Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)
Changed
Tighten up logs: ◇ injecting env (14) from .env (#1003)
Add a new README section on dotenv’s approach to the agentic future.
Changed
Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.
[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.
A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.
5.1.0 / 2025-03-31
Add support for Uint8Array in res.send()
Add support for ETag option in res.sendFile()
Add support for multiple links with the same rel in res.links()
This version was pushed to npm by GitHub Actions, a new releaser for sharp since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Bumps the npm-production group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.39.0` | `0.111.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.6.1` | `17.4.2` |
| [express](https://github.com/expressjs/express) | `4.22.2` | `5.2.1` |
| [helmet](https://github.com/helmetjs/helmet) | `8.2.0` | `8.3.0` |
| [openai](https://github.com/openai/openai-node) | `4.104.0` | `6.46.0` |
| [sharp](https://github.com/lovell/sharp) | `0.33.5` | `0.35.3` |
Updates `@anthropic-ai/sdk` from 0.39.0 to 0.111.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/releases">@anthropic-ai/sdk's releases</a>.</em></p>
<blockquote>
<h2>sdk: v0.111.0</h2>
<h2>0.111.0 (2026-07-10)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.110.0...sdk-v0.111.0">sdk-v0.110.0...sdk-v0.111.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add support for dreaming (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/77b28a647239fd66d3a31b04fca4a58ebc86e493">77b28a6</a>)</li>
<li><strong>tools:</strong> gate session tool calls on evaluated_permission; bound idle by server stop_reason (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/68a6d7b92aaea4d3eaf3a7567db18e3bf6d695ef">68a6d7b</a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><strong>docs:</strong> small updates to field descriptions (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/e25b885eacbf26332e6133abff2ea7d72fef2b30">e25b885</a>)</li>
<li><strong>docs:</strong> update model example (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a33f3f0b7cee244f2dc894900e9fa07cf686228b">a33f3f0</a>)</li>
<li><strong>docs:</strong> updates to descriptions and examples (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/eac4bace325ae901465edf7a503183f669c3c2d8">eac4bac</a>)</li>
</ul>
<h2>sdk: v0.110.0</h2>
<h2>0.110.0 (2026-07-02)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.1...sdk-v0.110.0">sdk-v0.109.1...sdk-v0.110.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add agent-memory-2026-07-22 beta header (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a470e10aaad12078e3e5f2bb9adf6c2652ea9ca0">a470e10</a>)</li>
</ul>
<h2>sdk: v0.109.1</h2>
<h2>0.109.1 (2026-07-01)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.0...sdk-v0.109.1">sdk-v0.109.0...sdk-v0.109.1</a></p>
<h3>Chores</h3>
<ul>
<li><strong>api:</strong> remove some nonfunctional types from the SDKs (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/cc4dd4e257cc3354f14e263b0d2441ddae71759e">cc4dd4e</a>)</li>
</ul>
<h2>sdk: v0.109.0</h2>
<h2>0.109.0 (2026-06-30)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.108.0...sdk-v0.109.0">sdk-v0.108.0...sdk-v0.109.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add support for Managed Agents event delta streaming, agent overrides, reverse pagination, vault credential injection scoping, and agent and deployment webhook events (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7f3211b4886053d25e98b91edc90fedc199ef186">7f3211b</a>)</li>
</ul>
<h2>sdk: v0.108.0</h2>
<h2>0.108.0 (2026-06-30)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.107.0...sdk-v0.108.0">sdk-v0.107.0...sdk-v0.108.0</a></p>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/sdk's changelog</a>.</em></p>
<blockquote>
<h2>0.111.0 (2026-07-10)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.110.0...sdk-v0.111.0">sdk-v0.110.0...sdk-v0.111.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add support for dreaming (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/77b28a647239fd66d3a31b04fca4a58ebc86e493">77b28a6</a>)</li>
<li><strong>tools:</strong> gate session tool calls on evaluated_permission; bound idle by server stop_reason (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/68a6d7b92aaea4d3eaf3a7567db18e3bf6d695ef">68a6d7b</a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><strong>docs:</strong> small updates to field descriptions (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/e25b885eacbf26332e6133abff2ea7d72fef2b30">e25b885</a>)</li>
<li><strong>docs:</strong> update model example (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a33f3f0b7cee244f2dc894900e9fa07cf686228b">a33f3f0</a>)</li>
<li><strong>docs:</strong> updates to descriptions and examples (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/eac4bace325ae901465edf7a503183f669c3c2d8">eac4bac</a>)</li>
</ul>
<h2>0.110.0 (2026-07-02)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.1...sdk-v0.110.0">sdk-v0.109.1...sdk-v0.110.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add agent-memory-2026-07-22 beta header (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a470e10aaad12078e3e5f2bb9adf6c2652ea9ca0">a470e10</a>)</li>
</ul>
<h2>0.109.1 (2026-07-01)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.0...sdk-v0.109.1">sdk-v0.109.0...sdk-v0.109.1</a></p>
<h3>Chores</h3>
<ul>
<li><strong>api:</strong> remove some nonfunctional types from the SDKs (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/cc4dd4e257cc3354f14e263b0d2441ddae71759e">cc4dd4e</a>)</li>
</ul>
<h2>0.109.0 (2026-06-30)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.108.0...sdk-v0.109.0">sdk-v0.108.0...sdk-v0.109.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add support for Managed Agents event delta streaming, agent overrides, reverse pagination, vault credential injection scoping, and agent and deployment webhook events (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7f3211b4886053d25e98b91edc90fedc199ef186">7f3211b</a>)</li>
</ul>
<h2>0.108.0 (2026-06-30)</h2>
<p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.107.0...sdk-v0.108.0">sdk-v0.107.0...sdk-v0.108.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add support for claude-sonnet-5 (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/4588db01eccd7529a5d2e99b8e5da3af1acdbbc8">4588db0</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/9e46760688a2af71b50581a301b2819d29d28c66"><code>9e46760</code></a> chore: release main</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/8d461ea96237231f33bf7db33d784e161f702f31"><code>8d461ea</code></a> feat(api): add support for dreaming</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/9436e29159cd74aadd58259ed7a0e27de8443f18"><code>9436e29</code></a> codegen metadata</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/0aec1e748b681400942a86c2d5ab5e8d1d96082e"><code>0aec1e7</code></a> feat(tools): gate session tool calls on evaluated_permission; bound idle by s...</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/ac2fc6779d9ad533b9c2b12d8728c5afac9bb0b1"><code>ac2fc67</code></a> chore(docs): update model example</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/c8af65d6af64af317139632227ab398920f21a7e"><code>c8af65d</code></a> chore(docs): updates to descriptions and examples</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/2a3a9042ab4fa1ec6de693cb04368ef3752b16d3"><code>2a3a904</code></a> codegen metadata</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/57c56c917287f42fc034f7037c4773f50579d74a"><code>57c56c9</code></a> chore(docs): small updates to field descriptions</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/4f2eb8071993780d79610b9eda26db96f7653843"><code>4f2eb80</code></a> chore: release main (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1107">#1107</a>)</li>
<li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/96d1a991b64b1692b70d16435babe9c5d702ad8d"><code>96d1a99</code></a> chore: release main (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1106">#1106</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.39.0...sdk-v0.111.0">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@anthropic-ai/sdk</code> since your current version.</p>
</details>
<br />
Updates `dotenv` from 16.6.1 to 17.4.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md">dotenv's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/motdotla/dotenv/compare/v17.4.1...v17.4.2">17.4.2</a> (2026-04-12)</h2>
<h3>Changed</h3>
<ul>
<li>Improved skill files - tightened up details (<a href="https://redirect.github.com/motdotla/dotenv/pull/1009">#1009</a>)</li>
</ul>
<h2><a href="https://github.com/motdotla/dotenv/compare/v17.4.0...v17.4.1">17.4.1</a> (2026-04-05)</h2>
<h3>Changed</h3>
<ul>
<li>Change text <code>injecting</code> to <code>injected</code> (<a href="https://redirect.github.com/motdotla/dotenv/pull/1005">#1005</a>)</li>
</ul>
<h2><a href="https://github.com/motdotla/dotenv/compare/v17.3.1...v17.4.0">17.4.0</a> (2026-04-01)</h2>
<h3>Added</h3>
<ul>
<li>Add <code>skills/</code> folder with focused agent skills: <code>skills/dotenv/SKILL.md</code> (core usage) and <code>skills/dotenvx/SKILL.md</code> (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (<code>npx skills add motdotla/dotenv</code>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Tighten up logs: <code>◇ injecting env (14) from .env</code> (<a href="https://redirect.github.com/motdotla/dotenv/pull/1003">#1003</a>)</li>
</ul>
<h2><a href="https://github.com/motdotla/dotenv/compare/v17.3.0...v17.3.1">17.3.1</a> (2026-02-12)</h2>
<h3>Changed</h3>
<ul>
<li>Fix as2 example command in README and update spanish README</li>
</ul>
<h2><a href="https://github.com/motdotla/dotenv/compare/v17.2.4...v17.3.0">17.3.0</a> (2026-02-12)</h2>
<h3>Added</h3>
<ul>
<li>Add a new README section on dotenv’s approach to the agentic future.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.</li>
</ul>
<h2><a href="https://github.com/motdotla/dotenv/compare/v17.2.3...v17.2.4">17.2.4</a> (2026-02-05)</h2>
<h3>Changed</h3>
<ul>
<li>Make <code>DotenvPopulateInput</code> accept <code>NodeJS.ProcessEnv</code> type (<a href="https://redirect.github.com/motdotla/dotenv/pull/915">#915</a>)</li>
</ul>
<ul>
<li>Give back to dotenv by checking out my newest project <a href="https://github.com/vestauth/vestauth">vestauth</a>. It is auth for agents. Thank you for using my software.</li>
</ul>
<h2><a href="https://github.com/motdotla/dotenv/compare/v17.2.2...v17.2.3">17.2.3</a> (2025-09-29)</h2>
<h3>Changed</h3>
<ul>
<li>Fixed typescript error definition (<a href="https://redirect.github.com/motdotla/dotenv/pull/912">#912</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/motdotla/dotenv/commit/f116f70310abab44fbfddbaeb833698b5bf84a9b"><code>f116f70</code></a> 17.4.2</li>
<li><a href="https://github.com/motdotla/dotenv/commit/3a8161274fdd745239b86e604f4a7e972a1d3902"><code>3a81612</code></a> fix visual order of faq</li>
<li><a href="https://github.com/motdotla/dotenv/commit/13f55a89e136b2024e68d277b836dd5260fc16cf"><code>13f55a8</code></a> Merge branch 'skill'</li>
<li><a href="https://github.com/motdotla/dotenv/commit/4bbbf73f0906bd69975c48bf310a84b686e5b1b4"><code>4bbbf73</code></a> reorganize faq</li>
<li><a href="https://github.com/motdotla/dotenv/commit/c3da64bb2ba1d0e02f8b9b2b7ccb7e6f7a51d56c"><code>c3da64b</code></a> Merge pull request <a href="https://redirect.github.com/motdotla/dotenv/issues/1009">#1009</a> from motdotla/skill</li>
<li><a href="https://github.com/motdotla/dotenv/commit/6f743b173fbd6c26f7eab7040d251f9a6c8b977d"><code>6f743b1</code></a> update source</li>
<li><a href="https://github.com/motdotla/dotenv/commit/fc2c6247e858a32d4024cb06a5b0c79aa35851f5"><code>fc2c624</code></a> update skill</li>
<li><a href="https://github.com/motdotla/dotenv/commit/972315ba74bb2bbba4483d112e853fd26006ef8a"><code>972315b</code></a> Tighten up skill</li>
<li><a href="https://github.com/motdotla/dotenv/commit/2795fce3d1ed07b4c570f1e06ab1c0d533c86997"><code>2795fce</code></a> reorganize faq</li>
<li><a href="https://github.com/motdotla/dotenv/commit/d5495d4ae8e4e41ef9a682c9e00c81552794274e"><code>d5495d4</code></a> adjust skill</li>
<li>Additional commits viewable in <a href="https://github.com/motdotla/dotenv/compare/v16.6.1...v17.4.2">compare view</a></li>
</ul>
</details>
<br />
Updates `express` from 4.22.2 to 5.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p>
<blockquote>
<h2>v5.2.1</h2>
<h2>What's Changed</h2>
<blockquote>
<p>[!IMPORTANT]<br />
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.</p>
</blockquote>
<ul>
<li>Release: 5.2.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6933">expressjs/express#6933</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/v5.2.0...v5.2.1">https://github.com/expressjs/express/compare/v5.2.0...v5.2.1</a></p>
<h2>v5.2.0</h2>
<h2>Important: Security</h2>
<ul>
<li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6429">expressjs/express#6429</a></li>
<li>Refactor: simplify <code>acceptsLanguages</code> implementation using spread operator by <a href="https://github.com/Ayoub-Mabrouk"><code>@Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6137">expressjs/express#6137</a></li>
<li>increased code coverage of utils.js file by <a href="https://github.com/ashish3011"><code>@ashish3011</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6386">expressjs/express#6386</a></li>
<li>chore: remove duplicate word by <a href="https://github.com/dufucun"><code>@dufucun</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6456">expressjs/express#6456</a></li>
<li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6498">expressjs/express#6498</a></li>
<li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6497">expressjs/express#6497</a></li>
<li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6496">expressjs/express#6496</a></li>
<li>ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6504">expressjs/express#6504</a></li>
<li>ci: update codeql config by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6488">expressjs/express#6488</a></li>
<li>chore: wider range for query test skip by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6512">expressjs/express#6512</a></li>
<li>chore: fix typos in test by <a href="https://github.com/noritaka1166"><code>@noritaka1166</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6535">expressjs/express#6535</a></li>
<li>ci: disable credential persistence for checkout actions by <a href="https://github.com/mertssmnoglu"><code>@mertssmnoglu</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6522">expressjs/express#6522</a></li>
<li>ci: allow manual triggering of workflow by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6515">expressjs/express#6515</a></li>
<li>test: add coverage for app.listen() variants by <a href="https://github.com/kgarg1"><code>@kgarg1</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6476">expressjs/express#6476</a></li>
<li>docs: move documentation and charters to the discussions and .github … by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6427">expressjs/express#6427</a></li>
<li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6549">expressjs/express#6549</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6548">expressjs/express#6548</a></li>
<li>chore: enforce explicit <code>Buffer</code> import and add lint rule by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6525">expressjs/express#6525</a></li>
<li>chore: use node protocol for querystring by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6520">expressjs/express#6520</a></li>
<li>chore: fix typo by <a href="https://github.com/mountdisk"><code>@mountdisk</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6609">expressjs/express#6609</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6618">expressjs/express#6618</a></li>
<li>add deprecation warnings for redirect arguments undefined by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6405">expressjs/express#6405</a></li>
<li>ci: run CI when the markdown changes by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6632">expressjs/express#6632</a></li>
<li>doc: fix CONTRIBUTING link by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6653">expressjs/express#6653</a></li>
<li>doc: update contributing guidelines and code of conduct links by <a href="https://github.com/ShubhamOulkar"><code>@ShubhamOulkar</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6601">expressjs/express#6601</a></li>
<li>build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6679">expressjs/express#6679</a></li>
<li>build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6678">expressjs/express#6678</a></li>
<li>lint: add --fix flag to automatic fix linting issue by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6644">expressjs/express#6644</a></li>
<li>chore: ignore yarn.lock file and update example by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6588">expressjs/express#6588</a></li>
<li>lib: use req.socket over deprecated req.connection by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6705">expressjs/express#6705</a></li>
<li>doc: update express app example by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6718">expressjs/express#6718</a></li>
<li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6675">expressjs/express#6675</a></li>
<li>Remove history.md from being packaged on publish by <a href="https://github.com/sheplu"><code>@sheplu</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6780">expressjs/express#6780</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/expressjs/express/blob/master/History.md">express's changelog</a>.</em></p>
<blockquote>
<h1>5.2.1 / 2025-12-01</h1>
<ul>
<li>Revert security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)
<ul>
<li>The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.</li>
</ul>
</li>
</ul>
<h1>5.2.0 / 2025-12-01</h1>
<ul>
<li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li>
<li>deps: <code>body-parser@^2.2.1</code></li>
<li>A deprecation warning was added when using <code>res.redirect</code> with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.</li>
</ul>
<h1>5.1.0 / 2025-03-31</h1>
<ul>
<li>Add support for <code>Uint8Array</code> in <code>res.send()</code></li>
<li>Add support for ETag option in <code>res.sendFile()</code></li>
<li>Add support for multiple links with the same rel in <code>res.links()</code></li>
<li>Add funding field to package.json</li>
<li>perf: use loop for acceptParams</li>
<li>refactor: prefix built-in node module imports</li>
<li>deps: remove <code>setprototypeof</code></li>
<li>deps: remove <code>safe-buffer</code></li>
<li>deps: remove <code>utils-merge</code></li>
<li>deps: remove <code>methods</code></li>
<li>deps: remove <code>depd</code></li>
<li>deps: <code>debug@^4.4.0</code></li>
<li>deps: <code>body-parser@^2.2.0</code></li>
<li>deps: <code>router@^2.2.0</code></li>
<li>deps: <code>content-type@^1.0.5</code></li>
<li>deps: <code>finalhandler@^2.1.0</code></li>
<li>deps: <code>qs@^6.14.0</code></li>
<li>deps: <code>server-static@2.2.0</code></li>
<li>deps: <code>type-is@2.0.1</code></li>
</ul>
<h1>5.0.1 / 2024-10-08</h1>
<ul>
<li>Update <code>cookie</code> semver lock to address <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li>
</ul>
<h1>5.0.0 / 2024-09-10</h1>
<ul>
<li>remove:
<ul>
<li><code>path-is-absolute</code> dependency - use <code>path.isAbsolute</code> instead</li>
</ul>
</li>
<li>breaking:
<ul>
<li><code>res.status()</code> accepts only integers, and input must be greater than 99 and less than 1000
<ul>
<li>will throw a <code>RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.</code> for inputs outside this range</li>
<li>will throw a <code>TypeError: Invalid status code: ${code}. Status code must be an integer.</code> for non integer inputs</li>
</ul>
</li>
<li>deps: send@1.0.0</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/expressjs/express/commit/dbac741a49a5a64336b70c06e85c2e2706e36336"><code>dbac741</code></a> 5.2.1</li>
<li><a href="https://github.com/expressjs/express/commit/697547cde621d8b0a47b4fff6e98b29337f8c980"><code>697547c</code></a> Revert "sec: security patch for CVE-2024-51999"</li>
<li><a href="https://github.com/expressjs/express/commit/4007ad103ba29f6426b2ec9eccfb1ceb792682a8"><code>4007ad1</code></a> Release: 5.2.0 (<a href="https://redirect.github.com/expressjs/express/issues/6920">#6920</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/2f64f68c37c64ae333e41ff38032d21860f22255"><code>2f64f68</code></a> sec: security patch for CVE-2024-51999</li>
<li><a href="https://github.com/expressjs/express/commit/ed0ba3f1dc905d6b62eabf23bd383abcae4901ba"><code>ed0ba3f</code></a> build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/expressjs/express/issues/6928">#6928</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/8eace4603cb2547608578a4fbb259dc984216f71"><code>8eace46</code></a> build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (<a href="https://redirect.github.com/expressjs/express/issues/6929">#6929</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/30bae810279b2ea162bed5b14ce6c35a110a87f5"><code>30bae81</code></a> build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (<a href="https://redirect.github.com/expressjs/express/issues/6930">#6930</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/758d4355d45322b4c8cd347ebcefbf3b154c7e7f"><code>758d435</code></a> deps: body-parser@^2.2.1 (<a href="https://redirect.github.com/expressjs/express/issues/6922">#6922</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/77bcd5274a87047e5b3fe2f17f6c342db3909c53"><code>77bcd52</code></a> docs: update emeritus triagers (<a href="https://redirect.github.com/expressjs/express/issues/6890">#6890</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/f33caf1f89a028f0ea98ff5a156a68e65a2eabdd"><code>f33caf1</code></a> Nominate to <a href="https://github.com/efekrskl"><code>@efekrskl</code></a> for triage team (<a href="https://redirect.github.com/expressjs/express/issues/6888">#6888</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/v4.22.2...v5.2.1">compare view</a></li>
</ul>
</details>
<br />
Updates `helmet` from 8.2.0 to 8.3.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md">helmet's changelog</a>.</em></p>
<blockquote>
<h2>8.3.0 - 2026-07-11</h2>
<h3>Changed</h3>
<ul>
<li><code>Content-Security-Policy</code>: improved performance by ~7% when there are no dynamic directives</li>
<li><code>Content-Security-Policy</code>: improved error handling for invalid directive names</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><code>Content-Security-Policy</code>: <code>useDefaults: false</code> with no directives is no longer valid, both at runtime and the type level</li>
<li><code>Content-Security-Policy</code>: dynamically-computed directive values would <code>throw</code>, not call <code>next</code>, when invalid</li>
<li><code>Content-Security-Policy</code>: dynamically-computed directive value entries would <code>throw</code>, not call <code>next</code>, when function threw</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/helmetjs/helmet/commit/75f1a98ec3cf092cc985985efcc0479265c9fe32"><code>75f1a98</code></a> 8.3.0</li>
<li><a href="https://github.com/helmetjs/helmet/commit/f03f70da21409f525f90418a049ae7222261e9a2"><code>f03f70d</code></a> Update changelog for 8.3.0 release</li>
<li><a href="https://github.com/helmetjs/helmet/commit/a307fce3b8714e7dfddba6a6979317dc8bc2e373"><code>a307fce</code></a> Fix capitalization in CSP package changelog</li>
<li><a href="https://github.com/helmetjs/helmet/commit/5347b43be7e340f3cd3407ba2d156a771cf9c371"><code>5347b43</code></a> Format default CSP in README for readability</li>
<li><a href="https://github.com/helmetjs/helmet/commit/9afc570f67615f48bf8634ea75ad5e0b204f856b"><code>9afc570</code></a> CSP: fix middleware-specific README missing link</li>
<li><a href="https://github.com/helmetjs/helmet/commit/266c95ca6541f0627e4622d0b6844c9e24108b85"><code>266c95c</code></a> Minor speedups to project setups test</li>
<li><a href="https://github.com/helmetjs/helmet/commit/7a4196c3d9f2efdaeada5e18243bd974262505ee"><code>7a4196c</code></a> CSP: update package-specific changelog</li>
<li><a href="https://github.com/helmetjs/helmet/commit/02716b4b7dc5099fe3c21bb1a89f954404632180"><code>02716b4</code></a> CSP: improve performance when there are no dynamic directives</li>
<li><a href="https://github.com/helmetjs/helmet/commit/3f511ed75fa12dd456e5338dc7a9b578b5aafac1"><code>3f511ed</code></a> CSP: move utility functions to separate file</li>
<li><a href="https://github.com/helmetjs/helmet/commit/80338af26325af6d47b0cfd5a4a43a5be52c3973"><code>80338af</code></a> CSP: disabling defaults with no directives is now an error</li>
<li>Additional commits viewable in <a href="https://github.com/helmetjs/helmet/compare/v8.2.0...v8.3.0">compare view</a></li>
</ul>
</details>
<br />
Updates `openai` from 4.104.0 to 6.46.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/openai/openai-node/releases">openai's releases</a>.</em></p>
<blockquote>
<h2>v6.46.0</h2>
<h2>6.46.0 (2026-07-09)</h2>
<p>Full Changelog: <a href="https://github.com/openai/openai-node/compare/v6.45.0...v6.46.0">v6.45.0...v6.46.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> gpt-5.6-sol updates (<a href="https://github.com/openai/openai-node/commit/6c397d5d281d6061e88b4a0120fab335ec862a89">6c397d5</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>assistants:</strong> place array delta entries by index instead of appending (<a href="https://redirect.github.com/openai/openai-node/issues/1963">#1963</a>) (<a href="https://github.com/openai/openai-node/commit/0e18d30a31595acf0fd5e03b8e6bbf8bf31d15d1">0e18d30</a>)</li>
<li><strong>runner:</strong> normalize missing tool call IDs (<a href="https://redirect.github.com/openai/openai-node/issues/1958">#1958</a>) (<a href="https://github.com/openai/openai-node/commit/6371623aadd26ec34a0edecba62a0a10c834b37d">6371623</a>)</li>
<li>upgrade next to 15.5.16 in examples (<a href="https://redirect.github.com/openai/openai-node/issues/1967">#1967</a>) (<a href="https://github.com/openai/openai-node/commit/95b54e5894910e31d01ef418ef0de31e9d653b08">95b54e5</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>add Azure Assistants example (<a href="https://redirect.github.com/openai/openai-node/issues/1975">#1975</a>) (<a href="https://github.com/openai/openai-node/commit/90a72e53452fca62e0c1da42c304eba87d8e87e7">90a72e5</a>), closes <a href="https://redirect.github.com/openai/openai-node/issues/701">#701</a></li>
<li>document assistant stream failures (<a href="https://redirect.github.com/openai/openai-node/issues/1979">#1979</a>) (<a href="https://github.com/openai/openai-node/commit/d93fbe5bc5a7879ff4a2b81f3840614da6df594e">d93fbe5</a>), closes <a href="https://redirect.github.com/openai/openai-node/issues/959">#959</a></li>
<li>document file search result limits (<a href="https://redirect.github.com/openai/openai-node/issues/1981">#1981</a>) (<a href="https://github.com/openai/openai-node/commit/e9dc283dce5a75c569c1aa418f973da69cf7eaae">e9dc283</a>), closes <a href="https://redirect.github.com/openai/openai-node/issues/1004">#1004</a></li>
</ul>
<h2>v6.45.0</h2>
<h2>6.45.0 (2026-06-24)</h2>
<p>Full Changelog: <a href="https://github.com/openai/openai-node/compare/v6.44.0...v6.45.0">v6.44.0...v6.45.0</a></p>
<h3>Features</h3>
<ul>
<li>add afterCompletion hook to runTools (<a href="https://redirect.github.com/openai/openai-node/issues/1064">#1064</a>) (<a href="https://github.com/openai/openai-node/commit/4976c22bf608e4d5f70d6386cfe9c428cf8ff2c7">4976c22</a>)</li>
<li><strong>realtime:</strong> support sideband call_id connections (<a href="https://redirect.github.com/openai/openai-node/issues/1795">#1795</a>) (<a href="https://github.com/openai/openai-node/commit/4fd59e1be4ad478373cdcb4f185109af29067da8">4fd59e1</a>)</li>
<li>reject emitted promise on error in EventEmitter (<a href="https://redirect.github.com/openai/openai-node/issues/1596">#1596</a>) (<a href="https://github.com/openai/openai-node/commit/e0b09da782f0d6ce69a383fd3f3d02a0c7608d6d">e0b09da</a>)</li>
<li><strong>responses:</strong> add response input items helper (<a href="https://redirect.github.com/openai/openai-node/issues/1794">#1794</a>) (<a href="https://github.com/openai/openai-node/commit/7e5a86a6162d76a7248fa983cb16a16c185a097a">7e5a86a</a>)</li>
<li><strong>responses:</strong> add response stream accumulator helper (<a href="https://redirect.github.com/openai/openai-node/issues/1793">#1793</a>) (<a href="https://github.com/openai/openai-node/commit/32e3e39e1736659196aadd7d0bb8d6ca90f69168">32e3e39</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>avoid serializing null optional bodies (<a href="https://github.com/openai/openai-node/commit/e4ddff6f2085b1c69eaa790e48d1a22d2dd9d7fb">e4ddff6</a>)</li>
<li>clean up stream abort listeners (<a href="https://redirect.github.com/openai/openai-node/issues/1884">#1884</a>) (<a href="https://github.com/openai/openai-node/commit/be55b8fb352be80d9d30dd263451615f4342d69f">be55b8f</a>)</li>
<li>Leading whitespace chunks break partial parser (structured outputs) (<a href="https://redirect.github.com/openai/openai-node/issues/1213">#1213</a>) (<a href="https://github.com/openai/openai-node/commit/88d806eb91f2b41ba4cac3ee69eb73656cab1849">88d806e</a>)</li>
<li><strong>responses:</strong> avoid parsing incomplete structured output (<a href="https://redirect.github.com/openai/openai-node/issues/1852">#1852</a>) (<a href="https://github.com/openai/openai-node/commit/4c396817cbc9586654fa7a376d55a29d8793995d">4c39681</a>)</li>
<li><strong>responses:</strong> restore output_text on streamed final responses (<a href="https://redirect.github.com/openai/openai-node/issues/1681">#1681</a>) (<a href="https://github.com/openai/openai-node/commit/bbde4d9e3bbceef5e14bcb71b3a7c36388dbab2b">bbde4d9</a>)</li>
<li>validate workload identity access tokens (<a href="https://redirect.github.com/openai/openai-node/issues/1885">#1885</a>) (<a href="https://github.com/openai/openai-node/commit/80febe441c2dc2d110b412be022fe044bbae2cd9">80febe4</a>)</li>
<li><strong>zod:</strong> fully resolve extracted wrapper definitions (<a href="https://redirect.github.com/openai/openai-node/issues/1766">#1766</a>) (<a href="https://github.com/openai/openai-node/commit/5d46ed2012f73b18d6594c62b9fb6351bef76d3d">5d46ed2</a>)</li>
<li><strong>zod:</strong> sanitize extracted definition refs (<a href="https://redirect.github.com/openai/openai-node/issues/1903">#1903</a>) (<a href="https://github.com/openai/openai-node/commit/6ef21116801bdaa8e9f25686a8bd365a270401bf">6ef2111</a>)</li>
</ul>
<h3>Chores</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/openai/openai-node/blob/main/CHANGELOG.md">openai's changelog</a>.</em></p>
<blockquote>
<h2>6.46.0 (2026-07-09)</h2>
<p>Full Changelog: <a href="https://github.com/openai/openai-node/compare/v6.45.0...v6.46.0">v6.45.0...v6.46.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> gpt-5.6-sol updates (<a href="https://github.com/openai/openai-node/commit/6c397d5d281d6061e88b4a0120fab335ec862a89">6c397d5</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>assistants:</strong> place array delta entries by index instead of appending (<a href="https://redirect.github.com/openai/openai-node/issues/1963">#1963</a>) (<a href="https://github.com/openai/openai-node/commit/0e18d30a31595acf0fd5e03b8e6bbf8bf31d15d1">0e18d30</a>)</li>
<li><strong>runner:</strong> normalize missing tool call IDs (<a href="https://redirect.github.com/openai/openai-node/issues/1958">#1958</a>) (<a href="https://github.com/openai/openai-node/commit/6371623aadd26ec34a0edecba62a0a10c834b37d">6371623</a>)</li>
<li>upgrade next to 15.5.16 in examples (<a href="https://redirect.github.com/openai/openai-node/issues/1967">#1967</a>) (<a href="https://github.com/openai/openai-node/commit/95b54e5894910e31d01ef418ef0de31e9d653b08">95b54e5</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>add Azure Assistants example (<a href="https://redirect.github.com/openai/openai-node/issues/1975">#1975</a>) (<a href="https://github.com/openai/openai-node/commit/90a72e53452fca62e0c1da42c304eba87d8e87e7">90a72e5</a>), closes <a href="https://redirect.github.com/openai/openai-node/issues/701">#701</a></li>
<li>document assistant stream failures (<a href="https://redirect.github.com/openai/openai-node/issues/1979">#1979</a>) (<a href="https://github.com/openai/openai-node/commit/d93fbe5bc5a7879ff4a2b81f3840614da6df594e">d93fbe5</a>), closes <a href="https://redirect.github.com/openai/openai-node/issues/959">#959</a></li>
<li>document file search result limits (<a href="https://redirect.github.com/openai/openai-node/issues/1981">#1981</a>) (<a href="https://github.com/openai/openai-node/commit/e9dc283dce5a75c569c1aa418f973da69cf7eaae">e9dc283</a>), closes <a href="https://redirect.github.com/openai/openai-node/issues/1004">#1004</a></li>
</ul>
<h2>6.45.0 (2026-06-24)</h2>
<p>Full Changelog: <a href="https://github.com/openai/openai-node/compare/v6.44.0...v6.45.0">v6.44.0...v6.45.0</a></p>
<h3>Features</h3>
<ul>
<li>add afterCompletion hook to runTools (<a href="https://redirect.github.com/openai/openai-node/issues/1064">#1064</a>) (<a href="https://github.com/openai/openai-node/commit/4976c22bf608e4d5f70d6386cfe9c428cf8ff2c7">4976c22</a>)</li>
<li><strong>realtime:</strong> support sideband call_id connections (<a href="https://redirect.github.com/openai/openai-node/issues/1795">#1795</a>) (<a href="https://github.com/openai/openai-node/commit/4fd59e1be4ad478373cdcb4f185109af29067da8">4fd59e1</a>)</li>
<li>reject emitted promise on error in EventEmitter (<a href="https://redirect.github.com/openai/openai-node/issues/1596">#1596</a>) (<a href="https://github.com/openai/openai-node/commit/e0b09da782f0d6ce69a383fd3f3d02a0c7608d6d">e0b09da</a>)</li>
<li><strong>responses:</strong> add response input items helper (<a href="https://redirect.github.com/openai/openai-node/issues/1794">#1794</a>) (<a href="https://github.com/openai/openai-node/commit/7e5a86a6162d76a7248fa983cb16a16c185a097a">7e5a86a</a>)</li>
<li><strong>responses:</strong> add response stream accumulator helper (<a href="https://redirect.github.com/openai/openai-node/issues/1793">#1793</a>) (<a href="https://github.com/openai/openai-node/commit/32e3e39e1736659196aadd7d0bb8d6ca90f69168">32e3e39</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>avoid serializing null optional bodies (<a href="https://github.com/openai/openai-node/commit/e4ddff6f2085b1c69eaa790e48d1a22d2dd9d7fb">e4ddff6</a>)</li>
<li>clean up stream abort listeners (<a href="https://redirect.github.com/openai/openai-node/issues/1884">#1884</a>) (<a href="https://github.com/openai/openai-node/commit/be55b8fb352be80d9d30dd263451615f4342d69f">be55b8f</a>)</li>
<li>Leading whitespace chunks break partial parser (structured outputs) (<a href="https://redirect.github.com/openai/openai-node/issues/1213">#1213</a>) (<a href="https://github.com/openai/openai-node/commit/88d806eb91f2b41ba4cac3ee69eb73656cab1849">88d806e</a>)</li>
<li><strong>responses:</strong> avoid parsing incomplete structured output (<a href="https://redirect.github.com/openai/openai-node/issues/1852">#1852</a>) (<a href="https://github.com/openai/openai-node/commit/4c396817cbc9586654fa7a376d55a29d8793995d">4c39681</a>)</li>
<li><strong>responses:</strong> restore output_text on streamed final responses (<a href="https://redirect.github.com/openai/openai-node/issues/1681">#1681</a>) (<a href="https://github.com/openai/openai-node/commit/bbde4d9e3bbceef5e14bcb71b3a7c36388dbab2b">bbde4d9</a>)</li>
<li>validate workload identity access tokens (<a href="https://redirect.github.com/openai/openai-node/issues/1885">#1885</a>) (<a href="https://github.com/openai/openai-node/commit/80febe441c2dc2d110b412be022fe044bbae2cd9">80febe4</a>)</li>
<li><strong>zod:</strong> fully resolve extracted wrapper definitions (<a href="https://redirect.github.com/openai/openai-node/issues/1766">#1766</a>) (<a href="https://github.com/openai/openai-node/commit/5d46ed2012f73b18d6594c62b9fb6351bef76d3d">5d46ed2</a>)</li>
<li><strong>zod:</strong> sanitize extracted definition refs (<a href="https://redirect.github.com/openai/openai-node/issues/1903">#1903</a>) (<a href="https://github.com/openai/openai-node/commit/6ef21116801bdaa8e9f25686a8bd365a270401bf">6ef2111</a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><strong>internal:</strong> codegen related update (<a href="https://github.com/openai/openai-node/commit/81fcf96fccca29dbcbf33bcb7578b98e06d7a6b0">81fcf96</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/openai/openai-node/commit/61539248cbe04665de68a71e6fd878127ae4db87"><code>6153924</code></a> release: 6.46.0 (<a href="https://redirect.github.com/openai/openai-node/issues/1959">#1959</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/c66061537b4abb7caf39a29dbd9fd64933e1bd55"><code>c660615</code></a> document abort event handling (<a href="https://redirect.github.com/openai/openai-node/issues/1971">#1971</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/90a72e53452fca62e0c1da42c304eba87d8e87e7"><code>90a72e5</code></a> docs: add Azure Assistants example (<a href="https://redirect.github.com/openai/openai-node/issues/1975">#1975</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/d93fbe5bc5a7879ff4a2b81f3840614da6df594e"><code>d93fbe5</code></a> docs: document assistant stream failures (<a href="https://redirect.github.com/openai/openai-node/issues/1979">#1979</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/e9dc283dce5a75c569c1aa418f973da69cf7eaae"><code>e9dc283</code></a> docs: document file search result limits (<a href="https://redirect.github.com/openai/openai-node/issues/1981">#1981</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/95b54e5894910e31d01ef418ef0de31e9d653b08"><code>95b54e5</code></a> fix: upgrade next to 15.5.16 in examples (<a href="https://redirect.github.com/openai/openai-node/issues/1967">#1967</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/0e18d30a31595acf0fd5e03b8e6bbf8bf31d15d1"><code>0e18d30</code></a> fix(assistants): place array delta entries by index instead of appending (<a href="https://redirect.github.com/openai/openai-node/issues/1963">#1963</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/dac03680ad3ac920032e27d5743d046a03171a8c"><code>dac0368</code></a> handle response stream keepalive events (<a href="https://redirect.github.com/openai/openai-node/issues/1965">#1965</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/71d2347c59007124e7b317db0205b98a69d747ee"><code>71d2347</code></a> Fix playAudio for Response streams (<a href="https://redirect.github.com/openai/openai-node/issues/1952">#1952</a>)</li>
<li><a href="https://github.com/openai/openai-node/commit/6371623aadd26ec34a0edecba62a0a10c834b37d"><code>6371623</code></a> fix(runner): normalize missing tool call IDs (<a href="https://redirect.github.com/openai/openai-node/issues/1958">#1958</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/openai/openai-node/compare/v4.104.0...v6.46.0">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for openai since your current version.</p>
</details>
<br />
Updates `sharp` from 0.33.5 to 0.35.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/lovell/sharp/releases">sharp's releases</a>.</em></p>
<blockquote>
<h2>v0.35.3</h2>
<ul>
<li>
<p>Tighten verification of <code>text</code> dimensions, TIFF tile dimensions and <code>extend</code> values.</p>
</li>
<li>
<p>Improve code bundler support by resolving path to libvips binary.</p>
</li>
<li>
<p>Increase default concurrency when use of <code>MALLOC_ARENA_MAX</code> is detected.</p>
</li>
<li>
<p>Emit warning about binaries provided by Electron for use on Linux.</p>
</li>
<li>
<p>Add <code>hasAlpha</code> property to output <code>info</code>.
<a href="https://redirect.github.com/lovell/sharp/issues/4500">#4500</a></p>
</li>
<li>
<p>TypeScript: Return more precise <code>Buffer<ArrayBuffer></code> from <code>toBuffer</code>.
<a href="https://redirect.github.com/lovell/sharp/pull/4520">#4520</a>
<a href="https://github.com/Andarist"><code>@Andarist</code></a></p>
</li>
<li>
<p>Bound <code>clahe</code> width and height to avoid signed overflow.
<a href="https://redirect.github.com/lovell/sharp/pull/4551">#4551</a>
<a href="https://github.com/metsw24-max"><code>@metsw24-max</code></a></p>
</li>
<li>
<p>Bound <code>trim</code> margin to avoid signed overflow.
<a href="https://redirect.github.com/lovell/sharp/pull/4552">#4552</a>
<a href="https://github.com/metsw24-max"><code>@metsw24-max</code></a></p>
</li>
<li>
<p>Reject infinite values when validating numbers.
<a href="https://redirect.github.com/lovell/sharp/pull/4553">#4553</a>
<a href="https://github.com/metsw24-max"><code>@metsw24-max</code></a></p>
</li>
<li>
<p>Bound extract region to libvips coordinate limit.
<a href="https://redirect.github.com/lovell/sharp/pull/4555">#4555</a>
<a href="https://github.com/metsw24-max"><code>@metsw24-max</code></a></p>
</li>
<li>
<p>Verify background colour values are numbers.
<a href="https://redirect.github.com/lovell/sharp/pull/4556">#4556</a>
<a href="https://github.com/metsw24-max"><code>@metsw24-max</code></a></p>
</li>
<li>
<p>Bound create and raw input dimensions to coordinate limit.
<a href="https://redirect.github.com/lovell/sharp/pull/4558">#4558</a>
<a href="https://github.com/metsw24-max"><code>@metsw24-max</code></a></p>
</li>
<li>
<p>Tighten recomb and affine matrix verification.
<a href="https://redirect.github.com/lovell/sharp/pull/4560">#4560</a>
<a href="https://github.com/chatman-media"><code>@chatman-media</code></a></p>
</li>
<li>
<p>Verify cache memory limit to avoid overflow.
<a href="https://redirect.github.com/lovell/sharp/pull/4561">#4561</a>
<a href="https://github.com/metsw24-max"><code>@metsw24-max</code></a></p>
</li>
</ul>
<h2>v0.35.3-rc.2</h2>
<ul>
<li>Tighten verification of <code>text</code> dimensions, TIFF tile dimensions and <code>extend</code> values.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/lovell/sharp/commit/1018449164723ba0203c1beffaba0e21f7829c18"><code>1018449</code></a> Release v0.35.3</li>
<li><a href="https://github.com/lovell/sharp/commit/ba303a799de6b0639a108e82465870ce0722ee4a"><code>ba303a7</code></a> Prerelease v0.35.3-rc.2</li>
<li><a href="https://github.com/lovell/sharp/commit/4f94fc5162a488187be17872ba513d7cadfe22d6"><code>4f94fc5</code></a> Upgrade to sharp-libvips v1.3.2</li>
<li><a href="https://github.com/lovell/sharp/commit/c5e7a3ff2043922b110dc9c00700c6f17d478c33"><code>c5e7a3f</code></a> Bump devDeps, fix Deno/Windows smoke tests</li>
<li><a href="https://github.com/lovell/sharp/commit/9a8d00268893cf163eea638fcc05aaed65fe01ea"><code>9a8d002</code></a> Docs: Add changelog entry and note about transferable <a href="https://redirect.github.com/lovell/sharp/issues/4520">#4520</a></li>
<li><a href="https://github.com/lovell/sharp/commit/8694db0bac0d227f183d05585ebac7d17048d123"><code>8694db0</code></a> TypeScript: Return more precise <code>Buffer\<ArrayBuffer></code> from <code>toBuffer</code> (<a href="https://redirect.github.com/lovell/sharp/issues/4520">#4520</a>)</li>
<li><a href="https://github.com/lovell/sharp/commit/e000d0b5e128e05bb6c499600f37e2a6a4b74314"><code>e000d0b</code></a> Prerelease v0.35.3-rc.1</li>
<li><a href="https://github.com/lovell/sharp/commit/9554ca95535e8385ec36815d7c793ce96739bf1c"><code>9554ca9</code></a> Prerelease v0.35.3-rc.0</li>
<li><a href="https://github.com/lovell/sharp/commit/6a29fd55db0c569276f143a7b480c62573a7aa16"><code>6a29fd5</code></a> Emit warning about native binaries on Linux Electron</li>
<li><a href="https://github.com/lovell/sharp/commit/540d2eada4613f954aa541ffac8c12485375967e"><code>540d2ea</code></a> Increase default concurrency when use of MALLOC_ARENA_MAX detected</li>
<li>Additional commits viewable in <a href="https://github.com/lovell/sharp/compare/v0.33.5...v0.35.3">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for sharp since your current version.</p>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions
</details>
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Bumps the npm-production group with 6 updates in the / directory:
0.39.00.111.016.6.117.4.24.22.25.2.18.2.08.3.04.104.06.46.00.33.50.35.3Updates
@anthropic-ai/sdkfrom 0.39.0 to 0.111.0Release notes
Sourced from @anthropic-ai/sdk's releases.
... (truncated)
Changelog
Sourced from @anthropic-ai/sdk's changelog.
... (truncated)
Commits
9e46760chore: release main8d461eafeat(api): add support for dreaming9436e29codegen metadata0aec1e7feat(tools): gate session tool calls on evaluated_permission; bound idle by s...ac2fc67chore(docs): update model examplec8af65dchore(docs): updates to descriptions and examples2a3a904codegen metadata57c56c9chore(docs): small updates to field descriptions4f2eb80chore: release main (#1107)96d1a99chore: release main (#1106)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@anthropic-ai/sdksince your current version.Updates
dotenvfrom 16.6.1 to 17.4.2Changelog
Sourced from dotenv's changelog.
... (truncated)
Commits
f116f7017.4.23a81612fix visual order of faq13f55a8Merge branch 'skill'4bbbf73reorganize faqc3da64bMerge pull request #1009 from motdotla/skill6f743b1update sourcefc2c624update skill972315bTighten up skill2795fcereorganize faqd5495d4adjust skillUpdates
expressfrom 4.22.2 to 5.2.1Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
dbac7415.2.1697547cRevert "sec: security patch for CVE-2024-51999"4007ad1Release: 5.2.0 (#6920)2f64f68sec: security patch for CVE-2024-51999ed0ba3fbuild(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)8eace46build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)30bae81build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)758d435deps: body-parser@^2.2.1 (#6922)77bcd52docs: update emeritus triagers (#6890)f33caf1Nominate to@efekrsklfor triage team (#6888)Updates
helmetfrom 8.2.0 to 8.3.0Changelog
Sourced from helmet's changelog.
Commits
75f1a988.3.0f03f70dUpdate changelog for 8.3.0 releasea307fceFix capitalization in CSP package changelog5347b43Format default CSP in README for readability9afc570CSP: fix middleware-specific README missing link266c95cMinor speedups to project setups test7a4196cCSP: update package-specific changelog02716b4CSP: improve performance when there are no dynamic directives3f511edCSP: move utility functions to separate file80338afCSP: disabling defaults with no directives is now an errorUpdates
openaifrom 4.104.0 to 6.46.0Release notes
Sourced from openai's releases.
... (truncated)
Changelog
Sourced from openai's changelog.
... (truncated)
Commits
6153924release: 6.46.0 (#1959)c660615document abort event handling (#1971)90a72e5docs: add Azure Assistants example (#1975)d93fbe5docs: document assistant stream failures (#1979)e9dc283docs: document file search result limits (#1981)95b54e5fix: upgrade next to 15.5.16 in examples (#1967)0e18d30fix(assistants): place array delta entries by index instead of appending (#1963)dac0368handle response stream keepalive events (#1965)71d2347Fix playAudio for Response streams (#1952)6371623fix(runner): normalize missing tool call IDs (#1958)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for openai since your current version.
Updates
sharpfrom 0.33.5 to 0.35.3Release notes
Sourced from sharp's releases.
... (truncated)
Commits
1018449Release v0.35.3ba303a7Prerelease v0.35.3-rc.24f94fc5Upgrade to sharp-libvips v1.3.2c5e7a3fBump devDeps, fix Deno/Windows smoke tests9a8d002Docs: Add changelog entry and note about transferable #45208694db0TypeScript: Return more preciseBuffer\<ArrayBuffer>fromtoBuffer(#4520)e000d0bPrerelease v0.35.3-rc.19554ca9Prerelease v0.35.3-rc.06a29fd5Emit warning about native binaries on Linux Electron540d2eaIncrease default concurrency when use of MALLOC_ARENA_MAX detectedMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for sharp since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions