chore(deps): bump the production-dependencies group across 1 directory with 22 updates

[dependabot]

Bumps the production-dependencies group with 22 updates in the / directory:

Package	From	To
@langchain/community	1.1.27	1.1.28
@langchain/core	1.1.41	1.1.46
@langchain/openai	1.4.4	1.4.5
@mixedbread/sdk	0.62.0	0.68.0
@sentry/nextjs	10.50.0	10.53.1
@tavily/core	0.7.2	0.7.3
date-fns	4.1.0	4.2.1
express-rate-limit	8.4.1	8.5.2
inngest	4.2.4	4.4.0
langchain	1.3.4	1.4.0
lucide-react	1.11.0	1.16.0
mongoose	9.5.0	9.6.2
next	16.2.4	16.2.6
npm	11.13.0	11.14.1
posthog-js	1.372.1	1.374.0
react	19.2.5	19.2.6
react-day-picker	9.14.0	10.0.1
react-dom	19.2.5	19.2.6
react-hook-form	7.74.0	7.76.0
react-resizable-panels	4.10.0	4.11.1
tailwind-merge	3.5.0	3.6.0
zod	4.3.6	4.4.3

Updates @langchain/community from 1.1.27 to 1.1.28

Release notes

Sourced from @​langchain/community's releases.

@​langchain/community@​1.1.28

Patch Changes

• #44 f9a922e Thanks @​dependabot! - chore(deps): bump fast-xml-parser from 5.5.9 to 5.7.0

• #30 9cd006c Thanks @​christian-bromann! - fix(pdf-loader): support both pdf-parse v1 and v2

• #36 1e2e4bf Thanks @​hntrl! - Fix Milvus collection loading before delete operations (#9749) and partition name handling in search/delete (#9748)

  • Added loadCollectionSync() call in the delete() method to ensure collection is loaded before delete operations
  • Added partition_names parameter to search() call in similaritySearchVectorWithScore()
  • Added partition_name parameter to both deleteEntities() and delete() calls
  • Updated error message in delete method from "before search" to "before deletion"

• #41 5bd4246 Thanks @​RaschidJFR! - Expose basePath option in VoyageEmbeddings class

• #43 b835751 Thanks @​jkennedyvz! - chore(deps): bump transitive dependencies to patch 6 security alerts

  Updates pnpm overrides to resolve critical and high severity Dependabot alerts in transitive dependencies reached via optional peerDependencies and dev tooling:

  • protobufjs ^7.2.5 -> ^7.5.5 (CVE-2026-41242)
  • basic-ftp >=5.2.0 -> ^5.3.0 (CVE-2026-39983, GHSA-rp42-5vxx-qpwr, GHSA-6v7q-wjvx-w8wg)
  • vite new override ^7.3.2 (CVE-2026-39363, CVE-2026-39364, plus CVE-2026-39365 as a side effect)

  No workspace package has these as direct dependencies; overrides affect the monorepo lockfile only and do not change published package contents.

• #42 3657e90 Thanks @​RaschidJFR! - surface Voyage AI API errors in VoyageEmbeddings

Commits

• See full diff in compare view

Updates @langchain/core from 1.1.41 to 1.1.46

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.1.46

Patch Changes

• #10847 1659e7d Thanks @​hntrl! - chore(core): reduce transitive dependency exposure and tighten release hygiene

  Remove direct runtime dependencies on ansi-styles, camelcase, and decamelize by inlining equivalent logic in core internals, and enable npm provenance in the release workflow.

• #10790 ef78bc6 Thanks @​Genmin! - fix(core): keep different content block types separate when merging chunks

Commits

• ed9925b chore: version packages (#10850)
• fb8bfbf chore(deps): bump mem0ai from 2.4.6 to 3.0.3 (#10870)
• 3481666 chore(deps-dev): bump hono from 4.12.14 to 4.12.18 (#10875)
• c9cfc7d chore(deps): bump publint from 0.3.18 to 0.3.19 (#10869)
• 4434dea chore(deps): bump @​lancedb/lancedb from 0.19.1 to 0.26.2 (#10867)
• 225bbca chore(deps): bump the gh-actions-minor-and-patch group with 3 updates (#10852)
• 2a5713d chore(deps): bump exa-js from 1.10.2 to 1.10.3 (#10851)
• 7b45456 chore(deps): bump @​cloudflare/workers-types from 4.20260501.1 to 4.20260508.1...
• c7f335a chore(deps): bump openai from 4.104.0 to 6.37.0 (#10864)
• 3978b6f chore(deps): bump @​aws-sdk/client-bedrock-agent-runtime from 3.1034.0 to 3.10...
• Additional commits viewable in compare view

Updates @langchain/openai from 1.4.4 to 1.4.5

Commits

• See full diff in compare view

Updates @mixedbread/sdk from 0.62.0 to 0.68.0

Release notes

Sourced from @​mixedbread/sdk's releases.

v0.68.0

0.68.0 (2026-05-16)

Full Changelog: v0.67.0...v0.68.0

Features

• api: api update (0181d19)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website 📚 Read the docs 🙋 Reach out for help or questions

v0.67.0

0.67.0 (2026-05-13)

Full Changelog: v0.66.0...v0.67.0

Features

• api: api update (7597ba7)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website 📚 Read the docs 🙋 Reach out for help or questions

v0.66.0

0.66.0 (2026-05-11)

Full Changelog: v0.65.0...v0.66.0

Features

... (truncated)

Changelog

Sourced from @​mixedbread/sdk's changelog.

0.68.0 (2026-05-16)

Full Changelog: v0.67.0...v0.68.0

Features

• api: api update (0181d19)

0.67.0 (2026-05-13)

Full Changelog: v0.66.0...v0.67.0

Features

• api: api update (7597ba7)

0.66.0 (2026-05-11)

Full Changelog: v0.65.0...v0.66.0

Features

• api: api update (47cb692)

0.65.0 (2026-05-08)

Full Changelog: v0.64.0...v0.65.0

Features

• api: api update (50ebe58)

Chores

• format: run eslint and prettier separately (6e4a29d)
• redact api-key headers in debug logs (8768041)

0.64.0 (2026-04-29)

Full Changelog: v0.63.0...v0.64.0

Features

• api: api update (6caf05e)

0.63.0 (2026-04-28)

Full Changelog: v0.62.0...v0.63.0

... (truncated)

Commits

• 34589a1 release: 0.68.0
• feeb0c4 feat(api): api update
• f6bd7f0 codegen metadata
• e141ed1 release: 0.67.0
• 6603685 feat(api): api update
• 9548ef6 ci: pin GitHub Actions to commit SHAs
• 6720d97 release: 0.66.0
• b1aebc6 codegen metadata
• af674d3 feat(api): api update
• dbd15c9 codegen metadata
• Additional commits viewable in compare view

Updates @sentry/nextjs from 10.50.0 to 10.53.1

Release notes

Sourced from @​sentry/nextjs's releases.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

Bundle size 📦

Path	Size
@​sentry/browser	26.22 KB
@​sentry/browser - with treeshaking flags	24.69 KB
@​sentry/browser (incl. Tracing)	43.69 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.62 KB
@​sentry/browser (incl. Tracing, Profiling)	48.56 KB
@​sentry/browser (incl. Tracing, Replay)	82.4 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.99 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.33 KB
@​sentry/browser (incl. Feedback)	43 KB
@​sentry/browser (incl. sendFeedback)	30.92 KB
@​sentry/browser (incl. FeedbackAsync)	35.91 KB
@​sentry/browser (incl. Metrics)	27.27 KB
@​sentry/browser (incl. Logs)	27.42 KB
@​sentry/browser (incl. Metrics & Logs)	28.08 KB
@​sentry/react	27.92 KB
@​sentry/react (incl. Tracing)	45.9 KB
@​sentry/vue	31.01 KB
@​sentry/vue (incl. Tracing)	45.5 KB
@​sentry/svelte	26.24 KB
CDN Bundle	28.55 KB
CDN Bundle (incl. Tracing)	46.04 KB
CDN Bundle (incl. Logs, Metrics)	29.89 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.14 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.3 KB
CDN Bundle (incl. Tracing, Replay)	82.55 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.6 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.23 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.3 KB
CDN Bundle - uncompressed	83.97 KB
CDN Bundle (incl. Tracing) - uncompressed	138.12 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.07 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.5 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.97 KB

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

10.53.0

Important Changes

• feat(core): Add streamGenAiSpans options to stream gen_ai spans (#20785)

  Adds a new streamGenAiSpans option that controls how gen_ai spans are sent to Sentry. When set, the SDK extracts all gen_ai spans out of a transaction and sends them as v2 envelope items.

  Enable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.

  Sentry.init({
    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',
    streamGenAiSpans: true,
  });

Other Changes

• feat(browser): Migrate browser profiling thread data to span attributes (#20800)
• feat(core): Add addConsoleInstrumentationFilter utility (#20790)
• feat(core): Add applicationKey to BuildTimeOptionsBase (#20789)
• feat(core): split exports by browser/server for bundle size (#20435)
• feat(nextjs): Add top-level applicationKey option (#20794)
• feat(node): Support Node 26 (#20710)
• feat(profiling-node): Bump @sentry-internal/node-cpu-profiler to 2.4.0 (#20720)
• fix(cloudflare): avoid flush lock self-wait (#20719)
• fix(hono): Capture transaction name on request for correct culprit (#20801)
• fix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (#20699)
• fix(node-core): Guard against undefined util.getSystemErrorMap (#20660)
• fix(replay): Capture aborted/errored fetch requests in replay network tab (#20722)

... (truncated)

Commits

• cd97408 release: 10.53.1
• 66cfb25 Merge pull request #20838 from getsentry/prepare-release/10.53.1
• df8fd38 meta(changelog): Update changelog for 10.53.1
• 5881009 fix(core): Include subpath type shims in published package (#20835)
• 6a7d179 fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• ad47c3c ref(hono): Consolidate route patching and add clarification comments (#20829)
• 28d6fe5 Merge pull request #20826 from getsentry/master
• 46aca45 Merge branch 'release/10.53.0'
• b5cbc9c chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...
• 05489b8 release: 10.53.0
• Additional commits viewable in compare view

Updates @tavily/core from 0.7.2 to 0.7.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by tomer-yaacoby, a new releaser for @​tavily/core since your current version.

Updates date-fns from 4.1.0 to 4.2.1

Release notes

Sourced from date-fns's releases.

v4.2.1

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Changelog

Sourced from date-fns's changelog.

v4.2.1 - 2026-05-19

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0 - 2026-05-18

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Commits

• 87635a8 Fix missing type definitions, promote to v4.2.1 (closed #4190)
• 3d4ca4b Update browserslist
• 562c485 Promote to v4.2.0
• 3709c02 Make steps into the Temporal-first future
• 07592b9 Upgrade Node.js types, upgrade TypeScript
• 09ece22 Upgrade Vitest
• c37c22e Set up Oxfmt as the default formatter
• d40bb80 Upgrade mise setup
• dd66398 Fix tz tests workflow
• ef962f8 Adjust smoke tests
• Additional commits viewable in compare view

Updates express-rate-limit from 8.4.1 to 8.5.2

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

v8.5.1

You can view the changelog here.

v8.5.0

You can view the changelog here.

Commits

• 9774693 8.5.2
• 0e94cc0 v8.5.2 changelog
• 9a583c5 feat: simplify IPv6 key generation (#633)
• 4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
• 3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
• 18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
• dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
• 486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
• 50cc3f6 8.5.1
• 92c8e3e chore: bump ip-address library to latest (#626)
• Additional commits viewable in compare view

Updates inngest from 4.2.4 to 4.4.0

Release notes

Sourced from inngest's releases.

inngest@4.4.0

Minor Changes

• #1508 4771b424 Thanks @​amh4r! - Add experimental support for deferred functions

Patch Changes

• #1512 be675a3d Thanks @​amh4r! - Fix waitForSignal not in middleware StepType union

• #1513 cbad05c3 Thanks @​jakobevangelista! - Standardize variant naming to variant instead of variant_selected

• #1516 1bca44a8 Thanks @​BrunoScheufler! - - Add Request ID & Job ID to context and logs

inngest@4.3.0

Minor Changes

• #1504 5c8f50e1 Thanks @​scottnuma! - Accept Temporal.Duration, Temporal.Instant, and Temporal.ZonedDateTime (and their *Like variants) wherever a timeout or sleep duration is taken: step.sleep(), step.waitForEvent(), step.waitForSignal(), step.invoke(), and function-level cancelOn timeouts. Durations are treated as relative waits; instants and zoned date-times as absolute deadlines.

Patch Changes

• #1480 60cda73f Thanks @​mar-inngest! - Fix Connect shutdown getting stuck when a late lease-extension ACK recreates a stale in-flight lease entry after request completion or lease loss

inngest@4.2.6

Patch Changes

• #1492 68dcd8aa Thanks @​amh4r! - Reduce response info when unauthorized

• #1490 a8027116 Thanks @​amh4r! - Authed introspection returns partial signing key hash

inngest@4.2.5

Patch Changes

• #1479 6b9769ca Thanks @​scottnuma! - Fix step.sendSignal() return type to match runtime: Promise<InngestApi.SendSignalResponse> ({ runId: string | undefined }) instead of Promise<null>

• #1483 d0a59629 Thanks @​Linell! - Fix run IDs not URL encoded in Durable Endpoints

• #1481 970ded9b Thanks @​Linell! - Improves HMAC signature verification by using a constant-time comparison, which mitigates a potential timing-based signature-recovery attack against the request signature. Also improves handling of timestamps in signatures, including malformed or future-dated values.

• #1472 9df36dee Thanks @​Linell! - Fix empty body on Vercel serverless Node handlers

• #1482 e34972d3 Thanks @​Linell! - Hash the signing key used when exporting OTel traces

Changelog

Sourced from inngest's changelog.

4.4.0

Minor Changes

• #1508 4771b424 Thanks @​amh4r! - Add experimental support for deferred functions

Patch Changes

• #1512 be675a3d Thanks @​amh4r! - Fix waitForSignal not in middleware StepType union

• #1513 cbad05c3 Thanks @​jakobevangelista! - Standardize variant naming to variant instead of variant_selected

• #1516 1bca44a8 Thanks @​BrunoScheufler! - - Add Request ID & Job ID to context and logs

4.3.0

Minor Changes

• #1504 5c8f50e1 Thanks @​scottnuma! - Accept Temporal.Duration, Temporal.Instant, and Temporal.ZonedDateTime (and their *Like variants) wherever a timeout or sleep duration is taken: step.sleep(), step.waitForEvent(), step.waitForSignal(), step.invoke(), and function-level cancelOn timeouts. Durations are treated as relative waits; instants and zoned date-times as absolute deadlines.

Patch Changes

• #1480 60cda73f Thanks @​mar-inngest! - Fix Connect shutdown getting stuck when a late lease-extension ACK recreates a stale in-flight lease entry after request completion or lease loss

4.2.6

Patch Changes

• #1492 68dcd8aa Thanks @​amh4r! - Reduce response info when unauthorized

• #1490 a8027116 Thanks @​amh4r! - Authed introspection returns partial signing key hash

4.2.5

Patch Changes

• #1479 6b9769ca Thanks @​scottnuma! - Fix step.sendSignal() return type to match runtime: Promise<InngestApi.SendSignalResponse> ({ runId: string | undefined }) instead of Promise<null>

• #1483 d0a59629 Thanks @​Linell! - Fix run IDs not URL encoded in Durable Endpoints

• #1481 970ded9b Thanks @​Linell! - Improves HMAC signature verification by using a constant-time comparison, which mitigates a potential timing-based signature-recovery attack against the request signature. Also improves handling of timestamps in signatures, including malformed or future-dated values.

• #1472 9df36dee Thanks @​Linell! - Fix empty body on Vercel serverless Node handlers

• #1482 e34972d3 Thanks @​Linell! - Hash the signing key used when exporting OTel traces

Commits

• 8bab085 Release @​latest (#1517)
• 4771b42 Add experimental support for deferred functions (#1508)
• 1bca44a Add request ID (#1516)
• cbad05c Standardize variant naming (#1513)
• be675a3 Fix waitForSignal not in middleware StepType union (#1512)
• 1f58838 Release @​latest (#1505)
• 5c8f50e EXE-1708: Support Temporal.* types for .Timeout fields (#1504)
• 60cda73 [SYS-815] Connect - Log Remaining In Flight and Remove Phantom Leases (#1480)
• e13fb37 Skip a flaky test (#1502)
• 335710e Fix test (#1498)
• Additional commits viewable in compare view

Updates langchain from 1.3.4 to 1.4.0

Commits

• b57760c chore: version packages (#10516)
• 6e2d29e tests(@​langchain/google): Lyria 3 (#10522)
• 68e0a19 fix(langchain): revert zod import in utils.ts to fix v3/v4 interop (#10545)
• 50d5f32 revert: Revert "feat(core): Add all chat model/llm invocation params to metad...
• 8331833 fix(core): normalize single-block content in mergeContent (#10528)
• 976d689 chore(deps): bump yaml from 2.8.2 to 2.8.3 (#10531)
• 39cdf81 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#10530)
• 5a7a079 chore(deps): bump yaml from 2.8.2 to 2.8.3
• 7782d84 chore(deps): bump handlebars from 4.7.8 to 4.7.9
• 3408008 fix(langchain): export createAgent and middleware from browser entry point (#...
• Additional commits viewable in compare view

Updates lucide-react from 1.11.0 to 1.16.0

Release notes

Sourced from lucide-react's releases.

Version 1.16.0

What's Changed

• feat(icons): added blender icon by @​rrod497 in lucide-icons/lucide#3884

Full Changelog: lucide-icons/lucide@1.15.0...1.16.0

Version 1.15.0

What's Changed

• fix: remove 'less' from brand stopwords by @​jguddas in lucide-icons/lucide#4331
• fix(@​lucide/vue): Clone slots before passing to icon by @​axtho in lucide-icons/lucide#4339
• fix(icons): changed text-cursor icon by @​jamiemlaw in lucide-icons/lucide#4340
• fix(icons): changed landmark icon by @​jamiemlaw in lucide-icons/lucide#4334
• chore(deps-dev): bump nitropack from 2.13.1 to 2.13.4 by @​dependabot[bot] in lucide-icons/lucide#4352
• chore(deps-dev): bump simple-git from 3.33.0 to 3.36.0 by @​dependabot[bot] in lucide-icons/lucide#4349
• fix(icons): changed candy-cane icon by @​jguddas in lucide-icons/lucide#4148
• fix(icons): changed volleyball icon by @​jamiemlaw in lucide-icons/lucide#4338
• fix(icons): changed chart-no-axes-combined icon by @​jguddas in lucide-icons/lucide#3567
• feat(icon): added broccoli icon by @​swastik7805 in lucide-icons/lucide#4263
• chore(site): Updates to site and updated carbon ads by @​ericfennis in lucide-icons/lucide#4359
• feat(icons): added sticky note variants by @​Barakudum in lucide-icons/lucide#4348
• chore(deps-dev): bump astro from 6.1.6 to 6.1.10 by @​dependabot[bot] in lucide-icons/lucide#4361

New Contributors

• @​axtho made their first contribution in lucide-icons/lucide#4339
• @​Barakudum made their first contribution in lucide-icons/lucide#4348

Full Changelog: lucide-icons/lucide@1.14.0...1.15.0

Version 1.14.0

What's Changed

• feat(icons): added repeat-off icon by @​jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

• fix(docs): sync URL params with UI state on categories page by @​taimar in lucide-icons/lucide#4111
• feat(icons): add waves-vertical icon by @​jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

• feat(icon): add folder-bookmark icon by @​swastik7805 in lucide-icons/lucide#4262
• docs(readme): Update readme files by @​ericfennis in lucide-icons/lucide#4320
• feat(icons): added astroid icon by @​whoisBugsbunny in lucide-icons/lucide#4217

... (truncated)

Commits

• 07c885e fix(docs): fix zephyr-cloud URL in readmes
• 50d8af5 docs(readme): Update readme files (#4320)
• See full diff in compare view

Updates mongoose from 9.5.0 to 9.6.2

Release notes

Sourced from mongoose's releases.

9.6.2 / 2026-05-08

• fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
• types: handle compiling with exactOptionalPropertyTypes #16277 #16273
• chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

Changelog

Sourced from mongoose's changelog.

9.6.2 / 2026-05-08

• fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
• types: handle compiling with exactOptionalPropertyTypes #16277 #16273
• chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

• types(objectid): fix _id getter helper on ObjectId #16251 noseworthy

9.6.0 / 2026-04-28

• feat: upgrade mongodb node driver to 7.2 #16245
• feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
• types(query): make QueryFilter respect string unions and enums #16242 #16240
• types: export Projector and ArrayProjectionOperators #16243 #16235

8.23.1 / 2026-04-23

• fix(model): support sort option in Model.bulkWrite() updateOne and replaceOne operations #16091 #16079
• fix(setDefaultsOnInsert): check child filter paths before applying defaults (backport #16031 to 8.x) #16219 marklai1998
• fix(schema): always pass raw string value to error validators, only trim to 30 chars for maxlength validator #16238 #16236 #15550 #155...

  Description has been truncated

[dependabot]

Assignees

The following users could not be added as assignees: vectorMindsAI. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.