Bump the production group across 1 directory with 6 updates

[dependabot]

Bumps the production group with 6 updates in the / directory:

Package	From	To
@actual-app/api	26.5.2	26.6.0
@anthropic-ai/sdk	0.39.0	0.100.1
@react-pdf/renderer	4.3.2	4.5.1
js-yaml	4.1.1	4.2.0
react	19.2.4	19.2.7
react-dom	19.2.4	19.2.7

Updates @actual-app/api from 26.5.2 to 26.6.0

Release notes

Sourced from @​actual-app/api's releases.

v26.6.0

🔗 View release notes

Desktop releases

Please note: Microsoft store updates can sometimes lag behind the main release by a couple of days while they verify the new version.

Commits

• ead4081 🔖 (26.6.0)
• 50feba1 [AI] Fix flaky API test timeouts and use sync file write in tests (#7806)
• 5d27034 CLI: Hide hidden categories by default in list commands (#7786)
• 3799b58 [AI] Add getNote and updateNote to public API (#7769)
• db38565 Bump uuid from 13.0.2 to 14.0.0 (#7739)
• 345c99b [AI] Bump workspace packages to 26.5.2 and document 26.5.2 in release notes (...
• bc08ed9 [AI] 🔖 Release 26.5.1 (#7745)
• 852b955 [AI] Revert crypto.randomUUID back to uuid library (#7734)
• 6c2c96e 🔖 (26.5.0) (#7621)
• 4a5ee9c [AI] Make TypeScript work in test files across packages (#7642)
• See full diff in compare view

Updates @anthropic-ai/sdk from 0.39.0 to 0.100.1

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.100.1

0.100.1 (2026-05-29)

Full Changelog: sdk-v0.100.0...sdk-v0.100.1

Bug Fixes

• streaming: carry encrypted_content on beta compaction blocks (#1025) (eccddf3)

Chores

• client: update lockfiles to have proper dependencies on standardwebhooks (5e9b523)

sdk: v0.100.0

0.100.0 (2026-05-28)

Full Changelog: sdk-v0.99.0...sdk-v0.100.0

Features

• api: Add support for claude-opus-4-8, mid-conversation system blocks, and usage.output_tokens_details (bb0bf27)

Documentation

• replace literal newlines (66ba142)

sdk: v0.99.0

0.99.0 (2026-05-27)

Full Changelog: sdk-v0.98.1...sdk-v0.99.0

Features

• support custom file size caps (#1029) (814cd4c)

Bug Fixes

• streaming: carry stop_details through message_delta accumulation (#1027) (198bc27)

sdk: v0.98.1

0.98.1 (2026-05-26)

Full Changelog: sdk-v0.98.0...sdk-v0.98.1

Bug Fixes

• client: preserve directory prefix in skills.versions.create uploads (#1024) (abbcd6a)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.100.1 (2026-05-29)

Full Changelog: sdk-v0.100.0...sdk-v0.100.1

Bug Fixes

• streaming: carry encrypted_content on beta compaction blocks (#1025) (eccddf3)

Chores

• client: update lockfiles to have proper dependencies on standardwebhooks (5e9b523)

0.100.0 (2026-05-28)

Full Changelog: sdk-v0.99.0...sdk-v0.100.0

Features

• api: Add support for claude-opus-4-8, mid-conversation system blocks, and usage.output_tokens_details (bb0bf27)

Documentation

• replace literal newlines (66ba142)

0.99.0 (2026-05-27)

Full Changelog: sdk-v0.98.1...sdk-v0.99.0

Features

• support custom file size caps (#1029) (814cd4c)

Bug Fixes

• streaming: carry stop_details through message_delta accumulation (#1027) (198bc27)

0.98.1 (2026-05-26)

Full Changelog: sdk-v0.98.0...sdk-v0.98.1

Bug Fixes

• client: preserve directory prefix in skills.versions.create uploads (#1024) (abbcd6a)

Chores

... (truncated)

Commits

• 512605f chore: release main
• d0148df codegen metadata
• 4d836b4 codegen metadata
• 323e350 codegen metadata
• ea36df7 chore(client): update lockfiles to have proper dependencies on standardwebhooks
• 0ea1922 codegen metadata
• 991d88f fix(streaming): carry encrypted_content on beta compaction blocks (#1025)
• 6f97c4d chore: release main
• 1fd7ec7 feat(api): Add support for claude-opus-4-8, mid-conversation system blocks, a...
• f5bfc10 docs: replace literal newlines
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​anthropic-ai/sdk since your current version.

Updates @react-pdf/renderer from 4.3.2 to 4.5.1

Release notes

Sourced from @​react-pdf/renderer's releases.

@​react-pdf/renderer@​4.4.1

Patch Changes

• #3351 e585e352 Thanks @​diegomura! - fix(render): border rendering + tests

• Updated dependencies [e585e352]:

  • @​react-pdf/render@​4.4.1
  • @​react-pdf/layout@​4.5.1

@​react-pdf/renderer@​4.3.3

Patch Changes

• Updated dependencies [c40bfdec, 5b6a6a4a, 143317f2, 01e1fbbe, e27cdb48, 39886cd7, 7d05a6d9]:
  • @​react-pdf/fns@​3.1.3
  • @​react-pdf/render@​4.3.3
  • @​react-pdf/font@​4.0.5
  • @​react-pdf/layout@​4.4.3
  • @​react-pdf/types@​2.9.3

Changelog

Sourced from @​react-pdf/renderer's changelog.

4.5.1

Patch Changes

• #3386 cbce7149 Thanks @​diegomura! - Add pdfkit table mixin as part of unification plan

• Updated dependencies [598cf0c6, cbce7149]:

  • @​react-pdf/pdfkit@​5.1.1
  • @​react-pdf/font@​4.0.8
  • @​react-pdf/layout@​4.6.1
  • @​react-pdf/render@​4.5.1
  • @​react-pdf/types@​2.11.1

4.5.0

Minor Changes

• #3366 4444f355 Thanks @​diegomura! - feat: svg markers support

Patch Changes

• Updated dependencies [ccfcc632, 0138fddd, b01f5b72, 27d1b487, 4444f355]:
  • @​react-pdf/pdfkit@​5.1.0
  • @​react-pdf/layout@​4.6.0
  • @​react-pdf/render@​4.5.0
  • @​react-pdf/primitives@​4.3.0
  • @​react-pdf/types@​2.11.0
  • @​react-pdf/font@​4.0.7

4.4.1

Patch Changes

• #3351 e585e352 Thanks @​diegomura! - fix(render): border rendering + tests

• Updated dependencies [e585e352]:

  • @​react-pdf/render@​4.4.1
  • @​react-pdf/layout@​4.5.1

4.4.0

Minor Changes

• #3344 a70013e7 Thanks @​diegomura! - feat: password protection support

• #3336 342938a4 Thanks @​diegomura! - feat: add link hitslop

• #3342 aa3ccf4c Thanks @​diegomura! - feat: add image background

• #3339 6109b424 Thanks @​diegomura! - feat: responsive images

... (truncated)

Commits

• f6197a4 chore: release packages (#3352)
• e585e35 fix(render): border rendering + tests (#3351)
• edc4950 chore: release packages (#3334)
• a70013e feat: password protection support (#3344)
• aa3ccf4 feat: add image background (#3342)
• 6109b42 feat: responsive images (#3339)
• 342938a feat: add link hitslop (#3336)
• ad5d204 chore: bump pdfjs-dist and canvas dependencies for Node 22
• 2c4a852 Revert "chore: bump pdfjs-dist and canvas dependencies for Node 22" (#3332)
• 79191a7 chore: bump pdfjs-dist and canvas dependencies for Node 22 (#3330)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​react-pdf/renderer since your current version.

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280.
• Ensure numbers survive round-trip, #737.
• Fix test coverage for issue #221.
• Fix flow scalar trailing whitespace folding, #307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

Commits

• See full diff in compare view

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!