build(deps): bump the all-dependencies group with 6 updates

[dependabot]

Bumps the all-dependencies group with 6 updates:

Package	From	To
@supabase/supabase-js	2.106.1	2.106.2
ws	8.20.1	8.21.0
@anthropic-ai/sdk	0.98.0	0.100.1
@typescript-eslint/eslint-plugin	8.59.4	8.60.0
@typescript-eslint/parser	8.59.4	8.60.0
eslint-plugin-prettier	5.5.5	5.5.6

Updates @supabase/supabase-js from 2.106.1 to 2.106.2

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.2

2.106.2 (2026-05-25)

🩹 Fixes

• auth: restore signup user response (#2391)
• misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

• Myroslav Hryhschenko @​BLOCKMATERIAL
• Vaibhav @​7ttp

v2.106.2-canary.1

2.106.2-canary.1 (2026-05-22)

This was a version bump only, there were no code changes.

v2.106.2-canary.0

2.106.2-canary.0 (2026-05-22)

🩹 Fixes

• auth: restore signup user response (#2391)
• misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

• Myroslav Hryhschenko @​BLOCKMATERIAL
• Vaibhav @​7ttp

v2.106.2-beta.2

2.106.2-beta.2 (2026-05-22)

This was a version bump only, there were no code changes.

v2.106.2-beta.0

2.106.2-beta.0 (2026-05-21)

This was a version bump only, there were no code changes.

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.106.2 (2026-05-25)

🩹 Fixes

• misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

• Myroslav Hryhschenko @​BLOCKMATERIAL

Commits

• a5f09cf chore(repo): adopt pnpm catalog and clean up devDeps (#2389)
• c72cc56 fix(misc): add react-native export condition for Hermes-safe resolution (#2393)
• a7bdb23 docs(supabase): expand tracePropagation tsdoc with examples (#2388)
• f4c149c chore(release): version 2.106.1 changelogs (#2384)
• See full diff in compare view

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

• Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

• Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

• bca91ad [dist] 8.21.0
• 2b2abd4 [security] Limit retained message parts
• 78eabe2 [security] Add latest vulnerability to SECURITY.md
• See full diff in compare view

Updates @anthropic-ai/sdk from 0.98.0 to 0.100.1

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.100.1

0.100.1 (2026-05-29)

Full Changelog: sdk-v0.100.0...sdk-v0.100.1

Bug Fixes

• streaming: carry encrypted_content on beta compaction blocks (#1025) (eccddf3)

Chores

• client: update lockfiles to have proper dependencies on standardwebhooks (5e9b523)

sdk: v0.100.0

0.100.0 (2026-05-28)

Full Changelog: sdk-v0.99.0...sdk-v0.100.0

Features

• api: Add support for claude-opus-4-8, mid-conversation system blocks, and usage.output_tokens_details (bb0bf27)

Documentation

• replace literal newlines (66ba142)

sdk: v0.99.0

0.99.0 (2026-05-27)

Full Changelog: sdk-v0.98.1...sdk-v0.99.0

Features

• support custom file size caps (#1029) (814cd4c)

Bug Fixes

• streaming: carry stop_details through message_delta accumulation (#1027) (198bc27)

sdk: v0.98.1

0.98.1 (2026-05-26)

Full Changelog: sdk-v0.98.0...sdk-v0.98.1

Bug Fixes

• client: preserve directory prefix in skills.versions.create uploads (#1024) (abbcd6a)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.100.1 (2026-05-29)

Full Changelog: sdk-v0.100.0...sdk-v0.100.1

Bug Fixes

• streaming: carry encrypted_content on beta compaction blocks (#1025) (eccddf3)

Chores

• client: update lockfiles to have proper dependencies on standardwebhooks (5e9b523)

0.100.0 (2026-05-28)

Full Changelog: sdk-v0.99.0...sdk-v0.100.0

Features

• api: Add support for claude-opus-4-8, mid-conversation system blocks, and usage.output_tokens_details (bb0bf27)

Documentation

• replace literal newlines (66ba142)

0.99.0 (2026-05-27)

Full Changelog: sdk-v0.98.1...sdk-v0.99.0

Features

• support custom file size caps (#1029) (814cd4c)

Bug Fixes

• streaming: carry stop_details through message_delta accumulation (#1027) (198bc27)

0.98.1 (2026-05-26)

Full Changelog: sdk-v0.98.0...sdk-v0.98.1

Bug Fixes

• client: preserve directory prefix in skills.versions.create uploads (#1024) (abbcd6a)

Chores

... (truncated)

Commits

• 512605f chore: release main
• d0148df codegen metadata
• 4d836b4 codegen metadata
• 323e350 codegen metadata
• ea36df7 chore(client): update lockfiles to have proper dependencies on standardwebhooks
• 0ea1922 codegen metadata
• 991d88f fix(streaming): carry encrypted_content on beta compaction blocks (#1025)
• 6f97c4d chore: release main
• 1fd7ec7 feat(api): Add support for claude-opus-4-8, mid-conversation system blocks, a...
• f5bfc10 docs: replace literal newlines
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​anthropic-ai/sdk since your current version.

Updates @typescript-eslint/eslint-plugin from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.60.0 (2026-05-25)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• f891c29 chore(release): publish 8.60.0
• See full diff in compare view

Updates @typescript-eslint/parser from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.60.0 (2026-05-25)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• f891c29 chore(release): publish 8.60.0
• See full diff in compare view

Updates eslint-plugin-prettier from 5.5.5 to 5.5.6

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.6

Patch Changes

• #791 b5c96a3 Thanks @​JounQin! - chore: bump all (dev)Dependencies

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.6

Patch Changes

• #791 b5c96a3 Thanks @​JounQin! - chore: bump all (dev)Dependencies

Commits

• 4f33ea5 chore: release eslint-plugin-prettier (#792)
• 4745b54 ci: declare workflow-level contents: read on 2 workflows (#790)
• b5c96a3 chore: bump all (dev)Dependencies (#791)
• e867680 chore(deps): update all dependencies (#766)
• e8e2f7f chore: testing eslint v10 (#779)
• ca076d9 chore: update dev dependencies (#780)
• 42e6369 build(deps): Bump the actions group with 2 updates (#778)
• 53ff214 Remove empty NPM_TOKEN from release.yml
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

🎉 PR Validation ✅ PASSED

Commit: c24974bfde76085eda85ded7ea98a37d67d779d8
Branch: dependabot/npm_and_yarn/all-dependencies-33671f97a2

Checks:

• ✅ Release guard (no version/changelog changes)
• ✅ Dependencies installed
• ✅ Type check passed
• ✅ Linting passed
• ✅ Format check passed
• ✅ Tests + coverage passed
• ✅ Build successful

Ready to merge! ✨

---

🔗 View workflow run
⏰ Generated at: 2026-05-29T19:11:55.835Z

[vreshch]

Applied to master via squash commit dbd292d (back-dated 2026-05-24, linear-history ruleset). Closing.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml