deps(deps): bump the minor-and-patch group with 7 updates

[dependabot]

Bumps the minor-and-patch group with 7 updates:

Package	From	To
@anthropic-ai/sdk	0.90.0	0.96.0
@aws-sdk/client-dynamodb	3.1032.0	3.1049.0
@aws-sdk/lib-dynamodb	3.1032.0	3.1049.0
@clerk/backend	3.2.13	3.4.11
twilio	6.0.0	6.0.2
ws	8.20.0	8.20.1
tsx	4.21.0	4.22.2

Updates @anthropic-ai/sdk from 0.90.0 to 0.96.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.96.0

0.96.0 (2026-05-13)

Full Changelog: sdk-v0.95.2...sdk-v0.96.0

Features

• api: Add BetaManagedAgentsSearchResultBlock types (08f02f3)
• api: Add support for cache diagnostics beta (eafbd6d)

Bug Fixes

• zod: ensure only zod/v4 types are used (#992) (9e08bcc)

Chores

• api: spec updates (27d64ef)

sdk: v0.95.2

0.95.2 (2026-05-11)

Full Changelog: sdk-v0.95.1...sdk-v0.95.2

sdk: v0.95.1

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

• redact api-key headers in debug logs (fad8fee)

sdk: v0.95.0

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

• api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

• api: Adjust webhook configuration (deed3f6)

sdk: v0.94.0

0.94.0 (2026-05-05)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.96.0 (2026-05-13)

Full Changelog: sdk-v0.95.2...sdk-v0.96.0

Features

• api: Add BetaManagedAgentsSearchResultBlock types (08f02f3)
• api: Add support for cache diagnostics beta (eafbd6d)

Bug Fixes

• zod: ensure only zod/v4 types are used (#992) (9e08bcc)

Chores

• api: spec updates (27d64ef)

0.95.2 (2026-05-11)

Full Changelog: sdk-v0.95.1...sdk-v0.95.2

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

• redact api-key headers in debug logs (fad8fee)

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

• api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

• api: Adjust webhook configuration (deed3f6)

0.94.0 (2026-05-05)

Full Changelog: sdk-v0.93.0...sdk-v0.94.0

Features

... (truncated)

Commits

• a53f60d chore: release main
• d1b8d04 feat(api): Add support for cache diagnostics beta
• 8e43bf8 chore(api): spec updates
• 697e4d5 codegen metadata
• cd5801c feat(api): Add BetaManagedAgentsSearchResultBlock types
• dce6bc7 ci: pin GitHub Actions to commit SHAs
• 4eee523 fix(zod): ensure only zod/v4 types are used (#992)
• e3bcdd4 chore: release main
• 08943f1 feat(aws): Add AWS client for Claude Platform on AWS
• 7834ceb ci(release-please): exclude subpackages from root changelog (#991)
• Additional commits viewable in compare view

Updates @aws-sdk/client-dynamodb from 3.1032.0 to 3.1049.0

Release notes

Sourced from @​aws-sdk/client-dynamodb's releases.

v3.1049.0

3.1049.0(2026-05-18)

Documentation Changes

• client-evs: Amazon EVS now supports up to 32 hosts per EVS environment, increasing the previous host limit to allow a larger scale of VMware workload deployments and reduce operational overhead. (34718dc5)

New Features

• clients: update client endpoints as of 2026-05-18 (a5f4e2a2)
• client-ec2: Amazon VPC IP Address Manager (IPAM) now supports tags on IPAM pool allocations, enabling all standard tagging features for allocations including tag-on-create. (0ac6d448)
• client-accessanalyzer: Services manage service-linked analyzers through dedicated APIs - CreateServiceLinkedAnalyzer and DeleteServiceLinkedAnalyzer that separate service-linked specific operations from customer-managed operations. It also shows up in ListAnalyzers and GetAnalyzer responses. (fdfcbe80)
• client-ecs: Amazon ECS now supports Pause lifecycle hooks for service deployments, allowing customers to automatically pause deployments at specified stages and use the new ContinueServiceDeployment API to continue or roll back with confidence. (8437bd6c)
• client-connect: Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. (045e1382)
• client-ivs: Adds support for up to 3 mediaTailorPlaybackConfiguration objects in an ad configuration resource (e7a59d85)
• client-quicksight: Support for dataset enrichment and geo spatial in new data preparation experience (c3036698)

Bug Fixes

• core/protocols: make error namespace removal unconditional in JSON RPC (#8031) (7cee4f27)
• client-sts: update imports to new module locations (#8025) (be183b6d)

---

For list of updated packages, view updated-packages.md in assets-3.1049.0.zip

v3.1048.0

3.1048.0(2026-05-15)

Chores

• packages: update import paths (#8024) (901b75a1)
• codegen:
  • updated import sources for aws-sdk core (#8015) (1af90474)
  • sync for browser bundle fixes (#8022) (eabae7d8)
• core/client: consolidate packages into core/client (#8010) (832d9e76)

New Features

• clients: update client endpoints as of 2026-05-15 (4aa76bd0)
• client-mediapackagev2: This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests (6c8a84d4)
• client-partnercentral-selling: Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution. (d68a75c4)
• client-cloudwatch-logs: Updating the max limit for start query api parameter. (931876e1)

---

For list of updated packages, view updated-packages.md in assets-3.1048.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-dynamodb's changelog.

3.1049.0 (2026-05-18)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1048.0 (2026-05-15)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1047.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1046.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1044.0 (2026-05-06)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1043.0 (2026-05-05)

... (truncated)

Commits

• 04d52f3 Publish v3.1049.0
• 313813d Publish v3.1048.0
• 1af9047 chore(codegen): updated import sources for aws-sdk core (#8015)
• eabae7d chore(codegen): sync for browser bundle fixes (#8022)
• 8edb907 Publish v3.1047.0
• a664335 Publish v3.1046.0
• 9ce20f6 chore(codegen): dependency version bump (#8008)
• acffbf9 chore: update smithy/core imports (#7979)
• b329def Publish v3.1045.0
• 1ccd438 Publish v3.1044.0
• Additional commits viewable in compare view

Updates @aws-sdk/lib-dynamodb from 3.1032.0 to 3.1049.0

Release notes

Sourced from @​aws-sdk/lib-dynamodb's releases.

v3.1049.0

3.1049.0(2026-05-18)

Documentation Changes

• client-evs: Amazon EVS now supports up to 32 hosts per EVS environment, increasing the previous host limit to allow a larger scale of VMware workload deployments and reduce operational overhead. (34718dc5)

New Features

• clients: update client endpoints as of 2026-05-18 (a5f4e2a2)
• client-ec2: Amazon VPC IP Address Manager (IPAM) now supports tags on IPAM pool allocations, enabling all standard tagging features for allocations including tag-on-create. (0ac6d448)
• client-accessanalyzer: Services manage service-linked analyzers through dedicated APIs - CreateServiceLinkedAnalyzer and DeleteServiceLinkedAnalyzer that separate service-linked specific operations from customer-managed operations. It also shows up in ListAnalyzers and GetAnalyzer responses. (fdfcbe80)
• client-ecs: Amazon ECS now supports Pause lifecycle hooks for service deployments, allowing customers to automatically pause deployments at specified stages and use the new ContinueServiceDeployment API to continue or roll back with confidence. (8437bd6c)
• client-connect: Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. (045e1382)
• client-ivs: Adds support for up to 3 mediaTailorPlaybackConfiguration objects in an ad configuration resource (e7a59d85)
• client-quicksight: Support for dataset enrichment and geo spatial in new data preparation experience (c3036698)

Bug Fixes

• core/protocols: make error namespace removal unconditional in JSON RPC (#8031) (7cee4f27)
• client-sts: update imports to new module locations (#8025) (be183b6d)

---

For list of updated packages, view updated-packages.md in assets-3.1049.0.zip

v3.1048.0

3.1048.0(2026-05-15)

Chores

• packages: update import paths (#8024) (901b75a1)
• codegen:
  • updated import sources for aws-sdk core (#8015) (1af90474)
  • sync for browser bundle fixes (#8022) (eabae7d8)
• core/client: consolidate packages into core/client (#8010) (832d9e76)

New Features

• clients: update client endpoints as of 2026-05-15 (4aa76bd0)
• client-mediapackagev2: This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests (6c8a84d4)
• client-partnercentral-selling: Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution. (d68a75c4)
• client-cloudwatch-logs: Updating the max limit for start query api parameter. (931876e1)

---

For list of updated packages, view updated-packages.md in assets-3.1048.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/lib-dynamodb's changelog.

3.1049.0 (2026-05-18)

Note: Version bump only for package @​aws-sdk/lib-dynamodb

3.1048.0 (2026-05-15)

Note: Version bump only for package @​aws-sdk/lib-dynamodb

3.1047.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/lib-dynamodb

3.1046.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/lib-dynamodb

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/lib-dynamodb

3.1044.0 (2026-05-06)

Note: Version bump only for package @​aws-sdk/lib-dynamodb

3.1043.0 (2026-05-05)

... (truncated)

Commits

• 04d52f3 Publish v3.1049.0
• 313813d Publish v3.1048.0
• 1af9047 chore(codegen): updated import sources for aws-sdk core (#8015)
• eabae7d chore(codegen): sync for browser bundle fixes (#8022)
• 8edb907 Publish v3.1047.0
• a664335 Publish v3.1046.0
• 9ce20f6 chore(codegen): dependency version bump (#8008)
• acffbf9 chore: update smithy/core imports (#7979)
• b329def Publish v3.1045.0
• 1ccd438 Publish v3.1044.0
• Additional commits viewable in compare view

Updates @clerk/backend from 3.2.13 to 3.4.11

Release notes

Sourced from @​clerk/backend's releases.

@​clerk/backend@​3.4.11

Patch Changes

• Adds agentTaskId and deprecates taskId to Agent Tasks Create response. (#8013) by @​tmilewski

• Updated dependencies [95f6c2f]:

  • @​clerk/shared@​4.12.2

@​clerk/backend@​3.4.9

Patch Changes

• Updated dependencies [9fa6642, 930047f, b45777c, 5a7225e]:
  • @​clerk/shared@​4.12.0

@​clerk/backend@​3.4.8

Patch Changes

• Fix JWT array audience validation (#8470) by @​jescalan

• Require configured JWT header type. (#8471) by @​jescalan

• Updated dependencies [1a4d7d1, a6916b1, 1084180, 39099b6, 18e0a1a]:

  • @​clerk/shared@​4.11.0

@​clerk/backend@​3.4.7

Patch Changes

• Support min_remaining_ttl_seconds for M2M token creation. (#8513) by @​wobsoriano

  Usage:

  clerkClient.m2m.createToken({
    machineSecretKey: 'ak_xxxxx',
    minRemainingTtlSeconds: 240,
  });

• Add RoleSetJSON, RoleSetItemJSON, and RoleSetMigrationJSON types matching the BAPI OpenAPI schema. Add role_set_key, last_active_at, and missing_member_with_elevated_permissions to OrganizationJSON. (#8502) by @​jacekradko

• Updated dependencies [5cda3ee]:

  • @​clerk/shared@​4.10.2

@​clerk/backend@​3.4.6

Patch Changes

• Fix OAuth consent component and hook related types. (#8483) by @​SarahSoutoul

• Updated dependencies [7a5892f]:

  • @​clerk/shared@​4.10.1

Changelog

Sourced from @​clerk/backend's changelog.

3.4.11

Patch Changes

• Adds agentTaskId and deprecates taskId to Agent Tasks Create response. (#8013) by @​tmilewski

• Updated dependencies [95f6c2f]:

  • @​clerk/shared@​4.12.2

3.4.10

Patch Changes

• Updated dependencies [4fc38a0]:
  • @​clerk/shared@​4.12.1

3.4.9

Patch Changes

• Updated dependencies [9fa6642, 930047f, b45777c, 5a7225e]:
  • @​clerk/shared@​4.12.0

3.4.8

Patch Changes

• Fix JWT array audience validation (#8470) by @​jescalan

• Require configured JWT header type. (#8471) by @​jescalan

• Updated dependencies [1a4d7d1, a6916b1, 1084180, 39099b6, 18e0a1a]:

  • @​clerk/shared@​4.11.0

3.4.7

Patch Changes

• Support min_remaining_ttl_seconds for M2M token creation. (#8513) by @​wobsoriano

  Usage:

  clerkClient.m2m.createToken({
    machineSecretKey: 'ak_xxxxx',
    minRemainingTtlSeconds: 240,
  });

• Add RoleSetJSON, RoleSetItemJSON, and RoleSetMigrationJSON types matching the BAPI OpenAPI schema. Add role_set_key, last_active_at, and missing_member_with_elevated_permissions to OrganizationJSON. (#8502) by @​jacekradko

... (truncated)

Commits

• c0b1f31 ci(repo): Version packages (#8585)
• 3599747 chore(backend): Rename taskId -> agentTaskId (#8013)
• 1d2b972 ci(repo): Version packages (#8565)
• 166733f ci(repo): Version packages (#8555)
• 8a81fb0 ci(repo): Version packages (#8518)
• ee25cf2 fix(backend): Fix JWT array audience validation (#8470)
• 2377305 fix(backend): Require configured JWT header type (#8471)
• ba158ac ci(repo): Version packages (#8501)
• 0ab09a8 chore(backend): Support min remaining ttl for m2m token creation (#8513)
• 6408ab6 feat(backend): add RoleSet JSON types and missing OrganizationJSON fields (#8...
• Additional commits viewable in compare view

Updates twilio from 6.0.0 to 6.0.2

Release notes

Sourced from twilio's releases.

6.0.2

Release Notes

Conversations

• update actions api visibility

Memory

• 2026-05-07

• Content updates:
• include store api

Docs

6.0.1

Release Notes

Twiml

• Set recording_configuration_id attribute to public visibility in <Conference>, <Dial>, <Record> verbs and <Recording> noun

Api

• Add RecordingConfigurationId parameter for CreateCall, CreateCallRecording, CreateConferenceRecording, and CreateParticipant endpoints

Authy

• Changelog

• v1

• Added Authy API v1 under /v1 — initial onboarding of Public API (/v1/protected/*), Device API (/v1/json/*), and Dashboard API (/v1/dashboard/*) behind REST Proxy using transparent proxy mode.

Data-ingress

• 2026-04-21

• Content updates:
• Updated description for CreateDataSync
• Updated description for DeleteCloudAppDataset
• Updated description for DeleteWarehouseDataset

• 2026-04-20

• Minor updates (formatting, metadata)

• 2026-04-17

• updated operationId for dataplane APIs,Minor updates (formatting, metadata)

• 2026-04-15

• libraryVisibility to private

• 2026-04-14

• Added 1 new path(s):
• /v1/DataSyncs/Latest (GetLatestDataSyncs)

Memory

• 2026-04-21

• Content updates:
• Remove Prefer/Async-Operation headers

• 2026-04-21

• Content updates:

... (truncated)

Changelog

Sourced from twilio's changelog.

[2026-05-07] Version 6.0.2

Conversations

• update actions api visibility

Memory

• 2026-05-07

• Content updates:
• include store api

[2026-05-06] Version 6.0.1

Twiml

• Set recording_configuration_id attribute to public visibility in <Conference>, <Dial>, <Record> verbs and <Recording> noun

Api

• Add RecordingConfigurationId parameter for CreateCall, CreateCallRecording, CreateConferenceRecording, and CreateParticipant endpoints

Authy

• Changelog

• v1

• Added Authy API v1 under /v1 — initial onboarding of Public API (/v1/protected/*), Device API (/v1/json/*), and Dashboard API (/v1/dashboard/*) behind REST Proxy using transparent proxy mode.

Data-ingress

• 2026-04-21

• Content updates:
• Updated description for CreateDataSync
• Updated description for DeleteCloudAppDataset
• Updated description for DeleteWarehouseDataset

• 2026-04-20

• Minor updates (formatting, metadata)

• 2026-04-17

• updated operationId for dataplane APIs,Minor updates (formatting, metadata)

• 2026-04-15

• libraryVisibility to private

• 2026-04-14

• Added 1 new path(s):
• /v1/DataSyncs/Latest (GetLatestDataSyncs)

Memory

• 2026-04-21

• Content updates:
• Remove Prefer/Async-Operation headers

• 2026-04-21

• Content updates:
• Added 301 response for ListIdentifiers and GetIdentifier
• Added 308 response for DeleteProfile, CreateIdentifier, PatchIdentifier, and DeleteIdentifier

• 2026-04-14

• Modified 1 path(s):

... (truncated)

Commits

• e9e5469 Release 6.0.2
• fd93dfa [Librarian] Regenerated @ d39d243cf0f072a87b06d80cfd5d04f77cde8481 18d7938080...
• c4d7168 Release 6.0.1
• 04a89ce [Librarian] Regenerated @ d39d243cf0f072a87b06d80cfd5d04f77cde8481 e2fda0239d...
• See full diff in compare view

Updates ws from 8.20.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• See full diff in compare view

Updates tsx from 4.21.0 to 4.22.2

Release notes

Sourced from tsx's releases.

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

• preserve CJS JSON require in ESM hooks (35b700b)
• preserve named exports from CommonJS TypeScript (11de737)
• support module.exports require(esm) interop (cf8f199)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

• resolve tsconfig path aliases containing a colon (#780) (6979f28)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.0

4.22.0 (2026-05-14)

Features

• upgrade esbuild to 0.28 (#789) (b29f6ee)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.21.1

4.21.1 (2026-05-14)

Bug Fixes

• support Node 20.11/21.2 import.meta paths (acf3d8f)
• support Node.js 24.15.0 (c1d2d45)
• support Node.js 26.1.0 and 25.9.0 (1d7e528)

---

This release is also available on:

... (truncated)

Commits

• 35b700b fix: preserve CJS JSON require in ESM hooks
• ef807db chore: update testing dependencies
• 3917090 test: document compatibility test taxonomy
• de8113f refactor: centralize Node capability facts
• c1f62db test: consolidate tsconfig path edge coverage
• 4e08174 test: consolidate loader hook coverage
• 674bb30 test: consolidate tsImport commonjs mts coverage
• e6972ac test: stabilize process interaction tests
• 9736a80 test: safely decode stdout stream tex
• 11de737 fix: preserve named exports from CommonJS TypeScript
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cotrackpro-talk	Ready	Preview, Comment	May 18, 2026 11:02pm