chore(deps): bump the npm-dependencies group with 21 updates

[dependabot]

Bumps the npm-dependencies group with 21 updates:

Package	From	To
@hookform/resolvers	5.2.2	5.4.0
@tanstack/react-query	5.100.10	5.100.13
date-fns	3.6.0	4.3.0
framer-motion	12.38.0	12.40.0
marked	18.0.3	18.0.4
pg	8.20.0	8.21.0
react-day-picker	8.10.2	10.0.1
react-resizable-panels	2.1.9	4.11.1
recharts	2.15.4	3.8.1
wouter	3.9.0	3.10.0
ws	8.20.1	8.21.0
zod	3.25.76	4.4.3
zod-validation-error	3.5.4	5.0.0
@types/node	25.8.0	25.9.1
@types/react	19.2.14	19.2.15
postcss	8.5.14	8.5.15
tailwindcss	3.4.19	4.3.0
tsx	4.22.0	4.22.3
typescript	5.6.3	6.0.3
typescript-eslint	8.59.3	8.59.4
vite	8.0.13	8.0.14

Updates @hookform/resolvers from 5.2.2 to 5.4.0

Release notes

Sourced from @​hookform/resolvers's releases.

v5.4.0

5.4.0 (2026-05-21)

Features

• feat: add ata-validator resolver (#845)

Fixes

• fix issue with toNestErrors.ts (#848)

• add guidance on passing context to yupResolver (useForm context) (#835) (3d29924)

Commits

• 3d29924 feat: add guidance on passing context to yupResolver (useForm context) (#835)
• 56b68f3 feat: 5.3.0
• cf8562d update readme on ata-validator
• 5e5b610 fix issue with toNestErrors.ts (#848)
• 72aacf8 Revise supported versions in SECURITY.md
• ad89a20 feat: add ata-validator resolver (#845)
• 02286db ci: updated publish workflow to use node 24 (#838)
• 2e9bc7c Fix(zodResolver): error paths in complex unions #787 (#819)
• See full diff in compare view

Updates @tanstack/react-query from 5.100.10 to 5.100.13

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-next-experimental@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-persist-client@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query@​5.100.13

Patch Changes

• Updated dependencies [d423168]:
  • @​tanstack/query-core@​5.100.13

@​tanstack/react-query-devtools@​5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.12
  • @​tanstack/react-query@​5.100.12

@​tanstack/react-query-next-experimental@​5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.12

@​tanstack/react-query-persist-client@​5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.12
  • @​tanstack/react-query@​5.100.12

@​tanstack/react-query@​5.100.12

Patch Changes

• Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.13

Patch Changes

• Updated dependencies [d423168]:
  • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.11

Commits

• See full diff in compare view

Updates date-fns from 3.6.0 to 4.3.0

Release notes

Sourced from date-fns's releases.

v4.3.0

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

• Fixed missing modularized optimization fallback (for Next.js and others). See #4193.

• Fixed pt locale first day of week to be Sunday. See #4195 by @​ImRodry.

• Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #4194 by @​puneetdixit200.

v4.2.1

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

v4.1.0

This release adds time zone support to format functions (that I somehow missed when working on the feature) and fixes a few bugs.

Make sure also upgrade TZDate to v1.0.2 as it includes a bunch of critical bug fixes.

Fixed

• Fixed internal constructFrom throwing an exception on null arguments. While null isn't allowed, the functions should rather return Invalid Date or NaN in such cases. See #3885.

Added

• Added missing time zone support to format, formatISO, formatISO9075, formatRelative and formatRFC3339. See #3886.

v4.0.0

I have great news! First, ten years after its release, date-fns finally gets first-class time zone support.

Another great news is that there aren't many breaking changes in this release. All of them are type-related and will affect only those explicitly using internal date-fns types. Finally, it has been less than a year since the last major release, which is an improvement over the previous four years between v2 and v3. I plan on keeping the pace and minimizing breaking changes moving forward.

Read more about the release in the announcement blog post.

- Sasha @​kossnocorp

Added

... (truncated)

Commits

• f95bcf1 (docs): Add missing tsx dependency
• baaca11 Add //pkgs/core:release/docs task
• 8aa0373 Update docs website secrets location in scripts
• c7ad6eb Promote to v4.3.0
• da8c548 Add change log entry for Chinese locale fix (#4194)
• f8d8fa8 Split Chinese locale tests (#4194)
• b9c5865 Fix Chinese locale month parsing (#4194)
• 39d1e14 Add pt fix change log entry (#4195)
• f3f1963 Fix pt locale first day of week to be Sunday (#4195)
• cd6ebda Add basic AGENTS.md
• Additional commits viewable in compare view

Updates framer-motion from 12.38.0 to 12.40.0

Changelog

Sourced from framer-motion's changelog.

[12.40.0] 2026-05-21

Added

• path option to transition.
• arc() for motion along an arc.

[12.39.0] 2026-05-18

Added

• Support for repeatType and repeatDelay in animation sequences.

Fixed

• Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.
• Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so dragSnapToOrigin no longer leaves the drag transform stranded after a layout swap.
• LazyMotion: Share React contexts between the framer-motion and framer-motion/m (and therefore motion/react and motion/react-m) CJS bundles so that <m.div> from the /m subpath picks up features loaded by <LazyMotion> from the main entry point.
• useScroll: Support hydrating target and container refs from anywhere in the tree.
• Drag: Gesture no longer starts from incorrect start point when rendered inside <AnimatePresence initial={false} />.
• Drag: dragConstraints, when set as viewport-relative ref, no longer break on scroll.§
• Updated visualElement hydration order.
• useAnimate: Now respects skipAnimations.
• AnimatePresence: Fix object-form initial values not applied on re-entry after exit completes.
• scroll: Fixed callback progress when tracking an element.
• useScroll: Fix hardware acceleration when tracking an element.

Commits

• 38ebb94 v12.40.0
• b1f766c Latest
• bca5544 Merge pull request #3699 from motiondivision/lochie/arcs-injectable
• f1a96cf arc(): rename amp/rotate, expose MotionPath, fix explicit cw/ccw
• b4aaba0 pathRotation: non-destructive orientToPath rotation channel
• 8604ef3 Make arcs injectable via transition.path = arc()
• f90fe29 add orientToPath
• 9ebe999 fix: test
• bc2107e Revert "no should"
• 6eeb92d no should
• Additional commits viewable in compare view

Updates marked from 18.0.3 to 18.0.4

Release notes

Sourced from marked's releases.

v18.0.4

18.0.4 (2026-05-19)

Bug Fixes

• cache list indentation regexes (#3969) (a37983f)
• fix cli not reading stdin (#3967) (11adb69)

Commits

• 0a2cd54 chore(release): 18.0.4 [skip ci]
• 11adb69 fix: fix cli not reading stdin (#3967)
• a37983f fix: cache list indentation regexes (#3969)
• d38b8c2 chore(deps-dev): bump eslint from 10.3.0 to 10.4.0 (#3976)
• 7d9b17e chore(docs): fix typo in package links (#3975)
• a7affc3 chore(deps-dev): bump @​semantic-release/release-notes-generator from 14.1.0 t...
• 47d6ba1 chore(deps-dev): bump @​semantic-release/github from 12.0.6 to 12.0.8 (#3972)
• 69257e4 chore(deps-dev): bump eslint from 10.2.1 to 10.3.0 (#3966)
• 1731d38 refactor(test): move task list output coverage to specs (#3963)
• See full diff in compare view

Updates pg from 8.20.0 to 8.21.0

Changelog

Sourced from pg's changelog.

pg@8.21.0

• Handle SASL SCRAM server error responses properly.
• Add support for node@26.
• Add scramMaxIterations config option.
• Add client.getTransactionStatus() method.

Commits

• 544b1ce Publish
• cc03fa5 Add scramMaxIterations option to limit SCRAM iteration count (#3677)
• f776327 Remove compatibility code for unsupported versions of Node (<16) (#3678)
• f252870 cleanup: pg utils (#3675)
• c8da6ab Assorted test cleanup (#3673)
• fa47e73 fix: Client#end callback being called multiple times when first is no-op (#...
• 88a7e60 cleanup: Move declaration to more natural place
• 2095247 cleanup: Combine duplicated code in Client#query and avoid unneeded early n...
• 0ac3edd fix: apply SASLprep (RFC 4013) to passwords before SCRAM-SHA-256 PBKDF2 (#3669)
• be880d4 Assorted test fixes and cleanup (#3672)
• Additional commits viewable in compare view

Updates react-day-picker from 8.10.2 to 10.0.1

Release notes

Sourced from react-day-picker's releases.

v10.0.1

What's Changed

• fix: apply inline styles to all component slots by @​gpbl in gpbl/react-day-picker#2995
• fix: add @​types/react as optional peer dependency by @​mrmckeb in gpbl/react-day-picker#2997

New Contributors

• @​mrmckeb made their first contribution in gpbl/react-day-picker#2997

Full Changelog: gpbl/react-day-picker@v10.0.0...v10.0.1

v10.0.0

DayPicker v10 removes the public APIs deprecated in v9 and introduces a new @daypicker/react package name. Non-Gregorian calendars are now published as standalone @daypicker/* packages.

If your app already uses the current v9 API, the upgrade should be relatively small. If your app still relies on deprecated v9 APIs, those usages should be updated before upgrading.

See the full v10 changelog, the upgrade guide, and the v10 announcement for questions and upgrade feedback.

Install

npm install react-day-picker@latest

For new projects, prefer the scoped package name:

npm install @daypicker/react@latest

import { DayPicker } from "@daypicker/react";
import "@daypicker/react/style.css";

The react-day-picker package remains available in v10 for compatibility.

Breaking Changes

Deprecated navigation props removed

Removed prop	Use instead
fromMonth	startMonth
fromYear	startMonth={new Date(year, 0)}
toMonth	endMonth
toYear	endMonth={new Date(year, 11)}
fromDate	hidden={{ before: date }} and optionally startMonth
toDate	hidden={{ after: date }} and optionally endMonth

Deprecated focus and event props removed

... (truncated)

Changelog

Sourced from react-day-picker's changelog.

v10.0.1

Release date: 2026-05-12

This patch release fixes inline styles for component slots and adds @types/react as an optional peer dependency for strict package managers.

What's Changed

• fix: apply inline styles to all component slots by @​gpbl in #2995
• fix: add @types/react as an optional peer dependency by @​mrmckeb in #2997

v10.0.0

Release date: 2026-05-08

This major release introduces the @daypicker/react package name, publishes calendar add-on packages under the @daypicker/* scope, and removes public APIs that were deprecated in v9.

Upgrading to v10

Upgrading from v9 should be straightforward if your app does not use any deprecated APIs. See the upgrading guide for details. If you use one of the non-Gregorian calendars, such as Persian, Hebrew, Buddhist, Ethiopic, or Hijri, install the corresponding calendar add-on package alongside DayPicker.

Package Name

For new projects, prefer the @daypicker/react package:

import { DayPicker } from "@daypicker/react";
import "@daypicker/react/style.css";

The react-day-picker package remains available for compatibility and exposes the same DayPicker API in v10.

Calendar Packages

Calendar add-on packages are now published under the @daypicker/* scope. Install the add-on package for the calendar you need alongside @daypicker/react. For example, to use the Persian calendar:

npm install @daypicker/react @daypicker/persian

Breaking Changes

• Removed deprecated props: fromDate, toDate, fromMonth, toMonth, fromYear, toYear, initialFocus.
• Removed deprecated event props: onWeekNumberClick, onDayKeyUp, onDayKeyPress, onDayPointerEnter, onDayPointerLeave, onDayTouchCancel, onDayTouchEnd, onDayTouchMove, onDayTouchStart.
• Removed deprecated type exports from types/deprecated.
• Removed deprecated aliases: formatMonthCaption, formatYearCaption, labelDay, labelCaption, isMatch, isDateInRange.
• Removed the deprecated components.Button customization entry.
• Removed deprecated DeprecatedUI compatibility typing for classNames and styles.
• Removed deprecated DateLib exports: FormatOptions, LabelOptions, dateLib, and DateLib.Date.
• Removed the deprecated react-day-picker/jalali subpath. Use react-day-picker/persian.

... (truncated)

Commits

• 6d3929d build: version packages (#2996)
• 885ec9e fix: add @types/react as optional peer dependency (#2997)
• 42c8436 fix: apply inline styles to component slots (#2995)
• 4cce3e2 docs: remove next install references
• 9af420c docs: promote v10 website docs (#2990)
• 2c5ba1f build: version packages (#2989)
• b55a878 fix: correct dropdown navigation in multi-month calendars (#2977)
• 6af9b1f docs: fill type alias API descriptions (#2991)
• 2907c64 build: version packages (next) (#2965)
• cdc5a64 docs: update v8 website references
• Additional commits viewable in compare view

Updates react-resizable-panels from 2.1.9 to 4.11.1

Release notes

Sourced from react-resizable-panels's releases.

4.9.0

• 702: Add disableDoubleClick prop to Separator to enable turning off the double-click size reset behavior.

4.8.0

• 699: useDefaultLayout hook automatically migrates legacy layouts to version 4 format; see issue 605 or PR 699 for details on how this works.

4.7.6

• 698: Replace Panel aria-disabled attribute with data-disabled

4.7.5

• 696: Improved server rendering support for defaultSize prop

4.7.4

• 689: Fix edge case bug with pointer event capture

4.7.3

• 690: Imperative Panel API supports non-percentage sizes

4.7.2

• 683: Don't scroll separator when setting focus

4.7.1

• 678: Change default overflow styles to support shadows

4.7.0

• 677: Add groupResizeBehavior prop to Panel, enabling panels to retain their current size (pixels) size when the parent Group is resized.

4.6.5

• 670: Check for undefined adoptedStyleSheets (to better support environments like jsdom)
• 671: Bug-fix: Update in-memory layout cache when group is resized by double-clicking on a separator

4.6.4

• 664, 665: Resize actions sometimes "jump" on touch devices

4.6.3

• Fixed a problem with project logo not displaying correctly in the README for the Firefox browser.

4.6.2

• 660: Group guards against layouts with mis-ordered Panel id keys

4.6.1

• 658: Imperative Panel and Group APIs ignored disabled status when resizing panels; this is an explicit override of the disabled state and is required to support conditionally disabled groups.
• 658: Separator component does not set a cursor: not-allowed style if the parent Group has cursors disabled.

4.6.0

• 657: Allow Panel and Separator components to be disabled

4.5.9

• 649: Optimization: Replace useForceUpdate with useSyncExternalStore to avoid side effect of swallowing "click" events in certain cases
• 654: Bugfix Imperative Group method setLayout persists layout to in-memory cache

... (truncated)

Changelog

Sourced from react-resizable-panels's changelog.

4.11.1

• 715): Edge case SSR bug fix for panels with defaultSize={0}

4.11.0

• 712: Separator supports :focus-visible pseudo-class
• 703: Fix: edge case scenarios when collapsing the last panel
• 711: Improve legacy browser support wrt global stylesheets

4.10.0

• 705: Add data-separator="focus" state for Separator elements for more consistent custom CSS styles.

4.9.0

• 702: Add disableDoubleClick prop to Separator to enable turning off the double-click size reset behavior.

4.8.0

• 699: useDefaultLayout hook automatically migrates legacy layouts to version 4 format; see issue 605 for details on how this works.

4.7.6

• 698: Replace Panel aria-disabled attribute with data-disabled

4.7.5

• 696: Improved server rendering support for defaultSize prop

4.7.4

• 689: Fix edge case bug with pointer event capture

4.7.3

• 690: Imperative Panel API supports non-percentage sizes

4.7.2

• 683: Don't scroll separator when setting focus

4.7.1

• 678: Change default overflow styles to support shadows

4.7.0

• 677: Add groupResizeBehavior prop to Panel, enabling panels to retain their current size (pixels) size when the parent Group is resized.

4.6.5

... (truncated)

Commits

• a5b961f 4.11.0 -> 4.11.1
• 806a7c0 Fixed Panel condition to properly handle explicit defaultSize (#715)
• 85714d9 4.11.0
• 640b88d Fix typo on Min/max sizes doc page (#710)
• e434898 Upgrade react-lib-tools to improve site-search
• ab61ee9 Upgrade react-lib-tools to improve site-search
• 5985041 Update overflow style example
• fa27133 4.9.0 -> 4.10.0
• b58ed97 Add data-separator "focus" state (#706)
• f4e5e08 Upgrade react-lib-tools to improve site-search
• Additional commits viewable in compare view

Updates recharts from 2.15.4 to 3.8.1

Release notes

Sourced from recharts's releases.

v3.8.1

What's Changed

Bugfixes!

• fix(z-index): prevent elements from disappearing during dynamic zIndex transitions by @​VIDHITTS in recharts/recharts#7006
• fix: prevent tooltip flicker in syncMethod="value" with mismatched data arrays by @​roy7 in recharts/recharts#7020
• docs: add missing SVG props documentation to PolarGrid #3400 by @​ramanverse in recharts/recharts#6987
• fix: add cursor prop type to BaseChartProps by @​mixelburg in recharts/recharts#7065
• fix: restore arrow key navigation when active index is outside zoomed… by @​AbishekRaj2007 in recharts/recharts#7086
• Add test for ticks spacing by @​VIDHITTS in recharts/recharts#7082
• fix(Pie): skip minAngle redistribution when no segment needs it by @​Harikrushn9118 in recharts/recharts#7097
• fix(DefaultLegendContent): use entry.value for aria-label when formatter returns React element by @​mixelburg in recharts/recharts#7109
• fix(PolarRadiusAxis): update ticks prop type by @​PavelVanecek in recharts/recharts#7112
• fix: PieChart double padding gap when a data item has value 0 by @​Copilot in recharts/recharts#7113
• Add boxplot example by @​PavelVanecek in recharts/recharts#7130
• [fix] Update ticks calculator and domain extension by @​PavelVanecek in recharts/recharts#7146
• fix: guard against non-function d3-scale exports in getD3ScaleFromType by @​tdebarochez in recharts/recharts#7123
• fix: stackOffset expand should not override numerical XAxis domain by @​SeaL773 in recharts/recharts#7152
• fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) by @​olagokemills in recharts/recharts#7140
• fix(Tooltip): prevent crash on sparse or undefined payload entries by @​Om-Mishra09 in recharts/recharts#7149
• fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update by @​Om-Mishra09 in recharts/recharts#7161

New Contributors

• @​AbishekRaj2007 made their first contribution in recharts/recharts#7086
• @​tdebarochez made their first contribution in recharts/recharts#7123
• @​SeaL773 made their first contribution in recharts/recharts#7152
• @​olagokemills made their first contribution in recharts/recharts#7140

Full Changelog: recharts/recharts@v3.8.0...v3.8.1

v3.8.0

What's Changed

We added generics to our data and dataKey props and now you can have your charts validated by TypeScript. See the full guide here: https://recharts.github.io/en-US/guide/typescript/

We are releasing new helper functions and hooks that will allow you to precisely target mouse interactions, and convert coordinates. See the guide here: https://recharts.github.io/en-US/guide/coordinateSystems/

And new functions and hooks:

getRelativeCoordinate - converts mouse events to pixel positions

Convert Data → Pixels:

useXAxisScale - returns a function to convert X data values to pixel positions useYAxisScale - returns a function to convert Y data values to pixel positions useCartesianScale - convenience hook for converting both at once

Pixels → Data:

... (truncated)

Commits

• 5b10788 chore(deps-dev): bump diff from 8.0.3 to 8.0.4 (#7156)
• 222396f chore(deps): bump react-router-dom from 7.13.1 to 7.13.2 (#7164)
• c2642da chore(deps-dev): bump typescript-eslint from 8.57.1 to 8.57.2 (#7166)
• b186929 fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update (#7161)
• 738f71f fix(Tooltip): prevent crash on sparse or undefined payload entries (#7149)
• 00daf0b chore(deps-dev): bump rollup from 4.59.0 to 4.60.0 (#7158)
• eba4f2a chore(deps-dev): bump marked from 17.0.4 to 17.0.5 (#7157)
• 201d060 fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) (#...
• 670d092 chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#7150)
• 86ca8de fix: stackOffset expand should not override numerical XAxis domain (#7152)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by corkscreewe, a new releaser for recharts since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates wouter from 3.9.0 to 3.10.0

Commits

• See full diff in compare view

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

• Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

• Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

• bca91ad [dist] 8.21.0
• 2b2abd4 [security] Limit retained message parts
• 78eabe2 [security] Add latest vulnerability to SECURITY.md
• See full diff in compare view

Updates zod from 3.25.76 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

• 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
• 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
• 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
• 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
• 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
• b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
• f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
• 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

• 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
• 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
• 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
• 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
• bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
• cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
• 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
• 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
• 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
• e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
• e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
• 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
• bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
• 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
• 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
• 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
• c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

• 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
• 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
• cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
• edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
• 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits

• 1fb56a5 docs: document release procedure in AGENTS.md
• f3c9ec0 4.4.3
• c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
• 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 9195250 docs: remove Mintlify from bronze sponsors (churned)
• 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
• 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
• 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
• 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.

Updates zod-validation-error from 3.5.4 to 5.0.0

Release notes

Sourced from zod-validation-error's releases.

v5...

Description has been truncated

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​recharts@​2.15.4 ⏵ 2.15.2
	npm/​typescript-eslint@​8.59.3 ⏵ 8.59.4	+1		+1
	npm/​@​types/​react@​19.2.14 ⏵ 19.2.15
	npm/​marked@​18.0.3 ⏵ 18.0.4
	npm/​@​types/​node@​25.8.0 ⏵ 25.9.1	+1		+1	-1
	npm/​tsx@​4.22.0 ⏵ 4.22.3			+1	-1
	npm/​postcss@​8.5.14 ⏵ 8.5.15	+1		+1
	npm/​vite@​8.0.13 ⏵ 8.0.14	+1		+1
	npm/​@​tanstack/​react-query@​5.100.10 ⏵ 5.100.13	+1			+1
	npm/​zod-validation-error@​3.5.4 ⏵ 5.0.0	+1		+1
	npm/​pg@​8.20.0 ⏵ 8.21.0			+1
	npm/​wouter@​3.9.0 ⏵ 3.10.0	+1		+1	+1
	npm/​date-fns@​3.6.0 ⏵ 4.3.0	+1
	npm/​@​hookform/​resolvers@​5.2.2 ⏵ 5.4.0			+1
	npm/​react-day-picker@​8.10.2 ⏵ 10.0.1	+2		+8
	npm/​ws@​8.20.1 ⏵ 8.21.0	+1
	npm/​react-resizable-panels@​2.1.9 ⏵ 2.1.7
	npm/​framer-motion@​12.38.0 ⏵ 12.40.0			+1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[github-actions]

📄 Documentation Review Reminder

This PR changes source files but does not update any public documentation.

Changed source files:

client/src/components/ui/calendar.tsx
server/packagedBundle.test.ts

Please check if documentation in docs/public/ needs to be updated:

• No documentation update needed
• Documentation updated in this PR
• Follow-up documentation issue created

Public docs are Markdown files in docs/public/. They are automatically
rendered to HTML and deployed to GitHub Pages when merged to main.

Available docs: getting-started.md, pr-babysitter.md, agent-dispatch.md, configuration.md, pr-questions.md

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.