Skip to content

chore(deps): bump the bun-minor-and-patch group with 10 updates#368

Merged
pbakaus merged 1 commit into
mainfrom
dependabot/bun/bun-minor-and-patch-f350528ca7
Jul 13, 2026
Merged

chore(deps): bump the bun-minor-and-patch group with 10 updates#368
pbakaus merged 1 commit into
mainfrom
dependabot/bun/bun-minor-and-patch-f350528ca7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the bun-minor-and-patch group with 10 updates:

Package From To
marked 18.0.5 18.0.6
@ai-sdk/anthropic 4.0.8 4.0.12
@ai-sdk/google 4.0.8 4.0.12
@ai-sdk/openai 4.0.8 4.0.11
@anthropic-ai/claude-agent-sdk 0.3.201 0.3.207
@anthropic-ai/sdk 0.110.0 0.111.0
@google/genai 2.10.0 2.11.0
ai 7.0.16 7.0.22
astro 7.0.6 7.0.8
wrangler 4.107.0 4.110.0

Updates marked from 18.0.5 to 18.0.6

Release notes

Sourced from marked's releases.

v18.0.6

18.0.6 (2026-07-09)

Bug Fixes

  • Avoid O(n^2) backtracking in inline link href regex (#4013) (a009808)
  • Fix ordered lists after blockquotes (#4003) (33928d0)
  • keep trailing text on HTML block close line for PI, declarations, and CDATA (#3991) (bbb84c8)
Commits
  • 39bd884 chore(release): 18.0.6 [skip ci]
  • 6bce57d chore(deps-dev): bump @​semantic-release/github from 12.0.8 to 12.0.9 (#4009)
  • 63a4bba chore(deps-dev): bump markdown-it from 14.2.0 to 14.3.0 (#4010)
  • a009808 fix: Avoid O(n^2) backtracking in inline link href regex (#4013)
  • 33928d0 fix: Fix ordered lists after blockquotes (#4003)
  • bbb84c8 fix: keep trailing text on HTML block close line for PI, declarations, and CD...
  • d2af54e chore(deps-dev): bump eslint from 10.5.0 to 10.6.0 (#4005)
  • f403898 chore(deps-dev): bump @​arethetypeswrong/cli from 0.18.3 to 0.18.4 (#4006)
  • f8f4112 chore(deps): bump actions/checkout from 6 to 7 (#4000)
  • 5ddfd8a chore: Update repository metadata URLs (#3998)
  • Additional commits viewable in compare view

Updates @ai-sdk/anthropic from 4.0.8 to 4.0.12

Release notes

Sourced from @​ai-sdk/anthropic's releases.

@​ai-sdk/anthropic@​4.0.12

Patch Changes

  • 308a519: chore: enforce consistent imports from zod/v4 instead of zod
Changelog

Sourced from @​ai-sdk/anthropic's changelog.

4.0.12

Patch Changes

  • 308a519: chore: enforce consistent imports from zod/v4 instead of zod

4.0.11

Patch Changes

  • Updated dependencies [0f93c57]
    • @​ai-sdk/provider@​4.0.3
    • @​ai-sdk/provider-utils@​5.0.7

4.0.10

Patch Changes

  • Updated dependencies [ac306ed]
    • @​ai-sdk/provider-utils@​5.0.6

4.0.9

Patch Changes

  • 2e45d9c: fix(anthropic): wrap invalid tool input in object
Commits

Updates @ai-sdk/google from 4.0.8 to 4.0.12

Release notes

Sourced from @​ai-sdk/google's releases.

@​ai-sdk/google@​4.0.12

Patch Changes

  • e40118c: Forward text file references as documents when using the Google Interactions API.
Changelog

Sourced from @​ai-sdk/google's changelog.

4.0.12

Patch Changes

  • e40118c: Forward text file references as documents when using the Google Interactions API.

4.0.11

Patch Changes

  • 17d66c5: Fix Google tool result conversion to send file data as inline data instead of JSON text on the legacy tool-result path.
  • 96d40bc: Expand standalone Google threshold provider options into safety settings.
  • 0f93c57: feat (video): support video (not just image) reference inputs in inputReferences for reference-to-video generation
  • Updated dependencies [0f93c57]
    • @​ai-sdk/provider@​4.0.3
    • @​ai-sdk/provider-utils@​5.0.7

4.0.10

Patch Changes

  • Updated dependencies [ac306ed]
    • @​ai-sdk/provider-utils@​5.0.6

4.0.9

Patch Changes

  • 7401c2c: Pass documented Gemini external HTTPS file URLs through without downloading them.
Commits

Updates @ai-sdk/openai from 4.0.8 to 4.0.11

Changelog

Sourced from @​ai-sdk/openai's changelog.

4.0.11

Patch Changes

  • b2b1bb9: feat(provider/openai): add GPT-5.6 reasoning and prompt cache controls

4.0.10

Patch Changes

  • fdb6d5d: feat(provider/openai,provider/gateway): add gpt-5.6 model ids
  • Updated dependencies [0f93c57]
    • @​ai-sdk/provider@​4.0.3
    • @​ai-sdk/provider-utils@​5.0.7

4.0.9

Patch Changes

  • ac306ed: Fix StreamingToolCallTracker finalizing streaming tool calls on parsable partial JSON. Tool calls now only finalize during stream flush, restoring the behavior of #13137: a parsable argument buffer can still be the prefix of a longer argument string, so finalizing early could act on truncated tool inputs.
  • Updated dependencies [ac306ed]
    • @​ai-sdk/provider-utils@​5.0.6
Commits

Updates @anthropic-ai/claude-agent-sdk from 0.3.201 to 0.3.207

Release notes

Sourced from @​anthropic-ai/claude-agent-sdk's releases.

v0.3.207

What's changed

  • Fixed canUseTool returning {behavior: 'allow'} without updatedInput being rejected as a deny with a raw ZodError message; the tool now runs with the original input per the documented contract
  • The Agent tool's structured result now has a published SDK type (AgentToolCompletedOutput) that matches the emitted object exactly

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.207
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.207
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.207
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.207

v0.3.206

What's changed

  • Added command_lifecycle frames to stream-json and SDK sessions, reporting each uuid-stamped message's terminal state (queued/started/completed/cancelled/discarded); zero-API results no longer report stale duration_api_ms

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.206
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.206
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.206
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.206

v0.3.205

What's changed

  • Interrupt control responses now include still_queued (UUIDs of queued async messages that will still run), Query.interrupt() returns the typed receipt, and system/init advertises an interrupt_receipt_v1 capability for feature detection
  • Added structured name and body fields to peer-message session events, exposing the sender display name and decoded message body

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.205
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.205
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.205
# or
</tr></table> 

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-agent-sdk's changelog.

0.3.207

  • Fixed canUseTool returning {behavior: 'allow'} without updatedInput being rejected as a deny with a raw ZodError message; the tool now runs with the original input per the documented contract
  • The Agent tool's structured result now has a published SDK type (AgentToolCompletedOutput) that matches the emitted object exactly

0.3.206

  • Added command_lifecycle frames to stream-json and SDK sessions, reporting each uuid-stamped message's terminal state (queued/started/completed/cancelled/discarded); zero-API results no longer report stale duration_api_ms

0.3.205

  • Interrupt control responses now include still_queued (UUIDs of queued async messages that will still run), Query.interrupt() returns the typed receipt, and system/init advertises an interrupt_receipt_v1 capability for feature detection
  • Added structured name and body fields to peer-message session events, exposing the sender display name and decoded message body

0.3.204

  • Added terminal_reason values tool_deferred_unavailable (deferred tool resume found the tool gone — previously an is_error result with no reason, read as a clean completion by lifecycle sweeps) and turn_setup_failed (the turn-input builder threw before the turn started). Both classify as dead turns, so commands consumed by them report command_lifecycle state cancelled
  • Fixed the post-merge cancel backstop cancelling every member of a coalesced prompt batch when a cancel named only one: uncancelled siblings now re-merge and run (previously they were reported cancelled — on remote transports that acknowledged them as processed, silently dropping messages nobody cancelled)
  • Added terminal_reason values api_error, malformed_tool_use_exhausted, budget_exhausted, and structured_output_retry_exhausted. Turns that die on an exhausted-API-retry or malformed-tool-use give-up previously reported completed; budget and structured-output exhaustion results previously omitted terminal_reason. Commands consumed by such turns now report command_lifecycle state cancelled instead of completed (dup-over-loss)
  • Updated to parity with Claude Code v2.1.204

0.3.203

  • Added a background_tasks_changed system message with the full set of live background tasks on every membership change, so consumers can track background activity as a level instead of pairing task_started/task_notification edges
  • Fixed stable releases shipping a sdk.d.ts with unresolved type references that broke consumer typechecking with skipLibCheck disabled

0.3.202

  • Added parent_agent_id field to subagent session messages for building depth-2+ agent trees from disk-persisted metadata
  • Fixed apply_flag_settings with a non-object settings value crashing the session instead of returning a control error
Commits

Updates @anthropic-ai/sdk from 0.110.0 to 0.111.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.111.0

0.111.0 (2026-07-10)

Full Changelog: sdk-v0.110.0...sdk-v0.111.0

Features

  • api: add support for dreaming (77b28a6)
  • tools: gate session tool calls on evaluated_permission; bound idle by server stop_reason (68a6d7b)

Chores

  • docs: small updates to field descriptions (e25b885)
  • docs: update model example (a33f3f0)
  • docs: updates to descriptions and examples (eac4bac)
Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.111.0 (2026-07-10)

Full Changelog: sdk-v0.110.0...sdk-v0.111.0

Features

  • api: add support for dreaming (77b28a6)
  • tools: gate session tool calls on evaluated_permission; bound idle by server stop_reason (68a6d7b)

Chores

  • docs: small updates to field descriptions (e25b885)
  • docs: update model example (a33f3f0)
  • docs: updates to descriptions and examples (eac4bac)
Commits
  • 9e46760 chore: release main
  • 8d461ea feat(api): add support for dreaming
  • 9436e29 codegen metadata
  • 0aec1e7 feat(tools): gate session tool calls on evaluated_permission; bound idle by s...
  • ac2fc67 chore(docs): update model example
  • c8af65d chore(docs): updates to descriptions and examples
  • 2a3a904 codegen metadata
  • 57c56c9 chore(docs): small updates to field descriptions
  • See full diff in compare view

Updates @google/genai from 2.10.0 to 2.11.0

Release notes

Sourced from @​google/genai's releases.

v2.11.0

2.11.0 (2026-07-09)

Features

  • Add environment_id in network config (85fe0a5)
  • Add response_format and Translation_config in GenerationConfig (3f3b7bc)
  • add retrieval result step and new fields to maps and search results (ecfdc69)
  • Add Tool.exa_ai_search for Gemini Enterprise API (3f3b7bc)
  • support Function declarations during Agent Creation (824badf)
  • voice consent signature types across all SDK languages. (5fb5354)

Bug Fixes

  • interactions: accept both dict and list[dict] for transform (67d2f68)

Code Refactoring

  • interactions: remove cached_content, presence_penalty, and frequency_penalty; expose safety_settings and labels (0f414be)
Changelog

Sourced from @​google/genai's changelog.

2.11.0 (2026-07-09)

Features

  • Add environment_id in network config (85fe0a5)
  • Add response_format and Translation_config in GenerationConfig (3f3b7bc)
  • add retrieval result step and new fields to maps and search results (ecfdc69)
  • Add Tool.exa_ai_search for Gemini Enterprise API (3f3b7bc)
  • support Function declarations during Agent Creation (824badf)
  • voice consent signature types across all SDK languages. (5fb5354)

Bug Fixes

  • interactions: accept both dict and list[dict] for transform (67d2f68)

Code Refactoring

  • interactions: remove cached_content, presence_penalty, and frequency_penalty; expose safety_settings and labels (0f414be)
Commits
  • 136ea26 chore(main): release 2.11.0 (#1743)
  • 3bf5090 chore: update the release.txt
  • 43c5380 chore: release 2.11.0
  • 824badf feat: support Function declarations during Agent Creation
  • 0f414be refactor(interactions)!: remove cached_content, presence_penalty, and frequen...
  • 1127b43 chore: Add multiple approval check for major releases
  • 67d2f68 fix(interactions): accept both dict and list[dict] for transform
  • 5fb5354 feat: voice consent signature types across all SDK languages.
  • aad178e chore: Remove default api-revision header
  • be7ab10 chore: sort 'properties' keys in OpenAPI schemas
  • Additional commits viewable in compare view

Updates ai from 7.0.16 to 7.0.22

Release notes

Sourced from ai's releases.

ai@7.0.22

Patch Changes

  • 8f89c25: Add the Cartesia provider with Sonic 3.5 speech generation, Ink-Whisper batch transcription, and Ink 2 realtime transcription support.

ai@7.0.21

Patch Changes

  • 308a519: chore: enforce consistent imports from zod/v4 instead of zod
  • Updated dependencies [308a519]
  • Updated dependencies [7fe53d2]
    • @​ai-sdk/gateway@​4.0.16

ai@7.0.20

Patch Changes

  • b9ac19f: Flush compressed Node.js response chunks as they are piped so UI message and text streams remain incremental in Express and Next.js.
  • a4186d6: Promote the repairToolCall option to stable, with a deprecated experimental_repairToolCall alias for backwards compatibility.
Changelog

Sourced from ai's changelog.

7.0.22

Patch Changes

  • 8f89c25: Add the Cartesia provider with Sonic 3.5 speech generation, Ink-Whisper batch transcription, and Ink 2 realtime transcription support.

7.0.21

Patch Changes

  • 308a519: chore: enforce consistent imports from zod/v4 instead of zod
  • Updated dependencies [308a519]
  • Updated dependencies [7fe53d2]
    • @​ai-sdk/gateway@​4.0.16

7.0.20

Patch Changes

  • b9ac19f: Flush compressed Node.js response chunks as they are piped so UI message and text streams remain incremental in Express and Next.js.
  • a4186d6: Promote the repairToolCall option to stable, with a deprecated experimental_repairToolCall alias for backwards compatibility.

7.0.19

Patch Changes

  • be7f05a: Add fingerprintTools and detectToolDrift to detect MCP tool-definition drift ("rug pull"). Pin a tool set's server-controlled fields (string description, input schema, title) at trust time with fingerprintTools, then diff later fetches with detectToolDrift to catch injected descriptions or widened schemas before passing tools to the model. Baseline storage and the drift response remain the app's responsibility.

  • ee55a07: Preserve tool approval signatures when approvals transition to responded.

  • aad737d: Use own-property checks when resolving per-tool approvals so tool names and approval ids that match inherited object properties (e.g. constructor, toString, valueOf, __proto__) are treated as unconfigured/absent.

    • @ai-sdk/policy-opa: wrapMcpTools builds its per-tool map with a null prototype and reads supplied approvals via an own-property check, and shadow guards its per-tool map lookup the same way.
    • ai: tool and tool-context lookups keyed by a model- or client-supplied name now go through an own-property check (getOwn), so a name matching an inherited object property resolves to "no such tool"/"unconfigured" instead of a prototype value. This covers the approval path (per-tool approval resolution and replay re-validation) as well as tool-call parsing, execution, streaming callbacks, and UI message conversion/validation. The human-in-the-loop approval matching (collectToolApprovals) and streaming tool-name maps are built with a null prototype so a client-supplied id that matches an inherited property no longer slips past the "unknown approval" / "tool call not found" guards.
  • 0f93c57: feat (video): support video (not just image) reference inputs in inputReferences for reference-to-video generation

  • Updated dependencies [e12411e]

  • Updated dependencies [5d894a7]

  • Updated dependencies [fdb6d5d]

  • Updated dependencies [0f93c57]

  • Updated dependencies [d25a084]

    • @​ai-sdk/gateway@​4.0.15
    • @​ai-sdk/provider@​4.0.3
    • @​ai-sdk/provider-utils@​5.0.7

7.0.18

Patch Changes

  • Updated dependencies [ac306ed]
    • @​ai-sdk/provider-utils@​5.0.6
    • @​ai-sdk/gateway@​4.0.14

... (truncated)

Commits

Updates astro from 7.0.6 to 7.0.8

Release notes

Sourced from astro's releases.

astro@7.0.8

Patch Changes

  • #17363 3f4efc5 Thanks @​astrobot-houston! - Fixes astro preview --open not opening a browser when using an adapter with a custom preview entrypoint, such as @astrojs/cloudflare

  • #17313 e2e319d Thanks @​ronits2407! - Exposes the AstroRuntimeLogger interface to allow users to properly type the logger functions at runtime.

  • #17328 025cc74 Thanks @​matthewp! - Fixes astro dev --force not replacing an already-running dev server

  • #17353 2bba277 Thanks @​ematipico! - Updates the Astro compiler to the latest version, which fixes many regressions. Refer to the changelog for more details.

  • #17344 79a41e0 Thanks @​adamchal! - Improves rendering performance for pages with many component instances, such as repeated MDX <Content /> components.

  • Updated dependencies [64b0d66]:

    • @​astrojs/markdown-satteri@​0.3.4

astro@7.0.7

Patch Changes

  • #17318 23a4120 Thanks @​astrobot-houston! - Fixes CSS module scoped-name hash mismatch in astro dev when using vite.css.transformer: 'lightningcss' with content collections. Previously, a component importing a CSS module and rendered via content collection render() would get different class name hashes in the element and the injected <style> tag, causing styles not to apply.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server memory leak which caused Node.js to emit warnings in the console.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server crash when a .html or /index.html suffixed request (such as those netlify dev probes as pretty-URL fallbacks) matched a dynamic endpoint route, causing a TypeError: Missing parameter error

  • #17325 cebc404 Thanks @​astrobot-houston! - Fixes a bug where CSS @import rules could end up mid-stylesheet after inline CSS chunks were merged during build, causing browsers to silently ignore them

  • #17323 4298883 Thanks @​ematipico! - Fixes a build regression that could leave unresolved preload markers in inlined scripts with external dynamic imports

  • Updated dependencies [4298883, 4298883]:

    • @​astrojs/telemetry@​3.3.3
Changelog

Sourced from astro's changelog.

7.0.8

Patch Changes

  • #17363 3f4efc5 Thanks @​astrobot-houston! - Fixes astro preview --open not opening a browser when using an adapter with a custom preview entrypoint, such as @astrojs/cloudflare

  • #17313 e2e319d Thanks @​ronits2407! - Exposes the AstroRuntimeLogger interface to allow users to properly type the logger functions at runtime.

  • #17328 025cc74 Thanks @​matthewp! - Fixes astro dev --force not replacing an already-running dev server

  • #17353 2bba277 Thanks @​ematipico! - Updates the Astro compiler to the latest version, which fixes many regressions. Refer to the changelog for more details.

  • #17344 79a41e0 Thanks @​adamchal! - Improves rendering performance for pages with many component instances, such as repeated MDX <Content /> components.

  • Updated dependencies [64b0d66]:

    • @​astrojs/markdown-satteri@​0.3.4

7.0.7

Patch Changes

  • #17318 23a4120 Thanks @​astrobot-houston! - Fixes CSS module scoped-name hash mismatch in astro dev when using vite.css.transformer: 'lightningcss' with content collections. Previously, a component importing a CSS module and rendered via content collection render() would get different class name hashes in the element and the injected <style> tag, causing styles not to apply.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server memory leak which caused Node.js to emit warnings in the console.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server crash when a .html or /index.html suffixed request (such as those netlify dev probes as pretty-URL fallbacks) matched a dynamic endpoint route, causing a TypeError: Missing parameter error

  • #17325 cebc404 Thanks @​astrobot-houston! - Fixes a bug where CSS @import rules could end up mid-stylesheet after inline CSS chunks were merged during build, causing browsers to silently ignore them

  • #17323 4298883 Thanks @​ematipico! - Fixes a build regression that could leave unresolved preload markers in inlined scripts with external dynamic imports

  • Updated dependencies [4298883, 4298883]:

    • @​astrojs/telemetry@​3.3.3
Commits
  • dec7692 [ci] release (#17338)
  • 3048391 refactor(test): migrate vite virtual module tests from e2e to integration (#1...
  • 3f4efc5 fix: pass open option to adapter preview entrypoints (#17362)\n\nAdd open...
  • 79a41e0 Improve rendering performance for pages with many components (#17344)
  • 2bba277 fix: update the compiler to the latest (#17353)
  • 025cc74 Fix astro dev --force not replacing a running dev server (#17328)
  • 1b33c1f fix(routing): prevent trailing slash on file extension endpoint paths in stri...
  • e2e319d feat: export AstroComponentLogger type (#17313)
  • 3a4aa72 [ci] release (#17326)
  • 23a4120 Fix CSS module scoped-name hash mismatch with Lightning CSS in content collec...
  • Additional commits viewable in compare view

Updates wrangler from 4.107.0 to 4.110.0

Release notes

Sourced from wrangler's releases.

wrangler@4.110.0

Minor Changes

  • #14591 0283a1f Thanks @​dario-piotrowicz! - Send npm package dependency metadata with worker uploads

    Wrangler now collects npm package dependency information from the project's package.json at deploy and version upload time, and includes it in the upload metadata sent to the Cloudflare API. This enables dependency analytics and future features like vulnerability alerting.

    The collected data includes the package name, the version constraint from package.json, and the exact installed version from node_modules. Both dependencies and devDependencies are included, while workspace packages, local packages, and unresolvable packages are excluded. The list is capped at 200 entries per upload.

    To opt out, set dependencies_instrumentation.enabled to false in your Wrangler configuration file:

    {
      "dependencies_instrumentation": {
        "enabled": false
      }
    }
  • #14535 1b965c5 Thanks @​Naapperas! - Support dynamic retry delays for Workflow steps in local dev

    A step's retries.delay can now be a function that computes the delay per failed attempt, in addition to a static duration. The function receives { ctx, error } and returns a delay (a number of milliseconds or a duration string like "30 seconds"), and its result is fed into the configured backoff.

    await step.do(
      "call flaky API",
      {
        retries: {
          limit: 5,
          backoff: "constant",
          delay: ({ ctx }) => ctx.attempt * 1000,
        },
      },
      async () => {
        /* ... */
      }
    );

    The function is invoked once per failed attempt with a 5 second timeout. If it throws, times out, or returns an invalid value, the step fails without further retries.

Patch Changes

  • #14589 7b28392 Thanks @​jamesopstad! - Fix runtime type caching when wrangler dev auto-regenerates types

    When dev.generate_types (or wrangler dev --types) regenerated an out-of-date worker-configuration.d.ts, the written file omitted the // Begin runtime types marker (and the /* eslint-disable */ header) that wrangler types writes. As a result, later runs could not detect the cached runtime types and always regenerated them. The auto-regenerated file now matches wrangler types output, restoring the cache.

  • Updated dependencies [1b965c5]:

    • miniflare@4.20260708.1

... (truncated)

Commits
  • eced610 Version Packages (#14628)
  • 7b28392 Move runtime type generation to dedicated internal package (#14589)
  • 0283a1f [wrangler] Add dependency metadata to worker uploads (#14591)
  • 774c09e Version Packages (#14603)
  • 2fedb1f Support workflow terminate rollback (#14465)
  • c782e2a [wrangler] Restrict name-ownership guard to Pages-to-Workers delegation (#14616)
  • 17d2fc1 [wrangler] Add turnstile widget CLI commands (#14511)
  • 315c77c chore: use catalog for workerd dependency (#14607)
  • 9f74a5f Workflows: Improve scheduled Workflows free-plan deploy error (#14604)
  • 394b8ae Fix wrangler linting (failing because of deprecated detectAgenticEnvironment ...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note

Low Risk
Dependency-only lockfile refresh with patch/minor versions; main follow-up is regression smoke on astro build, wrangler deploy, and any AI/agent live tests—not production runtime deps.

Overview
This PR refreshes lockfile-resolved dev and transitive dependencies; the only direct manifest edit in the diff is @anthropic-ai/sdk ^0.110.0^0.111.0, while bun.lock carries the rest of the group (Vercel AI SDK packages, ai, astro, wrangler, marked, @google/genai, @anthropic-ai/claude-agent-sdk, plus Cloudflare workerd/miniflare and Astro markdown/compiler pins).

For day-to-day work here, that mostly affects site build (astro), Cloudflare deploy/preview (wrangler), and live/agent test tooling that sits on the AI SDK stack—not runtime dependencies like marked (still ^18.0.5 in package.json, resolved to 18.0.6 in the lockfile).

Notable upstream themes worth a quick smoke after merge: Wrangler now attaches npm dependency metadata on worker uploads by default (opt-out via config); AI SDK patch releases include tool-call/streaming and provider fixes; Astro 7.0.8 is bugfix/compiler-focused.

Reviewed by Cursor Bugbot for commit d03abda. Bugbot is set up for automated code reviews on this repo. Configure here.

Bumps the bun-minor-and-patch group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [marked](https://github.com/markedjs/marked) | `18.0.5` | `18.0.6` |
| [@ai-sdk/anthropic](https://github.com/vercel/ai/tree/HEAD/packages/anthropic) | `4.0.8` | `4.0.12` |
| [@ai-sdk/google](https://github.com/vercel/ai/tree/HEAD/packages/google) | `4.0.8` | `4.0.12` |
| [@ai-sdk/openai](https://github.com/vercel/ai/tree/HEAD/packages/openai) | `4.0.8` | `4.0.11` |
| [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.3.201` | `0.3.207` |
| [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.110.0` | `0.111.0` |
| [@google/genai](https://github.com/googleapis/js-genai) | `2.10.0` | `2.11.0` |
| [ai](https://github.com/vercel/ai/tree/HEAD/packages/ai) | `7.0.16` | `7.0.22` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `7.0.6` | `7.0.8` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.107.0` | `4.110.0` |


Updates `marked` from 18.0.5 to 18.0.6
- [Release notes](https://github.com/markedjs/marked/releases)
- [Commits](markedjs/marked@v18.0.5...v18.0.6)

Updates `@ai-sdk/anthropic` from 4.0.8 to 4.0.12
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/packages/anthropic/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/@ai-sdk/anthropic@4.0.12/packages/anthropic)

Updates `@ai-sdk/google` from 4.0.8 to 4.0.12
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/packages/google/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/@ai-sdk/google@4.0.12/packages/google)

Updates `@ai-sdk/openai` from 4.0.8 to 4.0.11
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/packages/openai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/@ai-sdk/openai@4.0.11/packages/openai)

Updates `@anthropic-ai/claude-agent-sdk` from 0.3.201 to 0.3.207
- [Release notes](https://github.com/anthropics/claude-agent-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/claude-agent-sdk-typescript@v0.3.201...v0.3.207)

Updates `@anthropic-ai/sdk` from 0.110.0 to 0.111.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.110.0...sdk-v0.111.0)

Updates `@google/genai` from 2.10.0 to 2.11.0
- [Release notes](https://github.com/googleapis/js-genai/releases)
- [Changelog](https://github.com/googleapis/js-genai/blob/main/CHANGELOG.md)
- [Commits](googleapis/js-genai@v2.10.0...v2.11.0)

Updates `ai` from 7.0.16 to 7.0.22
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/ai@7.0.22/packages/ai)

Updates `astro` from 7.0.6 to 7.0.8
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.8/packages/astro)

Updates `wrangler` from 4.107.0 to 4.110.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.110.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: marked
  dependency-version: 18.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: "@ai-sdk/anthropic"
  dependency-version: 4.0.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: "@ai-sdk/google"
  dependency-version: 4.0.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: "@ai-sdk/openai"
  dependency-version: 4.0.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: "@anthropic-ai/claude-agent-sdk"
  dependency-version: 0.3.207
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.111.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bun-minor-and-patch
- dependency-name: "@google/genai"
  dependency-version: 2.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bun-minor-and-patch
- dependency-name: ai
  dependency-version: 7.0.22
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: astro
  dependency-version: 7.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun-minor-and-patch
- dependency-name: wrangler
  dependency-version: 4.110.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bun-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
@dependabot dependabot Bot requested a review from pbakaus as a code owner July 13, 2026 16:11
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 13, 2026

Copy link
Copy Markdown

Deploying impeccable with  Cloudflare Pages  Cloudflare Pages

Latest commit: d03abda
Status: ✅  Deploy successful!
Preview URL: https://8f368964.impeccable-2rv.pages.dev
Branch Preview URL: https://dependabot-bun-bun-minor-and-i3ud.impeccable-2rv.pages.dev

View logs

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
@pbakaus pbakaus merged commit f2049c2 into main Jul 13, 2026
13 checks passed
@dependabot dependabot Bot deleted the dependabot/bun/bun-minor-and-patch-f350528ca7 branch July 13, 2026 17:05
mp3wizard added a commit to mp3wizard/impeccable that referenced this pull request Jul 15, 2026
New upstream features:
- Fix light-mode command demo contrast (pbakaus#370)
- chore(deps): bump bun-minor-and-patch group ×10 (pbakaus#368)
- Base sheriff stale clock on blocker age (pbakaus#364)

Security findings: 0 secrets, 0 dependency CVEs, 0 Semgrep findings. mcps-audit 1360 findings reviewed as heuristic false positives (execSync/delete/join idioms), consistent with prior cycles.
Security fixes: none required; bun.lock re-synced after upstream dep bump.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant