chore(deps): bump the production-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates in the / directory:

Package	From	To
playwright	1.60.0	1.61.1
@ai-sdk/anthropic	2.0.82	2.0.83
@ai-sdk/openai	2.0.107	2.0.109
@langchain/core	1.1.48	1.2.1
@langchain/langgraph	1.3.6	1.4.5
ai	5.0.200	5.0.205
undici	6.26.0	6.27.0

Updates playwright from 1.60.0 to 1.61.1

Release notes

Sourced from playwright's releases.

v1.61.1

Bug Fixes

• #41365 [Bug]: Expect.Extend matcher with same name as default matcher in same expect instance overrides default matchers implementation to custom matcher
• #41351 [Bug]: Playwright UI mode: apiRequestContext._wrapApiCall reports unexpected number of bytes (same test passes in headed mode)
• #41360 [Bug]: Trace viewer: message times in websockets are downscaled by 1000
• #41311 [Bug]: [Regression]: Sync loader throws "context.conditions?.includes is not a function" on Node 22.15
• #41371 [Regression]: Sync ESM loader (registerHooks) fails to resolve extensionless .ts subpath imports across pnpm workspace symlinks

v1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();
// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
id: credentialId,
userHandle,
privateKey,
publicKey,
});
await context.credentials.install();
const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

• apiResponse.securityDetails() and apiResponse.serverAddr() mirror the browser-side response.securityDetails() and response.serverAddr().

Browser and Screencast

... (truncated)

Commits

• 39e3553 cherry-pick(#41399): fix(test): load require-reached files as commonjs in syn...
• 4328122 chore: mark v1.61.1 (#41404)
• 2c29a94 fix(tracing): stop recording websocket frames outside of chunks (#41398)
• 4324b19 cherry-pick(#41367): fix(test): keep builtin expect matchers on base extend
• 041e7e3 cherry-pick(#41364): fix(har): WebSocket message timestamps should be in mi...
• b8a0fc3 cherry-pick(#41309, #43149): Revert "fix(firefox): treat `navigationCommitted...
• b5a3175 cherry-pick(#41319): fix(loader): support other node versions
• d4724a9 cherry-pick(#41290): feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image
• 1cc5a90 cherry-pick(#41295): chore: PLAYWRIGHT_TRACING_NO_WEBSOCKET_FRAMES and PLAYWR...
• a6772bd cherry-pick(#41280): Revert "fix(trace-viewer): add keyboard navigation to `N...
• Additional commits viewable in compare view

Updates @ai-sdk/anthropic from 2.0.82 to 2.0.83

Changelog

Sourced from @​ai-sdk/anthropic's changelog.

2.0.83

Patch Changes

• Updated dependencies [9169261]
  • @​ai-sdk/provider-utils@​3.0.27

Commits

• d5f3aab Version Packages (#16158)
• See full diff in compare view

Updates @ai-sdk/openai from 2.0.107 to 2.0.109

Changelog

Sourced from @​ai-sdk/openai's changelog.

2.0.109

Patch Changes

• f8e6a5c: feat(openai): add orchestration token usage details to Responses API usage

2.0.108

Patch Changes

• Updated dependencies [9169261]
  • @​ai-sdk/provider-utils@​3.0.27

Commits

• 94e191f Version Packages (#16303)
• f8e6a5c Backport: feat(openai): add orchestration token usage details to Responses AP...
• d5f3aab Version Packages (#16158)
• See full diff in compare view

Updates @langchain/core from 1.1.48 to 1.2.1

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.2.1

Patch Changes

• #10674 f017708 Thanks @​christian-bromann! - fix: classify provider 429s before retrying

• #11092 7918bbd Thanks @​aolsenjazz! - fix(core): only treat arrays of content blocks as ToolMessage content

  Fix tool outputs that are arrays of plain objects being forwarded as malformed message content. An array is now only treated as message content blocks when every element is an object with a type; otherwise it is JSON-stringified.

@​langchain/core@​1.2.0

Minor Changes

• #10924 2e28115 Thanks @​christian-bromann! - feat(core): add OpenAI-compatible stream event conversion

Patch Changes

• #11047 ac0f71d Thanks @​christian-bromann! - fix(core): preserve AIMessage content blocks

  Keep existing v1 contentBlocks when constructing AIMessage instances so serialized messages do not lose block content during deserialization.

Commits

• 1ee0df0 chore: version packages (#11097)
• f017708 fix(core): better 429 error handling (#10674)
• 05936ab fix(openai): omit empty reasoning item id in Responses API input (#11045)
• 798cb70 fix(openai): route standard url file blocks to native input_file in Responses...
• 80c790b fix(openai): stream built-in tool progress events (#11090)
• d2e6afc fix(groq): require @​langchain/core >= 1.1.30 in peer dependency (#11072)
• c66870e feat(weaviate): add X-Weaviate-Client-Integration telemetry header (#11088)
• baa57ba fix(anthropic): omit default disabled thinking from requests (#11073)
• 04edb8d docs(ibm): fix "Recieved" typo in tool_choice error message (#11066)
• 2b7f368 chore(deps): bump uuid from 14.0.0 to 14.0.1 (#11094)
• Additional commits viewable in compare view

Updates @langchain/langgraph from 1.3.6 to 1.4.5

Release notes

Sourced from @​langchain/langgraph's releases.

@​langchain/langgraph@​1.4.5

Patch Changes

• #2557 b1e856d Thanks @​christian-bromann! - fix(sdk): apply state update and goto alongside interrupt resume

  respond(decision, { update, goto }) now maps to LangGraph's Command(resume, update, goto), so a human-in-the-loop UI can commit a state update (e.g. push the interrupt card into state) in the same superstep as the resume — one checkpoint, no separate updateState write, no flicker. @langchain/langgraph-api forwards update/goto through input.respond, and @langchain/core message instances in update are serialized to dicts before transport, exactly like submit(). Bumps @langchain/protocol to ^0.0.18 for the Goto type.

  respond/respondAll also apply update optimistically (mirroring submit()): the pushed messages paint immediately, with stable ids minted so the resumed run's echo reconciles them in place. Without this the interrupt is cleared the instant respond() dispatches while the pushed card only reappears a server round-trip later — so the card would flicker in that gap. The optimistic state settles on the resumed run's terminal (pending → sent, or rolled back on a failure before any echo).

  User-initiated optimistic writes (submit() / respond() / respondAll()) now commit to the store synchronously, in the same tick as the triggering event, instead of being coalesced onto the next macrotask. This lets a framework render the pushed message in the same commit as any local UI state the caller flips alongside it (e.g. a HITL form swapping its inputs for the resolved card), so the card no longer blinks out for the one-macrotask window before the flush lands. High-frequency streaming writes keep their macrotask coalescing.

• Updated dependencies [b1e856d]:

  • @​langchain/langgraph-sdk@​1.9.24

@​langchain/langgraph@​1.4.4

Patch Changes

• #2552 d662cbb Thanks @​christian-bromann! - fix(langgraph): isolate concurrent singleton-agent invocations by thread

  ensureLangGraphConfig ignores the ambient AsyncLocalStorage configurable on root-level invokes that supply an invoke-time thread_id and have no nesting keys (ignoring graph-bound .withConfig() defaults). On a fresh top-level run the ambient configurable can belong to another concurrent invocation, so its keys — internal scratchpad/task-input as well as user keys like tenant_id/user_id — must not leak in; values the caller wants arrive through the explicit (bound + invoke-time) configs. Ambient nesting (__pregel_read__) and bound child graphs invoked from parent tasks are unaffected. This prevents cross-invocation leakage between concurrent invoke() calls on a shared compiled graph (e.g. BullMQ workers with concurrency > 1). Complements the config-merge fix that stopped shared graph-bound metadata/configurable objects from being mutated across invocations

... (truncated)

Changelog

Sourced from @​langchain/langgraph's changelog.

1.4.5

Patch Changes

• #2557 b1e856d Thanks @​christian-bromann! - fix(sdk): apply state update and goto alongside interrupt resume

  respond(decision, { update, goto }) now maps to LangGraph's Command(resume, update, goto), so a human-in-the-loop UI can commit a state update (e.g. push the interrupt card into state) in the same superstep as the resume — one checkpoint, no separate updateState write, no flicker. @langchain/langgraph-api forwards update/goto through input.respond, and @langchain/core message instances in update are serialized to dicts before transport, exactly like submit(). Bumps @langchain/protocol to ^0.0.18 for the Goto type.

  respond/respondAll also apply update optimistically (mirroring submit()): the pushed messages paint immediately, with stable ids minted so the resumed run's echo reconciles them in place. Without this the interrupt is cleared the instant respond() dispatches while the pushed card only reappears a server round-trip later — so the card would flicker in that gap. The optimistic state settles on the resumed run's terminal (pending → sent, or rolled back on a failure before any echo).

  User-initiated optimistic writes (submit() / respond() / respondAll()) now commit to the store synchronously, in the same tick as the triggering event, instead of being coalesced onto the next macrotask. This lets a framework render the pushed message in the same commit as any local UI state the caller flips alongside it (e.g. a HITL form swapping its inputs for the resolved card), so the card no longer blinks out for the one-macrotask window before the flush lands. High-frequency streaming writes keep their macrotask coalescing.

• Updated dependencies [b1e856d]:

  • @​langchain/langgraph-sdk@​1.9.24

1.4.4

Patch Changes

• #2552 d662cbb Thanks @​christian-bromann! - fix(langgraph): isolate concurrent singleton-agent invocations by thread

  ensureLangGraphConfig ignores the ambient AsyncLocalStorage configurable on root-level invokes that supply an invoke-time thread_id and have no nesting keys (ignoring graph-bound .withConfig() defaults). On a fresh top-level run the ambient configurable can belong to another concurrent invocation, so its keys — internal scratchpad/task-input as well as user keys like tenant_id/user_id — must not leak in; values the caller wants arrive through the explicit (bound + invoke-time) configs. Ambient nesting (__pregel_read__) and bound child graphs invoked from parent tasks are unaffected. This prevents cross-invocation leakage between concurrent invoke() calls on a shared compiled graph (e.g. BullMQ workers with concurrency > 1). Complements the config-merge

... (truncated)

Commits

• 31261c3 chore: version packages (#2558)
• 5d279df chore(deps): bump langchain (#2564)
• b1e856d feat(sdk): apply state update and goto alongside interrupt resume (#2557)
• e6082e0 chore: version packages (#2554)
• d662cbb fix(langgraph): isolate concurrent singleton-agent invocations by thread (#2552)
• 1c2aa5b fix(langgraph): recognize JSON-erased Overwrite values across runtimes (#2553)
• 73ecaa0 chore: version packages (#2536)
• 4487214 fix(langgraph): replay concurrent DeltaChannel writes in live order (#2544)
• bc667a9 fix(langgraph): support DeltaChannel fields in StateSchema (#2549)
• e73bf8a test(langgraph-core): add test coverage on merging tags and metadata
• Additional commits viewable in compare view

Updates ai from 5.0.200 to 5.0.205

Release notes

Sourced from ai's releases.

ai@5.0.205

Patch Changes

• Updated dependencies [5ed46cd]
  • @​ai-sdk/gateway@​2.0.104

Changelog

Sourced from ai's changelog.

5.0.205

Patch Changes

• Updated dependencies [5ed46cd]
  • @​ai-sdk/gateway@​2.0.104

5.0.204

Patch Changes

• 9169261: fix(provider-utils): cancel response body on download rejection to prevent socket leak

  When a download was rejected early — because the Content-Length header exceeded the size limit, the response status was not ok, or a redirect resolved to a blocked URL — the fetch response body was left unconsumed and uncancelled. With WHATWG Fetch/undici this leaves the underlying TCP socket open instead of returning it to the connection pool, allowing an attacker-controlled origin to exhaust file descriptors and cause a denial of service. The body is now cancelled on all early-rejection paths in readResponseWithSizeLimit and download, and fetchWithValidatedRedirects cancels each redirect hop's body before following or rejecting the next hop.

• Updated dependencies [dd9349d]

• Updated dependencies [9169261]

  • @​ai-sdk/gateway@​2.0.103
  • @​ai-sdk/provider-utils@​3.0.27

5.0.203

Patch Changes

• Updated dependencies [49f2e26]
  • @​ai-sdk/gateway@​2.0.102

5.0.202

Patch Changes

• Updated dependencies [3a5c051]
  • @​ai-sdk/gateway@​2.0.101

5.0.201

Patch Changes

• Updated dependencies [6a1d24c]
  • @​ai-sdk/gateway@​2.0.100

Commits

• 7d8ee37 Version Packages (#16307)
• d5f3aab Version Packages (#16158)
• 9169261 Backport: fix(provider-utils): cancel response body on download rejection to ...
• 4505af3 Version Packages (#16133)
• 54020f8 Version Packages (#16109)
• 37bc216 Version Packages (#16088)
• See full diff in compare view

Updates undici from 6.26.0 to 6.27.0

Release notes

Sourced from undici's releases.

v6.27.0

⚠️ Security Release

This release line addresses 4 security advisories.

Action required: Upgrade to undici 6.27.0 or later.

npm install undici@^6.27.0

Note on patched version: the v6 fixes shipped in v6.27.0, not 6.26.0 — v6.26.0 contains only the chunked-EOF fix (#5308) and the version bump, none of the security fixes below.

The v6 line is not affected by the SOCKS5 advisories (GHSA-vmh5-mc38-953g, GHSA-hm92-r4w5-c3mj), the shared-cache disclosure (GHSA-pr7r-676h-xcf6), or the 8.x-only WebSocket regression (GHSA-38rv-x7px-6hhq).

Summary

Advisory	CVE	Severity (CVSS)	Fixed in	Fix commit
GHSA-vxpw-j846-p89q	CVE-2026-12151	High (7.5)	6.27.0	b7f252e7
GHSA-p88m-4jfj-68fv	CVE-2026-9679	Moderate (5.9)	6.27.0	25efa447
GHSA-g8m3-5g58-fq7m	CVE-2026-11525	Low (3.7)	6.27.0	25efa447
GHSA-35p6-xmwp-9g52	CVE-2026-6733	Low (3.7)	6.27.0	f4c31d60

---

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770 Fix: b7f252e7 Backport WebSocket maxPayloadSize fixes (#5423, backported to v6 in #5428)

A malicious WebSocket server can stream a large number of small or empty continuation frames. Undici enforced a limit on cumulative payload size but did not limit the number of fragments per message, leading to unbounded memory growth and denial of service. All releases from 6.17.0 onward are affected.

• Affected: applications using new WebSocket(...) or WebSocketStream against untrusted endpoints.
• Workaround: none — upgrade is required.

---

Moderate severity

HTTP header injection via Set-Cookie percent-decoding — CVE-2026-9679

... (truncated)

Commits

• 551138c Bumped v6.27.0 (#5431)
• b7f252e Backport WebSocket maxPayloadSize fixes to v7.x (#5423) (#5428)
• 25efa44 fix(cookies): preserve values and parse SameSite strictly
• f4c31d6 fix: guard idle socket validation to skip fresh sockets (#5400)
• See full diff in compare view