deps: bump the minor-and-patch group across 1 directory with 25 updates

[dependabot]

Bumps the minor-and-patch group with 25 updates in the / directory:

Package	From	To
@ai-sdk/google	3.0.75	3.0.82
@arcjet/next	1.4.0	1.5.0
@hookform/resolvers	5.2.2	5.4.0
@radix-ui/react-dialog	1.1.15	1.1.16
@radix-ui/react-dropdown-menu	2.1.16	2.1.17
@radix-ui/react-label	2.1.8	2.1.9
@radix-ui/react-navigation-menu	1.2.14	1.2.15
@radix-ui/react-slot	1.2.4	1.2.5
@radix-ui/react-tabs	1.1.13	1.1.14
@radix-ui/react-tooltip	1.2.8	1.2.9
ai	6.0.184	6.0.205
arcjet	1.4.0	1.5.0
motion	12.38.0	12.40.0
next	16.2.6	16.2.9
react	19.2.6	19.2.7
@types/react	19.2.14	19.2.17
react-dom	19.2.6	19.2.7
react-hook-form	7.76.0	7.79.0
@next/eslint-plugin-next	16.2.6	16.2.9
@tailwindcss/postcss	4.3.0	4.3.1
@tailwindcss/typography	0.5.19	0.5.20
@types/node	25.8.0	25.9.3
eslint-config-next	16.2.6	16.2.9
prettier	3.8.3	3.8.4
tailwindcss	4.3.0	4.3.1

Updates @ai-sdk/google from 3.0.75 to 3.0.82

Release notes

Sourced from @​ai-sdk/google's releases.

@​ai-sdk/google@​3.0.82

Patch Changes

• 3258f22: fix(google): prevent prototype pollution when streaming tool args

• bfa5864: fix: only send provider credentials to same-origin response-supplied URLs

  Several provider clients followed a URL taken from the provider's API response (a polling/status URL or a final media URL such as polling_url, urls.get, result_url, result.sample, or video.uri) and reused the authenticated headers — or appended ?key=<API_KEY> — on that request. Because the host of the response-supplied URL was never validated, the long-lived API key was sent to whatever host the response named (a CDN in the benign case, or an attacker-chosen host if the provider response was tampered with), allowing credential exfiltration.

  A new isSameOrigin helper is added to @ai-sdk/provider-utils, and the affected fetches in @ai-sdk/black-forest-labs, @ai-sdk/fireworks, @ai-sdk/replicate, @ai-sdk/gladia, @ai-sdk/fal, and @ai-sdk/google now attach credentials only when the followed URL is same-origin with the provider's configured API origin. Requests to a foreign origin are made without the credential.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29

Changelog

Sourced from @​ai-sdk/google's changelog.

3.0.82

Patch Changes

• 3258f22: fix(google): prevent prototype pollution when streaming tool args

• bfa5864: fix: only send provider credentials to same-origin response-supplied URLs

  Several provider clients followed a URL taken from the provider's API response (a polling/status URL or a final media URL such as polling_url, urls.get, result_url, result.sample, or video.uri) and reused the authenticated headers — or appended ?key=<API_KEY> — on that request. Because the host of the response-supplied URL was never validated, the long-lived API key was sent to whatever host the response named (a CDN in the benign case, or an attacker-chosen host if the provider response was tampered with), allowing credential exfiltration.

  A new isSameOrigin helper is added to @ai-sdk/provider-utils, and the affected fetches in @ai-sdk/black-forest-labs, @ai-sdk/fireworks, @ai-sdk/replicate, @ai-sdk/gladia, @ai-sdk/fal, and @ai-sdk/google now attach credentials only when the followed URL is same-origin with the provider's configured API origin. Requests to a foreign origin are made without the credential.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29

3.0.81

Patch Changes

• Updated dependencies [942f2f8]
  • @​ai-sdk/provider-utils@​4.0.28

3.0.80

Patch Changes

• f62ffe0: fix(google): auto-inject skip_thought_signature_validator for Gemini 3 tool-call replays without a signature

  Gemini 3 models reject requests when an assistant functionCall part lacks a thoughtSignature with HTTP 400 "Function call is missing a thought_signature in functionCall parts." This is easy to hit when application code persists/serializes messages and drops providerOptions.google.thoughtSignature (custom DB schemas, useChat server routes that rebuild messages, synthetic tool-call injection).

  The provider now detects this case (Gemini 3 model + missing signature under google, googleVertex, and vertex namespaces) and injects the documented skip_thought_signature_validator sentinel into the outbound functionCall, plus surfaces a one-shot warning per request listing the affected tool names so the developer can find and fix the upstream serialization. Non-Gemini-3 models are unaffected, and real signatures take precedence when present.

3.0.79

Patch Changes

• cfa0cb2: feat(provider/google): support Google search grounding when using generateImage with Gemini

3.0.78

Patch Changes

• cf63828: fix(google): read serviceTier from usageMetadata.serviceTier in both generate and stream paths

  The previous implementation read serviceTier from the x-gemini-service-tier response header, which is only populated on non-streaming responses. Gemini streaming includes the value in usageMetadata.serviceTier on every chunk, so providerMetadata.google.serviceTier was always null for streams. Read from usageMetadata for both paths instead.

... (truncated)

Commits

• bae9bab Version Packages (#16026)
• 3258f22 Backport: fix(google): prevent prototype pollution when streaming tool args (...
• bfa5864 Backport: fix(providers): only send credentials to same-origin response-suppl...
• 9ef2c3c Version Packages (#15998)
• 7aca1fc backport: chore: update TypeScript references and fix `pnpm update-references...
• 661127c Version Packages (#15622)
• f62ffe0 fix(google): auto-inject skip_thought_signature_validator on Gemini 3 tool-ca...
• fc83fa3 Version Packages (#15532)
• cfa0cb2 Backport: feat(provider/google): support Google search grounding when using `...
• 93ad540 Version Packages (#15489)
• Additional commits viewable in compare view

Updates @arcjet/next from 1.4.0 to 1.5.0

Release notes

Sourced from @​arcjet/next's releases.

v1.5.0

1.5.0 (2026-06-09)

🚀 New Features

• support proxy services such as Cloudflare for client IP detection (#6060) (f77ead5)

🪲 Bug Fixes

• redact detectPromptInjectionMessage from report calls (#6041) (b490fc7)
• update @​bufbuild/protobuf to 2.12.0 and add root override to fix Bun build (#6014) (ba8f1a3)

📝 Documentation

• clarify label/bucket slug validation in @​arcjet/guard types (#6043) (81293b3)
• refresh root, next, and guard READMEs for guards release (#6017) (994232c)

🧹 Miscellaneous Chores

• configure release-please to use GitHub App Token (#6019) (571b1b7)
• remove redundant esbuild and flatted overrides (#6020) (ca2ad5a)

🔨 Build System

• deps-dev: bump astro from 6.1.2 to 6.1.6 (#6003) (6730508)
• deps-dev: bump astro from 6.1.6 to 6.1.10 (#6031) (ea8963d)
• deps-dev: bump fast-uri from 3.1.0 to 3.1.2 (#6023) (1d000d3)
• deps-dev: bump fast-uri from 3.1.0 to 3.1.2 in /examples/nestjs (#6024) (f830a47)
• deps-dev: bump fastify from 5.8.4 to 5.8.5 (#6000) (fe37f56)
• deps-dev: bump ip-address from 10.1.0 to 10.2.0 in /examples/express-newman (#6021) (11dd637)
• deps-dev: bump next from 16.2.4 to 16.2.6 (#6029) (dcf85e1)
• deps-dev: bump next from 16.2.4 to 16.2.6 in /arcjet-next (#6028) (082c20f)
• deps-dev: bump next from 16.2.4 to 16.2.6 in /nosecone-next (#6027) (29f3de1)
• deps: bump @​astrojs/node from 10.0.4 to 10.0.5 in /examples/astro (#6008) (cdffb7d)
• deps: bump astro from 6.1.4 to 6.1.8 in /examples/astro (#6001) (69b4198)
• deps: bump astro from 6.1.8 to 6.3.2 in /examples/astro (#6032) (6397074)
• deps: bump brace-expansion from 5.0.5 to 5.0.6 in /examples/nuxt (#6039) (dac76d1)
• deps: bump devalue from 5.6.4 to 5.8.1 (#6034) (def151d)
• deps: bump devalue from 5.6.4 to 5.8.1 in /examples/astro (#6038) (c683d82)
• deps: bump devalue from 5.6.4 to 5.8.1 in /examples/nuxt (#6035) (9203466)
• deps: bump fast-uri from 3.1.0 to 3.1.2 in /examples/fastify (#6026) (c7bffe1)
• deps: bump nitropack from 2.13.3 to 2.13.4 in /examples/nuxt (#6022) (ecacd00)
• deps: bump nuxt and @​nuxt/nitro-server to 4.4.6 in examples/nuxt (#6055) (74573e3)
• deps: bump qs to 6.15.2 in examples (#6051) (f784256)
• deps: bump simple-git from 3.33.0 to 3.36.0 in /examples/nuxt (#6025) (bff84fb)

... (truncated)

Changelog

Sourced from @​arcjet/next's changelog.

1.5.0 (2026-06-09)

🚀 New Features

• support proxy services such as Cloudflare for client IP detection (#6060) (f77ead5)

📝 Documentation

• refresh root, next, and guard READMEs for guards release (#6017) (994232c)

🔨 Build System

• deps-dev: bump next from 16.2.4 to 16.2.6 (#6029) (dcf85e1)
• deps-dev: bump next from 16.2.4 to 16.2.6 in /arcjet-next (#6028) (082c20f)
• deps-dev: bump next from 16.2.4 to 16.2.6 in /nosecone-next (#6027) (29f3de1)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​arcjet/body bumped from 1.4.0 to 1.5.0
    • @​arcjet/env bumped from 1.4.0 to 1.5.0
    • @​arcjet/headers bumped from 1.4.0 to 1.5.0
    • @​arcjet/ip bumped from 1.4.0 to 1.5.0
    • @​arcjet/logger bumped from 1.4.0 to 1.5.0
    • @​arcjet/protocol bumped from 1.4.0 to 1.5.0
    • @​arcjet/transport bumped from 1.4.0 to 1.5.0
    • arcjet bumped from 1.4.0 to 1.5.0
  • devDependencies
    • @​arcjet/eslint-config bumped from 1.4.0 to 1.5.0
    • @​arcjet/rollup-config bumped from 1.4.0 to 1.5.0

Commits

• e435007 chore: Release 1.5.0 (#6004)
• e3d955b deps: periodic dependency update (#6064)
• f77ead5 feat: support proxy services such as Cloudflare for client IP detection (#6060)
• dcf85e1 build(deps-dev): bump next from 16.2.4 to 16.2.6 (#6029)
• 994232c docs: refresh root, next, and guard READMEs for guards release (#6017)
• f6df4e9 deps: periodic dependency update (#6013)
• See full diff in compare view

Updates @hookform/resolvers from 5.2.2 to 5.4.0

Release notes

Sourced from @​hookform/resolvers's releases.

v5.4.0

5.4.0 (2026-05-21)

Features

• feat: add ata-validator resolver (#845)

Fixes

• fix issue with toNestErrors.ts (#848)

• add guidance on passing context to yupResolver (useForm context) (#835) (3d29924)

Commits

• 3d29924 feat: add guidance on passing context to yupResolver (useForm context) (#835)
• 56b68f3 feat: 5.3.0
• cf8562d update readme on ata-validator
• 5e5b610 fix issue with toNestErrors.ts (#848)
• 72aacf8 Revise supported versions in SECURITY.md
• ad89a20 feat: add ata-validator resolver (#845)
• 02286db ci: updated publish workflow to use node 24 (#838)
• 2e9bc7c Fix(zodResolver): error paths in complex unions #787 (#819)
• See full diff in compare view

Updates @radix-ui/react-dialog from 1.1.15 to 1.1.16

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.16

• Fixed disabled pointer events in closed dialogs
• Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dialog since your current version.

Updates @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.17

Changelog

Sourced from @​radix-ui/react-dropdown-menu's changelog.

2.1.17

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-menu@2.1.17, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dropdown-menu since your current version.

Updates @radix-ui/react-label from 2.1.8 to 2.1.9

Changelog

Sourced from @​radix-ui/react-label's changelog.

2.1.9

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-primitive@2.1.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-label since your current version.

Updates @radix-ui/react-navigation-menu from 1.2.14 to 1.2.15

Changelog

Sourced from @​radix-ui/react-navigation-menu's changelog.

1.2.15

• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-visually-hidden@1.2.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-navigation-menu since your current version.

Updates @radix-ui/react-slot from 1.2.4 to 1.2.5

Changelog

Sourced from @​radix-ui/react-slot's changelog.

1.2.5

• Fixed infinite re-render loop in React 19 caused by Slot creating a new ref callback on every render
• Added support for nested Slottable via a render prop, so a slotted element can be wrapped while still merging Slot props and refs onto it
• Added repository.directory to all package.json files
• Improved error messages for invalid slot children
• Updated dependencies: @radix-ui/react-compose-refs@1.1.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slot since your current version.

Updates @radix-ui/react-tabs from 1.1.13 to 1.1.14

Changelog

Sourced from @​radix-ui/react-tabs's changelog.

1.1.14

• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-roving-focus@1.1.12, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tabs since your current version.

Updates @radix-ui/react-tooltip from 1.2.8 to 1.2.9

Changelog

Sourced from @​radix-ui/react-tooltip's changelog.

1.2.9

• Fixed runtime error when event target is non-Node
• Fixed a Tooltip bug so that skipDelayDuration={0} works as expected. Previously, the open delay could still be skipped when moving between triggers.
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-visually-hidden@1.2.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-tooltip since your current version.

Updates ai from 6.0.184 to 6.0.205

Release notes

Sourced from ai's releases.

ai@6.0.205

Patch Changes

• Updated dependencies [6160ced]
• Updated dependencies [c9b8abd]
  • @​ai-sdk/gateway@​3.0.131

ai@6.0.204

Patch Changes

• Updated dependencies [c5d4716]
  • @​ai-sdk/gateway@​3.0.130

ai@6.0.203

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

Changelog

Sourced from ai's changelog.

6.0.205

Patch Changes

• Updated dependencies [6160ced]
• Updated dependencies [c9b8abd]
  • @​ai-sdk/gateway@​3.0.131

6.0.204

Patch Changes

• Updated dependencies [c5d4716]
  • @​ai-sdk/gateway@​3.0.130

6.0.203

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

6.0.202

Patch Changes

• 942f2f8: fix(security): re-validate tool approvals from client message history before execution

  The approval-replay path in generateText/streamText reconstructed approved tool calls from the client-supplied messages array and executed them without re-validating input against the tool's schema or re-checking that the tool actually requires approval. A client could forge an assistant message with a pre-approved tool-call part and have the server execute a tool with attacker-chosen arguments.

... (truncated)

Commits

• 5548672 Version Packages (#16097)
• 63b3f60 Version Packages (#16086)
• bae9bab Version Packages (#16026)
• b4b575a Backport: fix(ai): redact server error details from UI message streams by def...
• f42aa79 Backport: fix(provider-utils,ai): harden download SSRF guard against hostname...
• 5291f7e Backport: fix: Harden stream text processing and middleware against prototype...
• 9ef2c3c Version Packages (#15998)
• 942f2f8 Backport: fix(security): harden tool approval replay path against client-forg...
• dca8c38 Version Packages (#15992)
• 0c8c0ed Backport: fix(ai): return schema-transformed elements in array output mode (#...
• Additional commits viewable in compare view

Updates arcjet from 1.4.0 to 1.5.0

Release notes

Sourced from arcjet's releases.

v1.5.0

1.5.0 (2026-06-09)

🚀 New Features

• support proxy services such as Cloudflare for client IP detection (#6060) (f77ead5)

🪲 Bug Fixes

• redact detectPromptInjectionMessage from report calls (#6041) (b490fc7)
• update @​bufbuild/protobuf to 2.12.0 and add root override to fix Bun build (#6014) (ba8f1a3)

📝 Documentation

• clarify label/bucket slug validation in @​arcjet/guard types (#6043) (81293b3)
• refresh root, next, and guard READMEs for guards release (#6017) (994232c)

🧹 Miscellaneous Chores

• configure release-please to use GitHub App Token (#6019) (571b1b7)
• remove redundant esbuild and flatted overrides (#6020) (ca2ad5a)

🔨 Build System

• deps-dev: bump astro from 6.1.2 to 6.1.6 (#6003) (6730508)
• deps-dev: bump astro from 6.1.6 to 6.1.10 (#6031) (ea8963d)
• deps-dev: bump fast-uri from 3.1.0 to 3.1.2 (#6023) (1d000d3)
• deps-dev: bump fast-uri from 3.1.0 to 3.1.2 in /examples/nestjs (#6024) (f830a47)
• deps-dev: bump fastify from 5.8.4 to 5.8.5 (#6000) (fe37f56)
• deps-dev: bump ip-address from 10.1.0 to 10.2.0 in /examples/express-newman (#6021) (11dd637)
• deps-dev: bump next from 16.2.4 to 16.2.6 (#6029) (dcf85e1)
• deps-dev: bump next from 16.2.4 to 16.2.6 in /arcjet-next (#6028) (082c20f)
• deps-dev: bump next from 16.2.4 to 16.2.6 in /nosecone-next (#6027) (29f3de1)
• deps: bump @​astrojs/node from 10.0.4 to 10.0.5 in /examples/astro (#6008) (cdffb7d)
• deps: bump astro from 6.1.4 to 6.1.8 in /examples/astro (#6001) (69b4198)
• deps: bump astro from 6.1.8 to 6.3.2 in /examples/astro (#6032) (6397074)
• deps: bump brace-expansion from 5.0.5 to 5.0.6 in /examples/nuxt (#6039) (dac76d1)
• deps: bump devalue from 5.6.4 to 5.8.1 (#6034) (def151d)
• deps: bump devalue from 5.6.4 to 5.8.1 in /examples/astro (#6038) (c683d82)
• deps: bump devalue from 5.6.4 to 5.8.1 in /examples/nuxt (#6035) (9203466)
• deps: bump fast-uri from 3.1.0 to 3.1.2 in /examples/fastify (#6026) (c7bffe1)
• deps: bump nitropack from 2.13.3 to 2.13.4 in /examples/nuxt (#6022) (ecacd00)
• deps: bump nuxt and @​nuxt/nitro-server to 4.4.6 in examples/nuxt (#6055) (74573e3)
• deps: bump qs to 6.15.2 in examples (#6051) (f784256)
• deps: bump simple-git from 3.33.0 to 3.36.0 in /examples/nuxt (#6025) (bff84fb)

... (truncated)

Changelog

Sourced from arcjet's changelog.

1.5.0 (2026-06-09)

🪲 Bug Fixes

• redact detectPromptInjectionMessage from report calls (#6041) (b490fc7)

🔨 Build System

• deps-dev: bump next from 16.2.4 to 16.2.6 in /arcjet-next (#6028) (082c20f)
• deps-dev: bump next from 16.2.4 to 16.2.6 in /nosecone-next (#6027) (29f3de1)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​arcjet/analyze bumped from 1.4.0 to 1.5.0
    • @​arcjet/cache bumped from 1.4.0 to 1.5.0
    • @​arcjet/duration bumped from 1.4.0 to 1.5.0
    • @​arcjet/headers bumped from 1.4.0 to 1.5.0
    • @​arcjet/protocol bumped from 1.4.0 to 1.5.0
    • @​arcjet/runtime bumped from 1.4.0 to 1.5.0
    • @​arcjet/stable-hash bumped from 1.4.0 to 1.5.0
  • devDependencies
    • @​arcjet/eslint-config bumped from 1.4.0 to 1.5.0
    • @​arcjet/rollup-config bumped from 1.4.0 to 1.5.0

Commits

• e435007 chore: Release 1.5.0 (#6004)
• e3d955b deps: periodic dependency update (#6064)
• b490fc7 fix: redact detectPromptInjectionMessage from report calls (#6041)
• f6df4e9 deps: periodic dependency update (#6013)
• See full diff in compare view

Updates motion from 12.38.0 to 12.40.0

Changelog

Sourced from motion's changelog.

[12.40.0] 2026-05-21

Added

• path option to transition.
• arc() for motion along an arc.

[12.39.0] 2026-05-18

Added

• Support for repeatType and repeatDelay in animation sequences.

Fixed

• Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.
• Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so dragSnapToOrigin no longer leaves the drag transform stranded after a layout swap.
• LazyMotion: Share React contexts between the framer-motion and framer-motion/m (and therefore motion/react and motion/react-m) CJS bundles so that <m.div> from the /m subpath picks up features loaded by <LazyMotion> from the main entry point.
• useScroll: Support hydrating target and container refs from anywhere in the tree.
• Drag: Gesture no longer starts from incorrect start point when rendered inside <AnimatePresence initial={false} />.
• Drag: dragConstraints, when set as viewport-relative ref, no longer break on scroll.§
• Updated visualElement hydration order.
• useAnimate: Now respects skipAnimations.
• AnimatePresence: Fix object-form initial values not applied on re-entry after exit completes.
• scroll: Fixed callback progress when tracking an element.
• useScroll: Fix hardware acceleration when tracking an element.

Commits

• 38ebb94 v12.40.0
• b1f766c Latest
• bca5544 Merge pull request #3699 from motiondivision/lochie/arcs-injectable
• f1a96cf arc(): rename amp/rotate, expose MotionPath, fix explicit cw/ccw
• b4aaba0 pathRotation: non-destructive orientToPath rotation channel
• 8604ef3 Make arcs injectable via transition.path = arc()
• f90fe29 add orientToPath
• 9ebe999 fix: test
• bc2107e Revert "no should"
• 6eeb92d no should
• Additional commits viewable in compare view

Updates next from 16.2.6 to 16.2.9

Release notes

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Backport documentation fixes for v16.2 (#93804)
• [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
• [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
• [backport] Fix catch-all router.query corruption with basePat...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.