chore(deps): bump the production-deps group across 1 directory with 22 updates

[dependabot]

Bumps the production-deps group with 22 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.75.0	0.79.0
@biomejs/biome	1.9.4	2.4.7
@changesets/changelog-github	0.5.2	0.6.0
@changesets/cli	2.29.8	2.30.0
lint-staged	16.2.7	16.4.0
openai	6.22.0	6.31.0
turbo	2.8.3	2.8.17
viem	2.45.1	2.47.4
@inquirer/prompts	8.2.1	8.3.2
@modelcontextprotocol/sdk	1.26.0	1.27.1
@noble/hashes	1.8.0	2.0.1
@x402/core	2.3.1	2.7.0
@x402/evm	2.3.1	2.7.0
commander	12.1.0	14.0.3
ora	8.2.0	9.3.0
zod	3.25.76	4.3.6
@anthropic-ai/claude-agent-sdk	0.1.77	0.2.77
@langchain/core	0.3.80	1.1.33
@langchain/openai	0.5.18	1.3.0
express	4.22.1	5.2.1
@ai-sdk/openai	1.3.24	3.0.41
ai	4.3.19	6.0.116

Updates @anthropic-ai/sdk from 0.75.0 to 0.79.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.79.0

0.79.0 (2026-03-16)

Full Changelog: sdk-v0.78.0...sdk-v0.79.0

Features

• add support for filesystem memory tools (#599) (1064199)
• api: chore(config): clean up model enum list (#31) (07727a6)
• api: GA thinking-display-setting (4dc8df4)
• tests: update mock server (e5c3be9)

Bug Fixes

• docs/contributing: correct pnpm link command (16bf66c)
• internal: skip tests that depend on mock server (07417e5)
• zod: use v4 import path for Zod ^3.25 compatibility (#925) (c6c0ac8)

Chores

• client: remove unused import (3827ab5)
• internal: codegen related update (2c1fc10)
• internal: improve import alias names (5b9615b)
• internal: move stringifyQuery implementation to internal function (16239f3)
• internal: update dependencies to address dependabot vulnerabilities (6fdea5e)
• mcp-server: improve instructions (66e5363)
• remove accidentally committed file (#929) (0989113)
• tests: unskip tests that are now supported in steady (616a98a)

Documentation

• streamline and standardize docs (#687) (dbdc5d3)

sdk: v0.78.0

0.78.0 (2026-02-19)

Full Changelog: sdk-v0.77.0...sdk-v0.78.0

Features

• api: Add top-level cache control (automatic caching) (1e2f83d)

Bug Fixes

• bedrock: eliminate race condition in AWS credential resolution (#901) (e5a101d)
• client: format batches test file (821e9bf)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.79.0 (2026-03-16)

Full Changelog: sdk-v0.78.0...sdk-v0.79.0

Features

• add support for filesystem memory tools (#599) (1064199)
• api: chore(config): clean up model enum list (#31) (07727a6)
• api: GA thinking-display-setting (4dc8df4)
• tests: update mock server (e5c3be9)

Bug Fixes

• docs/contributing: correct pnpm link command (16bf66c)
• internal: skip tests that depend on mock server (07417e5)
• zod: use v4 import path for Zod ^3.25 compatibility (#925) (c6c0ac8)

Chores

• client: remove unused import (3827ab5)
• internal: codegen related update (2c1fc10)
• internal: improve import alias names (5b9615b)
• internal: move stringifyQuery implementation to internal function (16239f3)
• internal: update dependencies to address dependabot vulnerabilities (6fdea5e)
• mcp-server: improve instructions (66e5363)
• remove accidentally committed file (#929) (0989113)
• tests: unskip tests that are now supported in steady (616a98a)

Documentation

• streamline and standardize docs (#687) (dbdc5d3)

0.78.0 (2026-02-19)

Full Changelog: sdk-v0.77.0...sdk-v0.78.0

Features

• api: Add top-level cache control (automatic caching) (1e2f83d)

Bug Fixes

• bedrock: eliminate race condition in AWS credential resolution (#901) (e5a101d)
• client: format batches test file (821e9bf)
• tests: fix issue in batches test (5f4ccf8)

... (truncated)

Commits

• af66c80 chore: release main (#921)
• fdaa72b chore: release main (#917)
• e34f3a2 release: 0.77.0 (#916)
• 1d2868f chore: release main (#915)
• See full diff in compare view

Updates @biomejs/biome from 1.9.4 to 2.4.7

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.7

2.4.7

Patch Changes

• #9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

  For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

  a {
    accent-color: bar;
  }

• #9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

  // Invalid
  import { foo } from "foo";
  const bar = 1;
  import { baz } from "baz"; // ← flagged
  // Valid
  import { foo } from "foo";
  import { baz } from "baz";
  const bar = 1;

• #9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

• #9435 6c5a8f2 Thanks @​siketyan! - Fixed #9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

• #9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

• #9420 a1c46af Thanks @​ematipico! - Fixed #9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

• #9416 f2581b8 Thanks @​ematipico! - Fixed #9131, #9112, #9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

• #9344 cb4d7d7 Thanks @​ematipico! - Fixed #6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

• #9360 bc5dd99 Thanks @​ematipico! - Fixed #7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

• #9371 29cac17 Thanks @​ematipico! - Fixed #5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

• #9043 61e2a02 Thanks @​dyc3! - Fixed #8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.7

Patch Changes

• #9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

  For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

  a {
    accent-color: bar;
  }

• #9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

  // Invalid
  import { foo } from "foo";
  const bar = 1;
  import { baz } from "baz"; // ← flagged
  // Valid
  import { foo } from "foo";
  import { baz } from "baz";
  const bar = 1;

• #9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

• #9435 6c5a8f2 Thanks @​siketyan! - Fixed #9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

• #9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

• #9420 a1c46af Thanks @​ematipico! - Fixed #9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

• #9416 f2581b8 Thanks @​ematipico! - Fixed #9131, #9112, #9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

• #9344 cb4d7d7 Thanks @​ematipico! - Fixed #6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

• #9360 bc5dd99 Thanks @​ematipico! - Fixed #7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

• #9371 29cac17 Thanks @​ematipico! - Fixed #5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

• #9043 61e2a02 Thanks @​dyc3! - Fixed #8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

• #9354 930c858 Thanks @​denbezrukov! - Improved CSS parser recovery for invalid unicode-range values that mix wildcard ranges with range intervals. For example, Biome now reports clearer diagnostics for invalid syntax like:

... (truncated)

Commits

• 1f30838 ci: release (#9346)
• 3ac98eb feat(css/lint): useBaseline (#9318)
• 2de8362 feat(lint): add nursery rule useImportsFirst (#9272)
• 776cb64 feat(json_analyze): implement noEmptyObjectKeys (#9365)
• dda9b3d chore: update rule count in readme (#9374)
• 722f0da feat(json_analyze): implement noTopLevelLiterals (#9367)
• cabc56c ci: release (#9301)
• 3bc07ab ci: release (#9188)
• 6b01778 feat(linter): add useUnicodeRegex rule (#8773)
• e43e730 feat(lint/html): add useVueScopedStyles (#9185)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates @changesets/changelog-github from 0.5.2 to 0.6.0

Release notes

Sourced from @​changesets/changelog-github's releases.

@​changesets/changelog-github@​0.6.0

Minor Changes

• #1850 fd0bc2e Thanks @​mixelburg! - Linkify issue references in changelog entries.

Patch Changes

• #1810 27fd8f4 Thanks @​hirasso! - Replace deprecated String.prototype.trimRight with String.prototype.trimEnd

• Updated dependencies [d4b8ad8, e462d89]:

  • @​changesets/get-github-info@​0.8.0

Commits

• 3ab4d89 Version Packages (#1817)
• 1772598 Fix changelog entry insertion when no package title is present in the `CHANGE...
• 6df3a5e Allow versioned private packages to depend on skipped packages without requir...
• 2a73025 Fix confusing 'Question-2' prompt label when using external editor (#1857)
• 667fe5a Support ESM for custom changelog and commit options (#1774)
• e462d89 Add scopes automatically in the GitHub new token link in the printed error me...
• 503fcaa Support absolute paths in status output flag (#1776)
• d4b8ad8 Improve error messages when fetching from GitHub api (#1781)
• ece0376 Improve baseBranch docs (#1778)
• 0e8e01e Allow Changesets to be executed from non-root directories (#1806)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​changesets/changelog-github since your current version.

Updates @changesets/cli from 2.29.8 to 2.30.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.30.0

Minor Changes

• #1840 057cca2 Thanks @​wotan-allfather! - Add --since flag to add command

  The add command now supports a --since flag that allows you to specify which branch, tag, or git ref to use when detecting changed packages. This is useful for gitflow workflows where you have multiple target branches and the baseBranch config option doesn't cover all use cases.

  Example: changeset add --since=develop

  If not provided, the command falls back to the baseBranch value in your .changeset/config.json.

• #1845 2b4a66a Thanks @​Andarist! - Delegate OTP prompting to the package manager instead of handling it in-process. This allows Changesets to use the package manager's native web auth support.

• #1774 667fe5a Thanks @​bluwy! - Support importing custom commit option ES module. Previously, it used require() which only worked for CJS modules, however now it uses import() which supports both CJS and ES modules.

• #1839 73b1809 Thanks @​leochiu-a! - Add a --message (-m) flag to changeset add (and default changeset) so the changeset summary can be provided from the command line. When --message is present, the summary prompt is skipped while the final confirmation step is kept.

• #1806 0e8e01e Thanks @​luisadame! - Changeset CLI can now be run from the nested directories in the project, where the .changeset directory has to be found in one of the parent directories

Patch Changes

• #1849 9dc3230 Thanks @​Andarist! - Compute the terminal's size lazily to avoid spurious stderr output in non-interactive mode

• #1857 2a73025 Thanks @​mixelburg! - Fix confusing prompt labels when entering changeset summary after external editor fallback

• #1842 6df3a5e Thanks @​RodrigoHamuy! - Allow private packages to depend on skipped packages without requiring them to also be skipped. Private packages are not published to npm, so it is safe for them to have dependencies on ignored or unversioned packages.

• #1776 503fcaa Thanks @​bluwy! - Support absolute paths in changeset status --output <path>

• Updated dependencies [667fe5a, 1772598, b6f4c74, 6df3a5e, 6df3a5e, 27fd8f4]:

  • @​changesets/apply-release-plan@​7.1.0
  • @​changesets/config@​3.1.3
  • @​changesets/get-release-plan@​4.0.15
  • @​changesets/read@​0.6.7

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​changesets/cli since your current version.

Updates lint-staged from 16.2.7 to 16.4.0

Release notes

Sourced from lint-staged's releases.

v16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

v16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Changelog

Sourced from lint-staged's changelog.

16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Commits

• 445f9dd chore(changeset): release
• d91be60 docs: update readme to use picomatch
• b392a9f refactor: extract matchFiles and add unit tests
• 687fc90 refactor: replace micromatch with picomatch
• 26dadf9 chore(changeset): release
• 9d6e827 build(deps): update dependencies
• 8aea986 chore(changeset): release
• 0109e8d fix: strip Git CRLF warning from output
• dfd6a7a chore(changeset): release
• 2adaf6c fix(Windows): do not spawn tasks as detached since it opens a cmd window on ...
• Additional commits viewable in compare view

Updates openai from 6.22.0 to 6.31.0

Release notes

Sourced from openai's releases.

v6.31.0

6.31.0 (2026-03-16)

Full Changelog: v6.30.1...v6.31.0

Features

• api: add in/nin filter types to ComparisonFilter (b2eda27)

v6.30.1

6.30.1 (2026-03-16)

Full Changelog: v6.30.0...v6.30.1

Chores

• internal: tweak CI branches (25f5d74)

v6.30.0

6.30.0 (2026-03-16)

Full Changelog: v6.29.0...v6.30.0

Features

• api: add /v1/videos endpoint option to batches (271d879)
• api: add defer_loading field to NamespaceTool (7cc8f0a)

Bug Fixes

• api: oidc publishing for npm (fa50066)

v6.29.0

6.29.0 (2026-03-13)

Full Changelog: v6.28.0...v6.29.0

Features

• api: custom voices (a11307a)

v6.28.0

6.28.0 (2026-03-13)

Full Changelog: v6.27.0...v6.28.0

Features

• api: manual updates (d543959)

... (truncated)

Changelog

Sourced from openai's changelog.

6.31.0 (2026-03-16)

Full Changelog: v6.30.1...v6.31.0

Features

• api: add in/nin filter types to ComparisonFilter (b2eda27)

6.30.1 (2026-03-16)

Full Changelog: v6.30.0...v6.30.1

Chores

• internal: tweak CI branches (25f5d74)

6.30.0 (2026-03-16)

Full Changelog: v6.29.0...v6.30.0

Features

• api: add /v1/videos endpoint option to batches (271d879)
• api: add defer_loading field to NamespaceTool (7cc8f0a)

Bug Fixes

• api: oidc publishing for npm (fa50066)

6.29.0 (2026-03-13)

Full Changelog: v6.28.0...v6.29.0

Features

• api: custom voices (a11307a)

6.28.0 (2026-03-13)

Full Changelog: v6.27.0...v6.28.0

Features

• api: manual updates (d543959)
• api: manual updates (4f87840)
• api: sora api improvements: character api, video extensions/edits, higher resolution exports. (262dac2)

Bug Fixes

... (truncated)

Commits

• c1c713e release: 6.31.0
• 96166da feat(api): add in/nin filter types to ComparisonFilter
• 00ef21d ignore the oidc dir
• f3c92c7 release: 6.30.1
• 6359334 chore(internal): tweak CI branches
• ce33e4c codegen metadata
• 3d195aa release: 6.30.0
• ba14ec8 fix(api): oidc publishing for npm
• 577a54c feat(api): add defer_loading field to NamespaceTool
• 6de3617 feat(api): add /v1/videos endpoint option to batches
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openai since your current version.

Updates turbo from 2.8.3 to 2.8.17

Release notes

Sourced from turbo's releases.

Turborepo v2.8.17

What's Changed

create-turbo

• fix: Improve create-turbo connectivity check and offline error messages by @​anthonyshew in vercel/turborepo#12257
• feat: Add affectedUsingTaskInputs future flag for task-level --affected detection by @​anthonyshew in vercel/turborepo#12247
• fix: Replace dns.lookup with https.get for create-turbo online check by @​anthonyshew in vercel/turborepo#12277
• fix: Remove redundant online check from create-turbo by @​anthonyshew in vercel/turborepo#12281

Examples

• fix: Match vite and @vitejs/plugin-react versions on example by @​GabrielBB in vercel/turborepo#12193

Changelog

• fix: Resolve root-level tasks not executing with //# CLI syntax by @​anthonyshew in vercel/turborepo#12242
• fix: Prevent run summary SendError panic on shutdown by @​anthonyshew in vercel/turborepo#12244
• fix: Deflake watch_rapid_edits_produce_single_rebuild test by @​anthonyshew in vercel/turborepo#12245
• fix: Use FilterMode enum for root task scoping with exclude-only filters by @​Jaredw2289-svg in vercel/turborepo#12212
• fix: Resolve package-name-shaped tsconfig path aliases by @​sleitor in vercel/turborepo#11998
• fix: Use BTreeMap for deterministic lockfile dependency ordering by @​anthonyshew in vercel/turborepo#12254
• fix: Cap rayon thread pool and block_in_place in tokio to prevent deadlock potential by @​anthonyshew in