chore(deps)(deps): bump the production-dependencies group across 1 directory with 15 updates

[dependabot]

Bumps the production-dependencies group with 15 updates in the / directory:

Package	From	To
@ai-sdk/anthropic	3.0.79	3.0.81
@ai-sdk/gateway	3.0.121	3.0.126
@ai-sdk/google	3.0.79	3.0.80
@ai-sdk/openai	3.0.65	3.0.68
tar	7.5.15	7.5.16
ai	6.0.193	6.0.198
@better-auth/core	1.6.13	1.6.15
@better-auth/oauth-provider	1.6.13	1.6.15
better-auth	1.6.13	1.6.15
hono	4.12.23	4.12.24
ioredis	5.11.0	5.11.1
next	16.2.6	16.2.7
react	19.2.6	19.2.7
react-dom	19.2.6	19.2.7
fumadocs-mdx	15.0.10	15.0.11

Updates @ai-sdk/anthropic from 3.0.79 to 3.0.81

Changelog

Sourced from @​ai-sdk/anthropic's changelog.

3.0.81

Patch Changes

• 4084fcd: feat(provider/anthropic): add support for claude-opus-4-8

3.0.80

Patch Changes

• 263d3e6: fix(provider/anthropic): fix remaining errors with Anthropic code_execution tool dynamic calls from latest web_fetch or web_search

Commits

• 974e161 Version Packages (#15677)
• 4084fcd backport: feat(provider/anthropic): add support for claude-opus-4-8 (#15675)
• 097c1cd Version Packages (#15612)
• 263d3e6 Backport: fix(provider/anthropic): fix remaining errors with Anthropic `code_...
• See full diff in compare view

Updates @ai-sdk/gateway from 3.0.121 to 3.0.126

Release notes

Sourced from @​ai-sdk/gateway's releases.

@​ai-sdk/gateway@​3.0.126

Patch Changes

• ff16d3b: feat(gateway): add GatewayFailedDependencyError (424)

@​ai-sdk/gateway@​3.0.125

Patch Changes

• fef3b24: Backport: chore(provider/gateway): update gateway model settings files

Changelog

Sourced from @​ai-sdk/gateway's changelog.

3.0.126

Patch Changes

• ff16d3b: feat(gateway): add GatewayFailedDependencyError (424)

3.0.125

Patch Changes

• fef3b24: Backport: chore(provider/gateway): update gateway model settings files

3.0.124

Patch Changes

• 286b7a2: Backport: chore(provider/gateway): update gateway model settings files

3.0.123

Patch Changes

• 537a022: Backport: chore(provider/gateway): update gateway model settings files

3.0.122

Patch Changes

• 9766034: Backport: chore(provider/gateway): update gateway model settings files

Commits

• 8ad68fe Version Packages (#15898)
• ff16d3b Backport: feat(gateway): add GatewayFailedDependencyError (424) (#15896)
• de852ab Version Packages (#15821)
• fef3b24 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• 00ca39c Version Packages (#15786)
• 286b7a2 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• 5b183c0 Version Packages (#15776)
• 537a022 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• 5d1d5a7 Version Packages (#15749)
• 9766034 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• See full diff in compare view

Updates @ai-sdk/google from 3.0.79 to 3.0.80

Changelog

Sourced from @​ai-sdk/google's changelog.

3.0.80

Patch Changes

• f62ffe0: fix(google): auto-inject skip_thought_signature_validator for Gemini 3 tool-call replays without a signature

  Gemini 3 models reject requests when an assistant functionCall part lacks a thoughtSignature with HTTP 400 "Function call is missing a thought_signature in functionCall parts." This is easy to hit when application code persists/serializes messages and drops providerOptions.google.thoughtSignature (custom DB schemas, useChat server routes that rebuild messages, synthetic tool-call injection).

  The provider now detects this case (Gemini 3 model + missing signature under google, googleVertex, and vertex namespaces) and injects the documented skip_thought_signature_validator sentinel into the outbound functionCall, plus surfaces a one-shot warning per request listing the affected tool names so the developer can find and fix the upstream serialization. Non-Gemini-3 models are unaffected, and real signatures take precedence when present.

Commits

• 661127c Version Packages (#15622)
• f62ffe0 fix(google): auto-inject skip_thought_signature_validator on Gemini 3 tool-ca...
• See full diff in compare view

Updates @ai-sdk/openai from 3.0.65 to 3.0.68

Release notes

Sourced from @​ai-sdk/openai's releases.

@​ai-sdk/openai@​3.0.68

Patch Changes

• c65c952: fix(openai): round-trip namespace on function_call input items

  When tool_search dispatches a deferred tool, the resulting function_call carries a namespace field identifying which deferred-tool group the model picked. [#14789](https://github.com/vercel/ai/tree/HEAD/packages/openai/issues/14789) preserved this on the read side (providerMetadata.openai.namespace), but the write side still serialized function_call input items without namespace. Multi-step / multi-turn conversations then failed with Missing namespace for function_call '<name>'. ... Round-trip the model's function_call item with its namespace field included.

  convert-to-openai-responses-input.ts now reads namespace from providerOptions.openai.namespace (or providerMetadata.openai.namespace) on tool-call parts and includes it on the serialized function_call item, mirroring how itemId is round-tripped.

Changelog

Sourced from @​ai-sdk/openai's changelog.

3.0.68

Patch Changes

• c65c952: fix(openai): round-trip namespace on function_call input items

  When tool_search dispatches a deferred tool, the resulting function_call carries a namespace field identifying which deferred-tool group the model picked. [#14789](https://github.com/vercel/ai/tree/HEAD/packages/openai/issues/14789) preserved this on the read side (providerMetadata.openai.namespace), but the write side still serialized function_call input items without namespace. Multi-step / multi-turn conversations then failed with Missing namespace for function_call '<name>'. ... Round-trip the model's function_call item with its namespace field included.

  convert-to-openai-responses-input.ts now reads namespace from providerOptions.openai.namespace (or providerMetadata.openai.namespace) on tool-call parts and includes it on the serialized function_call item, mirroring how itemId is round-tripped.

3.0.67

Patch Changes

• c679fec: feat(provider/azure):web search tool in the Azure OpenAI Responses API.

3.0.66

Patch Changes

• c82ab42: feat(openai): forward web_search_call.action.queries from Responses API

Commits

• de852ab Version Packages (#15821)
• c65c952 Backport: fix(openai): round-trip namespace on function_call input items (#15...
• 7aca1fc backport: chore: update TypeScript references and fix `pnpm update-references...
• d4893c4 Version Packages (#15700)
• c679fec Backport: feat(provider/azure): web search tool in the Azure OpenAI Responses...
• 52332bf Version Packages (#15637)
• c82ab42 Backport: feat(openai): forward web_search_call.action.queries from Responses...
• See full diff in compare view

Updates tar from 7.5.15 to 7.5.16

Commits

• cf21338 7.5.16
• 21a8220 do not apply PAX header fields to meta entries
• 52632cf update project deps
• 302f51f fix inconsequential typo in PENDINGLINKS symbol name
• 55dbb99 remove some uses of mutate-fs
• See full diff in compare view

Updates ai from 6.0.193 to 6.0.198

Release notes

Sourced from ai's releases.

ai@6.0.198

Patch Changes

• Updated dependencies [ff16d3b]
  • @​ai-sdk/gateway@​3.0.126

ai@6.0.197

Patch Changes

• Updated dependencies [fef3b24]
  • @​ai-sdk/gateway@​3.0.125

Changelog

Sourced from ai's changelog.

6.0.198

Patch Changes

• Updated dependencies [ff16d3b]
  • @​ai-sdk/gateway@​3.0.126

6.0.197

Patch Changes

• Updated dependencies [fef3b24]
  • @​ai-sdk/gateway@​3.0.125

6.0.196

Patch Changes

• Updated dependencies [286b7a2]
  • @​ai-sdk/gateway@​3.0.124

6.0.195

Patch Changes

• Updated dependencies [537a022]
  • @​ai-sdk/gateway@​3.0.123

6.0.194

Patch Changes

• Updated dependencies [9766034]
  • @​ai-sdk/gateway@​3.0.122

Commits

• 8ad68fe Version Packages (#15898)
• de852ab Version Packages (#15821)
• 7aca1fc backport: chore: update TypeScript references and fix `pnpm update-references...
• 00ca39c Version Packages (#15786)
• 5b183c0 Version Packages (#15776)
• 5d1d5a7 Version Packages (#15749)
• See full diff in compare view

Updates @better-auth/core from 1.6.13 to 1.6.15

Release notes

Sourced from @​better-auth/core's releases.

v1.6.15

better-auth

Bug Fixes

• Fixed the listSessions endpoint to properly enforce fresh-age session checks (#9865)
• Fixed unbanUser, setRole, and adminUpdateUser to return USER_NOT_FOUND instead of a generic 500 when the target user does not exist (#9875)
• Fixed Kysely migration constant import path to restore Kysely 0.28 and 0.29 compatibility (#9811)
• Improved cookie regex character ranges for more accurate cookie parsing (#9879)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Features

• Added POST support to the /oauth2/userinfo endpoint, allowing the access token to be passed in the Authorization header (#9937)

Bug Fixes

• Fixed hooks.before and hooks.after to run correctly when OAuth authorization resumes after sign-in, account selection, or consent (#9919)

For detailed changes, see CHANGELOG

@better-auth/kysely-adapter

Bug Fixes

• Fixed Turbopack build failures by inlining migration table constants, also restoring compatibility with Kysely 0.28 and 0.29 (#9933)

For detailed changes, see CHANGELOG

@better-auth/passkey

Features

• Added automatic resolution of authenticator names from AAGUID, exposing getAuthenticatorName(aaguid) and commonAuthenticatorNames so passkeys can display a friendly provider name like "1Password" or "Google Password Manager" (#9927)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

• Fixed ERR_SUBJECT_UNCONFIRMED errors caused by clockSkew not being forwarded to samlify's ServiceProvider when validating SAML responses (#9748)

For detailed changes, see CHANGELOG

Contributors

... (truncated)

Changelog

Sourced from @​better-auth/core's changelog.

1.6.15

1.6.14

Patch Changes

• #9845 13abc79 Thanks @​gustavovalverde! - Harden redirect-URI validation across the OAuth provider plugins. isSafeUrlScheme and SafeUrlSchema no longer call URL.canParse, which is absent on some supported runtimes and could throw or silently disable the dangerous-scheme check. They now parse with a try/catch fallback. SafeUrlSchema also rejects redirect URIs that contain a fragment component, per RFC 6749 §3.1.2.

Commits

• 03e0e36 chore: release v1.6.15 (#9886)
• 5038d41 chore: release v1.6.14 (#9846)
• 13abc79 fix(core): make redirect-uri validation runtime-safe and reject fragments (#9...
• See full diff in compare view

Updates @better-auth/oauth-provider from 1.6.13 to 1.6.15

Release notes

Sourced from @​better-auth/oauth-provider's releases.

v1.6.15

better-auth

Bug Fixes

• Fixed the listSessions endpoint to properly enforce fresh-age session checks (#9865)
• Fixed unbanUser, setRole, and adminUpdateUser to return USER_NOT_FOUND instead of a generic 500 when the target user does not exist (#9875)
• Fixed Kysely migration constant import path to restore Kysely 0.28 and 0.29 compatibility (#9811)
• Improved cookie regex character ranges for more accurate cookie parsing (#9879)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Features

• Added POST support to the /oauth2/userinfo endpoint, allowing the access token to be passed in the Authorization header (#9937)

Bug Fixes

• Fixed hooks.before and hooks.after to run correctly when OAuth authorization resumes after sign-in, account selection, or consent (#9919)

For detailed changes, see CHANGELOG

@better-auth/kysely-adapter

Bug Fixes

• Fixed Turbopack build failures by inlining migration table constants, also restoring compatibility with Kysely 0.28 and 0.29 (#9933)

For detailed changes, see CHANGELOG

@better-auth/passkey

Features

• Added automatic resolution of authenticator names from AAGUID, exposing getAuthenticatorName(aaguid) and commonAuthenticatorNames so passkeys can display a friendly provider name like "1Password" or "Google Password Manager" (#9927)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

• Fixed ERR_SUBJECT_UNCONFIRMED errors caused by clockSkew not being forwarded to samlify's ServiceProvider when validating SAML responses (#9748)

For detailed changes, see CHANGELOG

Contributors

... (truncated)

Changelog

Sourced from @​better-auth/oauth-provider's changelog.

1.6.15

Patch Changes

• #9919 b0ddfd3 Thanks @​gustavovalverde! - Run configured hooks through the whole OAuth sign-in flow

  hooks.before / hooks.after configured on the auth instance now run for the OAuth authorization that continues after a user signs in, selects an account, or consents. They were being skipped there.

  Headers or cookies a hooks.before sets before returning its own response are no longer dropped, and a hooks.after that throws an APIError no longer loses either its cookies or the error's headers.

• #9937 fe9600b Thanks @​gustavovalverde! - The UserInfo endpoint (/oauth2/userinfo) now accepts POST with the access token in the Authorization header, in addition to GET.

• Updated dependencies [1012b69, ad60333, 0933c05, b0ddfd3]:

  • better-auth@1.6.15
  • @​better-auth/core@​1.6.15

1.6.14

Patch Changes

• #9845 13abc79 Thanks @​gustavovalverde! - Harden redirect-URI validation across the OAuth provider plugins. isSafeUrlScheme and SafeUrlSchema no longer call URL.canParse, which is absent on some supported runtimes and could throw or silently disable the dangerous-scheme check. They now parse with a try/catch fallback. SafeUrlSchema also rejects redirect URIs that contain a fragment component, per RFC 6749 §3.1.2.

• Updated dependencies [2d9781a, 5a2d642, 13abc79, 9d3450a]:

  • better-auth@1.6.14
  • @​better-auth/core@​1.6.14

Commits

• 03e0e36 chore: release v1.6.15 (#9886)
• fe9600b feat(oauth-provider): accept POST on the userinfo endpoint (#9937)
• b0ddfd3 fix(oauth-provider): run configured hooks when authorize resumes (#9919)
• 5038d41 chore: release v1.6.14 (#9846)
• See full diff in compare view

Updates better-auth from 1.6.13 to 1.6.15

Release notes

Sourced from better-auth's releases.

v1.6.15

better-auth

Bug Fixes

• Fixed the listSessions endpoint to properly enforce fresh-age session checks (#9865)
• Fixed unbanUser, setRole, and adminUpdateUser to return USER_NOT_FOUND instead of a generic 500 when the target user does not exist (#9875)
• Fixed Kysely migration constant import path to restore Kysely 0.28 and 0.29 compatibility (#9811)
• Improved cookie regex character ranges for more accurate cookie parsing (#9879)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Features

• Added POST support to the /oauth2/userinfo endpoint, allowing the access token to be passed in the Authorization header (#9937)

Bug Fixes

• Fixed hooks.before and hooks.after to run correctly when OAuth authorization resumes after sign-in, account selection, or consent (#9919)

For detailed changes, see CHANGELOG

@better-auth/kysely-adapter

Bug Fixes

• Fixed Turbopack build failures by inlining migration table constants, also restoring compatibility with Kysely 0.28 and 0.29 (#9933)

For detailed changes, see CHANGELOG

@better-auth/passkey

Features

• Added automatic resolution of authenticator names from AAGUID, exposing getAuthenticatorName(aaguid) and commonAuthenticatorNames so passkeys can display a friendly provider name like "1Password" or "Google Password Manager" (#9927)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

• Fixed ERR_SUBJECT_UNCONFIRMED errors caused by clockSkew not being forwarded to samlify's ServiceProvider when validating SAML responses (#9748)

For detailed changes, see CHANGELOG

Contributors

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.15

Patch Changes

• #9875 1012b69 Thanks @​WilsonnnTan! - The admin plugin's unbanUser, setRole and adminUpdateUser endpoints used to call internalAdapter.updateUser without checking that the target user existed, so when the caller passed an unknown id the underlying database error (for example Prisma's P2025) bubbled up as a generic HTTP 500. those endpoints now mirror the existing guard in banUser: look the user up via findUserById, and throw a clean NOT_FOUND (USER_NOT_FOUND) when no row is returned. Closes #9800.

• #9865 ad60333 Thanks @​ping-maxwell! - list-session endpoint now requires a fresh-age session check.

• #9811 0933c05 Thanks @​zeroknowledge0x! - Restore Kysely 0.28 and 0.29 compatibility for SQLite dialect introspection. The dialects now mirror Kysely's stable migration table names locally, avoiding strict ESM build failures in Turbopack without forcing consumers onto Kysely 0.29.

• #9919 b0ddfd3 Thanks @​gustavovalverde! - Run configured hooks through the whole OAuth sign-in flow

  hooks.before / hooks.after configured on the auth instance now run for the OAuth authorization that continues after a user signs in, selects an account, or consents. They were being skipped there.

  Headers or cookies a hooks.before sets before returning its own response are no longer dropped, and a hooks.after that throws an APIError no longer loses either its cookies or the error's headers.

• Updated dependencies []:

  • @​better-auth/core@​1.6.15
  • @​better-auth/drizzle-adapter@​1.6.15
  • @​better-auth/kysely-adapter@​1.6.15
  • @​better-auth/memory-adapter@​1.6.15
  • @​better-auth/mongo-adapter@​1.6.15
  • @​better-auth/prisma-adapter@​1.6.15
  • @​better-auth/telemetry@​1.6.15

1.6.14

Patch Changes

• #9877 2d9781a Thanks @​gustavovalverde! - Restore the normal emailed-invitation flow while documenting the stricter verification posture for organization invitations.

  Client-side listUserInvitations now always requires a verified session email because it enumerates invitation IDs from session.user.email. The requireEmailVerificationOnInvitation option now controls recipient calls that carry an invitation ID (acceptInvitation, rejectInvitation, getInvitation). When unset, Better Auth keeps the emailed-invitation sign-up flow for built-in opaque invitation IDs, including the default generator or advanced.database.generateId: "uuid", and requires verified email when invitation IDs are externally controlled or predictable, such as advanced.database.generateId: "serial" / false or custom ID generation. Apps that expose invitation IDs outside the invited user's mailbox, expose organization invitation lists to members, or require stricter ownership proof should set requireEmailVerificationOnInvitation: true or require verified email before sign-in.

• #9841 5a2d642 Thanks @​bytaesu! - Optional fields (required: false) now accept null, not just omission. The generated input validation previously rejected null even though the column is nullable, so a nullable field could not be cleared by passing null.

• #9845 13abc79 Thanks @​gustavovalverde! - Harden redirect-URI validation across the OAuth provider plugins. isSafeUrlScheme and SafeUrlSchema no longer call URL.canParse, which is absent on some supported runtimes and could throw or silently disable the dangerous-scheme check. They now parse with a try/catch fallback. SafeUrlSchema also rejects redirect URIs that contain a fragment component, per RFC 6749 §3.1.2.

• #9806 9d3450a Thanks @​bytaesu! - getSessionCookie now prefers the __Secure- cookie when both it and a non-secure cookie are present, so the non-secure cookie no longer shadows the current session cookie.

• Updated dependencies [13abc79]:

  • @​better-auth/core@​1.6.14
  • @​better-auth/drizzle-adapter@​1.6.14
  • @​better-auth/kysely-adapter@​1.6.14
  • @​better-auth/memory-adapter@​1.6.14
  • @​better-auth/mongo-adapter@​1.6.14
  • @​better-auth/prisma-adapter@​1.6.14
  • @​better-auth/telemetry@​1.6.14

Commits

• 03e0e36 chore: release v1.6.15 (#9886)
• b0ddfd3 fix(oauth-provider): run configured hooks when authorize resumes (#9919)
• 1012b69 fix(admin): return USER_NOT_FOUND for missing users before update (#9875)
• ad60333 fix: list-session fresh age session check (#9865)
• e111d63 refactor(cookies): clarify cookie regex ranges (#9879)
• 5038d41 chore: release v1.6.14 (#9846)
• 2d9781a fix(organization): split invitation verification gates (#9877)
• 5a2d642 fix: accept null for optional fields in generated schema (#9841)
• 9d3450a fix(cookies): prefer __Secure- cookie in getSessionCookie (#9806)
• See full diff in compare view

Updates hono from 4.12.23 to 4.12.24

Release notes

Sourced from hono's releases.

v4.12.24

What's Changed

• docs(contribution): simplifyAI Usage Policy by @​yusukebe in honojs/hono#4972
• chore: remove @​types/glob by @​rtritto in honojs/hono#4978
• fix(bearer-auth): mention verifyToken in missing-options error message by @​tan7vir in honojs/hono#4987
• refactor(language): Test/improve tests on languages middleware by @​iNeoO in honojs/hono#4980
• fix(utils/ipaddr): expand "::" to eight zero groups by @​youcefzemmar in honojs/hono#4973
• fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @​Mohammad-Faiz-Cloud-Engineer in honojs/hono#4982
• refactor(timing): Test/add test for middleware timing by @​iNeoO in honojs/hono#4991
• fix(utils/ipaddr): render the unspecified address binary as "::" by @​sarathfrancis90 in honojs/hono#4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

Commits

• 5fdde5a 4.12.24
• c78932d fix(utils/ipaddr): render the unspecified address binary as "::" (#4998)
• 5ef800e refactor(timing): Test/add test for middleware timing (#4991)
• d743bb7 fix: clean up config files trailing comma, stale excludes, typesVersions gaps...
• d22ff9c fix(utils/ipaddr): expand "::" to eight zero groups (#4973)
• 8e2cccc refactor(language): Test/improve tests on languages middleware (#4980)
• 413d3cb fix(bearer-auth): mention verifyToken in missing-options error message (#4987)
• 2cbeadd chore: remove @​types/glob (#4978)
• 9051d3e docs(contribution): simplifyAI Usage Policy (#4972)
• See full diff in compare view

Updates ioredis from 5.11.0 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

• cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
• parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

• cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
• parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

Commits

• fb224a7 chore(release): 5.11.1 [skip ci]
• 131ee24 fix: parse protocol-relative Redis URLs as TCP connections (#2125)
• c84b2ee fix(cluster): reconnect to nodes that restart without slot changes (#2096)
• See full diff in compare view

Updates next from 16.2.6 to 16.2.7

Release notes

Sourced from next's releases.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Backport documentation fixes for v16.2 (#93804)
• [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
• [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
• [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
• [backport] Encode non-ASCII characters in cache tags at construction (#93918)
• [backport] Fix server action forwarding loop with middleware rewrites (#93919)
• [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
• [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
• [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
• [backport] Propagate adapter preferred regions (#94200)
• [16.2.x] Don't drop FormData entries (#94240)
• [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

Commits

• 9bd3c26 v16.2.7
• c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
• 63115c7 [16.2.x] Don't drop FormData entries (#94240)
• aef22fd [backport] Propagate adapter preferred regions (#94200)
• f126e72 [backport] Fix "type: module" in project dir when using standalone or adapter...
• bda3e2a [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
• 7e16e07 [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
• 6139f4b [backport] Fix server action forwarding loop with middleware rewrites (#93919)
• c021d10 [backport] Encode non-ASCII characters in cache tags at construction (#93918)
• 9184ddb [backport] Fix catch-all router.query corruption with basePath + `rewrite...
• Additional commits viewable in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates fumadocs-mdx from 15.0.10 to 15.0.11

Release notes

Sourced from fumadocs-mdx's releases.

fumadocs-mdx@15.0.11

Patch Changes

• 2d65ceb: Support hot reload in source.config.ts with Vite plugin

Commits

• 2ea0ed0 Version Packages (#3339)
• 6dc8812 feat(preview): use waku beta 2
• e714fff Merge pull request #3338 from fuma-nama/changeset-release/dev
• 00e3be4 update editor settings
• a62a45d chore: bump deps
• Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
spec	Ready	Preview, Comment	Jun 9, 2026 3:30am