fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@algolia/client-search	5.8.1 -> 5.9.1					dependencies	minor
@aws-sdk/client-dynamodb (source)	3.670.0 -> 3.675.0					dependencies	minor
@aws-sdk/client-ses (source)	3.670.0 -> 3.675.0					dependencies	minor
@aws-sdk/lib-dynamodb (source)	3.670.0 -> 3.675.0					dependencies	minor
@cloudflare/workers-types	4.20241011.0 -> 4.20241018.0					devDependencies	minor
@cloudflare/workers-types	4.20241011.0 -> 4.20241018.0					dependencies	minor
@datadog/browser-logs (source)	5.28.1 -> 5.29.0					dependencies	minor
@datadog/browser-rum (source)	5.28.1 -> 5.29.0					dependencies	minor
@langchain/community (source)	0.3.5 -> 0.3.7					dependencies	patch
@langchain/core (source)	0.3.11 -> 0.3.13					dependencies	patch
@langchain/openai (source)	0.3.7 -> 0.3.11					dependencies	patch
@types/node (source)	20.16.11 -> 20.16.13					overrides	patch
@types/node (source)	22.7.5 -> 22.7.7					devDependencies	patch
@types/node (source)	22.7.5 -> 22.7.7					dependencies	patch
actions/checkout	v4.1.1 -> v4.2.1					action	minor
actions/create-github-app-token	5d869da -> 25cc3bd					action	digest
actions/upload-artifact	v3 -> v4					action	major
ai (source)	3.4.12 -> 3.4.16					dependencies	patch
algoliasearch	5.8.1 -> 5.9.1					dependencies	minor
chrnorm/deployment-action	55729fc -> 51e9398					action	digest
cloudflare/wrangler-action	9681c29 -> cd8a317					action	digest
cookie	^0.7.0 -> ^1.0.0					resolutions	major
eslint (source)	9.12.0 -> 9.13.0					devDependencies	minor
eslint (source)	9.12.0 -> 9.13.0					dependencies	minor
github/codeql-action	cf5b0a9 -> af56b04					action	digest
jose	^4.15.5 -> ^5.0.0					resolutions	major
ossf/scorecard-action	v2.3.1 -> v2.4.0					action	minor
path-to-regexp	6.3.0 -> 8.2.0					resolutions	major
tar	^6.2.1 -> ^7.0.0					resolutions	major
typescript-eslint (source)	8.9.0 -> 8.10.0					devDependencies	minor
vercel (source)	37.8.0 -> 37.11.0					devDependencies	minor
wrangler (source)	3.80.5 -> 3.81.0					dependencies	minor
wrangler (source)	3.80.5 -> 3.81.0					devDependencies	minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

algolia/algoliasearch-client-javascript (@​algolia/client-search)

v5.9.1

Compare Source

• b076b69ba fix(javascript): missing search dependency (#​3988) by @​shortcuts

v5.9.0

Compare Source

• 56164aab9 fix(javascript): do not publish ts (#​3966) by @​shortcuts
• cd98290fa fix(specs): Typo tolernace on words (#​3968) by @​gazconroy
• 21d09d3d3 feat(javascript): add every APIs (#​3942) by @​shortcuts
• 5866c2954 fix(specs): Add context to hitsPerPage (#​3969) by @​gazconroy
• 95e4149a3 chore(deps): dependencies 2024-10-14 (#​3944) by @​algolia-bot
• 8b879dead fix(specs): alternativesAsExact is plurals and synonyms (#​3974) by @​gazconroy
• 1a9b95e85 fix(specs): Separators are non-alphanumeric characters (#​3978) by @​gazconroy
• 519fd9840 fix(specs): multiple clients fixes (#​3971) by @​shortcuts

aws/aws-sdk-js-v3 (@​aws-sdk/client-dynamodb)

v3.675.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-dynamodb

v3.674.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-dynamodb

aws/aws-sdk-js-v3 (@​aws-sdk/client-ses)

v3.675.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ses

aws/aws-sdk-js-v3 (@​aws-sdk/lib-dynamodb)

v3.675.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-dynamodb

v3.674.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-dynamodb

cloudflare/workerd (@​cloudflare/workers-types)

v4.20241018.0

Compare Source

DataDog/browser-sdk (@​datadog/browser-logs)

v5.29.0

Compare Source

DataDog/browser-sdk (@​datadog/browser-rum)

v5.29.0

Compare Source

langchain-ai/langchainjs (@​langchain/community)

v0.3.7

Compare Source

v0.3.6

Compare Source

actions/checkout (actions/checkout)

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in https://github.com/actions/checkout/pull/1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in https://github.com/actions/checkout/pull/1180
• Dependency updates by @​dependabot- https://github.com/actions/checkout/pull/1777, https://github.com/actions/checkout/pull/1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in https://github.com/actions/checkout/pull/1739
• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1697
• Check out other refs/* by commit by @​orhantoy in https://github.com/actions/checkout/pull/1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in https://github.com/actions/checkout/pull/1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in https://github.com/actions/checkout/pull/1732

v4.1.5

Compare Source

What's Changed

• Update NPM dependencies by @​cory-miller in https://github.com/actions/checkout/pull/1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in https://github.com/actions/checkout/pull/1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in https://github.com/actions/checkout/pull/1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in https://github.com/actions/checkout/pull/1692
• Add dependabot config by @​cory-miller in https://github.com/actions/checkout/pull/1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in https://github.com/actions/checkout/pull/1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in https://github.com/actions/checkout/pull/1643

v4.1.3

Compare Source

What's Changed

• Update actions/checkout version in update-main-version.yml by @​jww3 in https://github.com/actions/checkout/pull/1650
• Check git version before attempting to disable sparse-checkout by @​jww3 in https://github.com/actions/checkout/pull/1656
• Add SSH user parameter by @​cory-miller in https://github.com/actions/checkout/pull/1685

Full Changelog: actions/checkout@v4.1.2...v4.1.3

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in https://github.com/actions/checkout/pull/1598

actions/upload-artifact (actions/upload-artifact)

v4

Compare Source

vercel/ai (ai)

v3.4.16

Compare Source

Patch Changes

• 01dcc44: feat (ai/core): add experimental activeTools option to generateText and streamText

v3.4.15

Compare Source

Patch Changes

• Updated dependencies [98a3b08]
  • @​ai-sdk/react@​0.0.64

v3.4.14

Compare Source

Patch Changes

• e930f40: feat (ai/core): expose core tool result and tool call types

v3.4.13

Compare Source

Patch Changes

• fc39158: fix (ai/core): add abortSignal to tool helper function

jshttp/cookie (cookie)

v1.0.1

Compare Source

Added

• Allow case insensitive options (#​194) 3bed080

v1.0.0

Compare Source

Breaking changes

• Use modern JS features, ship TypeScript definition (#​175) 1cc64ff
• Minimum node.js v18
• Uses null prototype object for parse return value
• Changes strict and priority to match the lower case strings (i.e. low, not LOW or Low)
• Require maxAge to be an integer using Number.isInteger check
• Delegates decode implementation details to decode option (i.e. error handling and quote parsing is defined by decode)
  • Delegate quote parsing to decode (#​180) c4a2597
  • Shift try/catch to decode (#​179) 93a5b97
• Improve arg/option error messages (#​162) e206fd5 @​MaoShizhong

Other

• Remove hasOwnProperty, use undefined check for performance (#​183) 8f3ee9e @​gurgunday

eslint/eslint (eslint)

v9.13.0

Compare Source

panva/jose (jose)

v5.9.6

Compare Source

Reverts

• Revert "refactor(build): simplify package exports" (2ef3a52)

v5.9.5

Compare Source

Refactor

• build: simplify package exports (4783f7f)

v5.9.4

Compare Source

Refactor

• types: update error definitions (510c5ca)

v5.9.3

Compare Source

Refactor

• use as Type for type assertions instead of (c4dc24d)

v5.9.2

Compare Source

Refactor

• types: remove index signatures from JWK interfaces (ccf0cda)

v5.9.1

Compare Source

Fixes

• types: add missing index signature on the convenience JWK types (90a93dc)

v5.9.0

Compare Source

Features

• allow JWK objects as "key" input to sign and verify (c6302ea)

v5.8.0

Compare Source

Features

• add subpath module exports (72ecff6)

Refactor

• omit LocalJWKSet export since it's no longer needed for RemoteJWKSet (c502731)

v5.7.0

Compare Source

Features

• graduate jwksCache to stable API (0f09c12)

v5.6.3

Compare Source

Fixes

• add sideEffects:false to nested ESM package.json files (f3aff1c)

v5.6.2

Compare Source

Refactor

• CryptoKey normalization is not always async (b7751f5)
• weak cache normalized CryptoKey instances (32b25a5)

Fixes

• ensure KeyObject type in Web API encrypt/decrypt (b7920bd)

v5.6.1

Compare Source

Refactor

• normalize is always defined for Web API runtimes (7bcb103)

Fixes

• workaround turbo's eager optimizations (723a042), closes #​690

v5.6.0

Compare Source

Features

• support KeyObject inputs in WebCryptoAPI runtimes given compatibility (e178b8f)

v5.5.0

Compare Source

Features

• add experimental support for edge compute runtimes JWKS caching (ab166e2), closes #​551 #​661 #​653 #​415

v5.4.1

Compare Source

Fixes

• ensure latest release on npm is v5.x (a9b2a30)

v5.4.0

Compare Source

Features

• expose JWT's payload in JWTClaimValidationFailed instances (58bcffb), closes #​680

Refactor

• add explicit return types everywhere (cc2b2d7)

v5.3.0

Compare Source

Features

• allow observing remote JWKS resolver state and its manual reload (fa8b639)

Refactor

• if should not be the only statement in else blocks (a6b716b)

v5.2.4

Compare Source

Refactor

• use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet (a7c566c)

v5.2.3

Compare Source

Refactor

• move iv generation and optional outputs around (05c4351)

v5.2.2

Compare Source

Fixes

• types: iv and tag is optional in JSON serializations (53019cd)

v5.2.1

Compare Source

Fixes

• build: refactor export targets for browser, node cjs, and node esm builds (50cbc65)

v5.2.0

Compare Source

Features

• extend JWT NumericDate setter syntax (ae363c3)

v5.1.3

Compare Source

v5.1.2

Compare Source

Fixes

• do not mutate JWTVerifyOptions.requiredClaims (1bf9cec), closes #​610

v5.1.1

Compare Source

Refactor

• deprecate the RSA1_5 JWE Algorithm (f746da1)

v5.1.0

Compare Source

Features

• add payload generics to jose.decodeJwt (9de49e2), closes #​604

v5.0.2

Compare Source

Fixes

• createRemoteJWKSet: ensure a default user-agent header is present (887dd3c), closes #​600

v5.0.1

Compare Source

Fixes

• also use ES2020 in the CDN bundles (8c4d390)

v5.0.0

Compare Source

⚠ BREAKING CHANGES

• Node.js: return Uint8Array (not a Buffer) from base64url.decode
• Browser distribution is now built using ES2020 as a target
• Node.js distribution is now built using ES2022 as a target
• types: jwtVerify and jwtDecrypt type argument for the resolved
  KeyLike type is now a second optional type argument following a type
  for the JWT Claims Set (aka payload)
• PBES2 Key Management Algorithms' use in decrypt
  functions now requires the use of the keyManagementAlgorithms option
  to explicitly opt-in for their use.
• importJWK "octAsKeyObject" option was removed.
  importJWK will no longer return CryptoKey or KeyObject for "oct" (octet
  sequence) JWK key types, it will instead always return a Uint8Array
  formed from the "k" (Key Value) Parameter regardless of the other JWK
  Parameters that may be present.
• End-Of-Life versions of Node.js as of October 2023 are
  no longer supported. Node.js 18, 20, and 21 and future releases are
  the ones that remain supported.
• The JWE "zip" (Compression Algorithm) Header Parameter
  is no longer supported by this JOSE implementation.

Features

• add Date as valid input to timestamp setting functions (bd830a4)
• default to an empty payload in JWT producing constructors (98d6ca1)
• types: add optional Generics for JWT verify and decrypt (61bd2a0), closes #​568

Reverts

• Revert "test: fix test under lts/erbium" (b64b6c7)

Refactor

• Browser distribution is now built using ES2020 as a target (1836684)
• drop support for EOL Node.js versions (b5aee54)
• importJWK always returns a Uint8Array for symmetric key inputs (163e1b0)
• Node.js distribution is now built using ES2022 as a target (239697a)
• Node.js: return Uint8Array (not a Buffer) from base64url.decode (02d5182)
• PBES2 Algorithms require explicit opt-in during verification (e2da031)
• remove support for JWE "zip" (Compression Algorithm) Header Parameter (16998b1)
• types: rename type parameters for the KeyLike returns (eddd400)
• update allow list error messages (fe8114c)

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1410
• 🐛 lower license sarif alert threshold to 9 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1411

Documentation

• docs: dogfooding badge by @​jkowalleck in https://github.com/ossf/scorecard-action/pull/1399

New Contributors

• @​jkowalleck made their first contribution in [https://github.com/docs: dogfooding badge ossf/scorecard-action#1399](https://github.com/ossf/sc

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.