chore(deps): bump the npm-production group across 1 directory with 5 updates

[dependabot]

Bumps the npm-production group with 5 updates in the / directory:

Package	From	To
@anthropic-ai/claude-agent-sdk	0.2.118	0.3.193
ajv	8.18.0	8.20.0
dotenv	17.3.1	17.4.2
react	19.2.4	19.2.7
smol-toml	1.6.1	1.7.0

Updates @anthropic-ai/claude-agent-sdk from 0.2.118 to 0.3.193

Release notes

Sourced from @​anthropic-ai/claude-agent-sdk's releases.

v0.3.193

What's changed

• Added promptSuggestions option to Browser SDK query() to opt the remote CLI into emitting follow-up suggestions
• Fixed brief console window flashes on Windows when spawning CLI subprocesses

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.193
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.193
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.193
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.193

v0.3.191

What's changed

• Added old_source field to NotebookEdit tool results for replace and delete operations, enabling inline diffs
• Added seven_day_overage_included to SDKRateLimitInfo.rateLimitType for per-model weekly usage limits
• Added model_scoped array to usage response for per-model weekly limit windows with utilization and reset times
• Fixed fast mode reverting to standard after the first turn when settingSources includes user/project settings

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.191
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.191
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.191
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.191

v0.3.190

What's changed

• Updated to parity with Claude Code v2.1.190

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.190
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.190
# or
</tr></table> 

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-agent-sdk's changelog.

0.3.193

• Added promptSuggestions option to Browser SDK query() to opt the remote CLI into emitting follow-up suggestions
• Fixed brief console window flashes on Windows when spawning CLI subprocesses

0.3.192

• Updated to parity with Claude Code v2.1.192

0.3.191

• Added old_source field to NotebookEdit tool results for replace and delete operations, enabling inline diffs
• Added seven_day_overage_included to SDKRateLimitInfo.rateLimitType for per-model weekly usage limits
• Added model_scoped array to usage response for per-model weekly limit windows with utilization and reset times
• Fixed fast mode reverting to standard after the first turn when settingSources includes user/project settings

0.3.190

• Updated to parity with Claude Code v2.1.190

0.3.188

• Updated to parity with Claude Code v2.1.188

0.3.187

• Added sandbox.credentials to SDK settings types for configuring credential file and environment variable denial in sandboxed commands

0.3.186

• Added agent_id field to can_use_tool control requests — background agents now forward permission prompts to canUseTool instead of auto-denying, and stdin stays open while background tasks are running
• Added ReadMcpResourceDirTool tool type to SDK schemas — MCP resource directory listing is now a dedicated tool instead of a fallback inside ReadMcpResourceTool
• Added rewind_conversation control request for rewinding a conversation to a previous point with durable resume anchor support

0.3.185

• Updated to parity with Claude Code v2.1.185

0.3.184

• Updated to parity with Claude Code v2.1.184

0.3.183

• Updated to parity with Claude Code v2.1.183

0.3.182

• Updated to parity with Claude Code v2.1.182

... (truncated)

Commits

• 761e2be chore: Update CHANGELOG.md
• 7eef35d chore: Update CHANGELOG.md
• b9c030b chore: Update CHANGELOG.md
• 4279d96 chore: Update CHANGELOG.md
• 42f6772 chore: Update CHANGELOG.md
• 810e709 chore: Update CHANGELOG.md
• fc84d93 chore: Update CHANGELOG.md
• 4d3840c chore: Update CHANGELOG.md
• 32753ee chore: Update CHANGELOG.md
• 38722be chore: Update CHANGELOG.md
• Additional commits viewable in compare view

Updates ajv from 8.18.0 to 8.20.0

Release notes

Sourced from ajv's releases.

v8.20.0

What's Changed

• fix: add support for node 22/24, drop node 16/21 by @​jasoniangreen in ajv-validator/ajv#2580
• fix: add ES2022.RegExp for RegExpIndicesArray by @​SignpostMarv in ajv-validator/ajv#2604

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

v8.19.0

What's Changed

• fix prototype pollution via format keyword using $data ref by @​epoberezkin in ajv-validator/ajv#2607

Full Changelog: ajv-validator/ajv@v8.18.0...v8.19.0

Commits

• 0fba0b8 8.20.0
• 9caf8d6 fix: add ES2022.RegExp for RegExpIndicesArray; fixes ajv-validator/ajv#2603 (...
• 2065350 fix: add support for node 22/24, drop node 16/21 (#2580)
• 154b58d 8.19.0
• e8d2bdc test/fix prototype pollution via $data ref with format keyword (#2607)
• See full diff in compare view

Updates dotenv from 17.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates smol-toml from 1.6.1 to 1.7.0

Release notes

Sourced from smol-toml's releases.

v1.7.0

This version slightly changes the behaviour of stringify: integers beyond the safe range are always emitted as float numbers.

String decode logic has been rewritten, it is a bit faster now and uses a single-pass approach instead of a dual-pass approach as it did previously. The code should be a bit smaller too, though I didn't actually measure that.

The package is now published with source-maps, declaration-maps, and a copy of the original TypeScript source files. This will improve your DX if you're like me and like Ctrl+Click'ing things a lot. ;)

What's Changed

• improve performance of the string decode logic by @​cyyynthia
• fix(stringify): emit integer-valued numbers beyond the safe-integer range as floats by @​spokodev in squirrelchat/smol-toml#56
• publish source-maps, declaration-maps, and original source files by @​cyyynthia
• miscellaneous repository maintenance tasks by @​cyyynthia

New Contributors

• @​spokodev made their first contribution in squirrelchat/smol-toml#56

Full Changelog: squirrelchat/smol-toml@v1.6.1...v1.7.0

Commits

• a62f06f revert: keep using vite 7
• 89aa9a3 chore: remove prepare script
• 17c7974 chore: make devEngine more lax w/ node version
• e5280a3 ci: checkout repo first
• 241c256 chore: version bump
• 0bfe7f4 chore: build cjs with rolldown instead of esbuild
• e0620ab chore: fmt
• 96114cb test: add tests for large integers
• f4537b6 fix: handle missed edge-cases in string parse
• 7b39aed chore: include source files in published package
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions