chore(deps): Bump the npm_and_yarn group across 4 directories with 14 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
turbo	2.5.4	2.9.14
handlebars	4.7.8	4.7.9
nodemailer	6.9.9	8.0.5
samlify	2.10.0	2.13.0
simple-git	3.17.0	3.36.0
ws	8.17.1	8.20.1
langsmith	0.3.45	0.6.0
postcss	8.4.49	8.5.10
axios	1.8.3	1.16.0
lodash	4.17.21	4.18.1
uuid	10.0.0	14.0.0
vite	6.3.5	6.4.2
vitest	3.1.3	3.2.6

Bumps the npm_and_yarn group with 1 update in the /packages/@n8n/ai-workflow-builder.ee directory: langsmith.
Bumps the npm_and_yarn group with 5 updates in the /packages/cli directory:

Package	From	To
handlebars	4.7.8	4.7.9
nodemailer	6.9.9	8.0.5
samlify	2.10.0	2.13.0
simple-git	3.17.0	3.36.0
ws	8.17.1	8.20.1

Bumps the npm_and_yarn group with 2 updates in the /packages/nodes-base directory: nodemailer and simple-git.

Updates turbo from 2.5.4 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

• GHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection

Low:

• GHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation
• GHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection

What's Changed

Changelog

• release(turborepo): 2.9.12 by @​github-actions[bot] in vercel/turborepo#12774
• fix: Restore docs mobile menu by @​anthonyshew in vercel/turborepo#12782
• ci: Use pull_request for PR title linting by @​anthonyshew in vercel/turborepo#12787
• ci: Scope GitHub Actions caches by branch by @​anthonyshew in vercel/turborepo#12788
• test: Validate lockfiles without dependency downloads by @​anthonyshew in vercel/turborepo#12789
• Removed unneeded import form hash creation script in docs by @​dancrumb in vercel/turborepo#12799
• fix: Validate auth callback state by @​anthonyshew in vercel/turborepo#12802
• fix: Harden VS Code extension command execution by @​anthonyshew in vercel/turborepo#12800
• fix: Avoid project-local Yarn during detection by @​anthonyshew in vercel/turborepo#12801
• chore: Release 2.9.13 by @​anthonyshew in vercel/turborepo#12803

New Contributors

• @​dancrumb made their first contribution in vercel/turborepo#12799

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

• release(turborepo): 2.9.11-canary.7 by @​github-actions[bot] in vercel/turborepo#12768
• fix: Allow $TURBO_EXTENDS$ in LSP diagnostics by @​anthonyshew in vercel/turborepo#12770
• release(turborepo): 2.9.11 by @​github-actions[bot] in vercel/turborepo#12771
• fix: Allow transit nodes in LSP diagnostics by @​anthonyshew in vercel/turborepo#12773
• release(turborepo): 2.9.12 by @​github-actions[bot] in vercel/turborepo#12774
• fix: Restore docs mobile menu by @​anthonyshew in vercel/turborepo#12782
• ci: Use pull_request for PR title linting by @​anthonyshew in vercel/turborepo#12787
• ci: Scope GitHub Actions caches by branch by @​anthonyshew in vercel/turborepo#12788
• test: Validate lockfiles without dependency downloads by @​anthonyshew in vercel/turborepo#12789
• Removed unneeded import form hash creation script in docs by @​dancrumb in vercel/turborepo#12799
• fix: Validate auth callback state by @​anthonyshew in vercel/turborepo#12802
• fix: Harden VS Code extension command execution by @​anthonyshew in vercel/turborepo#12800
• fix: Avoid project-local Yarn during detection by @​anthonyshew in vercel/turborepo#12801

... (truncated)

Commits

• fc62fe0 publish 2.9.14 to registry
• fb8c9ae chore: Release 2.9.13 (#12803)
• e8e629d fix: Avoid project-local Yarn during detection (#12801)
• 91c90cb fix: Harden VS Code extension command execution (#12800)
• 84f4508 fix: Validate auth callback state (#12802)
• 1779ad7 Removed unneeded import form hash creation script in docs (#12799)
• 71f8c90 test: Validate lockfiles without dependency downloads (#12789)
• 5fcb960 ci: Scope GitHub Actions caches by branch (#12788)
• 4cf9fab ci: Use pull_request for PR title linting (#12787)
• 859c629 fix: Restore docs mobile menu (#12782)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for turbo since your current version.

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Updates nodemailer from 6.9.9 to 8.0.5

Release notes

Sourced from nodemailer's releases.

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

• decode SMTP server responses as UTF-8 at line boundary (95876b1)
• sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

• sanitize envelope size to prevent SMTP command injection (2d7b971)

v8.0.3

8.0.3 (2026-03-18)

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

v8.0.2

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.5 (2026-04-07)

Bug Fixes

• decode SMTP server responses as UTF-8 at line boundary (95876b1)
• sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

8.0.4 (2026-03-25)

Bug Fixes

• sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

... (truncated)

Commits

• 202cfb3 chore(master): release 8.0.5 (#1809)
• b634abf docs: add CLAUDE.md with project conventions and release process
• 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
• 0a43876 fix: sanitize CRLF in transport name option to prevent SMTP command injection...
• 08e59e6 chore: update dev dependencies
• 2d31975 chore(master): release 8.0.4 (#1806)
• 2d7b971 fix: sanitize envelope size to prevent SMTP command injection
• 4e702e9 chore(master): release 8.0.3 (#1804)
• c803d90 fix: remove familySupportCache that broke DNS resolution tests
• e8c8b92 fix: fix cookie bugs, remove dead code, and improve hot-path efficiency
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for nodemailer since your current version.

Updates samlify from 2.10.0 to 2.13.0

Release notes

Sourced from samlify's releases.

v2.13.0

What's Changed

• Bump @​xmldom/xmldom from 0.8.11 to 0.8.12 by @​dependabot[bot] in tngan/samlify#603
• Bump @​xmldom/xmldom from 0.8.12 to 0.8.13 by @​dependabot[bot] in tngan/samlify#605
• Bump postcss from 8.5.6 to 8.5.12 by @​dependabot[bot] in tngan/samlify#606
• fix: reject promises with Error instances, not raw strings (#581) by @​tngan in tngan/samlify#607
• feat: support simpleSign binding for logout request/response (#584) by @​tngan in tngan/samlify#608
• docs: correct the parseResult example in saml-response (#518) by @​tngan in tngan/samlify#609
• docs: clarify that wantMessageSigned and signatureConfig are SP options (#516) by @​tngan in tngan/samlify#610
• RFC-0001: introduce .skills/ and mandatory SAML 2.0 spec citation workflow by @​tngan in tngan/samlify#611
• feat: per-request relayState for login + logout (closes #163) by @​tngan in tngan/samlify#612
• sec: 2026-04 audit — patch vite, fix XXE bypass, reject unknown sig algs by @​tngan in tngan/samlify#613
• fix: omit AuthnRequest attributes whose value is null/undefined (closes #455) by @​tngan in tngan/samlify#614
• fix: pass SessionIndex through createLogoutRequest (closes #470) by @​tngan in tngan/samlify#615
• fix: throw a clear error when redirect binding has no SSO/SLO endpoint (closes #308 #405) by @​tngan in tngan/samlify#617
• fix: surface SP/IdP signing flags in ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG (closes #453) by @​tngan in tngan/samlify#616
• fix: default signatureConfig for SP when wantMessageSigned is true (closes #454) by @​tngan in tngan/samlify#619
• feat: per-request ForceAuthn for createLoginRequest (closes #359) by @​tngan in tngan/samlify#618
• feat: support tagPrefix.protocol and tagPrefix.assertion on IdP (closes #388) by @​tngan in tngan/samlify#620
• fix: invoke customTagReplacement even without explicit template (closes #549) by @​tngan in tngan/samlify#621
• feat: support elementsOrder option on IdP metadata (closes #429) by @​tngan in tngan/samlify#622
• feat: support RSASSA-PSS signature algorithms (closes #624) by @​tngan in tngan/samlify#625
• feat: per-request AssertionConsumerServiceIndex for createLoginRequest (closes #437) by @​tngan in tngan/samlify#623

Security Audit

GHSA-34r5-q4jw-r36m (credit to @​RootUp)

Full Changelog: tngan/samlify@v2.12.0...v2.13.0

v2.12.0

What's Changed

• fix: security audit - XPath injection, XXE protection, dependency update tngan/samlify@ab87376
• fix: maintain the commonjs build and remove camel case lib import by @​tngan in tngan/samlify#601

Full Changelog: tngan/samlify@v2.11.0...v2.12.0

v2.11.0

What's Changed

• [fix] Replace node-forge with Node.js native crypto by @​simplyluke in tngan/samlify#598
• Bump rollup from 4.53.2 to 4.59.0 by @​dependabot[bot] in tngan/samlify#597
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in tngan/samlify#596
• Bump preact from 10.27.2 to 10.28.2 by @​dependabot[bot] in tngan/samlify#593
• Bump mdast-util-to-hast from 13.2.0 to 13.2.1 by @​dependabot[bot] in tngan/samlify#589

New Contributors

• @​simplyluke made their first contribution in tngan/samlify#598

Full Changelog: tngan/samlify@v2.10.2...v2.11.0

... (truncated)

Commits

• 3230b2b chore: bump version to 2.13.0
• b37a65c fix: escape XML element text in replaceTagsByValue to prevent SAML attribute ...
• 0235cab feat: per-request AssertionConsumerServiceIndex for createLoginRequest (close...
• a3910b1 feat: support RSASSA-PSS signature algorithms (closes #624) (#625)
• 8f1cc8b feat: support elementsOrder option on IdP metadata (closes #429) (#622)
• c393d81 fix: invoke customTagReplacement even without explicit template (closes #549)...
• ee738cc feat: support tagPrefix.protocol and tagPrefix.assertion on IdP (closes #388)...
• 1c2b9fa feat: per-request ForceAuthn for createLoginRequest (closes #359) (#618)
• 803acc1 fix: default signatureConfig for SP when wantMessageSigned is true (closes #4...
• 3ee2bc6 fix: surface SP/IdP signing flags in ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLA...
• Additional commits viewable in compare view

Updates simple-git from 3.17.0 to 3.36.0

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

• 89a2294: Extend known exploitable configuration keys and per-task environment variables.

  Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

  Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

• 1ad57e8: Remove conflicting node:buffer import
• Updated dependencies [89a2294]
• Updated dependencies [675570a]
  • @​simple-git/argv-parser@​1.1.0
  • @​simple-git/args-pathspec@​1.0.3

simple-git@3.35.2

Patch Changes

• 0cf9d8c: Improvements for mono-repo publishing pipeline
• Updated dependencies [0cf9d8c]
  • @​simple-git/args-pathspec@​1.0.2
  • @​simple-git/argv-parser@​1.0.3

simple-git@3.35.1

Patch Changes

• 0de400e: Update monorepo version handling during publish
• Updated dependencies [0de400e]
  • @​simple-git/argv-parser@​1.0.2

simple-git@3.33.0

Minor Changes

• a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

• e253a0d: Enhanced git -c checks in unsafe plugin.

  Thanks to @​JohannesLks for identifying the issue

simple-git@3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

• 89a2294: Extend known exploitable configuration keys and per-task environment variables.

  Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

  Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

• 1ad57e8: Remove conflicting node:buffer import
• Updated dependencies [89a2294]
• Updated dependencies [675570a]
  • @​simple-git/argv-parser@​1.1.0
  • @​simple-git/args-pathspec@​1.0.3

3.35.2

Patch Changes

• 0cf9d8c: Improvements for mono-repo publishing pipeline
• Updated dependencies [0cf9d8c]
  • @​simple-git/args-pathspec@​1.0.2
  • @​simple-git/argv-parser@​1.0.3

3.35.1

Patch Changes

• 0de400e: Update monorepo version handling during publish
• Updated dependencies [0de400e]
  • @​simple-git/argv-parser@​1.0.2

3.35.0

Minor Changes

• 3d8708b: Updating publish config

Patch Changes

• Updated dependencies [3d8708b]
  • @​simple-git/args-pathspec@​1.0.1
  • @​simple-git/argv-parser@​1.0.1

3.34.0

... (truncated)

Commits

• 7dc1a53 Version Packages
• 76f5376 Merge pull request #1061 from Vinzent03/fix/buffer-import
• 89a2294 Environment Parsing (#1156)
• 1b91b76 fix: remove explicit node:buffer import
• e390685 Version Packages
• 3c9e4b8 Pin version of @​simple-git/args-pathspec
• 94ee21f Export pathspec types through simple-git for backward compatibility
• 6d7cb51 Version Packages
• 0de400e Switch to semver from workspace revisions
• 2264722 Version Packages
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for simple-git since your current version.

Updates ws from 8.17.1 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

8.19.0

Features

• Added the closeTimeout option (#2308).

Bug fixes

• Handled a forthcoming breaking change in Node.js core (19984854).

... (truncated)

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• Additional commits viewable in compare view

Updates langsmith from 0.3.45 to 0.6.0

Release notes

Sourced from langsmith's releases.

v0.6.0

What's Changed

• chore(js): bump JS to 0.4.3 by @​dqbd in langchain-ai/langsmith-sdk#2253
• Revert "feat: add js prompt caching" by @​angus-langchain in langchain-ai/langsmith-sdk#2258
• Revert "feat: Replace UUID5 with deterministic UUID7 for replicas" by @​angus-langchain in langchain-ai/langsmith-sdk#2257
• release(js): bump to 0.4.4 by @​dqbd in langchain-ai/langsmith-sdk#2259
• feat: add prompt cache back and setup environment tests by @​langchain-infra in langchain-ai/langsmith-sdk#2260
• feat(python): Bump pydantic to v2 by @​angus-langchain in langchain-ai/langsmith-sdk#2248

Full Changelog: langchain-ai/langsmith-sdk@v0.5.2...v0.6.0

v0.6.0rc0

What's Changed

• feat(js): Add support for tracing AI SDK 6 by @​jacoblee93 in langchain-ai/langsmith-sdk#2237
• fix(js): Remove default Jestlike timeout by @​jacoblee93 in langchain-ai/langsmith-sdk#2243
• feat(js): Add support for tracing tool loop agent by @​jacoblee93 in langchain-ai/langsmith-sdk#2244
• feat: Replace UUID5 with deterministic UUID7 for replicas by @​angus-langchain in langchain-ai/langsmith-sdk#2249
• feat: add prompt caching to python sdk by @​langchain-infra in langchain-ai/langsmith-sdk#2246
• feat: add js prompt caching by @​langchain-infra in langchain-ai/langsmith-sdk#2251
• fix(claude): correctly parse llm and tool inputs in claude agent sdk by @​angus-langchain in langchain-ai/langsmith-sdk#2255
• bump(python): 0.5.2 by @​angus-langchain in langchain-ai/langsmith-sdk#2256

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.6.0rc0

v0.5.2

What's Changed

• feat(js): Add support for tracing AI SDK 6 by @​jacoblee93 in langchain-ai/langsmith-sdk#2237
• fix(js): Remove default Jestlike timeout by @​jacoblee93 in langchain-ai/langsmith-sdk#2243
• feat(js): Add support for tracing tool loop agent by @​jacoblee93 in langchain-ai/langsmith-sdk#2244
• feat: Replace UUID5 with deterministic UUID7 for replicas by @​angus-langchain in langchain-ai/langsmith-sdk#2249
• feat: add prompt caching to python sdk by @​langchain-infra in langchain-ai/langsmith-sdk#2246
• feat: add js prompt caching by @​langchain-infra in langchain-ai/langsmith-sdk#2251
• fix(claude): correctly parse llm and tool inputs in claude agent sdk by @​angus-langchain in langchain-ai/langsmith-sdk#2255
• bump(python): 0.5.2 by @​angus-langchain in langchain-ai/langsmith-sdk#2256

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.5.2

v0.5.1

What's Changed

• feat(openai): Add use responses API to OpenAI wrapper by @​jacoblee93 in langchain-ai/langsmith-sdk#2218
• chore(py): Fix Python integration tests by @​jacoblee93 in langchain-ai/langsmith-sdk#2219
• feat(js): Add invocation param tracing for OpenAI responses wrapper in JS by @​jacoblee93 in langchain-ai/langsmith-sdk#2220
• Ignore empty string by @​hinthornw in langchain-ai/langsmith-sdk#2225
• remove duplicate patch from claude agent sdk by @​angus-langchain in langchain-ai/langsmith-sdk#2189
• fix(js): Fix JS Memory Leak clean child_runs by @​amodelaweb in langchain-ai/langsmith-sdk#2228
• fix(js): Make traced async iterators call finally on success by @​jacoblee93 in langchain-ai/langsmith-sdk#2230
• release(js): 0.4.1 by @​jacoblee93 in langchain-ai/langsmith-sdk#2231

... (truncated)

Commits

• 71b7189 feat(python): Bump pydantic to v2 (#2248)
• 1482c9c feat: add prompt cache back and setup environment tests (#2260)
• 3ebe56b release(js): bump to 0.4.4 (#2259)
• 8b87f14 Revert "feat: Replace UUID5 with deterministic UUID7 for replicas" (#2257)
• 43335d5 Revert "feat: add js prompt caching" (#2258)
• ae71b5e chore(js): bump JS to 0.4.3 (#2253)
• 9fd842c bump(python): 0.5.2 (#2256)
• 8fd1283 fix(claude): correctly parse llm and tool inputs in claude agent sdk (#2255)
• 2903578 feat: add js prompt caching (#2251)
• 3f1d680 feat: add prompt caching to python sdk (#2246)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for langsmith since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates postcss from 8.4.49 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"
</tr></table>

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

Description has been truncated