Skip to content

Bump the inkeep-agents group across 1 directory with 9 updates#2869

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22
Open

Bump the inkeep-agents group across 1 directory with 9 updates#2869
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 27, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the inkeep-agents group with 5 updates in the /create-agents-template directory:

Package From To
@inkeep/agents-core 0.59.4 0.78.1
@inkeep/agents-manage-ui 0.59.4 0.78.1
@inkeep/agents-sdk 0.59.4 0.78.1
@inkeep/agents-cli 0.59.4 0.78.1
@inkeep/agents-api 0.59.4 0.78.1

Updates @inkeep/agents-core from 0.59.4 to 0.78.1

Release notes

Sourced from @​inkeep/agents-core's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-core's changelog.

0.78.1

Patch Changes

  • 8b0bc17: Simplify cache-state reporting to use the real per-call numbers. Removes the "MISS-regression" state: a cache miss is now a single neutral MISS instead of an alarming red "possible regression" vs a "miss is expected" split, which depended on a reliable per-call marker_count and a prior-signature cursor that the trace store does not provide. Also stops synthesizing a marker count: the conversation route and the timeline usage resolver now derive the cache state directly from the real marker_count (merged from the raw attributes_number bundle) and cache_read instead of fabricating markerCount = 1 when a prefix signature was present — so the badge and the raw "Cache markers" field agree, and a genuine zero-marker call reads as "Skipped". deriveCacheState now treats a cache read as a HIT before checking the marker count, since a read is definitive proof of a hit even when the marker numeric was dropped.
  • 8b0bc17: Improve prompt caching to lower LLM input-token cost. The cached system prefix is now byte-stable (the per-request client timestamp moved from the system prompt to the current user message), tool ordering is deterministic, and conversation history is sent as reusable per-message blocks so prior turns read from cache on direct-Anthropic routes instead of being reprocessed each turn. Also fixes a history dedup bug on structured-data turns and adds a distinct telemetry signal for history-block cache participation. Behavior is unchanged for callers; gains apply across providers (explicit Anthropic markers and implicit OpenAI/Google prefix caching).

0.78.0

Patch Changes

  • 9634a17: Add claude-fable-5, gemma-4-31b-it, and gemma-4-26b-a4b-it to model constants, UI picker, and CLI
  • 252efd9: Add set-based runtime data-access helpers for conversation enrichment — getConversationsByIds, getFirstUserMessageByConversations, and getLastAssistantMessageByConversations — that batch-fetch in a single query instead of per-conversation lookups. Add listEvaluationRunsByRunConfigId so callers can filter runs in the database instead of in JS. Export the existing extractMessageText helper so callers can extract text from both the text and A2A parts content formats.

0.77.1

0.77.0

0.76.0

Minor Changes

  • b29a931: Add @inkeep/agents-core/external-fetch and @inkeep/agents-core/text-attachments subpath exports. The hardened external-file downloader (SSRF guard, redirect cap, size limit, content-type validation, retry-with-backoff) and the text-document attachment helpers now live in agents-core so consumers outside agents-api (e.g. copilot-app's HelpScout fetcher) can reuse them without depending on the entire agents-api package tree. Public barrel is curated — internal helpers like the undici dispatcher lookup callback are intentionally module-private.

    downloadExternalFile() now accepts an optional signal: AbortSignal so callers running concurrent fetches under a shared aggregate budget can abort in-flight downloads when the budget expires.

  • 7efbf18: Lift and unify the system-prompt character cap. The agent-level prompt limit is raised from 5,000 to 200,000 characters, and the sub-agent prompt (previously uncapped) now shares the same 200,000-character limit. The cap is enforced consistently across both the standalone REST create/update paths and the full-graph write path, and remains overridable via AGENTS_VALIDATION_AGENT_PROMPT_MAX_CHARS. This unblocks large grounding/context documents in agent prompts. The status-update custom-prompt limit (2,000) is unchanged.

Patch Changes

  • a30cce4: Fix SSO provider issuer edits not refreshing OIDC discovery and cached endpoints; the update path now re-runs discovery server-side when the issuer changes
  • d0a21b4: Prefetch webhook destinations once per chat turn to eliminate redundant Doltgres branch-checkout queries during conversation execution

0.75.4

0.75.3

Patch Changes

  • c9072d5: Fix data component partial updates rejecting bodies without name and props (e.g. clearing the component renderer)

0.75.2

0.75.1

Patch Changes

  • d7a6762: Reduce amount of database reads for outbound webhooks
  • 2042ce9: Exclude evaluation LLM calls from per-conversation and cost-page spend figures so cost is consistent across the conversation list, conversation detail, and cost dashboard.

... (truncated)

Commits

Updates @inkeep/agents-manage-ui from 0.59.4 to 0.78.1

Release notes

Sourced from @​inkeep/agents-manage-ui's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-manage-ui's changelog.

0.78.1

Patch Changes

  • 8b0bc17: Simplify cache-state reporting to use the real per-call numbers. Removes the "MISS-regression" state: a cache miss is now a single neutral MISS instead of an alarming red "possible regression" vs a "miss is expected" split, which depended on a reliable per-call marker_count and a prior-signature cursor that the trace store does not provide. Also stops synthesizing a marker count: the conversation route and the timeline usage resolver now derive the cache state directly from the real marker_count (merged from the raw attributes_number bundle) and cache_read instead of fabricating markerCount = 1 when a prefix signature was present — so the badge and the raw "Cache markers" field agree, and a genuine zero-marker call reads as "Skipped". deriveCacheState now treats a cache read as a HIT before checking the marker count, since a read is definitive proof of a hit even when the marker numeric was dropped.
  • 8b0bc17: Keep the cached prompt prefix stable across turns by de-conditioning the artifact-rules system text (it no longer changes shape when a conversation creates its first artifact), and add a guardrail test asserting the per-agent system prefix is byte-identical across turns. Fix conversation-trace reporting to read token, cost, and cache numeric attributes from the raw number map so cost, token counts, and cache HIT/MISS badges are accurate where the typed query previously returned zero.
  • Updated dependencies [8b0bc17]
  • Updated dependencies [8b0bc17]
    • @​inkeep/agents-core@​0.78.1

0.78.0

Patch Changes

  • 9634a17: Add claude-fable-5, gemma-4-31b-it, and gemma-4-26b-a4b-it to model constants, UI picker, and CLI
  • Updated dependencies [9634a17]
  • Updated dependencies [252efd9]
    • @​inkeep/agents-core@​0.78.0

0.77.1

Patch Changes

  • @​inkeep/agents-core@​0.77.1

0.77.0

Patch Changes

  • @​inkeep/agents-core@​0.77.0

0.76.0

Patch Changes

  • 8df942e: Improvements to the branch and diff view
  • bd56aa6: New projects created in the Manage UI now default their summarizer model to google/gemini-3.1-flash-lite instead of anthropic/claude-sonnet-4-5. Base and structured-output models are unchanged (still anthropic/claude-sonnet-4-5). The create-project form's default-model constants are also renamed from provider-scoped (DEFAULT_ANTHROPIC_*) to role-scoped (DEFAULT_BASE_MODEL, DEFAULT_STRUCTURED_OUTPUT_MODEL, DEFAULT_SUMMARIZER_MODEL), and the unused per-provider preset constants were removed.
  • a2ac3a6: Bump agents-ui-cloud version in ship example
  • a5deab8: Trace query optimizations
  • Updated dependencies [b29a931]
  • Updated dependencies [a30cce4]
  • Updated dependencies [d0a21b4]
  • Updated dependencies [7efbf18]
    • @​inkeep/agents-core@​0.76.0

0.75.4

Patch Changes

  • @​inkeep/agents-core@​0.75.4

... (truncated)

Commits

Updates @inkeep/agents-sdk from 0.59.4 to 0.78.1

Release notes

Sourced from @​inkeep/agents-sdk's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-sdk's changelog.

0.78.1

Patch Changes

  • Updated dependencies [8b0bc17]
  • Updated dependencies [8b0bc17]
    • @​inkeep/agents-core@​0.78.1

0.78.0

Patch Changes

  • Updated dependencies [9634a17]
  • Updated dependencies [252efd9]
    • @​inkeep/agents-core@​0.78.0

0.77.1

Patch Changes

  • @​inkeep/agents-core@​0.77.1

0.77.0

Patch Changes

  • @​inkeep/agents-core@​0.77.0

0.76.0

Patch Changes

  • Updated dependencies [b29a931]
  • Updated dependencies [a30cce4]
  • Updated dependencies [d0a21b4]
  • Updated dependencies [7efbf18]
    • @​inkeep/agents-core@​0.76.0

0.75.4

Patch Changes

  • @​inkeep/agents-core@​0.75.4

0.75.3

Patch Changes

  • Updated dependencies [c9072d5]
    • @​inkeep/agents-core@​0.75.3

... (truncated)

Commits

Updates @inkeep/agents-cli from 0.59.4 to 0.78.1

Release notes

Sourced from @​inkeep/agents-cli's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-cli's changelog.

0.78.1

Patch Changes

  • Updated dependencies [8b0bc17]
  • Updated dependencies [8b0bc17]
  • Updated dependencies [8b0bc17]
    • @​inkeep/agents-core@​0.78.1
    • @​inkeep/agents-manage-ui@​0.78.1
    • @​inkeep/agents-sdk@​0.78.1

0.78.0

Patch Changes

  • 9634a17: Add claude-fable-5, gemma-4-31b-it, and gemma-4-26b-a4b-it to model constants, UI picker, and CLI
  • Updated dependencies [9634a17]
  • Updated dependencies [252efd9]
    • @​inkeep/agents-core@​0.78.0
    • @​inkeep/agents-manage-ui@​0.78.0
    • @​inkeep/agents-sdk@​0.78.0

0.77.1

Patch Changes

  • @​inkeep/agents-manage-ui@​0.77.1
  • @​inkeep/agents-core@​0.77.1
  • @​inkeep/agents-sdk@​0.77.1

0.77.0

Patch Changes

  • @​inkeep/agents-manage-ui@​0.77.0
  • @​inkeep/agents-core@​0.77.0
  • @​inkeep/agents-sdk@​0.77.0

0.76.0

Patch Changes

  • Updated dependencies [b29a931]
  • Updated dependencies [8df942e]
  • Updated dependencies [bd56aa6]
  • Updated dependencies [a30cce4]
  • Updated dependencies [d0a21b4]
  • Updated dependencies [a2ac3a6]
  • Updated dependencies [7efbf18]
  • Updated dependencies [a5deab8]

... (truncated)

Commits

Updates @inkeep/agents-api from 0.59.4 to 0.78.1

Release notes

Sourced from @​inkeep/agents-api's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-api's changelog.

0.78.1

Patch Changes

  • 8b0bc17: Improve artifact base-selector prompting and evaluation. Fixes: (1) The "✅ CORRECT" JMESPath examples taught the bare-index form result.items[?type=='doc'][0], which projects the index over each filtered match and resolves to nothing; the rules now teach the working pipe form result.items[?type=='doc'] | [0] everywhere, matching the runtime structure hints. (2) Example filter values were realistic-looking literals (e.g. title=='Inkeep' && record_type=='site') that the model pasted verbatim, matching no real data; free-text example values are now obvious <PLACEHOLDER>s with an explicit instruction to substitute real values from the data. (3) Tool-result structure hints now include an ambiguousFields map listing every full path for any field name that occurs at more than one depth (e.g. content at the root and at content.text.content), prioritized so they are not truncated out of terminalPaths. (4) Tool-result hints now include a short, ranked recommendedBaseSelectors list of ready-to-use single-item base selectors, preferring MCP's flat structuredContent.content array over the deeply nested content[0].text... envelope; the prompt steers the model to copy a path from the hints and never invent a path segment like .documents for a .content array. (5) The base-selector evaluator now parses embedded JSON before applying the selector, so it operates on the same structure the model was shown in the hints.
  • 8b0bc17: Improve prompt caching to lower LLM input-token cost. The cached system prefix is now byte-stable (the per-request client timestamp moved from the system prompt to the current user message), tool ordering is deterministic, and conversation history is sent as reusable per-message blocks so prior turns read from cache on direct-Anthropic routes instead of being reprocessed each turn. Also fixes a history dedup bug on structured-data turns and adds a distinct telemetry signal for history-block cache participation. Behavior is unchanged for callers; gains apply across providers (explicit Anthropic markers and implicit OpenAI/Google prefix caching).
  • 8b0bc17: Keep the cached prompt prefix stable across turns by de-conditioning the artifact-rules system text (it no longer changes shape when a conversation creates its first artifact), and add a guardrail test asserting the per-agent system prefix is byte-identical across turns. Fix conversation-trace reporting to read token, cost, and cache numeric attributes from the raw number map so cost, token counts, and cache HIT/MISS badges are accurate where the typed query previously returned zero.
  • Updated dependencies [8b0bc17]
  • Updated dependencies [8b0bc17]
    • @​inkeep/agents-core@​0.78.1
    • @​inkeep/agents-work-apps@​0.78.1
    • @​inkeep/agents-email@​0.78.1
    • @​inkeep/agents-mcp@​0.78.1

0.78.0

Minor Changes

  • 252efd9: Fix runtime database connection-pool exhaustion ("timeout exceeded when trying to connect") on the evaluation results and dataset-run endpoints. The run-config, job-config, and dataset-run handlers enriched conversations with an unbounded per-conversation query fan-out; they now use set-based batch queries. The two /results endpoints additionally accept page and limit query parameters (default 50, max 200). Conversation input/output extraction now also handles the A2A parts content format, which previously yielded an empty value.

Patch Changes

  • 967005c: Stagger dataset run workflow execution to reduce rate-limit timeouts
  • Updated dependencies [9634a17]
  • Updated dependencies [252efd9]
    • @​inkeep/agents-core@​0.78.0
    • @​inkeep/agents-work-apps@​0.78.0
    • @​inkeep/agents-email@​0.78.0
    • @​inkeep/agents-mcp@​0.78.0

0.77.1

Patch Changes

  • b4de6bc: Fix the bot-protection challenge proxy returning 502 on every POST. The challenge/verify proxy handlers read the request body off c.req.raw (the underlying stream), which a preceding middleware had already consumed via c.req.json() — the second read threw "Body is unusable: Body has already been read" and was masked as a 502. This broke every HIS challenge submission and verification for anonymous sessions across all embedded widget versions. Handlers now read the body via Hono's cache-safe c.req.text() and pass it to the proxy helpers.
    • @​inkeep/agents-core@​0.77.1
    • @​inkeep/agents-email@​0.77.1
    • @​inkeep/agents-mcp@​0.77.1
    • @​inkeep/agents-work-apps@​0.77.1

0.77.0

Minor Changes

  • c3752d4: Add vendor-neutral /run/auth/challenge proxy endpoints (challenge GET/POST and challenge/verify). The previous /run/auth/sentinel/* paths keep working as deprecated aliases for embedded widgets that have not upgraded yet; they will be removed once their traffic drops to zero.

Patch Changes

  • @​inkeep/agents-core@​0.77.0
  • @​inkeep/agents-email@​0.77.0

... (truncated)

Commits

Updates @inkeep/agents-email from 0.59.4 to 0.78.1

Release notes

Sourced from @​inkeep/agents-email's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-email's changelog.

0.78.1

0.78.0

0.77.1

0.77.0

0.76.0

0.75.4

0.75.3

0.75.2

0.75.1

0.75.0

0.74.4

0.74.3

0.74.2

0.74.1

0.74.0

0.73.5

0.73.4

0.73.3

0.73.2

0.73.1

0.73.0

0.72.2

0.72.1

0.72.0

0.71.0

... (truncated)

Commits

Updates @inkeep/agents-mcp from 0.59.4 to 0.78.1

Release notes

Sourced from @​inkeep/agents-mcp's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Changelog

Sourced from @​inkeep/agents-mcp's changelog.

0.78.1

0.78.0

0.77.1

0.77.0

0.76.0

0.75.4

0.75.3

0.75.2

0.75.1

0.75.0

0.74.4

0.74.3

0.74.2

0.74.1

0.74.0

0.73.5

0.73.4

0.73.3

0.73.2

0.73.1

0.73.0

0.72.2

0.72.1

0.72.0

0.71.0

... (truncated)

Commits

Updates @inkeep/agents-ui from 0.15.20 to 0.16.5

Commits

Updates @inkeep/agents-work-apps from 0.59.4 to 0.78.1

Release notes

Sourced from @​inkeep/agents-work-apps's releases.

2026-04-15

Changelog

@​inkeep/agents-api@​0.68.4

Patch Changes

  • Updated dependencies [7438f76]
    • @​inkeep/agents-work-apps@​0.68.4
    • @​inkeep/agents-core@​0.68.4
    • @​inkeep/agents-email@​0.68.4
    • @​inkeep/agents-mcp@​0.68.4

@​inkeep/agents-cli@​0.68.4

Patch Changes

  • @​inkeep/agents-manage-ui@​0.68.4
  • @​inkeep/agents-core@​0.68.4
  • @​inkeep/agents-sdk@​0.68.4

@​inkeep/agents-manage-ui@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-sdk@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/agents-work-apps@​0.68.4

Patch Changes

  • 7438f76: add thread to resume link message context
    • @​inkeep/agents-core@​0.68.4

@​inkeep/ai-sdk-provider@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

@​inkeep/create-agents@​0.68.4

Patch Changes

  • @​inkeep/agents-core@​0.68.4

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 27, 2026
@vercel

vercel Bot commented Mar 27, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agents-api Ready Ready Preview, Comment Apr 15, 2026 6:54pm
agents-docs Ready Ready Preview, Comment Apr 15, 2026 6:54pm
agents-manage-ui Ready Ready Preview, Comment Apr 15, 2026 6:54pm

Request Review

@changeset-bot

changeset-bot Bot commented Mar 27, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: c857905

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from b21abdf to 105aa2b Compare March 30, 2026 20:08
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from 105aa2b to 24d1441 Compare March 31, 2026 18:50
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from 24d1441 to 465e081 Compare April 1, 2026 19:30
@socket-security

socket-security Bot commented Apr 1, 2026
edited
Loading

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Potentially malicious package (AI signal): npm @inkeep/agents-manage-ui is 60.0% likely malicious

Notes: High security concern: this module includes a remote SVG injection mechanism that can execute embedded <script> contents from externally fetched SVGs via Function(scriptText)(window) when configuration permits it. This is an untrusted-to-arbitrary-code-execution capability (XSS/RCE-like in-browser execution). Additionally, it injects computed HTML using dangerouslySetInnerHTML and performs outbound network requests carrying user prompts/media to AI gateway endpoints. Overall, the fragment should be treated as dangerous and reviewed/locked down (e.g., forbid remote SVG script execution, enforce strict URL allowlists, and sanitize/avoid dangerouslySetInnerHTML) before use.

Confidence: 0.60

Severity: 0.90

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is AI-detected potential malware?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Given the AI system's identification of this package as malware, extreme caution is advised. It is recommended to avoid downloading or installing this package until the threat is confirmed or flagged as a false positive.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.78.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.78.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @workflow/web is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-api@0.78.1npm/@workflow/web@4.1.0-beta.39

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@workflow/web@4.1.0-beta.39. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm date-fns is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-manage-ui@0.78.1npm/date-fns@4.4.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/date-fns@4.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm drizzle-orm is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-api@0.78.1npm/drizzle-orm@0.45.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/drizzle-orm@0.45.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm es-abstract is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-api@0.78.1npm/@inkeep/agents-core@0.78.1npm/es-abstract@1.24.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm js-yaml is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-sdk@0.78.1npm/@inkeep/agents-api@0.78.1npm/js-yaml@4.2.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-yaml@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm node-forge is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-manage-ui@0.78.1npm/@inkeep/agents-api@0.78.1npm/@inkeep/agents-core@0.78.1npm/node-forge@1.4.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-forge@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm posthog-js is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-manage-ui@0.78.1npm/posthog-js@1.387.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/posthog-js@1.387.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm preact is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-manage-ui@0.78.1npm/preact@10.29.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/preact@10.29.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm pusher-js is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-api@0.78.1npm/@inkeep/agents-core@0.78.1npm/pusher-js@8.5.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pusher-js@8.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm rimraf is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: create-agents-template/pnpm-lock.yamlnpm/@inkeep/agents-manage-ui@0.78.1npm/@inkeep/agents-api@0.78.1npm/@inkeep/agents-core@0.78.1npm/rimraf@5.0.10

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rimraf@5.0.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from 465e081 to fa1b4e2 Compare April 1, 2026 23:40
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from fa1b4e2 to 5e49776 Compare April 2, 2026 18:52
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from e161f0a to dc003ba Compare April 8, 2026 18:50
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from dc003ba to 983d23f Compare April 8, 2026 18:56
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from 983d23f to c09a6bd Compare April 9, 2026 18:50
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from c09a6bd to 006b8ee Compare April 10, 2026 18:49
@github-actions

github-actions Bot commented Apr 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Thanks for the contribution! Your PR has been mirrored into Inkeep's internal monorepo, where review and merge happen. Your commit attribution is preserved as @dependabot[bot].

What happens next:

  • An Inkeep maintainer will review the internal mirror PR.
  • Reviewer comments are not automatically mirrored back to this thread. If you don't hear from us within a few business days, please comment here to nudge — that's the right thing to do.
  • Once merged internally, the change will sync back to this repository and this PR will close automatically (don't be alarmed when it closes — that's how it lands).

For Inkeep maintainers (link goes to a private repo and is not accessible to external contributors): https://github.com/inkeep/agents-private/pull/80

See the repository's CONTRIBUTING.md for more context on how public PRs flow. This comment will be updated as the bridge state changes.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from 006b8ee to 93a5810 Compare April 13, 2026 19:59
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from 93a5810 to 445e94d Compare April 14, 2026 18:50
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/create-agents-template/inkeep-agents-6c0cc75f22 branch from 445e94d to ffe4636 Compare April 15, 2026 18:50
@socket-security

socket-security Bot commented May 19, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​inkeep/​agents-manage-ui@​0.78.1321009610090
Added@​inkeep/​agents-cli@​0.78.1731008710090
Added@​inkeep/​agents-api@​0.78.1791007610090
Added@​inkeep/​agents-sdk@​0.78.18610010010090

View full report

@dependabot
Bump the inkeep-agents group across 1 directory with 9 updates
c857905 
Bumps the inkeep-agents group with 5 updates in the /create-agents-template directory:

| Package | From | To |
| --- | --- | --- |
| [@inkeep/agents-core](https://github.com/inkeep/agents/tree/HEAD/packages/agents-core) | `0.59.4` | `0.78.1` |
| [@inkeep/agents-manage-ui](https://github.com/inkeep/agents/tree/HEAD/agents-manage-ui) | `0.59.4` | `0.78.1` |
| [@inkeep/agents-sdk](https://github.com/inkeep/agents/tree/HEAD/packages/agents-sdk) | `0.59.4` | `0.78.1` |
| [@inkeep/agents-cli](https://github.com/inkeep/agents/tree/HEAD/agents-cli) | `0.59.4` | `0.78.1` |
| [@inkeep/agents-api](https://github.com/inkeep/agents/tree/HEAD/agents-api) | `0.59.4` | `0.78.1` |



Updates `@inkeep/agents-core` from 0.59.4 to 0.78.1
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/packages/agents-core/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-core)

Updates `@inkeep/agents-manage-ui` from 0.59.4 to 0.78.1
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/agents-manage-ui/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/agents-manage-ui)

Updates `@inkeep/agents-sdk` from 0.59.4 to 0.78.1
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/packages/agents-sdk/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-sdk)

Updates `@inkeep/agents-cli` from 0.59.4 to 0.78.1
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/agents-cli/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/agents-cli)

Updates `@inkeep/agents-api` from 0.59.4 to 0.78.1
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/agents-api/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/agents-api)

Updates `@inkeep/agents-email` from 0.59.4 to 0.78.1
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/packages/agents-email/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-email)

Updates `@inkeep/agents-mcp` from 0.59.4 to 0.78.1
- [Release notes](https://github.com/inkeep/agents/releases)
- [Changelog](https://github.com/inkeep/agents/blob/main/packages/agents-mcp/CHANGELOG.md)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-mcp)

Updates `@inkeep/agents-ui` from 0.15.20 to 0.16.5
- [Commits](https://github.com/inkeep/agents-ui/commits/HEAD/packages/agents-ui)

Updates `@inkeep/agents-work-apps` from 0.59.4 to 0.78.1
- [Release notes](https://github.com/inkeep/agents/releases)
- [Commits](https://github.com/inkeep/agents/commits/HEAD/packages/agents-workapps)

---
updated-dependencies:
- dependency-name: "@inkeep/agents-api"
  dependency-version: 0.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-cli"
  dependency-version: 0.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-core"
  dependency-version: 0.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-email"
  dependency-version: 0.62.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-manage-ui"
  dependency-version: 0.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-mcp"
  dependency-version: 0.62.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-sdk"
  dependency-version: 0.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-ui"
  dependency-version: 0.15.21
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: inkeep-agents
- dependency-name: "@inkeep/agents-work-apps"
  dependency-version: 0.62.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: inkeep-agents
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants