chore(deps): bump the prod-deps group across 1 directory with 12 updates

[dependabot]

Bumps the prod-deps group with 12 updates in the / directory:

Package	From	To
@ai-sdk/react	3.0.170	3.0.195
@openrouter/ai-sdk-provider	2.8.0	2.9.0
ai	6.0.168	6.0.193
framer-motion	12.38.0	12.40.0
fumadocs-core	16.8.0	16.9.3
fumadocs-ui	16.8.0	16.9.3
geist	1.7.0	1.7.2
lucide-react	1.8.0	1.17.0
react	19.2.5	19.2.6
react-dom	19.2.5	19.2.6
tailwind-merge	3.5.0	3.6.0
zod	4.3.6	4.4.3

Updates @ai-sdk/react from 3.0.170 to 3.0.195

Release notes

Sourced from @​ai-sdk/react's releases.

@​ai-sdk/react@​3.0.195

Patch Changes

• Updated dependencies [af580ea]
  • ai@6.0.193

@​ai-sdk/react@​3.0.194

Patch Changes

• ai@6.0.192

Changelog

Sourced from @​ai-sdk/react's changelog.

3.0.195

Patch Changes

• Updated dependencies [af580ea]
  • ai@6.0.193

3.0.194

Patch Changes

• ai@6.0.192

3.0.193

Patch Changes

• ai@6.0.191

3.0.192

Patch Changes

• ai@6.0.190

3.0.191

Patch Changes

• Updated dependencies [356c3cf]
  • ai@6.0.189

3.0.190

Patch Changes

• Updated dependencies [c98715a]
  • ai@6.0.188

3.0.189

Patch Changes

• ai@6.0.187

3.0.188

Patch Changes

• ai@6.0.186

... (truncated)

Commits

• 2412dfc Version Packages (#15697)
• 974e161 Version Packages (#15677)
• 0838d52 Version Packages (#15565)
• 1a3ec6d Version Packages (#15513)
• bde7d0f Version Packages (#15494)
• 93ad540 Version Packages (#15489)
• a15eda9 Version Packages (#15473)
• e33b836 Version Packages (#15440)
• 4a98945 Version Packages (#15406)
• f8d3003 Version Packages (#15356)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ai-sdk/react since your current version.

Updates @openrouter/ai-sdk-provider from 2.8.0 to 2.9.0

Release notes

Sourced from @​openrouter/ai-sdk-provider's releases.

2.9.0

What's Changed

• fix: allow query strings and fragments in image URL regex (#484) by @​robert-j-y in OpenRouterTeam/ai-sdk-provider#485
• fix: allow opting out of response_format strict mode (#483) by @​robert-j-y in OpenRouterTeam/ai-sdk-provider#486
• fix: stop emitting duplicate tool-call events on trailing-whitespace deltas by @​0age in OpenRouterTeam/ai-sdk-provider#489
• Version Packages by @​github-actions[bot] in OpenRouterTeam/ai-sdk-provider#490

New Contributors

• @​0age made their first contribution in OpenRouterTeam/ai-sdk-provider#489

Full Changelog: OpenRouterTeam/ai-sdk-provider@2.8.1...2.9.0

2.8.1

What's Changed

• fix: preserve empty reasoning_details arrays in multi-turn conversations by @​louisgv in OpenRouterTeam/ai-sdk-provider#487
• Version Packages by @​github-actions[bot] in OpenRouterTeam/ai-sdk-provider#488

Full Changelog: OpenRouterTeam/ai-sdk-provider@2.8.0...2.8.1

Changelog

Sourced from @​openrouter/ai-sdk-provider's changelog.

2.9.0

Minor Changes

• #486 82e8014 Thanks @​robert-j-y! - Add structuredOutputs.strict setting to opt out of response_format.json_schema.strict (issue #483).

  Previously the SDK hardcoded strict: true whenever a JSON schema response format was used, which made it impossible to route requests to providers that don't advertise support for strict json_schema. Models like moonshotai/kimi-k2.6 (routed through Parasail/Venice/Io Net) returned HTTP 404 "No endpoints available matching your guardrail restrictions and data policy" because the strict flag eliminated every eligible endpoint.

  Users can now opt out per-model:

  const model = openrouter.chat("moonshotai/kimi-k2.6", {
    structuredOutputs: { strict: false },
  });

  The default remains strict: true for backward compatibility.

Patch Changes

• #485 bf664b1 Thanks @​robert-j-y! - Fix supportedUrls['image/*'] regex to accept image URLs with query strings or fragments (e.g. https://cdn.example.com/photo.png?height=200, .../photo.webp#frag). Previously the $ anchor on the extension caused such URLs to be treated as unsupported, forcing the AI SDK runtime to download and base64-inline them, which bloated conversation history and inflated token usage.

• #489 bb2d4cb Thanks @​0age! - fix: stop emitting duplicate tool-call events when a trailing-whitespace argument delta arrives after a complete tool call

  In the streaming chat handler, the merge-into-existing-tool-call path enqueues a tool-call stream event whenever the accumulated function.arguments is parsable JSON. Because JSON.parse accepts trailing whitespace, any subsequent argument delta for the same tool-call index (e.g. a stray space, newline, or closing-token chunk) leaves the arguments parsable and would re-trigger the emit, producing a second tool-call event with the same toolCallId. Downstream tool runners (e.g. Vercel AI SDK streamText) then execute the tool twice. Observed in production with moonshotai/kimi-k2.6 via OpenRouter, where the user-visible effect was every outbound message being delivered twice.

  src/chat/index.ts:

  • Merge-path tool-call emit is now gated on !toolCall.sent, mirroring the new-path behavior. The sent flag was already being set after the first emit but was never read on this path.

  src/chat/index.test.ts:

  • Adds a regression test that streams a complete tool call followed by a trailing-whitespace-only argument delta for the same index and asserts exactly one tool-call event is emitted.

2.8.1

Patch Changes

• #487 4588197 Thanks @​louisgv! - fix: preserve empty reasoning_details arrays in multi-turn conversations

  Some providers (notably DeepSeek V4 in thinking mode) return reasoning_details: [] on turns where they produced no visible reasoning tokens. They require this empty array to be sent back in subsequent requests to maintain conversation state; omitting it causes 4xx errors on follow-up turns.

  src/chat/index.ts:

  • Stream finish event now always sets openrouterMetadata.reasoning_details, even when the accumulated array is empty (previously guarded by length > 0).
  • Both reasoning-end emit sites now always include providerMetadata.openrouter.reasoning_details,

... (truncated)

Commits

• 5cef3c5 Version Packages (#490)
• bb2d4cb fix: stop emitting duplicate tool-call events on trailing-whitespace deltas (...
• 82e8014 fix: allow opting out of response_format strict mode (#483) (#486)
• bf664b1 fix: allow query strings and fragments in image URL regex (#484) (#485)
• 310ba3d Version Packages (#488)
• 4588197 fix: preserve empty reasoning_details arrays in multi-turn conversations (#487)
• See full diff in compare view

Updates ai from 6.0.168 to 6.0.193

Release notes

Sourced from ai's releases.

ai@6.0.193

Patch Changes

• af580ea: fix(ai): do not re-validate tool input for output-error parts in validateUIMessages

ai@6.0.192

Patch Changes

• Updated dependencies [4084fcd]
  • @​ai-sdk/gateway@​3.0.121

Changelog

Sourced from ai's changelog.

6.0.193

Patch Changes

• af580ea: fix(ai): do not re-validate tool input for output-error parts in validateUIMessages

6.0.192

Patch Changes

• Updated dependencies [4084fcd]
  • @​ai-sdk/gateway@​3.0.121

6.0.191

Patch Changes

• Updated dependencies [27a1b22]
  • @​ai-sdk/gateway@​3.0.120

6.0.190

Patch Changes

• Updated dependencies [33b10a2]
• Updated dependencies [f6e4146]
  • @​ai-sdk/gateway@​3.0.119

6.0.189

Patch Changes

• 356c3cf: fix(ai): make input optional on input-streaming UIMessagePart variants

6.0.188

Patch Changes

• c98715a: Add allowSystemInMessages option to ToolLoopAgent.

  This exposes the same option that exists on streamText and generateText, whether role: "system" messages are allowed in the prompt or messages fields. When unset, system messages are rejected because they can create a prompt injection attack risk. Ideally, use the instructions option instead. Set to true to allow system messages, or false to explicitly reject them.

  const agent = new ToolLoopAgent({
    model,
    allowSystemInMessages: true,
  });
  await agent.generate({
  messages: [

... (truncated)

Commits

• 2412dfc Version Packages (#15697)
• af580ea Backport: fix(ai): do not re-validate tool input for output-error parts in va...
• 974e161 Version Packages (#15677)
• 0838d52 Version Packages (#15565)
• 1a3ec6d Version Packages (#15513)
• bde7d0f Version Packages (#15494)
• 356c3cf Backport: fix(ai): make input optional on input-streaming UIMessagePart varia...
• 93ad540 Version Packages (#15489)
• c98715a Backport: [tool-loop-agent] adding support for messages with system role with...
• a15eda9 Version Packages (#15473)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for ai since your current version.

Updates framer-motion from 12.38.0 to 12.40.0

Changelog

Sourced from framer-motion's changelog.

[12.40.0] 2026-05-21

Added

• path option to transition.
• arc() for motion along an arc.

[12.39.0] 2026-05-18

Added

• Support for repeatType and repeatDelay in animation sequences.

Fixed

• Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.
• Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so dragSnapToOrigin no longer leaves the drag transform stranded after a layout swap.
• LazyMotion: Share React contexts between the framer-motion and framer-motion/m (and therefore motion/react and motion/react-m) CJS bundles so that <m.div> from the /m subpath picks up features loaded by <LazyMotion> from the main entry point.
• useScroll: Support hydrating target and container refs from anywhere in the tree.
• Drag: Gesture no longer starts from incorrect start point when rendered inside <AnimatePresence initial={false} />.
• Drag: dragConstraints, when set as viewport-relative ref, no longer break on scroll.§
• Updated visualElement hydration order.
• useAnimate: Now respects skipAnimations.
• AnimatePresence: Fix object-form initial values not applied on re-entry after exit completes.
• scroll: Fixed callback progress when tracking an element.
• useScroll: Fix hardware acceleration when tracking an element.

Commits

• 38ebb94 v12.40.0
• b1f766c Latest
• bca5544 Merge pull request #3699 from motiondivision/lochie/arcs-injectable
• f1a96cf arc(): rename amp/rotate, expose MotionPath, fix explicit cw/ccw
• b4aaba0 pathRotation: non-destructive orientToPath rotation channel
• 8604ef3 Make arcs injectable via transition.path = arc()
• f90fe29 add orientToPath
• 9ebe999 fix: test
• bc2107e Revert "no should"
• 6eeb92d no should
• Additional commits viewable in compare view

Updates fumadocs-core from 16.8.0 to 16.9.3

Release notes

Sourced from fumadocs-core's releases.

fumadocs-core@16.9.3

Patch Changes

• 42f0255: Support invalidate & revalidate on dynamic loader
• a807798: Improve source API utils & types

fumadocs-core@16.9.1

Patch Changes

• e77b9b3: Introduce pagesIndex property to explicitly define the index page for folder
• 334c8fd: [i18n] support different orders of preset() calls

fumadocs-core@16.8.12

Patch Changes

• 768b676: Standardize structuredData in page data

fumadocs-core@16.8.11

Patch Changes

• 1dc86c7: loosen the range for waku

fumadocs-core@16.8.10

Patch Changes

• 062beab: fix internal types
• 505cfe0: Add remark-block-id plugin

fumadocs-core@16.8.8

No release notes provided.

fumadocs-core@16.8.7

No release notes provided.

fumadocs-core@16.8.6

No release notes provided.

fumadocs-core@16.8.5

Patch Changes

• 79d3209: Narrow schema type for private OpenAPI properties

fumadocs-core@16.8.4

Patch Changes

• 61b15e9: fix Shiki languages not loaded under lazy mode
• 1a5433c: Support $ in locale for page tree generation

fumadocs-core@16.8.3

No release notes provided.

... (truncated)

Commits

• See full diff in compare view

Updates fumadocs-ui from 16.8.0 to 16.9.3

Release notes

Sourced from fumadocs-ui's releases.

fumadocs-ui@16.9.3

Patch Changes

• Updated dependencies [42f0255]
• Updated dependencies [a807798]
  • fumadocs-core@16.9.3

fumadocs-ui@16.9.1

Patch Changes

• Updated dependencies [e77b9b3]
• Updated dependencies [334c8fd]
  • fumadocs-core@16.9.1

fumadocs-ui@16.8.12

Patch Changes

• Updated dependencies [768b676]
  • fumadocs-core@16.8.12

fumadocs-ui@16.8.11

Patch Changes

• Updated dependencies [1dc86c7]
  • fumadocs-core@16.8.11

fumadocs-ui@16.8.10

Patch Changes

• Updated dependencies [062beab]
• Updated dependencies [505cfe0]
  • fumadocs-core@16.8.10

fumadocs-ui@16.8.8

Patch Changes

• b494c8d: Support copy ID in headings
• 03626ba: [Search UI] show ctrl for Linux machines
  • fumadocs-core@16.8.8

fumadocs-ui@16.8.7

Patch Changes

• 34f37f3: hotfix TOC
  • fumadocs-core@16.8.7

fumadocs-ui@16.8.6

Patch Changes

• 1aa48d0: fix RTL layout for Clerk style

... (truncated)

Commits

• See full diff in compare view

Updates geist from 1.7.0 to 1.7.2

Changelog

Sourced from geist's changelog.

1.7.2

Patch Changes

• a4195ae: Update Geist Pixel webfonts with Google Fonts validation fixes.

  Resyncs the published Geist Pixel static webfonts (Circle, Grid, Line, Square, Triangle) with the source build, picking up the non-visual fixes made for the Google Fonts release (#229): ligature caret anchors (fi, fl, f_i, A_I, U_I), a meta table with ScriptLangTags, line/paragraph separator glyphs and removal of the visible soft hyphen, and 1-unit on-curve point alignment fixes on e, eogonek, and hungarumlautcomb. No visible letterforms change.

1.7.1

Patch Changes

• c8ed578: Fix Geist Mono rendering source-code text with unintended programming ligatures.

  v1.7.0 unintentionally activated programming-ligature substitutions (-->, ==, !=, ..., --, etc.) under the liga (Standard Ligatures) OpenType feature, which is on by default in every renderer. As a result, text like --debug-prerender, [id...], [...id], or NODE_OPTIONS='--debug-prerender' node rendered with ligated glyphs and broke monospace alignment in code.

  The source-level fix is in #217; this release ships the rebuilt binaries.

Commits

• 31b2359 Version Packages (#230)
• a4195ae Geist Pixel on Google Fonts (#229)
• 8b8b75f fix(release): sync package.json version and unignore packages/**/package.json...
• 88309a4 Version Packages (#223)
• 6af2e7f ci: harden release workflow (#222)
• c8ed578 chore: add changeset for geist@1.7.1 (Mono liga regression fix) (#221)
• a0a06a3 make build
• 855f609 Fix broken link in README.md
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for geist since your current version.

Updates lucide-react from 1.8.0 to 1.17.0

Release notes

Sourced from lucide-react's releases.

Version 1.17.0

What's Changed

• chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove deprecated packages by @​ericfennis in lucide-icons/lucide#4376
• chore(repo): Update issue templates and documentation for package ren… by @​ericfennis in lucide-icons/lucide#4379
• feat(site): Adds survey overlay to website by @​ericfennis in lucide-icons/lucide#4380
• feat(site): Certificate dev links by @​ericfennis in lucide-icons/lucide#4390
• fix(icons): changed martini icon by @​jamiemlaw in lucide-icons/lucide#4335
• chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by @​dependabot[bot] in lucide-icons/lucide#4386
• chore(deps): bump @​tootallnate/once from 2.0.0 to 2.0.1 by @​dependabot[bot] in lucide-icons/lucide#4404
• chore(deps): bump devalue from 5.8.0 to 5.8.1 by @​dependabot[bot] in lucide-icons/lucide#4391
• chore(deps): bump ws from 8.18.0 to 8.20.1 by @​dependabot[bot] in lucide-icons/lucide#4392
• fix(gh-icon): limit icon size to a maximum of 256 pixels by @​jguddas in lucide-icons/lucide#4398
• chore(dependencies): Update dependencies by @​ericfennis in lucide-icons/lucide#4377
• feat(copilot): Adding copilot instructions by @​ericfennis in lucide-icons/lucide#4407
• feat(icons): add globe-check by @​Barakudum in lucide-icons/lucide#4342
• feat(metadata): Require use-cases in meta json by @​ericfennis in lucide-icons/lucide#4321
• feat(icons): added parasol icon by @​karsa-mistmere in lucide-icons/lucide#4347

Full Changelog: lucide-icons/lucide@1.16.0...1.17.0

Version 1.16.0

What's Changed

• feat(icons): added blender icon by @​rrod497 in lucide-icons/lucide#3884

Full Changelog: lucide-icons/lucide@1.15.0...1.16.0

Version 1.15.0

What's Changed

• fix: remove 'less' from brand stopwords by @​jguddas in lucide-icons/lucide#4331
• fix(@​lucide/vue): Clone slots before passing to icon by @​axtho in lucide-icons/lucide#4339
• fix(icons): changed text-cursor icon by @​jamiemlaw in lucide-icons/lucide#4340
• fix(icons): changed landmark icon by @​jamiemlaw in lucide-icons/lucide#4334
• chore(deps-dev): bump nitropack from 2.13.1 to 2.13.4 by @​dependabot[bot] in lucide-icons/lucide#4352
• chore(deps-dev): bump simple-git from 3.33.0 to 3.36.0 by @​dependabot[bot] in lucide-icons/lucide#4349
• fix(icons): changed candy-cane icon by @​jguddas in lucide-icons/lucide#4148
• fix(icons): changed volleyball icon by @​jamiemlaw in lucide-icons/lucide#4338
• fix(icons): changed chart-no-axes-combined icon by @​jguddas in lucide-icons/lucide#3567
• feat(icon): added broccoli icon by @​swastik7805 in lucide-icons/lucide#4263
• chore(site): Updates to site and updated carbon ads by @​ericfennis in lucide-icons/lucide#4359
• feat(icons): added sticky note variants by @​Barakudum in lucide-icons/lucide#4348
• chore(deps-dev): bump astro from 6.1.6 to 6.1.10 by @​dependabot[bot] in lucide-icons/lucide#4361

New Contributors

• @​axtho made their first contribution in lucide-icons/lucide#4339
• @​Barakudum made their first contribution in lucide-icons/lucide#4348

Full Changelog: lucide-icons/lucide@1.14.0...1.15.0

... (truncated)

Commits

• 07c885e fix(docs): fix zephyr-cloud URL in readmes
• 50d8af5 docs(readme): Update readme files (#4320)
• 653e44b feat(packages): use .mjs for ESM bundles (#4285)
• See full diff in compare view

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Updates zod from 4.3.6 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

• 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
• 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
• 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
• 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
• 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
• b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
• f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
• 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

• 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
• 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
• 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
• 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
• bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
• cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
• 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
• 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
• 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
• e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
• e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
• 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
• bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
• 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
• 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
• 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
• c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

• 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
• 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
• cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
• edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
• 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits

• 1fb56a5 docs: document release procedure in AGENTS.md
• f3c9ec0 4.4.3
• c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
• 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 9195250 docs: remove Mintlify from bronze sponsors (churned)
• 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
• 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
• 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
• 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

^{Need help on this PR? Tag @codesmith with what you need. Autofix is disabled.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mogplex-docs	Ready	Preview, Comment	Jun 1, 2026 4:47pm

[mogplex]

Mogplex PR Review

Status: No material issues found

Summary

Standard Dependabot dependency bump PR updating 12 production dependencies. All updates are patch or minor level bumps from well-known, trusted packages with no security, correctness, or architectural concerns found.

Critical Issues

None.

Warnings

None of the dependency updates pose material risk to this codebase:

• zod 4.3.6 → 4.4.3: The 4.4.0 release notes flag "potentially breaking bug fixes" around stricter validation for discriminated unions, tuple holes, and catch/preprocess on absent keys. However, the only zod usage in the project (src/app/api/chat/route.ts) is a straightforward z.object({ query: z.string(), limit: z.number().int().min(1).max(100).default(10) }) — none of the affected patterns are used here.
• fumadocs-core/fumadocs-ui 16.8.0 → 16.9.3: Minor version bump with additive features (pagesIndex, remark-block-id plugin, copy ID in headings, search UI improvements). No removals or breaking API changes noted in the changelog.
• lucide-react 1.8.0 → 1.17.0: Several icons were modified (martini, text-cursor, landmark, candy-cane, volleyball) but none were removed. New icons added. No impact unless the app uses one of the changed icons and expects the old shape.
• geist 1.7.0 → 1.7.2: This is actively beneficial — 1.7.0 regressed Geist Mono by enabling programming ligatures (-->, ==, != etc.), which broke monospace alignment in code blocks. 1.7.1 fixes this.

Suggestions

• package.json:L21-L22 — The fumadocs-core and fumadocs-ui versions are pinned ("16.9.3") rather than using caret ranges like the other dependencies. Was this intentional? If the project wants to stay current automatically, consider ^16.9.3 to match the convention used elsewhere.

Verdict

✅ APPROVE — All dependency bumps are from trusted sources, are patch/minor level, and the codebase's usage patterns are unaffected by the stricter validation changes in zod 4.4.0.

View check run