chore(deps): bump the npm_and_yarn group across 3 directories with 2 updates by dependabot[bot] · Pull Request #261 · google-labs-code/jules-sdk

dependabot · 2026-03-10T02:42:23Z

Bumps the npm_and_yarn group with 2 updates in the / directory: ai and next.
Bumps the npm_and_yarn group with 1 update in the /packages/core/examples/ai-sdk directory: ai.
Bumps the npm_and_yarn group with 1 update in the /packages/core/examples/nextjs directory: next.

Updates ai from 4.3.19 to 6.0.116

Release notes

Sourced from ai's releases.

ai@5.0.151

Patch Changes

Updated dependencies [f54cb63]

@ai-sdk/gateway@2.0.56

ai@5.0.150

Patch Changes

Updated dependencies [ee7582f]

@ai-sdk/gateway@2.0.55

Commits

035d5ad Version Packages (#13087)
3fb4e70 feat(provider/anthropic): support fine-grained tool streaming with eagerInput...
ad4cfc2 fix(security): add URL validation to prevent SSRF in download functions (#13085)
4f7ec7f Version Packages (#13084)
824b295 fix(provider-utils): prevent unicode escape bypass in secureJsonParse (#13079)
7579667 Version Packages (#13074)
d5801fe fix(xai): ensure strict mode for tools (#12996)
e70bec4 Version Packages (#13073)
89d8b45 fix(google): make urlMetadata optional in urlContextMetadata schema (#12701)
39d0544 Version Packages (#13072)
Additional commits viewable in compare view

Updates next from 14.2.35 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @mischnic for helping!

v16.1.1-canary.36

Core Changes

Rename rewroteURL to rewrittenPathname in request metadata: #88751

Simplify getImplicitTags to accept pathname instead of url object: #88753

Add NEXT_DEPLOYMENT_ID global: #86738

Turbopack: remove deployment id suffix from client reference manifest chunks: #88741

Inject <html data-dpl-id> and don't inline it into JS anymore: #88761

[metadata] match the Metadata and ResolvedMetadata type: #88739

Example Changes

Update with-mysql example to Next.js 15, Tailwind 4, Prisma 7: #88475

Misc Changes

[ci] Ensure Turbo Remote Cache can be written to: #88794

perf(turbopack): optimize resolve plugin handling: #88639

Fix buildManifest.js deployment tests: #88806

... (truncated)

Commits

adf8c61 v16.1.6
098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
d6d5734 tweak LRU sentinel cache key (#89123)
4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
acba4a6 v16.1.5
e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
Additional commits viewable in compare view

Updates ai from 4.3.19 to 6.0.116

Release notes

Sourced from ai's releases.

ai@5.0.151

Patch Changes

Updated dependencies [f54cb63]

@ai-sdk/gateway@2.0.56

ai@5.0.150

Patch Changes

Updated dependencies [ee7582f]

@ai-sdk/gateway@2.0.55

Commits

035d5ad Version Packages (#13087)
3fb4e70 feat(provider/anthropic): support fine-grained tool streaming with eagerInput...
ad4cfc2 fix(security): add URL validation to prevent SSRF in download functions (#13085)
4f7ec7f Version Packages (#13084)
824b295 fix(provider-utils): prevent unicode escape bypass in secureJsonParse (#13079)
7579667 Version Packages (#13074)
d5801fe fix(xai): ensure strict mode for tools (#12996)
e70bec4 Version Packages (#13073)
89d8b45 fix(google): make urlMetadata optional in urlContextMetadata schema (#12701)
39d0544 Version Packages (#13072)
Additional commits viewable in compare view

Updates next from 14.2.35 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @mischnic for helping!

v16.1.1-canary.36

Core Changes

Rename rewroteURL to rewrittenPathname in request metadata: #88751

Simplify getImplicitTags to accept pathname instead of url object: #88753

Add NEXT_DEPLOYMENT_ID global: #86738

Turbopack: remove deployment id suffix from client reference manifest chunks: #88741

Inject <html data-dpl-id> and don't inline it into JS anymore: #88761

[metadata] match the Metadata and ResolvedMetadata type: #88739

Example Changes

Update with-mysql example to Next.js 15, Tailwind 4, Prisma 7: #88475

Misc Changes

[ci] Ensure Turbo Remote Cache can be written to: #88794

perf(turbopack): optimize resolve plugin handling: #88639

Fix buildManifest.js deployment tests: #88806

... (truncated)

Commits

adf8c61 v16.1.6
098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
d6d5734 tweak LRU sentinel cache key (#89123)
4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
acba4a6 v16.1.5
e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 2 updates in the / directory: [ai](https://github.com/vercel/ai) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /packages/core/examples/ai-sdk directory: [ai](https://github.com/vercel/ai). Bumps the npm_and_yarn group with 1 update in the /packages/core/examples/nextjs directory: [next](https://github.com/vercel/next.js). Updates `ai` from 4.3.19 to 6.0.116 - [Release notes](https://github.com/vercel/ai/releases) - [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md) - [Commits](https://github.com/vercel/ai/compare/ai@4.3.19...ai@6.0.116) Updates `next` from 14.2.35 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.1.6) Updates `ai` from 4.3.19 to 6.0.116 - [Release notes](https://github.com/vercel/ai/releases) - [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md) - [Commits](https://github.com/vercel/ai/compare/ai@4.3.19...ai@6.0.116) Updates `next` from 14.2.35 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.1.6) --- updated-dependencies: - dependency-name: ai dependency-version: 6.0.116 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ai dependency-version: 6.0.116 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 10, 2026

davideast merged commit 67b4018 into main Mar 10, 2026
5 checks passed

davideast deleted the dependabot/npm_and_yarn/npm_and_yarn-46ee581d60 branch March 10, 2026 10:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 3 directories with 2 updates#261

chore(deps): bump the npm_and_yarn group across 3 directories with 2 updates#261
davideast merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-46ee581d60

dependabot bot commented on behalf of github Mar 10, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 10, 2026

ai@5.0.151

Patch Changes

ai@5.0.150

Patch Changes

v16.1.6

Core Changes

Credits

v16.1.5

v16.1.4

Core Changes

Credits

v16.1.1-canary.36

Core Changes

Example Changes

Misc Changes

ai@5.0.151

Patch Changes

ai@5.0.150

Patch Changes

v16.1.6

Core Changes

Credits

v16.1.5

v16.1.4

Core Changes

Credits

v16.1.1-canary.36

Core Changes

Example Changes

Misc Changes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant