @​jguddas in lucide-icons/lucide#4398
• chore(dependencies): Update dependencies by @​ericfennis in lucide-icons/lucide#4377
• feat(copilot): Adding copilot instructions by @​ericfennis in lucide-icons/lucide#4407
• feat(icons): add globe-check by @​Barakudum in lucide-icons/lucide#4342
• feat(metadata): Require use-cases in meta json by @​ericfennis in lucide-icons/lucide#4321
• feat(icons): added parasol icon by @​karsa-mistmere in lucide-icons/lucide#4347

Full Changelog: lucide-icons/lucide@1.16.0...1.17.0

Version 1.16.0

What's Changed

• feat(icons): added blender icon by @​rrod497 in lucide-icons/lucide#3884

Full Changelog: lucide-icons/lucide@1.15.0...1.16.0

Version 1.15.0

What's Changed

• fix: remove 'less' from brand stopwords by @​jguddas in lucide-icons/lucide#4331
• fix(@​lucide/vue): Clone slots before passing to icon by @​axtho in lucide-icons/lucide#4339
• fix(icons): changed text-cursor icon by @​jamiemlaw in lucide-icons/lucide#4340

... (truncated)

• 07c885e fix(docs): fix zephyr-cloud URL in readmes
• 50d8af5 docs(readme): Update readme files (#4320)
• 653e44b feat(packages): use .mjs for ESM bundles (#4285)
• See full diff in compare view

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Backport documentation fixes for v16.2 (#93804)
• [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
• [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
• [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
• [backport] Encode non-ASCII characters in cache tags at construction (#93918)
• [backport] Fix server action forwarding loop with middleware rewrites (#93919)
• [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
• [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
• [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
• [backport] Propagate adapter preferred regions (#94200)
• [16.2.x] Don't drop FormData entries (#94240)
• [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

• f37fad9 v16.2.9
• d9aaaed [cd] Allow tagging semver-lower releases as @latest if @latest po… (#94627)
• 6f16804 v16.2.8
• 0dbc1d5 [16.2.x][cd] Ensure release can be triggered on old branches (#94598)
• 90e3c81 [16.2.x] Align Actions dependencies with Canary (#94339)
• 83f402c [16.2.x][cd] Stop fetching all tags when searching parent tag (#94334)
• 411c455 v16.2.7
• c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
• 63115c7 [16.2.x] Don't drop FormData entries (#94240)
• aef22fd [backport] Propagate adapter preferred regions (#94200)
• Additional commits viewable in compare view

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• See full diff in compare view

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• See full diff in compare view

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Sourced from zod's releases.

v4.4.3

Commits:

• 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
• 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
• 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
• 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
• 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
• b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
• f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
• 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

• 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
• 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
• 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
• 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
• bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
• cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
• 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
• 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
• 1373c85da9a...

  Description has been truncated

  ---

  
  ^{Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.}