chore(deps)(deps): bump the production-dependencies group with 6 updates

[dependabot]

Bumps the production-dependencies group with 6 updates:

Package	From	To
@aws-sdk/client-s3	3.1009.0	3.1014.0
@aws-sdk/client-ses	3.1009.0	3.1014.0
canvas	3.2.1	3.2.2
csv-parse	6.1.0	6.2.1
jose	6.2.1	6.2.2
next	16.1.6	16.2.1

Updates @aws-sdk/client-s3 from 3.1009.0 to 3.1014.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1014.0

3.1014.0(2026-03-20)

Chores

• xml-builder: bump fast-xml-parser to 5.5.8 (#7876) (80ef6014)
• bump smithy versions (414aa0d1)

Documentation Changes

• client-backup: Fix Typo for S3Backup Options ( S3BackupACLs to BackupACLs) (4d912214)

New Features

• clients: update client endpoints as of 2026-03-20 (6450a12d)
• client-verifiedpermissions: Adds support for Policy Store Aliases, Policy Names, and Policy Template Names. These are customizable identifiers that can be used in place of Policy Store ids, Policy ids, and Policy Template ids respectively in Amazon Verified Permissions APIs. (c8fe1858)
• client-opensearch: Added support for Amazon Managed Service for Prometheus (AMP) as a connected data source in OpenSearch UI. Now users can analyze Prometheus metrics in OpenSearch UI without data copy. (c9bdbb54)
• client-dynamodb: Adding ReplicaArn to ReplicaDescription of a global table replica (51c2c17a)

Tests

• snapshot-testing: fix structure of XML errors from mock service (#7874) (a17511fe)

---

For list of updated packages, view updated-packages.md in assets-3.1014.0.zip

v3.1013.0

3.1013.0(2026-03-19)

Chores

• xml-builder: single-pass XML escape for escapeElement and escapeAttribute (#7833) (97de5649)

New Features

• clients: update client endpoints as of 2026-03-19 (485aa086)
• client-batch: AWS Batch now supports quota management, enabling administrators to allocate shared compute resources across teams and projects through quota shares with capacity limits, resource-sharing strategies, and priority-based preemption - currently available for SageMaker Training job queues. (3e695b9a)
• client-bedrock-agentcore-control: Adds support for the following new features. 1. Enterprise Policies support for AgentCore Browser Tool. 2. Root CA Configuration support for AgentCore Browser Tool and Code Interpreter. (d286f51f)
• client-bedrock-agentcore: This release includes SDK support for the following new features on AgentCore Built In Tools. 1. Enterprise Policies for AgentCore Browser Tool. 2. Root CA Configuration Support for AgentCore Browser Tool and Code Interpreter. 3. API changes to AgentCore Browser Profile APIs (088f0580)
• client-polly: Added bi-directional streaming functionality through a new API, StartSpeechSynthesisStream. This API allows streaming input text through inbound events and receiving audio as part of an output stream simultaneously. (581bf849)
• client-ec2: Amazon EC2 Fleet instant mode now supports launching instances into Interruptible Capacity Reservations, enabling customers to use spare capacity shared by Capacity Reservation owners within their AWS Organization. (5ae4a552)
• client-observabilityadmin: Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new field (f8dcb3a1)

Bug Fixes

• xml-builder: configure maxTotalExpansions on fast-xml-parser (#7868) (2ad14770)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1014.0 (2026-03-20)

Note: Version bump only for package @​aws-sdk/client-s3

3.1013.0 (2026-03-19)

Note: Version bump only for package @​aws-sdk/client-s3

3.1012.0 (2026-03-18)

Note: Version bump only for package @​aws-sdk/client-s3

3.1011.0 (2026-03-17)

Note: Version bump only for package @​aws-sdk/client-s3

3.1010.0 (2026-03-16)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• 577a874 Publish v3.1014.0
• 414aa0d chore: bump smithy versions
• 19ca473 Publish v3.1013.0
• 7f54759 Publish v3.1012.0
• 950b0c2 chore(codegen): smithy-aws-typescript-codegen 0.47.0 (#7854)
• e171694 Publish v3.1011.0
• 2aa1e6c Publish v3.1010.0
• See full diff in compare view

Updates @aws-sdk/client-ses from 3.1009.0 to 3.1014.0

Release notes

Sourced from @​aws-sdk/client-ses's releases.

v3.1014.0

3.1014.0(2026-03-20)

Chores

• xml-builder: bump fast-xml-parser to 5.5.8 (#7876) (80ef6014)
• bump smithy versions (414aa0d1)

Documentation Changes

• client-backup: Fix Typo for S3Backup Options ( S3BackupACLs to BackupACLs) (4d912214)

New Features

• clients: update client endpoints as of 2026-03-20 (6450a12d)
• client-verifiedpermissions: Adds support for Policy Store Aliases, Policy Names, and Policy Template Names. These are customizable identifiers that can be used in place of Policy Store ids, Policy ids, and Policy Template ids respectively in Amazon Verified Permissions APIs. (c8fe1858)
• client-opensearch: Added support for Amazon Managed Service for Prometheus (AMP) as a connected data source in OpenSearch UI. Now users can analyze Prometheus metrics in OpenSearch UI without data copy. (c9bdbb54)
• client-dynamodb: Adding ReplicaArn to ReplicaDescription of a global table replica (51c2c17a)

Tests

• snapshot-testing: fix structure of XML errors from mock service (#7874) (a17511fe)

---

For list of updated packages, view updated-packages.md in assets-3.1014.0.zip

v3.1013.0

3.1013.0(2026-03-19)

Chores

• xml-builder: single-pass XML escape for escapeElement and escapeAttribute (#7833) (97de5649)

New Features

• clients: update client endpoints as of 2026-03-19 (485aa086)
• client-batch: AWS Batch now supports quota management, enabling administrators to allocate shared compute resources across teams and projects through quota shares with capacity limits, resource-sharing strategies, and priority-based preemption - currently available for SageMaker Training job queues. (3e695b9a)
• client-bedrock-agentcore-control: Adds support for the following new features. 1. Enterprise Policies support for AgentCore Browser Tool. 2. Root CA Configuration support for AgentCore Browser Tool and Code Interpreter. (d286f51f)
• client-bedrock-agentcore: This release includes SDK support for the following new features on AgentCore Built In Tools. 1. Enterprise Policies for AgentCore Browser Tool. 2. Root CA Configuration Support for AgentCore Browser Tool and Code Interpreter. 3. API changes to AgentCore Browser Profile APIs (088f0580)
• client-polly: Added bi-directional streaming functionality through a new API, StartSpeechSynthesisStream. This API allows streaming input text through inbound events and receiving audio as part of an output stream simultaneously. (581bf849)
• client-ec2: Amazon EC2 Fleet instant mode now supports launching instances into Interruptible Capacity Reservations, enabling customers to use spare capacity shared by Capacity Reservation owners within their AWS Organization. (5ae4a552)
• client-observabilityadmin: Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new field (f8dcb3a1)

Bug Fixes

• xml-builder: configure maxTotalExpansions on fast-xml-parser (#7868) (2ad14770)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-ses's changelog.

3.1014.0 (2026-03-20)

Note: Version bump only for package @​aws-sdk/client-ses

3.1013.0 (2026-03-19)

Note: Version bump only for package @​aws-sdk/client-ses

3.1012.0 (2026-03-18)

Note: Version bump only for package @​aws-sdk/client-ses

3.1011.0 (2026-03-17)

Note: Version bump only for package @​aws-sdk/client-ses

3.1010.0 (2026-03-16)

Note: Version bump only for package @​aws-sdk/client-ses

Commits

• 577a874 Publish v3.1014.0
• 414aa0d chore: bump smithy versions
• 19ca473 Publish v3.1013.0
• 7f54759 Publish v3.1012.0
• 950b0c2 chore(codegen): smithy-aws-typescript-codegen 0.47.0 (#7854)
• e171694 Publish v3.1011.0
• 2aa1e6c Publish v3.1010.0
• See full diff in compare view

Updates canvas from 3.2.1 to 3.2.2

Release notes

Sourced from canvas's releases.

v3.2.2

Fixed

• Fix dangling env pointer in image MIME data cleanup (#2550)
• Fix ctx.direction not affected by ctx.save and ctx.restore
• Preserve rest of PDF pages when changing width and height (#2538)
• Several security fixes for untrusted inputs to getImageData and putImageData. Thanks to Ethan Kim for the report.

Changelog

Sourced from canvas's changelog.

3.2.2

Fixed

• Fix dangling env pointer in image MIME data cleanup (#2550)
• Fix ctx.direction not affected by ctx.save and ctx.restore
• Preserve rest of PDF pages when changing width and height (#2538)
• Several security fixes for untrusted inputs to getImageData and putImageData. Thanks to Ethan Kim for the report.

Commits

• ac82fa7 v3.2.2
• 103a620 add the last flurry of commits to CHANGELOG
• 7304c7a avoid integer overflow in getImageData
• f9fcc5f avoid integer overflow in putImageData
• 802a8ca avoid integer overflow in new ImageData
• 9d1b478 wrap negative values passed to createImageData
• 779483c bail early when setting zero-length image source
• 22ed2b7 make canvas types unsigned
• 2faab61 keep canvas width and height valid
• 351aacf avoid integer overflow in ensureSurface
• Additional commits viewable in compare view

Updates csv-parse from 6.1.0 to 6.2.1

Changelog

Sourced from csv-parse's changelog.

6.2.1 (2026-03-20)

Bug Fixes

• csv-parse: prototype pollution with objname option (fix #479)

6.2.0 (2026-03-17)

Features

• csv-parse: alig info interfaces with js api
• csv-parse: info bytes_records (fix #446)
• csv-parse: remove non-existing ts function declaration
• csv-parse: remove ts usage of all in error type
• csv-parse: returned type generic for on_record (fix #461 #464 #466) (#468)

Bug Fixes

• csv-parse: delimiter inherited type
• csv-parse: support number columns with cast (fix #477)

Commits

• df244e9 chore(release): publish
• cd17465 fix(csv-parse): prototype pollution with objname option (fix #479)
• bec87d1 chore(release): publish
• 067922f chore: latest dependencies
• cb1a2d9 refactor: tsconfig json format
• 08b85ce build: remove all eslint errors
• 38b3d67 test: convert sample demo script to js
• bd1c611 test: support n 16 test after latest changes
• a068ec0 fix(csv-parse): support number columns with cast (fix #477)
• da7ca03 build: check ts compilation before tests
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for csv-parse since your current version.

Updates jose from 6.2.1 to 6.2.2

Release notes

Sourced from jose's releases.

v6.2.2

Fixes

• reject failed decompression with JWEInvalid error (043b181)

Changelog

Sourced from jose's changelog.

6.2.2 (2026-03-18)

Fixes

• reject failed decompression with JWEInvalid error (043b181)

Commits

• 9c86586 chore(release): 6.2.2
• 4984b5c chore(deps): bump the actions group with 4 updates
• 043b181 fix: reject failed decompression with JWEInvalid error
• 867cc2c chore(deps-dev): bump undici
• f4e20e7 chore(deps-dev): bump tar in the npm_and_yarn group across 1 directory
• d0505bf chore: cleanup after release
• See full diff in compare view

Updates next from 16.1.6 to 16.2.1

Release notes

Sourced from next's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.5

Misc Changes

• docs: use ErrorInfo type consistently in catchError docs: #91744

Credits

Huge thanks to @​devjiwonchoi for helping!

v16.2.1-canary.4

Core Changes

• Fix adapter outputs for dynamic metadata routes: #91680

Misc Changes

• Turbopack: fix webpack loader runner layer: #91727
• [turbopack] Remove incorrect debug_assert in try_read_task_cell: #91699
• Add module count field to module graph tracing spans: #91697
• turbopack-cli: add --persistent-caching flag for filesystem-backed cache: #91657
• Turbopack: pull in updated vercel/nft tests: #91651
• Update Rspack development test manifest: #91695
• [test] Unflake use-node-streams-env-precedence test: #91733
• Update Rspack production test manifest: #91694
• [turbopack] Improve regressed build speed on cross-compiled MUSL: #91477

Credits

Huge thanks to @​ijjk, @​mischnic, @​sokra, @​vercel-release-bot, @​unstubbable, and @​mmastrac for helping!

v16.2.1-canary.3

... (truncated)

Commits

• ed7d2ce v16.2.1
• 3e37bb4 docs: post release amends (#91715)
• a15ec6e docs: fix broken Activity Patterns demo link in preserving UI state guide (#9...
• 600cd2f Fix adapter outputs for dynamic metadata routes (#91680)
• 27886d3 Turbopack: fix webpack loader runner layer (#91727)
• 88fc430 Fix server actions in standalone mode with cacheComponents (#91711)
• 37aed86 turbo-persistence: remove Unmergeable mmap advice (#91713)
• d6195ec Fix layout segment optimization: move app-page imports to server-utility tran...
• 6cb97d6 Turbopack: lazy require metadata and handle TLA (#91705)
• e6b101a [turbopack] Respect {eval:true} in worker_threads constructors (#91666)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dea-map	Ready	Preview	Mar 23, 2026 8:18am