chore(deps): bump the production-minor-patch group across 1 directory with 9 updates

[dependabot]

Bumps the production-minor-patch group with 9 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.80.0	0.96.0
firebase	12.11.0	12.13.0
firebase-admin	13.7.0	13.10.0
nanoid	5.1.7	5.1.11
openai	6.33.0	6.38.0
react	19.2.4	19.2.6
react-dom	19.2.4	19.2.6
tailwind-merge	3.5.0	3.6.0
zustand	5.0.12	5.0.13

Updates @anthropic-ai/sdk from 0.80.0 to 0.96.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.96.0

0.96.0 (2026-05-13)

Full Changelog: sdk-v0.95.2...sdk-v0.96.0

Features

• api: Add BetaManagedAgentsSearchResultBlock types (08f02f3)
• api: Add support for cache diagnostics beta (eafbd6d)

Bug Fixes

• zod: ensure only zod/v4 types are used (#992) (9e08bcc)

Chores

• api: spec updates (27d64ef)

sdk: v0.95.2

0.95.2 (2026-05-11)

Full Changelog: sdk-v0.95.1...sdk-v0.95.2

sdk: v0.95.1

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

• redact api-key headers in debug logs (fad8fee)

sdk: v0.95.0

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

• api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

• api: Adjust webhook configuration (deed3f6)

sdk: v0.94.0

0.94.0 (2026-05-05)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.96.0 (2026-05-13)

Full Changelog: sdk-v0.95.2...sdk-v0.96.0

Features

• api: Add BetaManagedAgentsSearchResultBlock types (08f02f3)
• api: Add support for cache diagnostics beta (eafbd6d)

Bug Fixes

• zod: ensure only zod/v4 types are used (#992) (9e08bcc)

Chores

• api: spec updates (27d64ef)

0.95.2 (2026-05-11)

Full Changelog: sdk-v0.95.1...sdk-v0.95.2

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

• redact api-key headers in debug logs (fad8fee)

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

• api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

• api: Adjust webhook configuration (deed3f6)

0.94.0 (2026-05-05)

Full Changelog: sdk-v0.93.0...sdk-v0.94.0

Features

... (truncated)

Commits

• a53f60d chore: release main
• d1b8d04 feat(api): Add support for cache diagnostics beta
• 8e43bf8 chore(api): spec updates
• 697e4d5 codegen metadata
• cd5801c feat(api): Add BetaManagedAgentsSearchResultBlock types
• dce6bc7 ci: pin GitHub Actions to commit SHAs
• 4eee523 fix(zod): ensure only zod/v4 types are used (#992)
• e3bcdd4 chore: release main
• 08943f1 feat(aws): Add AWS client for Claude Platform on AWS
• 7834ceb ci(release-please): exclude subpackages from root changelog (#991)
• Additional commits viewable in compare view

Updates firebase from 12.11.0 to 12.13.0

Release notes

Sourced from firebase's releases.

firebase@12.13.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.12.0

Minor Changes

• ffa39f6 #9795 - Added LiveSession.resumeSession() to allow resuming a previous LiveSession. Also added contextWindowCompression feature.

• 86dc0db #9819 - Added support for ImageConfig (aspect ratio and size). Expanded FinishReason values to include all currently available values provided by the models.

• 345c5f6 #9458 - AI Logic : Feature : Added support for Grounding with Google Maps.

Patch Changes

• 8e384c9 #9883 - Updated dependencies.

• Updated dependencies [8e384c9]:

• @​firebase/app-check-interop-types@​0.3.4

• @​firebase/component@​0.7.3

• @​firebase/logger@​0.5.1

• @​firebase/util@​1.15.1

@​firebase/data-connect@​0.7.0

Minor Changes

• 714b41d #9905 - Hardened the Firebase SQL Connect streaming transport with intelligent reconnection, query de-duplication, and resume optimizations.

Patch Changes

• 8e384c9 #9883 - Updated dependencies.

• Updated dependencies [8e384c9]:

• @​firebase/auth-interop-types@​0.2.5

• @​firebase/component@​0.7.3

• @​firebase/logger@​0.5.1

• @​firebase/util@​1.15.1

firebase@12.13.0

Minor Changes

• ffa39f6 #9795 - Added LiveSession.resumeSession() to allow resuming a previous LiveSession. Also added contextWindowCompression feature.

• 714b41d #9905 - Hardened the Firebase SQL Connect streaming transport with intelligent reconnection, query de-duplication, and resume optimizations.

... (truncated)

Commits

• 1adfd64 Version Packages (#9923)
• 50d5b6a Merge main into release
• 714b41d feat(data-connect): add de-duplication, resume, and intelligent reconnection ...
• f80895f Merge main into release
• 330a387 chore: migrate test functions to v2 (#9910)
• 3b87134 build(deps): bump axios from 1.13.5 to 1.15.2 (#9860)
• 402b1f0 fix(firestore): Assertion ID: ca9 (pendingResponses less than 0) caused by ta...
• 86dc0db feat(ai): ImageConfig and FinishReasons (#9819)
• 62ae2e2 chore: Update picomatch and rollup-plugin-typescript2 (#9892)
• 96e81ff feat(firestore): Added search stage support for languageCode, offset, limit, ...
• Additional commits viewable in compare view

Updates firebase-admin from 13.7.0 to 13.10.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v13.10.0

New Features

• feat(appcheck): Add support for minting limited-use tokens and custom JTI (#3027)

Bug Fixes

• fix: Replace node-forge with native crypto for private key validation (#3051)

Miscellaneous

• [chore] Release 13.10.0 (#3146)
• add node prefix to crypto imports (#3144)
• chore: remove uuid dependency (#3130)
• build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3134)
• build(deps): bump protobufjs from 7.5.5 to 7.5.8 (#3141)
• build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3135)

Firebase Admin Node.js SDK v13.9.0

New Features

• feat(remote-config): add optional exposurePercent field to ExperimentValue (#3096)

Miscellaneous

• [chore] Release 13.9.0 (#3129)
• chore: Deprecate support for Node.js 20 (#3128)
• build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
• build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
• build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
• build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
• build(deps): bump axios in /.github/actions/send-email (#3123)
• build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)

Firebase Admin Node.js SDK v13.8.0

New Features

• feat(pnv): Add support for Phone Number Verification (#3101)
• feat(fcm): Add bandwidthConstrainedOk and restrictedSatelliteOk (#2994)

Miscellaneous

• [chore] Release 13.8.0 (#3109)
• chore(deps): bump node-forge to 1.4.0 (#3108)
• build(deps-dev): bump @​types/node from 25.3.0 to 25.3.3 (#3090)
• build(deps-dev): bump lodash and @​microsoft/api-extractor (#3106)
• build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 (#3095)

... (truncated)

Commits

• e0a2177 [chore] Release 13.10.0 (#3146)
• 67d6d82 add node prefix to crypto imports (#3144)
• 2c8d215 chore: remove uuid dependency (#3130)
• da2141a build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3134)
• fcedf6b feat(appcheck): Add support for minting limited-use tokens and custom JTI (#3...
• 48d5212 build(deps): bump protobufjs from 7.5.5 to 7.5.8 (#3141)
• 16e6c33 fix: Replace node-forge with native crypto for private key validation (#3051)
• 6c81c7e build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3135)
• 0efb21f [chore] Release 13.9.0 (#3129)
• 363a302 chore: Deprecate support for Node.js 20 (#3128)
• Additional commits viewable in compare view

Updates nanoid from 5.1.7 to 5.1.11

Release notes

Sourced from nanoid's releases.

5.1.11

• Fixed breaking Nano ID by requesting big ID.

5.1.10

• Fixed breaking nanoid by requesting big ID (by @​alanzabihi).

5.1.9

• Fixed npm package size regression.

5.1.8

• Made cusatomAlphabet 75% faster (by @​saripovdenis).

Changelog

Sourced from nanoid's changelog.

5.1.11

• Fixed breaking Nano ID by requesting big ID.

5.1.10

• Fixed breaking Nano ID by requesting big ID (by @​alanzabihi).

5.1.9

• Fixed npm package size regression.

5.1.8

• Made cusatomAlphabet 75% faster (by @​saripovdenis).

Commits

• 5423cf5 Release 5.1.11 version
• 2183894 Backport 3.3.12 changelog
• 7087969 Limit ID even more
• 013517b Temporary add pnpm-workspace.yaml to npm ignore
• 5db09ee Release 5.1.10 version
• be7901a Fix random pool break
• 974f73b Structure tests with describe() instead of prefix
• fe3e7ec Update dependencies
• 043a7c1 Move to pnpm 11
• e52d946 Release 5.1.9 version
• Additional commits viewable in compare view

Updates openai from 6.33.0 to 6.38.0

Release notes

Sourced from openai's releases.

v6.38.0

6.38.0 (2026-05-13)

Full Changelog: v6.37.0...v6.38.0

Features

• api: add service_tier parameter to responses compact method (423e838)

v6.37.0

6.37.0 (2026-05-07)

Full Changelog: v6.36.0...v6.37.0

Features

• api: add quantity field to admin organization usage responses (273a8f7)
• api: add web_search_call.results output option to responses (91c75e0)
• api: launch realtime translate + update image 2 (a296b66)
• api: manual updates (794b905)
• api: manual updates (6963729)
• api: realtime 2 (f4b7177)

Bug Fixes

• api: fix imagegen size enum regression (4fe8469)

Chores

• redact api-key headers in debug logs (99c9c80)

v6.36.0

6.36.0 (2026-05-01)

Full Changelog: v6.35.0...v6.36.0

Features

• api: add group_type/user metadata fields, update types across admin resources (cc52f97)
• api: add support for Admin API Keys per endpoint (770d187)
• api: admin API updates (ee2bd2d)
• api: manual updates (6af2b6d)
• api: manual updates (f2dceda)

Bug Fixes

• api: support admin api key auth (e3862a3)

... (truncated)

Changelog

Sourced from openai's changelog.

6.38.0 (2026-05-13)

Full Changelog: v6.37.0...v6.38.0

Features

• api: add service_tier parameter to responses compact method (423e838)

6.37.0 (2026-05-07)

Full Changelog: v6.36.0...v6.37.0

Features

• api: add quantity field to admin organization usage responses (273a8f7)
• api: add web_search_call.results output option to responses (91c75e0)
• api: launch realtime translate + update image 2 (a296b66)
• api: manual updates (794b905)
• api: manual updates (6963729)
• api: realtime 2 (f4b7177)

Bug Fixes

• api: fix imagegen size enum regression (4fe8469)

Chores

• redact api-key headers in debug logs (99c9c80)

6.36.0 (2026-05-01)

Full Changelog: v6.35.0...v6.36.0

Features

• api: add group_type/user metadata fields, update types across admin resources (cc52f97)
• api: add support for Admin API Keys per endpoint (770d187)
• api: admin API updates (ee2bd2d)
• api: manual updates (6af2b6d)
• api: manual updates (f2dceda)

Bug Fixes

• api: support admin api key auth (e3862a3)
• api: tighten auth header selection (f1203bd)

... (truncated)

Commits

• 87f3b04 Merge pull request #1870 from openai/release-please--branches--master--change...
• 9d91776 release: 6.38.0
• 427ae2b Merge pull request #1127 from stainless-sdks/dev/jtian/remove-unnecessary-params
• 255142e [feat] Remove unnecessary params client id during init
• 423e838 feat(api): add service_tier parameter to responses compact method
• b0e89cd release: 6.37.0
• 2151063 feat(api): realtime 2
• a5c4184 feat(api): manual updates
• 17c79fb chore: redact api-key headers in debug logs
• 36f69f6 codegen metadata
• Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Updates zustand from 5.0.12 to 5.0.13

Release notes

Sourced from zustand's releases.

v5.0.13

This release includes an improvement in the devtools middleware.

What's Changed

• refactor(devtools): remove duplicate module augmentation by @​mahmoodhamdi in pmndrs/zustand#3443
• fix(devtools): support Firefox/Safari stack format in findCallerName by @​SBolsec in pmndrs/zustand#3469

New Contributors

• @​mahmoodhamdi made their first contribution in pmndrs/zustand#3443
• @​FelixEckl-vireq made their first contribution in pmndrs/zustand#3466
• @​KimHyeongRae0 made their first contribution in pmndrs/zustand#3471
• @​lstak made their first contribution in pmndrs/zustand#3483
• @​AlexRixten made their first contribution in pmndrs/zustand#3474
• @​SBolsec made their first contribution in pmndrs/zustand#3469

Full Changelog: pmndrs/zustand@v5.0.12...v5.0.13

Commits

• 6bc451e 5.0.13
• 8ec2169 chore(deps): update dev dependencies (#3486)
• 4e9bcf0 fix(devtools): support Firefox/Safari stack format in findCallerName (#3469)
• 4b96f4e fix(docs): correct react-dom test utils import path (#3474)
• c7516c1 fix(tests): change parameters for 'expect' in test (#3483)
• 1b04af1 docs(persist): fix signature to require persistOptions (#3477)
• 95d3f33 test(middleware/immer): add runtime tests for immer middleware (#3471)
• 3201328 Update TypeScript guide links in README.md (#3466)
• 00f96a3 chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 (#3447)
• 6330044 test: expand React subscribe test coverage (#3442)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

**Disclaimer This is AxiomID Review Agent.

Greptile Summary

This is a Dependabot-generated grouped dependency bump updating 9 production packages to their latest minor/patch releases. All updates stay within their existing semver ranges in package.json.

• @anthropic-ai/sdk makes the largest jump (0.80.0 → 0.96.0, 16 minor versions), gaining a new transitive dependency standardwebhooks; usage in the repo is limited to Anthropic client instantiation and messages.create(), both of which are unchanged API surface.
• nanoid picks up an important bug fix (5.1.11 fixes ID generation breaking when a large ID size is requested), and firebase-admin replaces node-forge with native crypto for private key validation.
• The regenerated package-lock.json silently removes three packages (@hookform/resolvers, react-hook-form, minimatch) that were listed as direct root dependencies in the old lock file but were never declared in package.json; none of these are imported anywhere in source, so the cleanup is safe.

Confidence Score: 5/5

Safe to merge; all updates are minor/patch within declared ranges and the one notable side-effect (removal of phantom lock-file entries) is benign.

All nine packages receive minor or patch bumps. The largest jump (@anthropic-ai/sdk 0.80 → 0.96) touches only stable, additive API surface; the two files that consume it use only Anthropic client construction and messages.create(), which are unchanged. Bug fixes in nanoid and security-relevant improvements in firebase-admin (native crypto, removed uuid) are net positives. The lock-file cleanup of three undeclared phantom dependencies is safe since none appear in source. No migration steps or code changes are required.

No files require special attention beyond confirming CI passes against the updated @anthropic-ai/sdk.

Important Files Changed

Filename	Overview
package.json	Version range lower bounds bumped for 9 production deps; no structural changes to scripts or other metadata.
package-lock.json	Lock file regenerated to resolve new versions; also removes @hookform/resolvers, react-hook-form, and minimatch which were phantom direct-dep entries not declared in package.json — none are imported in source, so safe.

Comments Outside Diff (1)

1. package-lock.json, line 8-40 (link)

   Phantom direct deps removed from lock file

   The regenerated lock file drops @hookform/resolvers (^5.2.1), react-hook-form (^7.71.2), and minimatch (^10.2.4) from the root packages[""].dependencies section, even though none of them are declared in package.json. This confirms the old lock file was out-of-sync with package.json — those three entries were phantom direct-dependency records. A search across all source files confirms none of the three are imported anywhere, so the cleanup is safe. It is worth noting this divergence existed so the team can ensure package-lock.json is regenerated (npm install) whenever package.json is edited going forward.

   

_{Reviews (1): Last reviewed commit: "chore(deps): bump the production-minor-p..." | Re-trigger Greptile}

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Warning

Rate limit exceeded

@dependabot[bot] has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 6 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 9258005f-d285-43da-9141-6a648b8be15c

📥 Commits

Reviewing files that changed from the base of the PR and between a778cb6 and 28aee6b.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/production-minor-patch-7c4179cf5b

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.