Skip to content

chore(deps): bump the npm-production group across 1 directory with 5 updates#73

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-027ff10a2c
Open

chore(deps): bump the npm-production group across 1 directory with 5 updates#73
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-027ff10a2c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-production group with 5 updates in the / directory:

Package From To
@anthropic-ai/claude-agent-sdk 0.2.118 0.3.165
ajv 8.18.0 8.20.0
dotenv 17.3.1 17.4.2
js-yaml 4.1.1 4.2.0
react 19.2.4 19.2.7

Updates @anthropic-ai/claude-agent-sdk from 0.2.118 to 0.3.165

Release notes

Sourced from @​anthropic-ai/claude-agent-sdk's releases.

v0.3.165

What's changed

  • Updated to parity with Claude Code v2.1.165

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.165
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.165
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.165
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.165

v0.3.163

What's changed

  • stop_task control requests now return success when the target task is already gone (not_found or not_running), so SDK clients can reliably prune stale task chips
  • Fixed SDK hosts being unable to add builtin MCP servers (e.g. claude-in-chrome) via setMcpServers when the CLI was launched without them
  • Stop and SubagentStop hook events now support additionalContext in hookSpecificOutput, enabling non-error feedback that continues the turn

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.163
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.163
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.163
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.163

v0.3.162

What's changed

  • Refusal error messages now carry stop_reason: "refusal" and stop_details on the assistant message and in session transcripts, so SDK consumers can detect refusals without text-matching the error content
  • Agent SDK sessions on native builds now default to fast embedded find/grep search in Bash, matching the interactive CLI, instead of always registering the dedicated Grep/Glob tools. To keep the dedicated tools (e.g. to intercept searches via canUseTool or hooks), name them in the tools option or reference them in allowedTools

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.162
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.162
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.162
</tr></table>

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-agent-sdk's changelog.

0.3.165

  • Updated to parity with Claude Code v2.1.165

0.3.164

  • Updated to parity with Claude Code v2.1.164

0.3.163

  • stop_task control requests now return success when the target task is already gone (not_found or not_running), so SDK clients can reliably prune stale task chips
  • Fixed SDK hosts being unable to add builtin MCP servers (e.g. claude-in-chrome) via setMcpServers when the CLI was launched without them
  • Stop and SubagentStop hook events now support additionalContext in hookSpecificOutput, enabling non-error feedback that continues the turn

0.3.162

  • Refusal error messages now carry stop_reason: "refusal" and stop_details on the assistant message and in session transcripts, so SDK consumers can detect refusals without text-matching the error content
  • Agent SDK sessions on native builds now default to fast embedded find/grep search in Bash, matching the interactive CLI, instead of always registering the dedicated Grep/Glob tools. To keep the dedicated tools (e.g. to intercept searches via canUseTool or hooks), name them in the tools option or reference them in allowedTools

0.3.161

  • The initialize control request is now idempotent: a second initialize returns the same success payload instead of an Already initialized error. ControlResponse gains an optional pending_permission_requests field, mirroring ControlErrorResponse
  • applyFlagSettings now live-applies agent changes: switching the active agent (or passing null to reset) takes effect on the next turn in a running session

0.3.160

  • Fixed SDK hook callbacks swallowing abort signals: aborting during a PostToolUse hook now ends the turn with a final result message instead of hanging the calling process

0.3.159

  • Updated to parity with Claude Code v2.1.159

0.3.158

  • Updated to parity with Claude Code v2.1.158

0.3.157

  • Updated to parity with Claude Code v2.1.157

0.3.156

  • Updated to parity with Claude Code v2.1.156

0.3.155

  • Updated to parity with Claude Code v2.1.155

0.3.154

... (truncated)

Commits

Updates ajv from 8.18.0 to 8.20.0

Release notes

Sourced from ajv's releases.

v8.20.0

What's Changed

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

v8.19.0

What's Changed

Full Changelog: ajv-validator/ajv@v8.18.0...v8.19.0

Commits

Updates dotenv from 17.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

  • Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)
Commits

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the npm-production group across 1 directory with 5 …
3c9fd71 
…updates

Bumps the npm-production group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.2.118` | `0.3.165` |
| [ajv](https://github.com/ajv-validator/ajv) | `8.18.0` | `8.20.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.3.1` | `17.4.2` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.7` |



Updates `@anthropic-ai/claude-agent-sdk` from 0.2.118 to 0.3.165
- [Release notes](https://github.com/anthropics/claude-agent-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/claude-agent-sdk-typescript@v0.2.118...v0.3.165)

Updates `ajv` from 8.18.0 to 8.20.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.18.0...v8.20.0)

Updates `dotenv` from 17.3.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.3.1...v17.4.2)

Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

---
updated-dependencies:
- dependency-name: "@anthropic-ai/claude-agent-sdk"
  dependency-version: 0.3.165
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: ajv
  dependency-version: 8.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: dotenv
  dependency-version: 17.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants