chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates by dependabot[bot] · Pull Request #20 · Metatronsdoob369/Domicile

dependabot · 2026-04-02T02:05:40Z

Bumps the npm_and_yarn group with 3 updates in the / directory: @modelcontextprotocol/sdk, next and fastify.
Bumps the npm_and_yarn group with 1 update in the /examples/nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/realtime-next directory: next.

Updates @modelcontextprotocol/sdk from 1.24.3 to 1.26.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

spec types - backwards compatibility changes by @KKonstantinov in modelcontextprotocol/typescript-sdk#1306

chore: bump version for patch fix by @felixweinberger in modelcontextprotocol/typescript-sdk#1307

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

list changed handlers on client constructor by @mattzcarey in modelcontextprotocol/typescript-sdk#1206

Role - moved from inline to reusable type by @KKonstantinov in modelcontextprotocol/typescript-sdk#1221

fix: use versioned npm tag for non-main branch releases by @pcarleton in modelcontextprotocol/typescript-sdk#1236

No automatic completion support unless needed - Revisited yet again by @cliffhall in modelcontextprotocol/typescript-sdk#1237

fix: Support updating output schema by @vincent0426 in modelcontextprotocol/typescript-sdk#1048

... (truncated)

Commits

fe9c07b chore: bump version to 1.26.0 (#1479)
4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
a05be17 Merge commit from fork
50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
6aba065 chore: bump v1.25.3 for backport fixes (#1412)
6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
a0c9b13 fix: README badges links destinations (#907)
Additional commits viewable in compare view

Updates next from 16.0.8 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates fastify from 5.3.3 to 5.8.3

Release notes

Sourced from fastify's releases.

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

docs(readme): add @Tony133 to plugin team by @Tony133 in fastify/fastify#6565

Updated Plugins-Guide.md; Changed "fastify" to "instance" during plugin registration to showcase that it's added as a child by @kyrylchenko in fastify/fastify#6566

test: use fastify.test in test case by @climba03003 in fastify/fastify#6568

docs: use fastify.example in documentation by @climba03003 in fastify/fastify#6567

docs: add common performance degradation guidance by @maxpetrusenko in fastify/fastify#6520

docs(server): fix camelCase anchor links in TOC by @Deepvamja in fastify/fastify#6530

ci(link-checker): fix root-relative links resolution by @barba-rossa in fastify/fastify#6535

docs: update syntax markdown, absolute paths and links by @Tony133 in fastify/fastify#6569

docs: clarify content-type parser/schema mismatch is outside threat model by @mcollina in fastify/fastify#6537

docs: fix incorrect code examples in Reply and Request reference by @mahmoodhamdi in fastify/fastify#6582

docs: replace redirected npm.im http-errors link by @mcollina in fastify/fastify#6588

types: Allow port to be null in request type definition by @TristanBarlow in fastify/fastify#6589

docs: update links by @Tony133 in fastify/fastify#6593

ci(lock-threads): use shared lock-threads workflow by @Fdawgs in fastify/fastify#6592

New Contributors

@kyrylchenko made their first contribution in fastify/fastify#6566

@maxpetrusenko made their first contribution in fastify/fastify#6520

@Deepvamja made their first contribution in fastify/fastify#6530

@barba-rossa made their first contribution in fastify/fastify#6535

@mahmoodhamdi made their first contribution in fastify/fastify#6582

@TristanBarlow made their first contribution in fastify/fastify#6589

Full Changelog: fastify/fastify@v5.8.2...v5.8.3

v5.8.2

What's Changed

docs(ecosystem): add @yeliex/fastify-problem-details by @yeliex in fastify/fastify#6546

Revert "chore: upgrade borp to v1.0.0" by @climba03003 in fastify/fastify#6564

docs: document body validation with custom content type parsers by @mcollina in fastify/fastify#6556

docs(ecosystem): add fastify-file-router by @bhouston in fastify/fastify#6441

docs: add fastify-svelte-view to Ecosystem list by @matths in fastify/fastify#6453

fix: anchor keyValuePairsReg to prevent quadratic backtracking by @mcollina in fastify/fastify#6558

docs: added note on handling of invalid URLs in setNotFoundHandler by @leftieFriele in fastify/fastify#5661

docs(guides): update codemod links by @OluchiEzeifedikwa in fastify/fastify#6479

docs: add @glidemq/fastify to community plugins by @avifenesh in fastify/fastify#6560

New Contributors

@yeliex made their first contribution in fastify/fastify#6546

@matths made their first contribution in fastify/fastify#6453

@leftieFriele made their first contribution in fastify/fastify#5661

@OluchiEzeifedikwa made their first contribution in fastify/fastify#6479

@avifenesh made their first contribution in fastify/fastify#6560

... (truncated)

Commits

a3e77ce Bumped v5.8.3
4e1db5b fix: gate host and protocol getters on proxy trust function
a22217f ci(lock-threads): use shared lock-threads workflow (#6592)
1851f20 docs: update links (#6593)
9cc5187 types: Allow port to be null in request type definition (#6589)
722d83b docs: replace redirected npm.im http-errors link (#6588)
a1413de docs: fix incorrect code examples in Reply and Request reference (#6582)
d7f01b6 docs: clarify content-type parser/schema mismatch is outside threat model (#6...
a0649e9 docs: update syntax markdown, absolute paths and links (#6569)
d477915 ci(link-checker): fix root-relative links resolution (#6535)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates next from 16.0.8 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.24.3 to 1.26.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

spec types - backwards compatibility changes by @KKonstantinov in modelcontextprotocol/typescript-sdk#1306

chore: bump version for patch fix by @felixweinberger in modelcontextprotocol/typescript-sdk#1307

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

list changed handlers on client constructor by @mattzcarey in modelcontextprotocol/typescript-sdk#1206

Role - moved from inline to reusable type by @KKonstantinov in modelcontextprotocol/typescript-sdk#1221

fix: use versioned npm tag for non-main branch releases by @pcarleton in modelcontextprotocol/typescript-sdk#1236

No automatic completion support unless needed - Revisited yet again by @cliffhall in modelcontextprotocol/typescript-sdk#1237

fix: Support updating output schema by @vincent0426 in modelcontextprotocol/typescript-sdk#1048

... (truncated)

Commits

fe9c07b chore: bump version to 1.26.0 (#1479)
4f01e7e fix: add non-null assertions for optional setupServer fields in stateful test
a05be17 Merge commit from fork
50d9fa3 Fix #1430: Client Credentials providers scopes support (backported) (#1442)
aa81a66 fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...
6aba065 chore: bump v1.25.3 for backport fixes (#1412)
6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
a0c9b13 fix: README badges links destinations (#907)
Additional commits viewable in compare view

Updates fastify from 5.3.3 to 5.8.3

Release notes

Sourced from fastify's releases.

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

docs(readme): add @Tony133 to plugin team by @Tony133 in fastify/fastify#6565

Updated Plugins-Guide.md; Changed "fastify" to "instance" during plugin registration to showcase that it's added as a child by @kyrylchenko in fastify/fastify#6566

test: use fastify.test in test case by @climba03003 in fastify/fastify#6568

docs: use fastify.example in documentation by @climba03003 in fastify/fastify#6567

docs: add common performance degradation guidance by @maxpetrusenko in fastify/fastify#6520

docs(server): fix camelCase anchor links in TOC by @Deepvamja in fastify/fastify#6530

ci(link-checker): fix root-relative links resolution by @barba-rossa in fastify/fastify#6535

docs: update syntax markdown, absolute paths and links by @Tony133 in fastify/fastify#6569

docs: clarify content-type parser/schema mismatch is outside threat model by @mcollina in fastify/fastify#6537

docs: fix incorrect code examples in Reply and Request reference by @mahmoodhamdi in fastify/fastify#6582

docs: replace redirected npm.im http-errors link by @mcollina in fastify/fastify#6588

types: Allow port to be null in request type definition by @TristanBarlow in fastify/fastify#6589

docs: update links by @Tony133 in fastify/fastify#6593

ci(lock-threads): use shared lock-threads workflow by @Fdawgs in fastify/fastify#6592

New Contributors

@kyrylchenko made their first contribution in fastify/fastify#6566

@maxpetrusenko made their first contribution in fastify/fastify#6520

@Deepvamja made their first contribution in fastify/fastify#6530

@barba-rossa made their first contribution in fastify/fastify#6535

@mahmoodhamdi made their first contribution in fastify/fastify#6582

@TristanBarlow made their first contribution in fastify/fastify#6589

Full Changelog: fastify/fastify@v5.8.2...v5.8.3

v5.8.2

What's Changed

docs(ecosystem): add @yeliex/fastify-problem-details by @yeliex in fastify/fastify#6546

Revert "chore: upgrade borp to v1.0.0" by @climba03003 in fastify/fastify#6564

docs: document body validation with custom content type parsers by @mcollina in fastify/fastify#6556

docs(ecosystem): add fastify-file-router by @bhouston in fastify/fastify#6441

docs: add fastify-svelte-view to Ecosystem list by @matths in fastify/fastify#6453

fix: anchor keyValuePairsReg to prevent quadratic backtracking by @mcollina in fastify/fastify#6558

docs: added note on handling of invalid URLs in setNotFoundHandler by @leftieFriele in fastify/fastify#5661

docs(guides): update codemod links by @OluchiEzeifedikwa in fastify/fastify#6479

docs: add @glidemq/fastify to community plugins by @avifenesh in fastify/fastify#6560

New Contributors

@yeliex made their first contribution in fastify/fastify#6546

@matths made their first contribution in fastify/fastify#6453

@leftieFriele made their first contribution in fastify/fastify#5661

@OluchiEzeifedikwa made their first contribution in fastify/fastify#6479

@avifenesh made their first contribution in fastify/fastify#6560

... (truncated)

Commits

a3e77ce Bumped v5.8.3
4e1db5b fix: gate host and protocol getters on proxy trust function
a22217f ci(lock-threads): use shared lock-threads workflow (#6592)
1851f20 docs: update links (#6593)
9cc5187 types: Allow port to be null in request type definition (#6589)
722d83b docs: replace redirected npm.im http-errors link (#6588)
a1413de docs: fix incorrect code examples in Reply and Request reference (#6582)
d7f01b6 docs: clarify content-type parser/schema mismatch is outside threat model (#6...
a0649e9 docs: update syntax markdown, absolute paths and links (#6569)
d477915 ci(link-checker): fix root-relative links resolution (#6535)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates next from 16.0.8 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.24.3 to 1.26.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcar... Description has been truncated

…updates Bumps the npm_and_yarn group with 3 updates in the / directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [next](https://github.com/vercel/next.js) and [fastify](https://github.com/fastify/fastify). Bumps the npm_and_yarn group with 1 update in the /examples/nextjs directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/realtime-next directory: [next](https://github.com/vercel/next.js). Updates `@modelcontextprotocol/sdk` from 1.24.3 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.24.3...v1.26.0) Updates `next` from 16.0.8 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) Updates `fastify` from 5.3.3 to 5.8.3 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.3.3...v5.8.3) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `next` from 16.0.8 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) Updates `@modelcontextprotocol/sdk` from 1.24.3 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.24.3...v1.26.0) Updates `fastify` from 5.3.3 to 5.8.3 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.3.3...v5.8.3) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `next` from 16.0.8 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) Updates `@modelcontextprotocol/sdk` from 1.24.3 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.24.3...v1.26.0) Updates `fastify` from 5.3.3 to 5.8.3 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.3.3...v5.8.3) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `next` from 15.4.7 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) Updates `next` from 15.4.7 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) Updates `next` from 15.4.7 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) Updates `next` from 15.4.7 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) Updates `next` from 15.4.7 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) Updates `next` from 15.4.7 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.8...v16.1.7) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fastify dependency-version: 5.8.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fastify dependency-version: 5.8.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fastify dependency-version: 5.8.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-04-02T02:05:42Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
trustee-portal	Error		Apr 2, 2026 2:05am

dependabot · 2026-04-04T08:06:22Z

Superseded by #21.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 2, 2026

dependabot bot mentioned this pull request Apr 2, 2026

chore(deps): bump picomatch from 2.3.1 to 2.3.2 in the npm_and_yarn group across 0 directory #19

Closed

vercel bot had a problem deploying to Preview April 2, 2026 02:05 Failure

dependabot bot closed this Apr 4, 2026

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-df7764c6db branch April 4, 2026 08:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates#20

chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates#20
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-df7764c6db

dependabot bot commented on behalf of github Apr 2, 2026

Uh oh!

vercel bot commented Apr 2, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Apr 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 2, 2026

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

1.25.0

What's Changed

v16.1.7

Core Changes

Credits

v5.8.3

⚠️ Security Release

What's Changed

New Contributors

v5.8.2

What's Changed

New Contributors

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

v16.1.7

Core Changes

Credits

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

1.25.0

What's Changed

v5.8.3

⚠️ Security Release

What's Changed

New Contributors

v5.8.2

What's Changed

New Contributors

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

v16.1.7

Core Changes

Credits

v1.26.0

What's Changed

Uh oh!

vercel bot commented Apr 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Apr 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

vercel bot commented Apr 2, 2026 •

edited

Loading