chore(deps): bump the production-dependencies group across 1 directory with 22 updates

[dependabot]

Bumps the production-dependencies group with 19 updates in the / directory:

Package	From	To
@langchain/community	1.1.14	1.1.23
@langchain/groq	1.0.4	1.1.5
@pinecone-database/pinecone	7.0.0	7.1.0
@sentry/nextjs	10.38.0	10.43.0
@tavily/core	0.7.1	0.7.2
@vercel/analytics	1.6.1	2.0.1
autoprefixer	10.4.24	10.4.27
express-rate-limit	8.2.1	8.3.1
inngest	3.52.0	3.52.6
langchain	1.2.23	1.2.32
lucide-react	0.563.0	0.577.0
mongoose	9.1.6	9.3.0
npm	11.9.0	11.11.1
posthog-js	1.344.0	1.360.2
react-day-picker	9.13.2	9.14.0
react-hook-form	7.71.1	7.71.2
react-resizable-panels	4.6.2	4.7.3
recharts	3.7.0	3.8.0
tailwind-merge	3.4.0	3.5.0

Updates @langchain/community from 1.1.14 to 1.1.23

Release notes

Sourced from @​langchain/community's releases.

@​langchain/community@​1.1.23

Patch Changes

• #10304 7560180 Thanks @​MunemHashmi! - fix(community): use generous default max_length for Milvus metadata VarChar fields

• #10253 07b8619 Thanks @​pawel-twardziak! - fix(community): switch JiraProjectLoader to POST+JSON and propagate API errors

• #10303 46fc5d8 Thanks @​mitchell-fox! - feat(community): add jql and maxTotal params to JiraProjectLoader

• #10051 e86ac89 Thanks @​FilipZmijewski! - fix(community): valid params check for ChatWatsonx by IBM (#70)

• Updated dependencies [26488b5, aacbe87, ca826f6, a602c42, db7d017]:

  • @​langchain/core@​1.1.32
  • @​langchain/openai@​1.2.13
  • @​langchain/classic@​1.0.23

@​langchain/community@​1.1.22

Patch Changes

• Updated dependencies [96c630d, a8b9ccc, a1f22bb, 3682a8d]:
  • @​langchain/core@​1.1.30
  • @​langchain/openai@​1.2.12
  • @​langchain/classic@​1.0.22

@​langchain/community@​1.1.21

Patch Changes

• #10113 7d198ae Thanks @​pawel-twardziak! - Feat/community chatalitongyi tool calling

• #9722 df9dbd2 Thanks @​cs7-shrey! - feat(milvus): Add TTL support by passing properties to Milvus

• Updated dependencies []:

  • @​langchain/classic@​1.0.21

@​langchain/community@​1.1.20

Patch Changes

• Updated dependencies [9f30267, 403a99f, 3b1fd54, f298a9b, 77bd982]:
  • @​langchain/core@​1.1.29
  • @​langchain/openai@​1.2.11
  • @​langchain/classic@​1.0.21

@​langchain/community@​1.1.19

Patch Changes

• Updated dependencies [10a876c, 62ba83e, b46d96a]:
  • @​langchain/core@​1.1.28
  • @​langchain/openai@​1.2.10
  • @​langchain/classic@​1.0.20

... (truncated)

Commits

• b5b1eec chore: version packages (#10273)
• 59aed4c chore: fix dependabot config (#10346)
• 08ee4c6 chore: reorganize community packages into libs/community/ (#10324)
• b7f63ea chore: replace claude 3 haiku with claude haiku 4.5 in tests (#10322)
• d6535ca chore(deps): patch CVE-2025-68665 — override langchain to workspace version (...
• 8740fe4 chore: update changeset (#10344)
• baedc05 fix: bump underscore to resolve CVE-2026-27601 (#10336)
• 2418c6f fix: bump tar override to >=7.5.11 to resolve CVE-2026-29786, CVE-2026-31802 ...
• c8c5840 Fix optional chaining for candidateContent in reduce (#10319)
• bb00b82 chore: bump simple-git to fix CVE-2026-28292 (#10331)
• Additional commits viewable in compare view

Updates @langchain/core from 1.1.24 to 1.1.32

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.1.32

Patch Changes

• #10330 26488b5 Thanks @​hntrl! - fix(core): treat empty string tool call chunk IDs as missing during merge

  Fixed _mergeLists in message base to treat empty string "" IDs the same as null/undefined when merging tool call chunks. This fixes old completions-style streaming where follow-up chunks carry id: "" instead of undefined, which previously prevented chunks from being merged by index.

• #10167 ca826f6 Thanks @​colifran! - feat: implement type inference for tool streams

• #10334 a602c42 Thanks @​maahir30! - fix(core): add JSDoc docstrings to fakeModel builder API and export FakeBuiltModel

• #10254 db7d017 Thanks @​pawel-twardziak! - fix(core): preserve thoughtSignature in array content during streaming with thinking models

@​langchain/core@​1.1.31

Patch Changes

• #10271 7373b4c Thanks @​jacoblee93! - feat(core): Use uuid7 instead of v4 for generating run ids

• #10262 b0175a5 Thanks @​maahir30! - fix: Move fakeModel from utils/testing to testing namespace move to updated namespace

• #10185 414f6ed Thanks @​maahir30! - feat: add custom Vitest matchers for LangChain message and tool call assertions

  Adds a new @langchain/core/testing/matchers export containing custom Vitest matchers (toBeHumanMessage, toBeAIMessage, toBeSystemMessage, toBeToolMessage, toHaveToolCalls, toHaveToolCallCount, toContainToolCall, toHaveToolMessages, toHaveBeenInterrupted, toHaveStructuredResponse) that external users can register via expect.extend(langchainMatchers) in their Vitest setup files. Re-exported from langchain for convenience.

@​langchain/core@​1.1.30

Patch Changes

• #10243 96c630d Thanks @​hntrl! - fix: add explicit : symbol type annotations to Symbol.for() declarations for cross-version compatibility

  TypeScript infers unique symbol type when Symbol.for() is used without an explicit type annotation, causing type incompatibility when multiple versions of the same package are present in a dependency tree. By adding explicit : symbol annotations, all declarations now use the general symbol type, making them compatible across versions while maintaining identical runtime behavior.

  Changes:

  • Added : symbol to MESSAGE_SYMBOL in messages/base.ts
  • Added : symbol to MIDDLEWARE_BRAND in agents/middleware/types.ts (also changed from Symbol() to Symbol.for() for cross-realm compatibility)

• #10256 a8b9ccc Thanks @​colifran! - fix(core): standard schema type guards don't support callable schemas

• #10204 a1f22bb Thanks @​colifran! - feat(core): implement standard schema support for structured output

@​langchain/core@​1.1.29

Patch Changes

• #10106 9f30267 Thanks @​hntrl! - Add package version metadata to runnable traces. Each package now stamps its version in this.metadata.versions at construction time, making version info available in LangSmith trace metadata.

• #10154 403a99f Thanks @​kanweiwei! - fix(core): add usage_metadata to AIMessage lc_aliases

• #10169 3b1fd54 Thanks @​hntrl! - fix(core, langchain): bump uuid dependency from ^10.0.0 to ^11.0.0 to fix Metro bundler error

... (truncated)

Commits

• b5b1eec chore: version packages (#10273)
• 59aed4c chore: fix dependabot config (#10346)
• 08ee4c6 chore: reorganize community packages into libs/community/ (#10324)
• b7f63ea chore: replace claude 3 haiku with claude haiku 4.5 in tests (#10322)
• d6535ca chore(deps): patch CVE-2025-68665 — override langchain to workspace version (...
• 8740fe4 chore: update changeset (#10344)
• baedc05 fix: bump underscore to resolve CVE-2026-27601 (#10336)
• 2418c6f fix: bump tar override to >=7.5.11 to resolve CVE-2026-29786, CVE-2026-31802 ...
• c8c5840 Fix optional chaining for candidateContent in reduce (#10319)
• bb00b82 chore: bump simple-git to fix CVE-2026-28292 (#10331)
• Additional commits viewable in compare view

Updates @langchain/groq from 1.0.4 to 1.1.5

Release notes

Sourced from @​langchain/groq's releases.

@​langchain/groq@​1.1.5

Patch Changes

• #10134 a46d28c Thanks @​YJack0000! - feat(groq): add reasoning_effort support to ChatGroq

@​langchain/groq@​1.1.4

Patch Changes

• #10210 6d5d1bf Thanks @​colifran! - feat(groq): implement standard schema support for structured output

@​langchain/groq@​1.1.3

Patch Changes

• #10106 9f30267 Thanks @​hntrl! - Add package version metadata to runnable traces. Each package now stamps its version in this.metadata.versions at construction time, making version info available in LangSmith trace metadata.

Commits

• b5b1eec chore: version packages (#10273)
• 59aed4c chore: fix dependabot config (#10346)
• 08ee4c6 chore: reorganize community packages into libs/community/ (#10324)
• b7f63ea chore: replace claude 3 haiku with claude haiku 4.5 in tests (#10322)
• d6535ca chore(deps): patch CVE-2025-68665 — override langchain to workspace version (...
• 8740fe4 chore: update changeset (#10344)
• baedc05 fix: bump underscore to resolve CVE-2026-27601 (#10336)
• 2418c6f fix: bump tar override to >=7.5.11 to resolve CVE-2026-29786, CVE-2026-31802 ...
• c8c5840 Fix optional chaining for candidateContent in reduce (#10319)
• bb00b82 chore: bump simple-git to fix CVE-2026-28292 (#10331)
• Additional commits viewable in compare view

Updates @langchain/openai from 1.2.7 to 1.2.13

Release notes

Sourced from @​langchain/openai's releases.

@​langchain/openai@​1.2.13

Patch Changes

• #10311 aacbe87 Thanks @​christian-bromann! - fix(openai): add gpt-5.4 to profiles

• Updated dependencies [26488b5, ca826f6, a602c42, db7d017]:

  • @​langchain/core@​1.1.32

@​langchain/openai@​1.2.12

Patch Changes

• #10205 3682a8d Thanks @​colifran! - feat(openai): add standard schema support for structured output

• Updated dependencies [96c630d, a8b9ccc, a1f22bb]:

  • @​langchain/core@​1.1.30

@​langchain/openai@​1.2.11

Patch Changes

• #10106 9f30267 Thanks @​hntrl! - Add package version metadata to runnable traces. Each package now stamps its version in this.metadata.versions at construction time, making version info available in LangSmith trace metadata.

• #10151 f298a9b Thanks @​hntrl! - Bump openai SDK to ^6.24.0, fix ChatCompletionTool type narrowing for new union type, add file input converter tests for newly supported document types (docx, pptx, xlsx, csv)

• Updated dependencies [9f30267, 403a99f, 3b1fd54, 77bd982]:

  • @​langchain/core@​1.1.29

@​langchain/openai@​1.2.10

Patch Changes

• #10143 62ba83e Thanks @​topliceanurazvan! - fix(openai): emit handleLLMNewToken callback for usage chunk in Completions API streaming

  The final usage chunk in _streamResponseChunks was only yielded via the async generator but did not call runManager.handleLLMNewToken(). This meant callback-based consumers (e.g. LangGraph's StreamMessagesHandler) never received the usage_metadata chunk. Added the missing handleLLMNewToken call to match the behavior of the main streaming loop.

• Updated dependencies [10a876c, b46d96a]:

  • @​langchain/core@​1.1.28

Commits

• b5b1eec chore: version packages (#10273)
• 59aed4c chore: fix dependabot config (#10346)
• 08ee4c6 chore: reorganize community packages into libs/community/ (#10324)
• b7f63ea chore: replace claude 3 haiku with claude haiku 4.5 in tests (#10322)
• d6535ca chore(deps): patch CVE-2025-68665 — override langchain to workspace version (...
• 8740fe4 chore: update changeset (#10344)
• baedc05 fix: bump underscore to resolve CVE-2026-27601 (#10336)
• 2418c6f fix: bump tar override to >=7.5.11 to resolve CVE-2026-29786, CVE-2026-31802 ...
• c8c5840 Fix optional chaining for candidateContent in reduce (#10319)
• bb00b82 chore: bump simple-git to fix CVE-2026-28292 (#10331)
• Additional commits viewable in compare view

Updates @mixedbread/sdk from 0.50.1 to 0.50.2

Release notes

Sourced from @​mixedbread/sdk's releases.

v0.50.2

0.50.2 (2026-01-17)

Full Changelog: v0.50.1...v0.50.2

Chores

• internal: update actions/checkout version (031ec6d)
• internal: upgrade babel, qs, js-yaml (3e223cf)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website 📚 Read the docs 🙋 Reach out for help or questions

Changelog

Sourced from @​mixedbread/sdk's changelog.

0.50.2 (2026-01-17)

Full Changelog: v0.50.1...v0.50.2

Chores

• internal: update actions/checkout version (031ec6d)
• internal: upgrade babel, qs, js-yaml (3e223cf)

Commits

• 9c2b863 Merge pull request #255 from mixedbread-ai/release-please--branches--main--ch...
• f701846 release: 0.50.2
• 031ec6d chore(internal): update actions/checkout version
• 3e223cf chore(internal): upgrade babel, qs, js-yaml
• See full diff in compare view

Updates @pinecone-database/pinecone from 7.0.0 to 7.1.0

Release notes

Sourced from @​pinecone-database/pinecone's releases.

Release v7.1.0

This release adds support for creating and configuring index readCapacity for BYOC indexes.

// Create a BYOC index with dedicated read capacity
await pinecone.createIndex({
  name: 'my-byoc-index',
  dimension: 1536,
  metric: 'cosine',
  spec: {
    byoc: {
      environment: 'aws-us-east-1-b921',
      readCapacity: {
        mode: 'Dedicated',
        nodeType: 'b1',
        manual: { replicas: 1, shards: 1 },
      },
    },
  },
});

It also includes support for maxCandidates and scanFactor in the Index.query operation. This parameter is only supported for dedicated (DRN) dense indexes:

const results = await index.query({
  vector:[0.6, 0.2, 0.4, 0.7, 0.9],
  topK: 10,
  scanFactor: 2.0,
  maxCandidates: 500,
});

What's Changed

• pass git token with the create draft release with notes job by @​austin-denoble in pinecone-io/pinecone-ts-client#377
• Implement readCapacity configuration support for BYOC indexes by @​austin-denoble in pinecone-io/pinecone-ts-client#378
• Implement scan_factor and max_candidates by @​austin-denoble in pinecone-io/pinecone-ts-client#379

Full Changelog: pinecone-io/pinecone-ts-client@v7.0.0...v7.1.0

Commits

• 0f2e3c6 [skip ci] Publish release v7.1.0
• 55fb10b Implement scan_factor and max_candidates (#379)
• 1c6dd61 Implement readCapacity configuration support for BYOC indexes (#378)
• 576fe90 pass git token with the create draft release with notes job (#377)
• See full diff in compare view

Updates @sentry/nextjs from 10.38.0 to 10.43.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.43.0

Important Changes

• feat(nextjs): Add Turbopack support for React component name annotation (#19604)

  We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance monitoring — previously only available with webpack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@sentry/nextjs';
  export default withSentryConfig(nextConfig, {
  _experimental: {
  turbopackReactComponentAnnotation: {
  enabled: true,
  ignoredComponents: ['Header', 'Footer'], // optional
  },
  },
  });

• feat(hono): Instrument middlewares app.use() (#19611)

  Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

• feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
• feat(hono): Use parametrized names for errors (#19577)
• fix(browser): Fix missing traces for user feedback (#19660)
• fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
• fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
• fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
• fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
• fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
• fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
• fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
• fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
• fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
• fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
• fix(vercel-ai): Prevent tool call span map memory leak (#19328)
• feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.43.0

Important Changes

• feat(nextjs): Add Turbopack support for React component name annotation (#19604)

  We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance monitoring — previously only available with webpack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@sentry/nextjs';
  export default withSentryConfig(nextConfig, {
  _experimental: {
  turbopackReactComponentAnnotation: {
  enabled: true,
  ignoredComponents: ['Header', 'Footer'], // optional
  },
  },
  });

• feat(hono): Instrument middlewares app.use() (#19611)

  Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

• feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
• feat(hono): Use parametrized names for errors (#19577)
• fix(browser): Fix missing traces for user feedback (#19660)
• fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
• fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
• fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
• fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
• fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
• fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
• fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
• fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
• fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
• fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
• fix(vercel-ai): Prevent tool call span map memory leak (#19328)
• feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)

... (truncated)

Commits

• 3fb8102 release: 10.43.0
• 8706e4e Merge pull request #19716 from getsentry/prepare-release/10.43.0
• 61d7a84 meta(changelog): Update changelog for 10.43.0
• f83f288 test(angular): Fix failing canary test (#19639)
• 2b3ce34 fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
• 98be6b0 chore(skills): Add bump-size-limit skill (#19715)
• cdee7a9 chore(sourcemaps): Make sourcemaps e2e test more generic (#19678)
• b26df86 feat(node-core,node): Add tracePropagation option to http and fetch integrati...
• 7b69774 chore(ci): Allow triage action to run on issues from external users (#19701)
• 5651be2 fix(browser): Fix missing traces for user feedback (#19660)
• Additional commits viewable in compare view

Updates @tavily/core from 0.7.1 to 0.7.2

Commits

• See full diff in compare view

Updates @vercel/analytics from 1.6.1 to 2.0.1

Release notes

Sourced from @​vercel/analytics's releases.

v2.0.1

What's Changed

• fix(nuxt): set nuxt as optional dependency by @​CHC383 in vercel/analytics#193

New Contributors

• @​CHC383 made their first contribution in vercel/analytics#193

Full Changelog: vercel/analytics@v2.0.0...v2.0.1

v2.0.0

What's Changed

Breaking Changes

• License changed from MPL-2.0 to MIT (#170)
• Nuxt: introduce module support. If you need to configure it, load injectAnalytics() from @vercel/analytics/nuxt/runtime (#183)

Features

• feat: load dynamic configuration (#184) — analytics config can now be loaded dynamically

Bug Fixes

• fix: src and endpoint paths do not work when relative (#186)

Full Changelog: vercel/speed-insights@1.6.1...2.0.0

v2.0.0-canary.1

Canary release for testing 2.0.0 changes

Commits

• 0d69416 chore: bump version to v2.0.1 (#195)
• c7f3c37 fix(nuxt): set nuxt as optional dependency (#193)
• c3e3805 chore: bump version to v2.0.0
• 425a797 chore: bump version to v2.0.0-canary.1
• 22888e3 fix: src and endpoint paths do not work when relative (#186)
• 3879f57 feat: load dynamic configuration (#184)
• 95f8914 feat(nuxt)!: Add support for injectAnalytics() and Nuxt module (#183)
• e407489 feat!: change license to MIT (#170)
• See full diff in compare view

Updates autoprefixer from 10.4.24 to 10.4.27

Release notes

Sourced from autoprefixer's releases.

10.4.27

• Removed development key from package.json.

10.4.26

• Reduced package size.

10.4.25

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

Changelog

Sourced from autoprefixer's changelog.

10.4.27

• Removed development key from package.json.

10.4.26

• Reduced package size.

10.4.25

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

Commits

• 360f2d9 Release 10.4.27 version
• ab5260c Update clean-publish
• 09e9dd1 Release 10.4.26 version
• ec75540 Ignore local patches
• 59601b8 Update c8 and clean-publish
• 06ea988 Release 10.4.25 version
• 47d8a5b Update dependencies and fix Node.js 25
• 51c596e Add Node.js 25 and 24 to CI
• 5239823 Fix CSS variables in gradients (#1515) (#1544)
• See full diff in compare view

Updates express-rate-limit from 8.2.1 to 8.3.1

Release notes

Sourced from express-rate-limit's releases.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

Commits

• 47e5b29 8.3.1
• eb61179 v8.3.1 changelog
• a17377d Fix broken link for contributing guide
• 5aa3f6c fix: revert the dts-bundle-generator update
• 06dea83 ci: run test on node 20, 22, 24, 25 and drop 18 as it reached eol
• c86a27d chore: update dependencies
• 8898ffa chore: migrate biome schema and run formatter
• dd544fd docs: update changelog with backported releases
• 9c90752 ci: setup oidc connect with npm for automatatic publish
• e4477fa 8.3.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for express-rate-limit since your current version.

Updates inngest from 3.52.0 to 3.52.6

Release notes

Sourced from inngest's releases.

inngest@3.52.6

Patch Changes

• #1350 470fdb98 Thanks @​amh4r! - Fix false NESTING_STEPS error

• #1356 2e961c21 Thanks @​amh4r! - Fix checkpointing maxRuntime causing function run hang

inngest@3.52.5

Patch Changes

• #1340 335703d7 Thanks @​Linell! - fix: fallback to async flow on checkpoint error

inngest@3.52.4

Patch Changes

• #1338 4f45adb7 Thanks @​jakobevangelista! - Fix signing key propagation from serve() options to InngestApi for outgoing API calls

inngest@3.52.3

Patch...

Description has been truncated

[dependabot]

Assignees

The following users could not be added as assignees: vectorMindsAI. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.