chore(deps): bump the minor-and-patch group across 1 directory with 29 updates

[dependabot]

Bumps the minor-and-patch group with 29 updates in the / directory:

Package	From	To
@modelcontextprotocol/sdk	1.27.1	1.29.0
ai	6.0.68	6.0.164
markitdown-ts	0.0.9	0.0.10
minimatch	10.1.1	10.2.5
nanoid	5.1.6	5.1.9
node-llama-cpp	3.17.1	3.18.1
officeparser	6.0.4	6.1.0
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
react-force-graph-2d	1.29.0	1.29.1
sqlite-vec	0.1.7-alpha.2	0.1.9
streamdown	2.1.0	2.5.0
tailwind-merge	3.4.0	3.5.0
tailwindcss	4.1.18	4.2.2
use-stick-to-bottom	1.1.2	1.1.3
@ai-sdk/openai	3.0.25	3.0.53
@biomejs/biome	2.3.14	2.4.12
@tailwindcss/cli	4.1.18	4.2.2
@types/bun	1.3.8	1.3.12
ajv	8.17.1	8.18.0
docx	9.5.1	9.6.1
happy-dom	20.8.9	20.9.0
lefthook	2.1.4	2.1.6
oxfmt	0.28.0	0.45.0
oxlint	1.43.0	1.60.0
oxlint-tsgolint	0.11.5	0.21.1
playwright	1.58.2	1.59.1
ultracite	7.1.5	7.5.9
vitest	4.0.18	4.1.4

Updates @modelcontextprotocol/sdk from 1.27.1 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @​felixweinberger in modelcontextprotocol/typescript-sdk#1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in modelcontextprotocol/typescript-sdk#1575
• Add typings exports by @​tdraier in modelcontextprotocol/typescript-sdk#1623
• v1.x npm audit fix by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1780
• v1.x #1623 follow up -add missing types to package.json by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in modelcontextprotocol/typescript-sdk#1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in modelcontextprotocol/typescript-sdk#1640
• chore: bump version to 1.29.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

• @​tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623
• @​jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

• feat: use scopes_supported from resource metadata by default (fixes #580) by @​antogyn in modelcontextprotocol/typescript-sdk#757
• [v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @​pcarleton in modelcontextprotocol/typescript-sdk#1611
• fix: reject plain JSON Schema objects passed as inputSchema by @​tiluckdave in modelcontextprotocol/typescript-sdk#1596
• fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @​pcarleton in modelcontextprotocol/typescript-sdk#1462
• fix(server/auth): RFC 8252 loopback port relaxation by @​poteat in modelcontextprotocol/typescript-sdk#1738
• chore: bump version to 1.28.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

• @​antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757
• @​tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596
• @​poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

Commits

• e12cbd7 chore: bump version to 1.29.0 (#1820)
• 3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
• 5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
• 7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
• 364f38c v1.x npm audit fix (#1780)
• c95cc09 Add typings exports (#1623)
• ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
• 2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
• 13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
• a056569 chore: bump version to 1.28.0 (#1746)
• Additional commits viewable in compare view

Updates ai from 6.0.68 to 6.0.164

Release notes

Sourced from ai's releases.

ai@6.0.164

Patch Changes

• Updated dependencies [83434a9]
  • @​ai-sdk/gateway@​3.0.101

ai@6.0.163

Patch Changes

• Updated dependencies [a27a631]
  • @​ai-sdk/gateway@​3.0.100

Commits

• e662efd Version Packages (#14510)
• 83434a9 Backport: feat (provider/gateway): add provider routing sort options (#14508)
• 3aa3a68 Version Packages (#14507)
• a27a631 Backport: feat (provider/gateway): make model list resilient to unknown model...
• a2d619a Version Packages (#14502)
• b937f3e Backport: fix(xai): support encrypted reasoning round-trip for ZDR (#14497)
• b0e5ab3 Version Packages (#14494)
• 8c4abaf Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• 536433f Version Packages (#14469)
• 9031f26 Backport: fix(gateway): add 'reranking' to modelType validation schema and ty...
• Additional commits viewable in compare view

Updates markitdown-ts from 0.0.9 to 0.0.10

Release notes

Sourced from markitdown-ts's releases.

v0.0.10

No significant changes

    View changes on GitHub

Commits

• 2d8d157 chore: release v0.0.10
• See full diff in compare view

Updates minimatch from 10.1.1 to 10.2.5

Changelog

Sourced from minimatch's changelog.

change log

10.2

• Add braceExpandMax option

10.1

• Add magicalBraces option for escape
• Fix makeRe when partial: true is set.
• Fix makeRe when pattern ends in a final ** path part.

10.0

• Require node 20 or 22 and higher

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits

• 693c823 10.2.5
• 7953af1 do not allow .. to consume drive letter on Windows
• 1caf918 lint and format
• 7783ed6 ignore docs
• 6d9b356 update deps etc
• c36addb 10.2.4
• 26b9002 docs: add warning about ReDoS
• 3a0d83b fix partial matching of globstar patterns
• ea94840 10.2.3
• 0873fba update deps
• Additional commits viewable in compare view

Updates nanoid from 5.1.6 to 5.1.9

Release notes

Sourced from nanoid's releases.

5.1.9

• Fixed npm package size regression.

5.1.8

• Made cusatomAlphabet 75% faster (by @​saripovdenis).

5.1.7

• Added --version to CLI (by @​mahmoodhamdi).
• Updated nanoid.js for CDN (by @​mahmoodhamdi).
• Fixed docs (by @​mahmoodhamdi).
• Fixed customRandom types (by @​oguimbal).

Changelog

Sourced from nanoid's changelog.

5.1.9

• Fixed npm package size regression.

5.1.8

• Made cusatomAlphabet 75% faster (by @​saripovdenis).

5.1.7

• Added --version to CLI (by @​mahmoodhamdi).
• Updated nanoid.js for CDN (by @​mahmoodhamdi).
• Fixed docs (by @​mahmoodhamdi).
• Fixed customRandom types (by @​oguimbal).

Commits

• e52d946 Release 5.1.9 version
• 2c0eec6 Remove docs from npm package
• 11c05dc Release 5.1.8 version (#586)
• 94953df Fix comment 80 columsn limit (#585)
• e646618 Update benchmark (#584)
• d3030b7 Improve comments (#583)
• e1acf37 Use full byte range in customAlphabet (+ ~75% ops / sec optimisation) (#582)
• f4e7fbe Re-use var in the price of extra 4 bytes of JS bundle size (#581)
• 234a6c3 Remove redundant browser step cast (#578)
• 7720742 Do not calculate expression twice in Node.js where size is not important (#580)
• Additional commits viewable in compare view

Updates node-llama-cpp from 3.17.1 to 3.18.1

Release notes

Sourced from node-llama-cpp's releases.

v3.18.1

3.18.1 (2026-03-17)

Features

• customize postinstall behavior (#582) (57bea3d) (documentation: Customizing postinstall Behavior)
• experimental support for context KV cache type configurations (#582) (57bea3d) (documentation: LlamaContextOptions["experimentalKvCacheKeyType"])
• support NVFP4 quants (#582) (57bea3d)

---

Shipped with llama.cpp release b8390

To use the latest llama.cpp release available, run npx -n node-llama-cpp source download --release latest. (learn more)

v3.18.0

3.18.0 (2026-03-15)

Features

• automatic checkpoints for models that need it (#573) (c641959)
• QwenChatWrapper: Qwen 3.5 support (#573) (c641959)
• inspect gpu command: detect and report missing prebuilt binary modules and custom npm registry (#573) (c641959)

Bug Fixes

• resolveModelFile: deduplicate concurrent downloads (#570) (cc105b9)
• correct Vulkan URL casing in documentation links (#568) (5a44506)
• Qwen 3.5 memory estimation (#573) (c641959)
• grammar use with HarmonyChatWrapper (#573) (c641959)
• add mistral think segment detection (#573) (c641959)
• compress excessively long segments from the current response on context shift instead of throwing an error (#573) (c641959)
• default thinking budget to 75% of the context size to prevent low-quality responses (#573) (c641959)

---

Shipped with llama.cpp release b8352

To use the latest llama.cpp release available, run npx -n node-llama-cpp source download --release latest. (learn more)

Commits

• 57bea3d feat(minor): customize postinstall behavior (#582)
• c641959 feat: automatic checkpoints for models that need it (#573)
• cc105b9 fix(resolveModelFile): deduplicate concurrent downloads (#570)
• 5a44506 fix: correct Vulkan URL casing in documentation links (#568)
• See full diff in compare view

Updates officeparser from 6.0.4 to 6.1.0

Release notes

Sourced from officeparser's releases.

v6.1.0: Infrastructure Stability & Smart OCR Scheduling

Changes: v6.0.7..v6.1.0

This release marks a major milestone in the technical maturity of officeParser, moving from a monolithic parser to a robust, resource-aware infrastructure. v6.1.0 focuses on stability, performance, and developer experience without breaking core backward compatibility.

---

🔥 Major Highlights

📦 Modern Module System & Nomenclature Change

Since v6.0.7, we have standardized our browser distribution to support modern development workflows. This includes a major change in bundle naming:

• Nomenclature Change: officeparser.browser.js or officeParserBundle@${VERSION}.js has been renamed to officeparser.browser.iife.js to explicitly indicate its format.
• Dual-Bundle System: We now ship two distinct browser packages (add @${VERSION} after officeparser if using release asset):
  1. officeparser.browser.iife.js: Standard IIFE bundle for direct <script> tag usage (Global officeParser namespace).
  2. officeparser.browser.mjs: A native ESM bundle for modern browsers, Vite, and Webpack 5.
• Node.js: Full native ESM support with Node16 resolution.

🧠 Smart OCR Worker Pool

We’ve completely rewritten the OCR engine to handle internal resource management intelligently.

• Lazy Initialization: OCR workers and tesseract.js are now lazy-loaded. Simply require or import the library at the top-level no longer spawns any background processes, resolving the long-standing "process leak" issue.
• Worker Pooling: Workers are now pooled and reused across parallel parsing requests, providing up to 3x faster processing for documents with multiple images.
• Auto-Termination: A new idle-timer automatically cleans up worker processes after 10 seconds of inactivity (configurable via ocrConfig.autoTerminateTimeout).
• Manual Control: Exported a new terminateOcr() function for snappy CLI script exits.

📦 Infrastructure Migration

• Fflate Integration: Replaced legacy yauzl with fflate for zero-memory-buffer zip extraction, significantly improving performance on massive spreadsheets and low-memory environments like Edge Functions.
• PDF.js v5: Upgraded the internal PDF engine to the latest stable release (v5.6.205) with improved text-layer coordinate alignment.

🏷️ Custom Property Extraction

You can now extract user-defined custom metadata (e.g., custom tags, proprietary fields) across almost all formats:

• OOXML: Standard custom document properties (docProps/custom.xml).
• ODF: User-defined fields in OpenOffice/LibreOffice metadata.
• PDF: Custom key-value pairs from the PDF Info dictionary.

📄 Documentation & Branding Overhaul

• Premium SPA Docs: A completely redesigned live documentation site with persistent fragments.
• Interactive Visualizer: Test any file in-browser to see the hierarchical AST and real-time preview.
• Troubleshooting Guide: A new, comprehensive debugging guide covering everything from process hangs to PDF worker resolution.
• Metric Verification: Standardized all download metrics to 260k+ weekly installs with dynamic Shields.io badges and live verification links via npm-stat.com.

---

🛠️ API & Configuration Changes

New Configuration Options (OfficeParserConfig)

• ocrConfig: New object for fine-grained OCR control.
• ocrConfig.autoTerminateTimeout: Duration (ms) to keep workers alive before cleanup.
• ocrConfig.workerPath, ocrConfig.corePath, ocrConfig.langPath: Full support for air-gapped/offline local Tesseract hosting.

Deprecations

... (truncated)

Changelog

Sourced from officeparser's changelog.

[6.1.0] - 2026-04-14

Added

• OCR Scheduler: Intelligent worker pool that optimizes Tesseract lifecycle across parallel requests.
• Custom Properties: Support for extracting document metadata across OOXML, ODF, and PDF formats.
• Sponsorship: Integrated funding.json manifest and GitHub Sponsors support.
• Governance: Added .editorconfig, .gitattributes, and SUPPORT.md.

Changed

• Core Engine: Replaced legacy zip extraction with fflate for significant performance gains and robust browser/edge compatibility.
• Module System: Full native ESM support with Node16 resolution and verified browser bundles (Vite/Angular compatible).
• Format Refinements: Hierarchical PDF coordinate alignment and ODT/RTF list parsing stability.

[6.0.0] - 2025-12-29

Added

• Major Overhaul: Transitioned from simple text extraction to a rich Abstract Syntax Tree (AST) output.
• Structured Output: Access hierarchical document structure (paragraphs, headings, tables, lists, etc.).
• Rich Metadata: Extracted document properties (author, title, creation date).
• Enhanced Formatting: Support for bold, italic, colors, fonts, alignment, etc.
• Attachment Handling: Extract images, charts, and embedded files as Base64.
• OCR Integration: Optional OCR for images using Tesseract.js.
• RTF Support: Added full support for Rich Text Format files.
• TypeScript: Full TypeScript support with detailed interfaces and improved type definitions.

Changed

• Simplified API: Transitioned to the unified parseOffice for all parsing needs (returns a Promise).

[5.1.1] - 2024-11-12

Added

• Added ArrayBuffer as a type of file input.
• Introduced browser bundle generation, exposing the officeParser namespace for direct browser usage.

[5.0.0] - 2024-10-21

Added

• Replaced decompress with yauzl for zip extraction.
• Migrated to in-memory extraction (no longer writing to disk).
• Removed config flags related to extracted files and added flags for CLI execution.

[4.2.0] - 2024-10-15

Added

• Fixed race conditions when deleting temp files during parallel execution.
• Resolved errors occurring when multiple executions were made without waiting for the previous one to finish.
• Upgraded project dependencies.

[4.1.2] - 2024-10-13

Fixed

• Fixed text parsing from XLSX files containing no shared strings file or using inlineStr based strings.

[4.1.1] - 2024-05-06

Changed

• Replaced pdf-parse with a native pdf.js implementation for more robust PDF analysis.

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for officeparser since your current version.

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-force-graph-2d from 1.29.0 to 1.29.1

Commits

• 300b47d 1.29.1
• c5378a6 Publish pckgs
• ada0d4d Bump deps
• 788b680 Update readme
• See full diff in compare view

Updates sqlite-vec from 0.1.7-alpha.2 to 0.1.9

Release notes

Sourced from sqlite-vec's releases.

v0.1.9 Bug fix for DELETE operations

Fixes #274, which discovered that DELETE operations on vec0 tables with metadata text columns that are long (>12chars) would erronuously report a SQLItE_DONE error.

v0.1.9-alpha.1

Attempted fix of broken DELETEs on vec0 rows with large metdata text column values, as reported in #274

v0.1.8

Minor fix to the sqlite-vec NPM package, fixing #272. If youv'e ever had a problem npm install'ing sqlite-vec, now 's a great time to try again!

v0.1.8-alpha.1

Attempt to fix Node.js package distribution by bumping sqlite-dist in the release process.

sqlite-vec is back: v0.1.7

sqlite-vec is back! After a long hiatus, I am now working again on making sqlite-vec as fast and easy-to-use as possible.

I'd like to especially thank Mozilla for graciously supporting me in improving sqlite-vec!

This v0.1.7 release fixes some long-standing bugs and introduces a few small new features, namely:

• Proper DELETE support: Deleting vectors will now clear up space (if you DELETE enough to clear out a chunk, ~1024 vectors).
• Constraint support on constraint column in KNN queries: You can now use >/>=/</<= constraints on the distance column in vec0 KNN queries, which allows you to "paginate" through KNN queries. This isn't "real" pagination, but if you ever wanted to scroll through vector search results without a giant k value and doing it manually, this may help!

But overall, this release is about reviving old workflows, updating runners, fixing tests, and other housekeeping tasks. I now have proper fuzz testing on sqlite-vec, which has caught a few memory related, rare bugs.

There's still much to do: the documentation site is stale, docs are out-of-date, some old Go/ncruces bindings are paused. Feel free to file issues as you see fit, I'm finding it hard to see which bugs are still oustanding.

But the biggest update coming soon: ANN support. Look for the first release of DiskANN in sqlite-vec coming very soon!

And to end this: a big thanks to everyone who have used and continue to use sqlite-vec. I do apologize greatly for the long time between releases. This project got quite large very fast, and I do appreicate though who offered support and patched (big shoutout to @​vlasky who's maintained a fork!).

v0.1.7-alpha.13

No release notes provided.

v0.1.7-alpha.12

No release notes provided.

v0.1.7-alpha.11

No release notes provided.

v0.1.7-alpha.10

No release notes provided.

v0.1.7-alpha.9

No release notes provided.

v0.1.7-alpha.8

No release notes provided.

... (truncated)

Commits

• e9f598a v0.1.9
• 6c3bf36 v0.1.9-alpha.1
• ee9bd2b Fix SQLITE_DONE leak in ClearMetadata that broke DELETE on long text metadata...
• dfd8dc5 v0.1.8
• e7ae41b v0.1.8-alpha.1
• a8d81cb bump sqlte-dist
• 633eecf v0.1.7
• 4138619 v0.1.7-alpha.13
• 7669f69 v0.1.7-alpha.12
• 380b0bb Redact version from info table snapshot to avoid test failures on version bumps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for sqlite-vec since your current version.

Updates streamdown from 2.1.0 to 2.5.0

Release notes

Sourced from streamdown's releases.

streamdown@2.5.0

Minor Changes

• d6666b6: Add lineNumbers prop to disable line numbers in code blocks
• d4ec6c0: Add meta prop to CustomRendererProps. Custom renderers now receive the raw metastring from the code fence (everything after the language identifier, e.g. ```rust {1} title="foo" → meta = '{1} title="foo"'). The prop is optional (meta?: string) and is undefined when no metastring is present. Existing custom renderers are unaffected.

Patch Changes

• ac8d839: Add staggered animation-delay to streaming word/character animations so new content cascades in sequentially instead of all animating simultaneously. Configurable via the new stagger option (default 40ms). Set stagger: 0 to restore the previous behavior.

• add5374: Enable horizontal scrolling on code blocks so long lines are accessible instead of being clipped by overflow-hidden.

• 75845c0: Fix unnecessary re-renders of code blocks during streaming updates.

  Problem: In streaming mode, when new content arrives (e.g. a paragraph is appended), completed code blocks that haven't changed were still re-rendering. This happened because the Streamdown component used inline object literals as default parameter values for linkSafety ({ enabled: true }). Every time children changed and Streamdown re-rendered, these inline defaults created new references, which caused the contextValue useMemo to recompute a new StreamdownContext object. Since React propagates context changes through memo boundaries, any context consumer inside a memoized Block (such as CodeBlock) would re-render even though the block's own props were unchanged.

  Fix: Extract the inline default values for linkSafety into module-level constants (defaultLinkSafetyConfig). This ensures referential stability across renders, so contextValue only recomputes when the actual values change — not just because children updated.

• 8b1c262: fix: prepend UTF-8 BOM to CSV downloads for Excel compatibility

  • save() now prepends \uFEFF for text/csv string content so Excel on Windows detects UTF-8 encoding instead of falling back to ANSI.
  • TableDownloadButton refactored to use save() instead of inline Blob creation, ensuring the public API also gets the BOM fix.

• b105c64: Fix custom tag content being prematurely split when content follows the opening tag on the same line and contains double newlines (\n\n). The preprocessor now ensures proper HTML block structure so the parser treats the entire tag as a single unit.

• 9e6f991: Increase dropdown z-index for table copy and download menus to prevent clipping by surrounding elements.

• 9c18748: docs: document required CSS custom properties (shadcn/ui design tokens) in README

• 7b62e9a: Replace Tailwind v4-only *:last: and *:first: variant syntax with [&>*:last-child]: and [&>*:first-child]: arbitrary variants for compatibility with both Tailwind CSS v3 and v4. Fixes caret rendering on every line instead of only the last child in v3.

• Updated dependencies [e50b0c4]

• Updated dependencies [716a5f0]

  • remend@1.3.0

streamdown@2.4.0

Minor Changes

• 5edff75: Clarified Tailwind @source configuration for Streamdown and optional plugins. Updated documentation to keep the global @source for core streamdown only, move plugin @source guidance to plugin docs with examples, and add a caveat to include plugin entries only if installed.

• 57cd3b5: Add support for custom starting line numbers in code blocks via the startLine meta option.

  Code blocks can now specify a starting line number in the meta string:

  ```js startLine=10

... (truncated)

Changelog

Sourced from streamdown's changelog.

2.5.0

Minor Changes

• d6666b6: Add lineNumbers prop to disable line numbers in code blocks
• d4ec6c0: Add meta prop to CustomRendererProps. Custom renderers now receive the raw metastring from the code fence (everything after the language identifier, e.g. ```rust {1} title="foo" → meta = '{1} title="foo"'). The prop is optional (meta?: string) and is undefined when no metastring is present. Existing custom renderers are unaffected.

Patch Changes

• ac8d839: Add staggered animation-delay to streaming word/character animations so new content cascades in sequentially instead of all animating simultaneously. Configurable via the new stagger option (default 40ms). Set stagger: 0 to restore the previous behavior.

• add5374: Enable horizontal scrolling on code blocks so long lines are accessible instead of being clipped by overflow-hidden.

• 75845c0: Fix unnecessary re-renders of code blocks during streaming updates.

  Problem: In streaming mode, when new content arrives (e.g. a paragraph is appended), completed code blocks that haven't changed were still re-rendering. This happened because the Streamdown component used inline object literals as default parameter values for linkSafety ({ enabled: true }). Every time children changed and Streamdown re-rendered, these inline defaults created new references, which caused the contextValue useMemo to recompute a new StreamdownContext object. Since React propagates context changes through memo boundaries, any context consumer inside a memoized Block (such as CodeBlock) would re-render even though the block's own props were unchanged.

  Fix: Extract the inline default values for linkSafety into module-level constants (defaultLinkSafetyConfig). This ensures referential stability across renders, so contextValue only recomputes when the actual values change — not just because children updated.

• 8b1c262: fix: prepend UTF-8 BOM to CSV downloads for Excel compatibility

  • save() now prepends \uFEFF for text/csv string content so Excel on Windows detects UTF-8 encoding instead of falling back to ANSI.
  • TableDownloadButton refactored to use save() instead of inline Blob creation, ensuring the public API also gets the BOM fix.

• b105c64: Fix custom tag content being prematurely split when content follows the opening tag on the same line and contains double newlines (\n\n). The preprocessor now ensures proper HTML block structure so the parser treats the entire tag as a single unit.

• 9e6f991: Increase dropdown z-index for table copy and download menus to prevent clipping by surrounding elements.

• 9c18748: docs: document required CSS custom properties (shadcn/ui design tokens) in README

• 7b62e9a: Replace Tailwind v4-only *:last: and *:first: variant syntax with [&>*:last-child]: and [&>*:first-child]: arbitrary variants for compatibility with both Tailwind CSS v3 and v4. Fixes caret rendering on every line instead of only the last child in v3.

• Updated dependencies [e50b0c4]

• Updated dependencies [716a5f0]

  • remend@1.3.0

2.4.0

Minor Changes

• 5edff75: Clarified Tailwind @source configuration for Streamdown and optional plugins. Updated documentation to keep the global @source for core streamdown only, move plugin @source guidance to plugin docs with examples, and add a caveat to include plugin entries only if installed.

• 57cd3b5: Add support for custom starting line numbers in code blocks via the startLine meta option.

  Code blocks can now specify a starting line number in the meta string:

  ```js startLine=10
  const x = 1;
  ```

  This renders line numbers beginning at 10 instead of the default 1. The feature works by parsing the startLine=N value from the fenced-code meta string and applying counter-reset: line N-1 to the <code> element.

... (truncated)

Commits

• 15ba1ae Version Packages (#457)
• b752b44 fix(streamdown): move mermaid from devDependencies to dependencies (#466)
• 90a7b58 Run fix
• 9e6f991 fix(streamdown): increase dropdown z-index (#463)
• d6666b6 feat: add lineNumbers prop to disable line numbers in code blocks (#460)
• 6a79e04 fix(streamdown): preserve double newlines in literalTagContent tags (#459)
• b9796c8 Improve test coverage
• 6b49db1 Fix polynomial regular expression issue
• 6d4100a Update utils.test.ts
• 9f8ed4c Lint fixes
• Additional commits viewable in compare view

Updates tailwind-merge from 3.4.0 to 3.5.0

Release notes

Sourced from tailwind-merge's releases.

v3.5.0

New Features

• Add support for Tailwind CSS v4.2 by @​dcastil in dcastil/tailwind-merge#651

Full Changelog: dcastil/tailwind-merge@v3.4.1...v3.5.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

v3.4.1

Bug Fixes

• Prevent arbitrary font-family and font-weight from merging by @​roneymoon in dcastil/tailwind-merge#635

Full Changelog: dcastil/tailwind-merge@v3.4.0...v3.4.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• 270ac79 v3.5.0
• 86f772e add changelog for 3.5.0
• 6c1f77c Merge pull request #651 from dcastil/feature/add-support-for-tailwind-css-v4.2
• 7a4cacf Add support for decimal fraction values
• 9ef0f79 fix incorrectly escaped characters
• f4938b0 update README with v4.2 support
• b02a572 Add Tailwind v4.2 font-features utilities support
• 5bd25ec Add Tailwind v4.2 logical sizing utilities
• 697c920 Add Tailwind v4.2 logical border block utilities
• 6656a47 Improve JSDoc comments for logical insets
• Additional commits viewable in compare view

Updates tailwindcss from 4.1.18 to 4.2.2

Release notes

Sourced from tailwindcss's releases.

v4.2.2

Added

• Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…)Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
gno	Ready	Preview, Comment	Apr 16, 2026 2:00pm

[greptile-apps]

Greptile Summary

Routine Dependabot bump updating 29 packages across package.json and bun.lock. No source code changes are included. Key highlights: sqlite-vec exits alpha (0.1.7-alpha.2 → 0.1.9) with an important DELETE bug fix for vec0 tables with long text metadata columns, which directly affects gno's vector-search data path; streamdown (2.1.0 → 2.5.0) contains a polynomial-regex (ReDoS) fix; and tailwindcss (4.1 → 4.2) and tailwind-merge (3.5.0) are updated in tandem, which is correct. Tooling upgrades for oxlint (1.43 → 1.60), oxfmt (0.28 → 0.45), @biomejs/biome (2.3 → 2.4), and ultracite (7.1 → 7.5) represent significant jumps that may introduce new lint rules — running bun run lint:check before merging is advisable.

Confidence Score: 5/5

Safe to merge — all changes are in bun.lock and package.json only, with no source modifications. All bumps are minor or patch releases.

Only finding is a P2 suggestion to verify lint:check with the updated tooling versions. The notable runtime update (sqlite-vec DELETE bug fix) is a positive correctness improvement. No breaking changes identified across any of the 29 packages.

No files require special attention beyond confirming CI passed lint:check with the new oxlint/oxfmt/ultracite versions.

Important Files Changed

Filename	Overview
package.json	Version ranges updated for markitdown-ts, biomejs/biome, oxfmt, oxlint-tsgolint, and ultracite; remaining bumps land in bun.lock via lockfile resolution within existing ranges
bun.lock	Lockfile updated with resolved hashes for all 29 upgraded packages; reflects consistent resolution of both direct and transitive dependencies

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[29 Package Updates] --> B[Runtime Dependencies]
    A --> C[Dev / Tooling]

    B --> D[Core: sqlite-vec 0.1.7-alpha.2→0.1.9\nDELETE bug fix for vec0 tables]
    B --> E[MCP SDK 1.27.1→1.29.0\nnull TTL fix + size field added]
    B --> F[AI SDK: ai 6.0.68→6.0.164\n@ai-sdk/openai 3.0.25→3.0.53]
    B --> G[UI: react/react-dom 19.2.4→19.2.5\nstreamdown 2.1→2.5 ReDoS fix\ntailwindcss 4.1→4.2]
    B --> H[LLM: node-llama-cpp 3.17→3.18\nofficeparser 6.0→6.1]

    C --> I[Linters: oxlint 1.43→1.60\noxfmt 0.28→0.45\nbiome 2.3→2.4\nultracite 7.1→7.5]
    C --> J[Test: vitest 4.0→4.1\nplaywright 1.58→1.59\nhappy-dom 20.8→20.9]
    C --> K[Build: @tailwindcss/cli 4.1→4.2\ntailwind-merge 3.4→3.5]

Loading

_{Reviews (1): Last reviewed commit: "chore(deps): bump the minor-and-patch gr..." | Re-trigger Greptile}

[greptile-apps]

Significant linting toolchain jumps — verify lint:check passes

oxlint goes from 1.43.0 to 1.60.0 (17 minor versions), oxfmt from 0.28.0 to 0.45.0, and ultracite from 7.1.5 to 7.5.9. Each of these can introduce new enforced rules or formatting changes. Since bun run prerelease runs lint:check, any new violations would block the release workflow. Worth running bun run lint:check locally (or confirming CI ran it) before merging.