chore(deps): bump the production-dependencies group across 1 directory with 23 updates

[dependabot]

Bumps the production-dependencies group with 19 updates in the / directory:

Package	From	To
@ai-sdk/anthropic	3.0.74	3.0.82
@ai-sdk/google	3.0.67	3.0.80
@ai-sdk/openai	3.0.58	3.0.69
@aws-sdk/client-s3	3.1041.0	3.1066.0
@better-auth/sso	1.6.9	1.6.16
@nuxtjs/i18n	10.3.0	10.4.0
@nuxtjs/mdc	0.21.1	0.22.0
@opentelemetry/api-logs	0.216.0	0.218.0
@opentelemetry/exporter-logs-otlp-http	0.216.0	0.218.0
@opentelemetry/sdk-logs	0.216.0	0.218.0
@posthog/nuxt	1.7.21	1.7.73
@tailwindcss/typography	0.5.19	0.5.20
@tailwindcss/vite	4.2.4	4.3.0
ai	6.0.174	6.0.201
better-sqlite3	12.9.0	12.10.0
nodemailer	8.0.7	8.0.11
nuxt	4.4.4	4.4.8
resend	6.12.2	6.12.4
zod	4.4.2	4.4.3

Updates @ai-sdk/anthropic from 3.0.74 to 3.0.82

Changelog

Sourced from @​ai-sdk/anthropic's changelog.

3.0.82

Patch Changes

• 2a91a17: feat(provider/anthropic): add support for claude-fable-5 and the fallbacks API parameter

3.0.81

Patch Changes

• 4084fcd: feat(provider/anthropic): add support for claude-opus-4-8

3.0.80

Patch Changes

• 263d3e6: fix(provider/anthropic): fix remaining errors with Anthropic code_execution tool dynamic calls from latest web_fetch or web_search

3.0.79

Patch Changes

• d61a788: Handle errors from anthropic websearch tool

3.0.78

Patch Changes

• 6e28d25: fix(anthropic): propagate toModelOutput providerOption to anthropic tool results

3.0.77

Patch Changes

• d53314d: feat(anthropic): add the new advisor tool

3.0.76

Patch Changes

• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27

3.0.75

Patch Changes

• 3f06680: Remove stale effort-2025-11-24 beta header — the extended thinking effort parameter is GA and no longer requires the beta flag. Vertex AI's strict validator was actively rejecting requests with this header.

Commits

• f6e5881 Version Packages (#15902)
• 2a91a17 backport: feat(provider/anthropic): add support for claude-fable-5 and the ...
• 7aca1fc backport: chore: update TypeScript references and fix `pnpm update-references...
• 974e161 Version Packages (#15677)
• 4084fcd backport: feat(provider/anthropic): add support for claude-opus-4-8 (#15675)
• 097c1cd Version Packages (#15612)
• 263d3e6 Backport: fix(provider/anthropic): fix remaining errors with Anthropic `code_...
• 7ebba33 Version Packages (#15557)
• d61a788 Backport: Handle errors in anthropic's web search tool (#15555)
• 2e7664b Version Packages (#15315)
• Additional commits viewable in compare view

Updates @ai-sdk/google from 3.0.67 to 3.0.80

Changelog

Sourced from @​ai-sdk/google's changelog.

3.0.80

Patch Changes

• f62ffe0: fix(google): auto-inject skip_thought_signature_validator for Gemini 3 tool-call replays without a signature

  Gemini 3 models reject requests when an assistant functionCall part lacks a thoughtSignature with HTTP 400 "Function call is missing a thought_signature in functionCall parts." This is easy to hit when application code persists/serializes messages and drops providerOptions.google.thoughtSignature (custom DB schemas, useChat server routes that rebuild messages, synthetic tool-call injection).

  The provider now detects this case (Gemini 3 model + missing signature under google, googleVertex, and vertex namespaces) and injects the documented skip_thought_signature_validator sentinel into the outbound functionCall, plus surfaces a one-shot warning per request listing the affected tool names so the developer can find and fix the upstream serialization. Non-Gemini-3 models are unaffected, and real signatures take precedence when present.

3.0.79

Patch Changes

• cfa0cb2: feat(provider/google): support Google search grounding when using generateImage with Gemini

3.0.78

Patch Changes

• cf63828: fix(google): read serviceTier from usageMetadata.serviceTier in both generate and stream paths

  The previous implementation read serviceTier from the x-gemini-service-tier response header, which is only populated on non-streaming responses. Gemini streaming includes the value in usageMetadata.serviceTier on every chunk, so providerMetadata.google.serviceTier was always null for streams. Read from usageMetadata for both paths instead.

3.0.77

Patch Changes

• 0f9f9bf: feat(google): read serviceTier from x-gemini-service-tier response header in Gemini API and use PayGo for Vertex

3.0.76

Patch Changes

• f259bd1: fix(google): fix streaming tool call args
• 756fec1: feat(provider/google): add gemini-3.5-flash

3.0.75

Patch Changes

• ab15576: feat(google): update Interactions API implementation to cater for upstream breaking changes coming May 26

3.0.74

Patch Changes

... (truncated)

Commits

• 661127c Version Packages (#15622)
• f62ffe0 fix(google): auto-inject skip_thought_signature_validator on Gemini 3 tool-ca...
• fc83fa3 Version Packages (#15532)
• cfa0cb2 Backport: feat(provider/google): support Google search grounding when using `...
• 93ad540 Version Packages (#15489)
• cf63828 Backport: fix(google): read serviceTier from usageMetadata in stream + genera...
• a15eda9 Version Packages (#15473)
• 0f9f9bf Backport: fix(google): read serviceTier from x-gemini-service-tier response h...
• b9241af Backport: feat(provider/google): add support for managed agents in the Intera...
• e33b836 Version Packages (#15440)
• Additional commits viewable in compare view

Updates @ai-sdk/openai from 3.0.58 to 3.0.69

Changelog

Sourced from @​ai-sdk/openai's changelog.

3.0.69

Patch Changes

• 9a55f6d: feat(openai): add namespaces for tool definitions

3.0.68

Patch Changes

• c65c952: fix(openai): round-trip namespace on function_call input items

  When tool_search dispatches a deferred tool, the resulting function_call carries a namespace field identifying which deferred-tool group the model picked. [#14789](https://github.com/vercel/ai/tree/HEAD/packages/openai/issues/14789) preserved this on the read side (providerMetadata.openai.namespace), but the write side still serialized function_call input items without namespace. Multi-step / multi-turn conversations then failed with Missing namespace for function_call '<name>'. ... Round-trip the model's function_call item with its namespace field included.

  convert-to-openai-responses-input.ts now reads namespace from providerOptions.openai.namespace (or providerMetadata.openai.namespace) on tool-call parts and includes it on the serialized function_call item, mirroring how itemId is round-tripped.

3.0.67

Patch Changes

• c679fec: feat(provider/azure):web search tool in the Azure OpenAI Responses API.

3.0.66

Patch Changes

• c82ab42: feat(openai): forward web_search_call.action.queries from Responses API

3.0.65

Patch Changes

• eb52378: fix(openai): skip passing reasoning items when using previous response id

3.0.64

Patch Changes

• b7ed8bd: feat(openai): add opt-in pass-through for unsupported file media types

3.0.63

Patch Changes

• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27

3.0.62

Patch Changes

... (truncated)

Commits

• f6e5881 Version Packages (#15902)
• 9a55f6d Backport: feat(openai): add namespaces for tool definitions (#15910)
• de852ab Version Packages (#15821)
• c65c952 Backport: fix(openai): round-trip namespace on function_call input items (#15...
• 7aca1fc backport: chore: update TypeScript references and fix `pnpm update-references...
• d4893c4 Version Packages (#15700)
• c679fec Backport: feat(provider/azure): web search tool in the Azure OpenAI Responses...
• 52332bf Version Packages (#15637)
• c82ab42 Backport: feat(openai): forward web_search_call.action.queries from Responses...
• 1a3ec6d Version Packages (#15513)
• Additional commits viewable in compare view

Updates @aws-sdk/client-s3 from 3.1041.0 to 3.1066.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1066.0

3.1066.0(2026-06-10)

New Features

• client-amp: Adds supports for out-of-order sample ingestion (default 1-minute window) and a configurable rule query offset to reduce data loss and improve alerting accuracy. (7c5a6413)
• client-medialive: Adding premixer settings to pid and track audio inputs in MediaLIve to allow greater control over mixing audio from multiple source streams including support for AudioPidSelectors made up of multiple audio PIDs. (82f4fa6a)
• client-ec2: This release adds support for AMI Watermark which a structured identifier that helps in tracking AMI provenance (e4a7c0b8)
• client-signin: AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses. (7ac0cf5f)
• client-ecs: Amazon ECS Managed Daemon task definitions now support pidMode and ipcMode parameters. Set shared to allow daemons to share PID or IPC namespaces with co-located tasks on Managed Instances, enabling process tracing and shared memory communication. (4a88904d)
• client-lightsail: This release adds support for Asia Pacific (Hong Kong) (ap-east-1), Europe (Spain) (eu-south-2) and South America (Sao Paulo) (sa-east-1) Regions. (2d21213a)
• client-sagemaker: Add support for G6e instances (ml.g6e.xlarge through ml.g6e.48xlarge) on Amazon SageMaker Notebook Instances. (1f9aaa5b)
• client-connecthealth: Add support for MedicalScribeBinaryAudioEvent in the Medical Scribe streaming input. This new event type lets you send audio as a raw binary payload instead of a base64-encoded value (b53e6271)
• undici-http-handler: re-export '@​smithy/undici-http-handler' (#8093) (7a1992b0)

Tests

• client-iam: update hook time out (#8094) (8c4cdea5)
• use crypto.randomUUID for resource names in e2e tests (#8091) (e4ef6c57)

---

For list of updated packages, view updated-packages.md in assets-3.1066.0.zip

v3.1065.0

3.1065.0(2026-06-09)

Chores

• lib-transfer-manager: sort scripts alphabetically (#8087) (0441d8b7)

New Features

• clients: update client endpoints as of 2026-06-09 (935d71be)
• client-timestream-write: Adding new BDD representation of endpoint ruleset (45148681)
• client-cloudwatch: This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. (67566cd6)
• client-marketplace-commerce-analytics: Adding new BDD representation of endpoint ruleset (0adb8bd9)
• client-bedrock: Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. (9acf4f7f)
• client-odb: Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. (fad7009c)
• client-timestream-query: Adding new BDD representation of endpoint ruleset (878fc723)
• client-dynamodb-streams: Adding new BDD representation of endpoint ruleset (eeaa7827)
• client-ec2: Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. (6a382a8a)
• client-bedrock-agentcore: Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. (a9c4a0da)
• client-outposts: Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. (bb1279ef)
• client-iotsitewise: Adding new BDD representation of endpoint ruleset (b9314d4a)

Bug Fixes

• credential-provider-sso: forward clientConfig to SSO token provider (#8089) (4bacac32)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1066.0 (2026-06-10)

Note: Version bump only for package @​aws-sdk/client-s3

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-s3

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/client-s3

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-s3

3.1062.0 (2026-06-04)

Note: Version bump only for package @​aws-sdk/client-s3

3.1061.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1060.0 (2026-06-03)

... (truncated)

Commits

• 4b11912 Publish v3.1066.0
• e4ef6c5 test: use crypto.randomUUID for resource names in e2e tests (#8091)
• 62daf07 Publish v3.1065.0
• bac7175 Publish v3.1064.0
• 86792c5 chore(scripts): update pkg json linting (#8082)
• 85dabf4 Publish v3.1063.0
• 9bd1a86 chore: update author URL in package.json (#8080)
• f5235bb Publish v3.1062.0
• 291ad36 chore(scripts): include generated packages when validating declared imports 1...
• 71df2cc Publish v3.1061.0
• Additional commits viewable in compare view

Updates @better-auth/sso from 1.6.9 to 1.6.16

Release notes

Sourced from @​better-auth/sso's releases.

v1.6.16

better-auth

Bug Fixes

• Fixed SIWE verification to bind the signed message to server state before creating a session, preventing acceptance of signatures produced for a different message, earlier nonce, or unrelated domain.
• Fixed PayPal ID token verification to validate the signature, issuer, audience, expiration, and nonce against PayPal's JWKS (RS256) or client secret (HS256), rejecting tokens that pass only structural checks.
• Fixed Google hd (hosted domain) enforcement to verify the hd claim on the verified ID token and callback profile, preventing accounts outside the configured Workspace domain from signing in.
• Fixed verifyAccessToken remote introspection to reject tokens with a missing or mismatching aud claim; set remoteVerify.allowMissingAudience: true to permit tokens where the introspection response legitimately omits aud.
• Fixed the admin plugin to enforce permissions on role, ban, and email fields in /admin/create-user and /admin/update-user, and prevent data from overriding protected fields. (#9974)
• Fixed email sign-in and sign-up to validate Origin and Referer headers against trustedOrigins even when requests carry no cookies. (#9973)
• Fixed /update-session to reject plugin-managed fields (activeOrganizationId, activeTeamId, impersonatedBy) with a 400 error; use their dedicated endpoints to change these values. (#9965)
• Fixed /update-session and account token routes to immediately reject deleted sessions when cookie cache is enabled alongside database or secondary storage. (#9967)
• Fixed /refresh-token to only trust the account cookie when its userId, providerId, and accountId match the resolved session user.
• Fixed generic OAuth sign-in to reject sign-ins when no account ID can be resolved from the provider response, preventing account collisions on providers that omit sub.
• Fixed createInvitation and acceptInvitation to validate that all requested team IDs belong to the invitation's organization, preventing cross-organization team membership.
• Fixed the JWKS cache to be scoped per verification source with a TTL, preventing key cross-contamination when verifying tokens against multiple issuers simultaneously.
• Fixed the Reddit provider to stop storing oauth_client_id as the user email, preventing all users of the same app from sharing a single email address; a synthetic per-user address is now used when no real email is provided via mapProfileToUser.
• Fixed Facebook token verification to validate tokens against the configured app via the debug_token endpoint, requiring is_valid, a matching app_id, and a client secret for direct sign-in.

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

• Fixed the token endpoint to enforce per-client grant types, preventing clients registered only for authorization_code from requesting client_credentials tokens.
• Fixed /oauth2/continue to derive post-login gate completion from a server-issued session marker rather than the client-submitted postLogin flag.
• Fixed token introspection to require an azp claim and a valid client on JWT access tokens, preventing session JWTs from being reported as active access tokens.

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

• Fixed SAML AuthnRequest handling to consume the request atomically, preventing replay attacks on concurrent requests. (#9972)
• Fixed SSO provider IDs to be isolated from the OAuth/social account-linking namespace, preventing unintended account linking when an SSO provider ID matches a trusted OAuth provider name.
• Fixed OIDC endpoint validation to reject server-side requests resolving to non-publicly-routable addresses, protecting against SSRF on token, userinfo, and JWKS endpoints.

For detailed changes, see CHANGELOG

@better-auth/api-key

Bug Fixes

• Fixed API key verification to persist only the fields it mutates rather than the full record, preventing concurrent disables, permission changes, or expiry updates from being reverted by an in-flight verification.
• Fixed /api-key/create to verify the session against the authoritative store with disableCookieCache: true, preventing revoked sessions from being accepted within the cookie-cache window.

For detailed changes, see CHANGELOG

... (truncated)

Changelog

Sourced from @​better-auth/sso's changelog.

1.6.16

Patch Changes

• #9974 cb1cbfa Thanks @​Bekacru! - Validate OIDC endpoints fetched server-side (token, userinfo, jwks) at request time by resolving the hostname and rejecting any host that resolves to a non-publicly-routable address. Discovery and userinfo requests no longer auto-follow redirects to unvalidated hosts. Operator-allowlisted origins (trustedOrigins) remain exempt for internal IdPs.

• #9974 cb1cbfa Thanks @​Bekacru! - Separate SSO provider ids from the account-linking provider namespace used for social/OAuth providers. Previously an SSO provider registered with an id matching a configured accountLinking.trustedProviders entry (e.g. google) was treated as a trusted provider and could implicitly link to an existing verified account with the same email.

  SSO registration now rejects provider ids that collide with a configured social provider, a trustedProviders entry, or a reserved built-in id. In addition, the OIDC and SAML callbacks no longer derive trust from a trustedProviders name match — SSO trust comes solely from verified domain ownership (domainVerified). handleOAuthUserInfo gains a trustProviderByName option (default true, preserving social-provider behavior) that the SSO plugin sets to false.

• Updated dependencies [cb1cbfa, cb1cbfa, cb1cbfa, cb1cbfa, cb1cbfa, cb1cbfa, 87e7aa5, cb1cbfa, cb1cbfa, cb1cbfa, 893cf6c, cb1cbfa, cb1cbfa, 5e49c56, cb1cbfa]:

  • better-auth@1.6.16
  • @​better-auth/core@​1.6.16

1.6.15

Patch Changes

• #9748 bff65fd Thanks @​seebykilian! - When clockSkew is configured in the SSO plugin's SAML options, it was only applied to better-auth's internal validation but never passed down to samlify's ServiceProvider. As a result, samlify used its default [0, 0] clock drift, causing ERR_SUBJECT_UNCONFIRMED errors on valid SAML responses whenever there was any clock difference between the SP and the IdP.

  This affects any standard IdP (Auth0, Keycloak, Okta, etc.) even when the SAML response is fully valid and the server time is well within the NotBefore/NotOnOrAfter window.

  This is now fixed.

• Updated dependencies [1012b69, ad60333, 0933c05, b0ddfd3]:

  • better-auth@1.6.15
  • @​better-auth/core@​1.6.15

1.6.14

Patch Changes

• Updated dependencies [2d9781a, 5a2d642, 13abc79, 9d3450a]:
  • better-auth@1.6.14
  • @​better-auth/core@​1.6.14

1.6.13

Patch Changes

• #9818 43c08a2 Thanks @​gustavovalverde! - Fix SAML Single Logout leaving the user signed in. The logout handlers passed the session row id to a delete that matches on the session token, so the session was never removed. The stored SAML session record now carries the session token, and all three logout paths revoke the session by token.

• #9821 4c3bbc4 Thanks @​gustavovalverde! - Fix a high-severity XML injection in signed SAML assertions (GHSA-34r5-q4jw-r36m) by updating samlify from 2.10.2 to 2.13.1. A crafted AttributeValue could escalate privileges.

... (truncated)

Commits

• 1a3c8c4 chore: release v1.6.16 (#9958)
• cb1cbfa fix: address bug findings across packages (#9974)
• a6b0295 fix(sso): consume SAML AuthnRequest atomically (#9972)
• 03e0e36 chore: release v1.6.15 (#9886)
• bff65fd fix(sso): pass clockSkew to samlify clockDrifts to fix ERR_SUBJECT_UNCONFIRME...
• 5038d41 chore: release v1.6.14 (#9846)
• a6f38c7 chore: release v1.6.13 (#9804)
• 4c3bbc4 fix(sso): update samlify to 2.13.1 for signed-assertion XML injection (#9821)
• 43c08a2 fix(account): scope OAuth account identity and fix buggy internalAdapter help...
• c0c574e chore: release v1.6.12 (#9590)
• Additional commits viewable in compare view

Updates @nuxtjs/i18n from 10.3.0 to 10.4.0

Release notes

Sourced from @​nuxtjs/i18n's releases.

v10.4.0

   🚀 Features

• First-class CDN support for lazy-loaded messages  -  by @​Hronom and Claude Opus 4.7 (1M context) in nuxt-modules/i18n#3976 (e4d6a)
• Experimental prerenderMessages option  -  by @​BobbieGoede in nuxt-modules/i18n#3991 (8cc7c)

   🐞 Bug Fixes

• Prevent silently disabling experimental.compactRoutes  -  by @​BobbieGoede in nuxt-modules/i18n#3972 (7789f)
• Compact routes prerender handling and router warnings  -  by @​BobbieGoede in nuxt-modules/i18n#3975 (131a5)
• Prevent redirection to catch-all for unlocalized routes  -  by @​fedetorre and Federico Torresan in nuxt-modules/i18n#3911 (1cf37)
• Skip path config generation for unlocalized routes  -  by @​tatakaisun in nuxt-modules/i18n#3993 (66322)
• Warn on missing vueI18n config in builds  -  by @​tatakaisun and @​BobbieGoede in nuxt-modules/i18n#3992 (26345)

    View changes on GitHub

Changelog

Sourced from @​nuxtjs/i18n's changelog.

v10.4.0 (2026-05-21T13:43:10Z)

This changelog is generated by GitHub Releases

   🚀 Features

• First-class CDN support for lazy-loaded messages  -  by @​Hronom and Claude Opus 4.7 (1M context) in nuxt-modules/i18n#3976 (e4d6a)
• Experimental prerenderMessages option  -  by @​BobbieGoede in nuxt-modules/i18n#3991 (8cc7c)

   🐞 Bug Fixes

• Prevent silently disabling experimental.compactRoutes  -  by @​BobbieGoede in nuxt-modules/i18n#3972 (7789f)
• Compact routes prerender handling and router warnings  -  by @​BobbieGoede in nuxt-modules/i18n#3975 (131a5)
• Prevent redirection to catch-all for unlocalized routes  -  by @​fedetorre and Federico Torresan in nuxt-modules/i18n#3911 (1cf37)
• Skip path config generation for unlocalized routes  -  by @​tatakaisun in nuxt-modules/i18n#3993 (66322)
• Warn on missing vueI18n config in builds  -  by @​tatakaisun and @​BobbieGoede in nuxt-modules/i18n#3992 (26345)

    View changes on GitHub

Commits

• 69d5886 release: v10.4.0
• 26345c1 fix: warn on missing vueI18n config in builds (#3992)
• 66322e5 fix: skip path config generation for unlocalized routes (#3993)
• 8cc7ca8 feat: experimental prerenderMessages option (#3991)
• b12514f chore(deps): update dependencies (#3981)
• 9fe76c1 ci: fix lockfile missing fixture
• 1cf37d7 fix: prevent redirection to catch-all for unlocalized routes (#3911)
• e4d6a5d feat: first-class CDN support for lazy-loaded messages (#3976)
• 16682ab chore(deps): upgrade nuxt to v4.4.4 (#3977)
• a6dc098 test: improve ssg fixture process handling to reduce flakiness (#3967)
• Additional commits viewable in compare view

Updates @nuxtjs/mdc from 0.21.1 to 0.22.0

Release notes

Sourced from @​nuxtjs/mdc's releases.

v0.22.0

• chore: upgrade deps (b3de9fc)
• docs: add Comark migration guide in README (595fe77)

Changelog

Sourced from @​nuxtjs/mdc's changelog.

v0.22.0

compare changes

📖 Documentation

• Add Comark migration guide in README (595fe77)

🏡 Chore

• Upgrade deps (b3de9fc)

❤️ Contributors

• Farnabaz farnabaz@gmail.com

Commits

• 88b95a9 chore(release): release v0.22.0
• b3de9fc chore: upgrade deps
• 595fe77 docs: add Comark migration guide in README
• See full diff in compare view

Updates @opentelemetry/api-logs from 0.216.0 to 0.218.0

Release notes

Sourced from @​opentelemetry/api-logs's releases.

experimental/v0.218.0

0.218.0

🚀 Features

• feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): show all config validation errors, if there are multiple #6683 @​trentm
• feat(sdk-node): allow startNodeSDK() without an arg #6688 @​trentm

🏠 Internal

• refactor(sdk-logs): alias LoggerProviderConfig to LoggerProviderOptions #6691 @​david-luna
• refactor(sdk-logs): use Logger.enabled() within Logger.emit() implementation #6680 @​david-luna

experimental/v0.217.0

0.217.0

🚀 Features

• feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
• feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
  • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
  • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
  • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

• fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
• fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
• fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
• fix(configuration): improve handling of enums in generated types #6659 @​trentm
• fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
• fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
• fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

Commits

• 06ad0ea chore: prepare next release (#6703)
• 38ca257 feat(otlp-transformer): replace protobufjs metrics serialization with custom ...
• 013c600 chore: prepare next release (#6699)
• b7a0c63 feat(semantic-conventions): update semantic conventions to v1.41.1 (#6695)
• 774143b chore(renovate): add minimumReleaseAge to config (#6697)
• e0dafe0 fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...
• f804c93 chore(deps): update github/codeql-action digest to 68bde55 (#6682)
• 95e48e7 refactor(sdk-logs): alias LoggerProviderConfig to LoggerProviderOptions (...
• 907b627 feat(sdk-node): allow startNodeSDK() without an arg (#6688)
• 0d15261 docs: Add SIG meeting info and welcoming language (#6689)
• Additional commits viewable in compare view

Updates @opentelemetry/exporter-logs-otlp-http from 0.216.0 to 0.218.0

Release notes

Sourced from @​opentelemetry/exporter-logs-otlp-http's releases.

experimental/v0.218.0

0.218.0

🚀 Features

• feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): show all config validation errors, if there are multiple #6683 @​trentm
• feat(sdk-node): allow startNodeSDK() without an arg #6688 @​trentm

🏠 Internal

• refactor(sdk-logs): alias LoggerProviderConfig to LoggerProviderOptions #6691 @​david-luna
• refactor(sdk-logs): use Logger.enabled() within Logger.emit() implementation #6680 Description has been truncated

[railway-app]

🚅 Deployed to the reqcore-pr-197 environment in applirank

Service	Status	Web	Updated (UTC)
applirank	❌ Build Failed (View Logs)		Jun 11, 2026 at 6:35 am

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml