Pin dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Pending	Age	Confidence
@ai-sdk/anthropic (source)	devDependencies	pin	^3.0.13 → 3.0.13
@ai-sdk/google (source)	devDependencies	pin	^3.0.30 → 3.0.30
@ai-sdk/groq (source)	devDependencies	pin	^3.0.8 → 3.0.8
@ai-sdk/openai (source)	devDependencies	pin	^3.0.10 → 3.0.10
@ai-sdk/provider (source)	devDependencies	pin	^3.0.3 → 3.0.3
@ai-sdk/provider-utils (source)	devDependencies	pin	^4.0.6 → 4.0.6
@convex-dev/rag	devDependencies	patch	0.7.0 → 0.7.1
@convex-dev/rate-limiter	devDependencies	patch	0.3.0 → 0.3.2
@convex-dev/workflow	devDependencies	patch	0.3.2 → 0.3.4
@eslint/js (source)	devDependencies	minor	9.38.0 → 9.39.3
@radix-ui/react-accordion (source)	dependencies	patch	1.2.11 → 1.2.12
@radix-ui/react-alert-dialog (source)	dependencies	patch	1.1.14 → 1.1.15
@radix-ui/react-aspect-ratio (source)	dependencies	patch	1.1.7 → 1.1.8
@radix-ui/react-avatar (source)	dependencies	patch	1.1.10 → 1.1.11
@radix-ui/react-checkbox (source)	dependencies	patch	1.3.2 → 1.3.3
@radix-ui/react-collapsible (source)	dependencies	patch	1.1.11 → 1.1.12
@radix-ui/react-context-menu (source)	dependencies	patch	2.2.15 → 2.2.16
@radix-ui/react-dialog (source)	dependencies	patch	1.1.14 → 1.1.15
@radix-ui/react-dropdown-menu (source)	dependencies	patch	2.1.15 → 2.1.16
@radix-ui/react-hover-card (source)	dependencies	patch	1.1.14 → 1.1.15
@radix-ui/react-label (source)	dependencies	patch	2.1.7 → 2.1.8
@radix-ui/react-label (source)	devDependencies	patch	2.1.7 → 2.1.8
@radix-ui/react-menubar (source)	dependencies	patch	1.1.15 → 1.1.16
@radix-ui/react-navigation-menu (source)	dependencies	patch	1.2.13 → 1.2.14
@radix-ui/react-popover (source)	dependencies	patch	1.1.14 → 1.1.15
@radix-ui/react-progress (source)	dependencies	patch	1.1.7 → 1.1.8
@radix-ui/react-radio-group (source)	dependencies	patch	1.3.7 → 1.3.8
@radix-ui/react-scroll-area (source)	dependencies	patch	1.2.9 → 1.2.10
@radix-ui/react-select (source)	dependencies	patch	2.2.5 → 2.2.6
@radix-ui/react-separator (source)	dependencies	patch	1.1.7 → 1.1.8
@radix-ui/react-slider (source)	dependencies	patch	1.3.5 → 1.3.6
@radix-ui/react-slot (source)	dependencies	patch	1.2.3 → 1.2.4
@radix-ui/react-slot (source)	devDependencies	patch	1.2.3 → 1.2.4
@radix-ui/react-switch (source)	dependencies	patch	1.2.5 → 1.2.6
@radix-ui/react-tabs (source)	dependencies	patch	1.1.12 → 1.1.13
@radix-ui/react-toast (source)	dependencies	patch	1.2.14 → 1.2.15
@radix-ui/react-toggle (source)	dependencies	patch	1.1.9 → 1.1.10
@radix-ui/react-toggle-group (source)	dependencies	patch	1.1.10 → 1.1.11
@radix-ui/react-tooltip (source)	dependencies	patch	1.2.7 → 1.2.8
@tailwindcss/typography	dependencies	patch	0.5.16 → 0.5.19
@types/node (source)	devDependencies	patch	20.19.24 → 20.19.33
@types/react (source)	devDependencies	patch	19.2.2 → 19.2.14
@types/react-dom (source)	devDependencies	patch	19.2.2 → 19.2.3
actions/checkout (changelog)	action	digest	08c6903 → 93cb6ef
actions/checkout (changelog)	action	digest	08eba0b → 34e1148
ai (source)	devDependencies	pin	^6.0.35 → 6.0.35
autoprefixer	dependencies	patch	10.4.21 → 10.4.24
autoprefixer	devDependencies	patch	10.4.21 → 10.4.24
convex (source)	devDependencies	minor	1.29.3 → 1.32.0
convex-helpers (source)	devDependencies	patch	0.1.104 → 0.1.113
convex-test (source)	devDependencies	patch	0.0.38 → 0.0.41
dayjs (source)	devDependencies	patch	1.11.18 → 1.11.19
eslint (source)	devDependencies	minor	9.38.0 → 9.39.3
eslint-plugin-react-hooks (source)	devDependencies	pin	^6 → 6.1.1
eslint-plugin-react-refresh	devDependencies	minor	0.4.24 → 0.5.0	0.5.2 (+1)
globals	devDependencies	minor	16.4.0 → 16.5.0
lucide-react (source)	dependencies	minor	^0.548.0 → ^0.575.0
lucide-react (source)	devDependencies	minor	0.548.0 → 0.575.0
ollama-ai-provider	devDependencies	pin	^1.2.0 → 1.2.0
path-exists-cli	devDependencies	pin	^2.0.0 → 2.0.0
pkg-pr-new (source)	devDependencies	patch	0.0.60 → 0.0.63
prettier (source)	devDependencies	minor	3.6.2 → 3.8.1
react (source)	devDependencies	patch	19.2.3 → 19.2.4
react-day-picker (source)	dependencies	minor	9.8.1 → 9.13.2
react-dom (source)	devDependencies	patch	19.2.3 → 19.2.4
react-hook-form (source)	dependencies	minor	7.62.0 → 7.71.2
react-hook-form (source)	devDependencies	minor	7.65.0 → 7.71.2
react-router-dom (source)	dependencies	patch	6.30.1 → 6.30.3
react-router-dom (source)	devDependencies	minor	7.9.5 → 7.13.0	7.13.1
tailwind-merge	dependencies	patch	2.6.0 → 2.6.1
tailwind-merge	devDependencies	minor	3.3.1 → 3.5.0
tailwindcss (source)	dependencies	patch	3.4.17 → 3.4.19
tailwindcss (source)	devDependencies	patch	3.4.18 → 3.4.19
typescript-eslint (source)	devDependencies	minor	8.46.2 → 8.56.0	8.56.1

⚠️ Renovate's pin functionality does not currently wire in the release age for a package, so the Minimum Release Age checks can apply. You will need to manually validate the Minimum Release Age for these package(s).

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

---

Release Notes

get-convex/rag (@​convex-dev/rag)

v0.7.1

Compare Source

• Adds hybrid text/vector search (credit:richardsolomou)

get-convex/rate-limiter (@​convex-dev/rate-limiter)

v0.3.2

Compare Source

• Pass client-provided keys to the key function, don't trust them by default.
  This was a quick follow-up to 0.3.1 to prevent passing arbitrary keys from the
  client un-validated

v0.3.1

Compare Source

• Allow client-provided key for rate limiter hooks (credit: marcoshernanz)
• Add consts for WEEK and DAY (credit: marwand)

get-convex/workflow (@​convex-dev/workflow)

v0.3.4

Compare Source

v0.3.3

Compare Source

• Export EventId type and vEventId validator from @​convex-dev/workflow

eslint/eslint (@​eslint/js)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

v9.39.2

Compare Source

v9.39.1

Compare Source

v9.39.0

Compare Source

radix-ui/primitives (@​radix-ui/react-aspect-ratio)

v1.1.8

tailwindlabs/tailwindcss-typography (@​tailwindcss/typography)

v0.5.19

Compare Source

Fixed

• Fixed broken color styles (#​405)

v0.5.18

Compare Source

Fixed

• Fixed undefined variable error (#​403)

v0.5.17

Compare Source

Added

• Add modifiers for description list elements (#​357)
• Add prose-picture modifier (#​367)

Fixed

• Include unit in hr border-width value (#​379)
• Ensure <kbd> styles work with Tailwind CSS v4 (#​387)

Changed

• Remove lodash dependencies (#​402)

postcss/autoprefixer (autoprefixer)

v10.4.24

Compare Source

• Made Autoprefixer a little faster (by @​Cherry).

v10.4.23

Compare Source

• Reduced dependencies (by @​hyperz111).

v10.4.22

Compare Source

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

get-convex/convex-js (convex)

v1.32.0

• Improved the API documentation with more examples to help AI agents.

• Added a new npx convex insights CLI command to show the insights
  for a deployment.

• Added insights MCP tool for diagnosing OCC conflicts and resource limit issues
  on cloud deployments.

• The insights MCP tool works on production deployments without requiring
  --dangerously-enable-production-deployments.

• When using a local Convex backend (local dev deployment, agent mode or
  anonymous mode), the deployment’s data is now stored in a .convex
  directory in the project root (instead of ~/.convex). This change
  is helpful when using multiple worktrees, since each worktree can get
  its own isolated storage. Existing local deployments are not affected.

• Added new options maximumRowsRead and maximumBytesRead
  to PaginationOptions to get more fine-grained control over
  the number of rows read when using pagination.

• When creating a new dev deployment, the Convex CLI now asks you which
  deployment region you want to use if you haven’t set a team default.

• Increased the default value for authRefreshTokenLeewaySeconds
  to 10 seconds.

• The CLI now uses VITE_CONVEX_* environment variables when using Remix
  alongside Vite, instead of CONVEX_*.

• Fixed an issue where the CLI would sometimes be affected by GitHub API
  rate limits when downloading the local deployment binary.

• Fixed an issue where websockets would disconnect when using Bun.

• Fixed an issue with the WorkOS integration that caused crashes
  when running npx convex deploy with a deployment that has
  its own WorkOS credentials.

• Fixed an issue with the WorkOS integration where the
  WORKOS_API_KEY environment variable from the shell
  would incorrectly be used.

• Fixed an issue where some modifications to auth.config.ts
  would cause the push process to fail.

• Fixed an issue on Windows that caused arrow key presses to be ignored when the “cloud or local deployment” prompt is shown.

v1.31.7

• Add getConvexSize and getDocumentSize functions to convex/values for calculating the size of Convex values in bytes. This is the same size calculation used for bandwidth tracking and document size limits.
• Optimize code push to only upload changed modules.
• Include CONVEX_SITE_URL in environment variables.

v1.31.6

• Added a new authKit field in convex.json that allows you to customize the automatic provisioning and configuration of WorkOS environments.
• The CLI now warns you when using a Node.js version older than Node.js 20.
• Improved error messages when requests fail in the MCP server.
• Improved the error message when creating a component with an invalid name.

v1.31.5

• Exclude source code content from bundled sourcemaps by default. This reduces the
  size of the bundled pushed by npx convex dev and npx convex deploy to make
  them run faster.
• This version drops support for Node.js 18. Please update to Node.js 20 or newer.

v1.31.4

• Fix window.addEventListener is not a function bug in React Native.

v1.31.3

• CONVEX_AGENT_MODE=anonymous can now be used while logged in.

• The client will try to reconnect immediately after being offline instead of
  waiting for the scheduled backoff delay.

• Optimize bundling during code push, and add includeSourcesContent option in
  convex.json to configure whether to include source code content in bundled
  sourcemaps.

v1.31.2

• Bug fix: the TypeScript types of the new ctx.db APIs introduced in 1.31.0
  incorrectly allowed passing IDs with types broader than the table name
  argument (e.g. db.get("table1", id) where id is
  Id<"table1"> | Id<"table2">). This issue is fixed in 1.31.2.

v1.31.1

• You can now increase the speed of type checking when using npx convex dev
  by enabling the TypeScript native preview
  (TypeScript 7).
  To do so, add @typescript/native-preview as a dev dependency and
  set typescriptCompiler: "tsGo" in convex.json.

v1.31.0

• db.get, db.patch, db.replace, and db.delete now accept a table name as
  the first argument (e.g. db.get("messages", messageId) instead of
  db.get(messageId)). This new syntax is more ergonomic, safer, and will allow
  developers to customize IDs in the future. We recommend that all developers
  migrate to the new syntax, using the ESLint rule
  @convex-dev/explicit-table-ids
  or our standalone codemod tool
  (npx @​convex-dev/codemod@latest explicit-ids).
  Learn more on news.convex.dev

v1.30.0

• The --preview-create parameter for npx convex deploy will now error if
  used with a deploy key that is not a preview deploy key. Previously, the flag
  would be ignored in this situation, and npx convex deploy would deploy to
  the production deployment. If you were depending on this behavior, make sure
  to remove the --preview-create flag when deploying to production.

get-convex/convex-helpers (convex-helpers)

v0.1.113

Compare Source

• Zod 4 support: fix the input type of zid (thanks @​danth3b0t!)

v0.1.112

Compare Source

• Zod 4 support: fix an issue where zodToConvex would incorrectly
  identify some types as v.id() when using Zod schema inheritance.
• Relationships: fix the return type of getManyVia
  and getManyViaOrThrow when using system tables.

v0.1.111

Compare Source

• Allow a hono http router register more routes using the standard
  Convex HttpRouter API

v0.1.110

Compare Source

• Improve db wrapping in Triggers to support using an RLS-wrapped DB

v0.1.109

Compare Source

• Triggers/row-level security: fix a type issue with the ctx.db APIs with
  table name arguments (see the changelog of
  convex@1.31.2)
• Zod 4: fix handling of optional in the type of zodOutputToConvex (credit: ksinghal)
• Fixes validation of records with undefined values. validate will now skip entries
  with undefined values for record and object validators, and parse will drop
  entries from records that have undefined values.
• The openapi and ts generator commands will now avoid adding .yaml if the filename
  already includes it.

v0.1.108

Compare Source

• makeUseQueryWithStatus: fix handling of some argument values
  (credit: RhysSullivan)
• Triggers: fix handling of ctx.db calls with a table name parameter

v0.1.107

Compare Source

• Zod support: branded object types are now supported (credit: gary-ix)
• Fixes skipConvexValidation for zod custom functions to still do zod validation.

v0.1.106

Compare Source

• Update typedV to match the type of the installed convex validators for v.nullable
• Improves handling of literals() helper to keep the ordering of its members
• Improved Zod 4 handling of circular types, empty returns, and empty function args
• Zod 4 transforms can now be asynchronous

v0.1.105

Compare Source

• convex-helpers now supports Zod 4! (#​840)
  • The new methods that support Zod 4 can be found in convex-helpers/server/zod4
  • Existing types and methods for Zod 3 support have been moved
    (convex-helpers/server/zod → convex-helpers/server/zod3)
  • Thanks to @​ksinghal and @​natedunn for their contributions to this improvement.
• Zod 3 support: fix the return types of zodOutputToConvex for objects and unions
  (credit: gari-ix)
• Zod 3 support: improve the type safety of onSuccess in custom function builders
• Sessions: If the only argument to a session function is the sessionId,
  allow omitting args in React.

get-convex/convex-test (convex-test)

v0.0.41

Compare Source

v0.0.40

Compare Source

• Extends ctx in t.run to conform to both MutationCtx and ActionCtx.

v0.0.39

Compare Source

• Adds support for using the upcoming ctx.db syntax where you pass explicit table names.
• Improves text search implementation to more closely match Convex text search: case insensitive, splitting whitespace and handling undefined in withIn
  ex.

iamkun/dayjs (dayjs)

v1.11.19

Compare Source

Bug Fixes

• added usage warnings for diff + updated unit tests (#​2948) (269a7a9)
• dont instantiate regexes within ar locale functions to avoid performance overhead (#​2898) (af5e9f0)
• replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#​2930) (9e9f76c)
• Updated Belarusian locale with relative time (#​2656) (1d8746c)

ArnaudBarre/eslint-plugin-react-refresh (eslint-plugin-react-refresh)

v0.5.0

Compare Source

Breaking changes

• The package now ships as ESM and requires ESLint 9 + node 20. Because legacy config doesn't support ESM, this requires to use flat config
• A new reactRefresh export is available and prefered over the default export. It's an object with two properties:
  • plugin: The plugin object with the rules
  • configs: An object containing configuration presets, each exposed as a function. These functions accept your custom options, merge them with sensible defaults for that config, and return the final config object.
• customHOCs option was renamed to extraHOCs
• Validation of HOCs calls is now more strict, you may need to add some HOCs to the extraHOCs option

Config example:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig(
  /* Main config */
  reactRefresh.configs.vite({ extraHOCs: ["someLibHOC"] }),
);

Config example without config:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig({
  files: ["**/*.ts", "**/*.tsx"],
  plugins: {
    // other plugins
    "react-refresh": reactRefresh.plugin,
  },
  rules: {
    // other rules
    "react-refresh/only-export-components": [
      "warn",
      { extraHOCs: ["someLibHOC"] },
    ],
  },
});

Why

This version follows a revamp of the internal logic to better make the difference between random call expressions like export const Enum = Object.keys(Record) and actual React HOC calls like export const MemoComponent = memo(Component). (fixes #​93)

The rule now handles ternaries and patterns like export default customHOC(props)(Component) which makes it able to correctly support files like this one given this config:

{
  "react-refresh/only-export-components": [
    "warn",
    { "extraHOCs": ["createRootRouteWithContext"] }
  ]
}

[!NOTE]
Actually createRoute functions from TanStack Router are not React HOCs, they return route objects that fake to be a memoized component but are not. When only doing createRootRoute({ component: Foo }), HMR will work fine, but as soon as you add a prop to the options that is not a React component, HMR will not work. I would recommend to avoid adding any TanStack function to extraHOCs it you want to preserve good HMR in the long term. [Bluesky thread](https

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 04:59 AM, only on Monday ( * 0-4 * * 1 ) in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/get-convex/agent/@convex-dev/agent@175

commit: bdf2402

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: playground/package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: @convex-dev/agent-playground@0.0.20
npm error Found: react@undefined
npm error node_modules/react
npm error   dev react@"file:../node_modules/react" from the root project
npm error
npm error Could not resolve dependency:
npm error peer react@"^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" from @radix-ui/react-accordion@1.2.12
npm error node_modules/@radix-ui/react-accordion
npm error   @radix-ui/react-accordion@"^1.2.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-02-23T22_43_49_558Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-02-23T22_43_49_558Z-debug-0.log