chore(deps): bump the production-dependencies group with 11 updates

[dependabot]

Bumps the production-dependencies group with 11 updates:

Package	From	To
@langchain/community	1.1.14	1.1.15
@langchain/groq	1.0.4	1.1.0
@mixedbread/sdk	0.50.1	0.50.2
@sentry/nextjs	10.38.0	10.39.0
langchain	1.2.23	1.2.24
lucide-react	0.563.0	0.564.0
mongoose	9.1.6	9.2.1
npm	11.9.0	11.10.0
posthog-js	1.344.0	1.347.2
react-resizable-panels	4.6.2	4.6.4
tailwind-merge	3.4.0	3.4.1

Updates @langchain/community from 1.1.14 to 1.1.15

Commits

• a1499ae chore: version packages (#9800)
• cf56fc9 fix(langchain): add missing changeset (#9806)
• e48ad53 fix(langchain): don't concatenate middleware error, instead use cause (#9801)
• 230462d fix(core): preserve index and timestamp fields in _mergeDicts (#9781)
• 7169eba fix(anthropic): fix joining partial inputs (#9792)
• ebc6f0a chore: version packages (#9799)
• bd1ab45 fix(core): handle undefined error objects in async-caller (#9797)
• 1c16ce9 chore: version packages (#9771)
• b8561c1 fix(core): source JsonOutputParser content from text accessor (#9789)
• 2427b07 chore: update twitter URLs (#9791)
• Additional commits viewable in compare view

Updates @langchain/groq from 1.0.4 to 1.1.0

Commits

• 8a77e9a chore: version packages (#9491)
• 38f0162 feat(core,anthropic): tool extras, tool search support (#9531)
• 42ae02a chore(deps): bump actions/checkout from 5.0.1 to 6.0.0 in the major-deps-upda...
• 9563a7f chore(mongodb): remove unused testing setup (#9506)
• 6cecddf fix: pass cwd to mcp sdk correctly (#9514)
• 6f8fa47 feat(aws): allow bedrock Application Inference Profile (#9129)
• 8b9f66f fix(community): enable import plugins, remove bad load export (#9501)
• fa8c36e chore(mongodb): bump mongodb dep (#9502)
• 636b994 fix(core): use dynamic import for p-retry to support CJS (#9495)
• 31240d4 feat(community/ibm): enable model gateway usage in IBM implementation, apply ...
• Additional commits viewable in compare view

Updates @mixedbread/sdk from 0.50.1 to 0.50.2

Release notes

Sourced from @​mixedbread/sdk's releases.

v0.50.2

0.50.2 (2026-01-17)

Full Changelog: v0.50.1...v0.50.2

Chores

• internal: update actions/checkout version (031ec6d)
• internal: upgrade babel, qs, js-yaml (3e223cf)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website 📚 Read the docs 🙋 Reach out for help or questions

Changelog

Sourced from @​mixedbread/sdk's changelog.

0.50.2 (2026-01-17)

Full Changelog: v0.50.1...v0.50.2

Chores

• internal: update actions/checkout version (031ec6d)
• internal: upgrade babel, qs, js-yaml (3e223cf)

Commits

• 9c2b863 Merge pull request #255 from mixedbread-ai/release-please--branches--main--ch...
• f701846 release: 0.50.2
• 031ec6d chore(internal): update actions/checkout version
• 3e223cf chore(internal): upgrade babel, qs, js-yaml
• See full diff in compare view

Updates @sentry/nextjs from 10.38.0 to 10.39.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

Other Changes

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

... (truncated)

Commits

• ab54c5c Make @sentry/opentelemetry not a peer dep in node-core
• f822e69 chore: Lint lerna.json
• c4708d2 release: 10.39.0
• b5e3094 chore: Revert to lerna v8 (#19294)
• 9dea581 Merge pull request #19281 from getsentry/prepare-release/10.39.0
• 12e467f meta(changelog): Update changelog for 10.39.0
• d7df7d4 ref(sveltekit): Use untrack to read route id without invalidation (#19272)
• 24b2ef2 fix(sveltekit): Detect used adapter via svelte.config.js (#19270)
• e051be4 feat(node-core): Add outgoing fetch trace propagation to light mode (#19262)
• eaf297f ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#19258)
• Additional commits viewable in compare view

Updates langchain from 1.2.23 to 1.2.24

Release notes

Sourced from langchain's releases.

langchain@1.2.24

Patch Changes

• #10034 8eea9d4 Thanks @​christian-bromann! - fix(langchain): fix streaming types

Commits

• 20df955 chore: version packages (#10036)
• 277e118 chore(deps): bump date-fns from 3.6.0 to 4.1.0 (#10020)
• 8eea9d4 fix(langchain): fix streaming types (#10034)
• 33c0b5d fix: SQL Injection via Filter Parameter in PostgresVectorStore.queryCollectio...
• aa2f89d fix: SQL Injection via Table/Schema Name in PostgresChatMessageHistory.initia...
• efb03d0 chore(deps): bump @​types/node from 20.19.33 to 25.2.3 (#10024)
• 4bdf174 chore(deps): bump @​aws-sdk/client-bedrock-runtime from 3.985.0 to 3.988.0 (#1...
• 9863e10 chore(deps): bump langsmith from 0.5.1 to 0.5.2 (#10035)
• 760a68a chore(deps): bump rolldown from 1.0.0-beta.30 to 1.0.0-rc.4 in /internal/buil...
• f26beb3 chore(deps-dev): bump the root-dev-minor-and-patch group with 11 updates (#10...
• Additional commits viewable in compare view

Updates lucide-react from 0.563.0 to 0.564.0

Release notes

Sourced from lucide-react's releases.

Version 0.564.0

What's Changed

• chore(docs): Improve SEO icon detail pages by @​ericfennis in lucide-icons/lucide#4040
• feat(icons): added database-search icon by @​Spleefies in lucide-icons/lucide#4003
• fix(icons): changed user-lock icon by @​jguddas in lucide-icons/lucide#3971
• fix(icons): changed bug-off icon by @​jguddas in lucide-icons/lucide#3972
• fix(icons): changed bell-dot icon by @​jguddas in lucide-icons/lucide#3973
• fix(icons): changed bandage icon by @​jguddas in lucide-icons/lucide#3967
• fix(icons): changed hard-drive icon by @​jguddas in lucide-icons/lucide#3622
• fix(icons): changed git-branch icon by @​jguddas in lucide-icons/lucide#3938
• fix(icons): changed file-cog icon by @​jguddas in lucide-icons/lucide#3965
• fix(icons): changed cloud-alert and cloud-check icon by @​jguddas in lucide-icons/lucide#3976
• feat(icons): adds user-key and user-round-key, updates other -key icons to match by @​karsa-mistmere in lucide-icons/lucide#4044

New Contributors

• @​Spleefies made their first contribution in lucide-icons/lucide#4003

Full Changelog: lucide-icons/lucide@0.563.1...0.564.0

Hotfix @lucide/svelte hasA11yProp.js import

What's Changed

• fix(@​lucide/svelte): Fix build in by @​ericfennis in lucide-icons/lucide#4026

Full Changelog: lucide-icons/lucide@0.563.0...0.563.1

Commits

• See full diff in compare view

Updates mongoose from 9.1.6 to 9.2.1

Release notes

Sourced from mongoose's releases.

9.2.1 / 2026-02-11

• types(query): allow assigning QueryFilter<DocType> to QueryFilter<any> #16020
• types: duplicate identifier 'UUIDToJSON' in mongoosejs 9.2.0 #16023
• types: preserve subdocument toObject() field types when using virtuals + versionKey options #16021 #15965 AbdelrahmanHafez
• docs(mongoose): add missing options to mongoose.set() docs #16019

9.2.0 / 2026-02-09

• feat: add option to skip middleware #15883 #8768 AbdelrahmanHafez
• feat(model): delay "Duplicate schema index" warning until createIndexes runs to include model name in the warning #15979
• feat(model): add strict option to Model.hydrate(...) #15940 #15977
• feat(document): add flattenUUIDs option to toObject() and toJSON() #15864 #15021 AbdelrahmanHafez
• fix(schema): treat undefined as not provided for strict, strictQuery and id options #16004 AbdelrahmanHafez
• types(inferrawdoctype): avoid adding _id to nested paths and handle _id: false in options + schema definition #15989
• types: fix toObject() type inference with timestamps + virtuals #15975 AbdelrahmanHafez
• types(models): remove dead MapReduce and GeoSearch types #15984
• test(types): remove tsd in favor of tsc + test utilities #15951 #15696

Changelog

Sourced from mongoose's changelog.

9.2.1 / 2026-02-11

• types(query): allow assigning QueryFilter to QueryFilter #16020
• types: duplicate identifier 'UUIDToJSON' in mongoosejs 9.2.0 #16023
• types: preserve subdocument toObject() field types when using virtuals + versionKey options #16021 #15965 AbdelrahmanHafez
• docs(mongoose): add missing options to mongoose.set() docs #16019

9.2.0 / 2026-02-09

• feat: add option to skip middleware #15883 #8768 AbdelrahmanHafez
• feat(model): delay "Duplicate schema index" warning until createIndexes runs to include model name in the warning #15979
• feat(model): add strict option to Model.hydrate(...) #15940 #15977
• feat(document): add flattenUUIDs option to toObject() and toJSON() #15864 #15021 AbdelrahmanHafez
• fix(schema): treat undefined as not provided for strict, strictQuery and id options #16004 AbdelrahmanHafez
• types(inferrawdoctype): avoid adding _id to nested paths and handle _id: false in options + schema definition #15989
• types: fix toObject() type inference with timestamps + virtuals #15975 AbdelrahmanHafez
• types(models): remove dead MapReduce and GeoSearch types #15984
• test(types): remove tsd in favor of tsc + test utilities #15951 #15696

8.23.0 / 2026-02-09

• feat(document): add flattenUUIDs option to toObject() and toJSON() (backport #15021 to 8.x)

Commits

• 764bd82 chore: release 9.2.1
• 2e5b780 Merge pull request #16021 from Automattic/fix/gh-15965-subdoc-toObject
• 324ff4c Merge pull request #16020 from Automattic/vkarpov15/gh-16006
• 684b31f test(types): check types using ts-expect-error directive instead of ExpectType
• 06b4e93 Merge pull request #16019 from Automattic/vkarpov15/gh-16005
• 55749fc fix(types): make subdocuments and array subdocuments have the same behavior f...
• b81b3b6 types(query): allow assigning QueryFilter<DocType> to QueryFilter<any>
• 8d05461 test(types): assert subdocuments in toObject() and toJSON get the correc...
• 40ffefe docs(mongoose): add missing options to mongoose.set() docs
• 904a2eb chore: release 9.2.0
• Additional commits viewable in compare view

Updates npm from 11.9.0 to 11.10.0

Release notes

Sourced from npm's releases.

v11.10.0

11.10.0 (2026-02-11)

Features

• cf56a1e #8899 npm trust, per-command config (@​reggi)
• cf56a1e #8899 npm trust (@​reggi)
• 66d6e11 #8965 add min-release-age (#8965) (@​wraithgar)

Dependencies

• aae84bf #8973 pacote@21.3.1
• 8bcb675 #8973 cidr-regex@5.0.2
• f87aaab #8973 lru-cache@11.2.6
• acec871 #8973 ssri@13.0.1
• 1e42a86 #8973 glob@13.0.2
• e1c08a4 #8973 is-cidr@6.0.3
• dfb0e34 #8973 semver@7.7.4
• 0ee7776 #8973 which@6.0.1

Chores

• eb81df8 #8973 dev dependency updates (@​wraithgar)
• 995e757 #8966 Clean up some todos, add tests for previously skipped blocks (@​owlstronaut)
• workspace: @npmcli/arborist@9.3.0
• workspace: @npmcli/config@10.7.0
• workspace: libnpmdiff@8.1.1
• workspace: libnpmexec@10.2.1
• workspace: libnpmfund@7.0.15
• workspace: libnpmpack@9.1.1

Changelog

Sourced from npm's changelog.

11.10.0 (2026-02-11)

Features

• cf56a1e #8899 npm trust, per-command config (@​reggi)
• cf56a1e #8899 npm trust (@​reggi)
• 66d6e11 #8965 add min-release-age (#8965) (@​wraithgar)

Dependencies

• aae84bf #8973 pacote@21.3.1
• 8bcb675 #8973 cidr-regex@5.0.2
• f87aaab #8973 lru-cache@11.2.6
• acec871 #8973 ssri@13.0.1
• 1e42a86 #8973 glob@13.0.2
• e1c08a4 #8973 is-cidr@6.0.3
• dfb0e34 #8973 semver@7.7.4
• 0ee7776 #8973 which@6.0.1

Chores

• eb81df8 #8973 dev dependency updates (@​wraithgar)
• 995e757 #8966 Clean up some todos, add tests for previously skipped blocks (@​owlstronaut)
• workspace: @npmcli/arborist@9.3.0
• workspace: @npmcli/config@10.7.0
• workspace: libnpmdiff@8.1.1
• workspace: libnpmexec@10.2.1
• workspace: libnpmfund@7.0.15
• workspace: libnpmpack@9.1.1

Commits

• 21c3f02 chore: release 11.10.0
• cf56a1e feat: npm trust, per-command config
• aae84bf deps: pacote@21.3.1
• eb81df8 chore: dev dependency updates
• 8bcb675 deps: cidr-regex@5.0.2
• f87aaab deps: lru-cache@11.2.6
• acec871 deps: ssri@13.0.1
• 1e42a86 deps: glob@13.0.2
• e1c08a4 deps: is-cidr@6.0.3
• dfb0e34 deps: semver@7.7.4
• Additional commits viewable in compare view

Updates posthog-js from 1.344.0 to 1.347.2

Release notes

Sourced from posthog-js's releases.

posthog-js@1.347.2

1.347.2

Patch Changes

• #3094 0d30218 Thanks @​TueHaulund! - feat(replay): add $snapshot_max_depth_exceeded debug property and bump rrweb to 0.0.42 with DOM depth limit (2026-02-13)

• #3093 f19b7f2 Thanks @​TueHaulund! - fix(replay): retry session recording start when persisted remote config is stale (2026-02-13)

• Updated dependencies []:

  • @​posthog/types@​1.347.2

posthog-js@1.347.1

1.347.1

Patch Changes

• #3090 312b785 Thanks @​adboio! - enable product tour image preload (2026-02-13)
• Updated dependencies []:
  • @​posthog/types@​1.347.1

posthog-js@1.347.0

1.347.0

Minor Changes

• #3087 512d578 Thanks @​dustinbyrne! - fix: Revert tree shaking configuration (2026-02-12)

Patch Changes

• #3079 9c078ac Thanks @​adboio! - update z-index hierarchy for tours > surveys > conversations (2026-02-12)
• Updated dependencies []:
  • @​posthog/types@​1.347.0

posthog-js@1.346.0

1.346.0

Minor Changes

• #3082 0d730bd Thanks @​adboio! - enable tours by default (2026-02-12)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.346.0

... (truncated)

Commits

• 447c81b chore: update versions and lockfile [version bump]
• 0d30218 feat(replay): add $snapshot_max_depth_exceeded debug property (#3094)
• 01ef861 fix(logs): fix circular references (#3092)
• f19b7f2 fix(replay): retry session recording start when remote config is stale (#3093)
• 615f909 chore: update versions and lockfile [version bump]
• 312b785 feat(product tours): enable image preload on tour fetch (#3090)
• 631a9ef chore: update versions and lockfile [version bump]
• e2ac0e8 feat: react native error boundary (#3084)
• d3e0b9d chore: update versions and lockfile [version bump]
• 512d578 fix(browser): Revert tree shaking - extract extension constructors from core ...
• Additional commits viewable in compare view

Updates react-resizable-panels from 4.6.2 to 4.6.4

Release notes

Sourced from react-resizable-panels's releases.

4.6.4

• 664, 665: Resize actions sometimes "jump" on touch devices

4.6.3

• Fixed a problem with project logo not displaying correctly in the README for the Firefox browser.

Changelog

Sourced from react-resizable-panels's changelog.

4.6.4

• 664, 665: Resize actions sometimes "jump" on touch devices

4.6.3

• Fixed a problem with project logo not displaying correctly in the README for the Firefox browser.

Commits

• 6f932fd 4.6.3 -> 4.6.4
• f07e647 Prevent layout jump when resizing on touch devices (#665)
• 8f5e5f3 Update CHANGELOG with pending release changes
• 338d952 fix: add touch-action: none to Separator for touch device support Fixes #662 ...
• a7c9df1 4.6.2 -> 4.6.3
• a33b189 Fixed a problem with project logo not displaying correctly in the README for ...
• See full diff in compare view

Updates tailwind-merge from 3.4.0 to 3.4.1

Release notes

Sourced from tailwind-merge's releases.

v3.4.1

Bug Fixes

• Prevent arbitrary font-family and font-weight from merging by @​roneymoon in dcastil/tailwind-merge#635

Full Changelog: dcastil/tailwind-merge@v3.4.0...v3.4.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• 02b6eb6 v3.4.1
• 6b845eb add agent info for release workflow
• 655f2f1 add changelog for v3.4.1
• e44e5eb add agent docs
• 4a38681 Merge pull request #644 from dcastil/renovate/major-vitest-monorepo
• 23ac259 migrate to vitest v4
• 927f617 chore(deps): update vitest monorepo to v4
• aea4869 Merge pull request #648 from dcastil/renovate/major-octokit-monorepo
• 78365f2 Merge pull request #646 from dcastil/renovate/actions-exec-3.x
• b08384d fix(deps): update dependency @​octokit/types to v16
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: vectorMindsAI. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.