Bump the minor-and-patch group in /web with 17 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the minor-and-patch group in /web with 17 updates:

Package	From	To
@base-ui/react	1.3.0	1.5.0
@neondatabase/serverless	1.0.2	1.1.0
@react-three/fiber	9.5.0	9.6.1
@types/three	0.183.1	0.184.1
@vercel/sdk	1.21.5	1.21.6
@workflow/core	4.2.0-beta.71	4.2.4
ai	6.0.185	6.0.188
geist	1.7.0	1.7.1
mppx	0.6.26	0.6.27
recharts	3.8.0	3.8.1
streamdown	2.4.0	2.5.0
webauthx	0.1.0	0.1.2
workflow	4.2.0-beta.71	4.2.4
zod	4.3.6	4.4.3
@typescript-eslint/parser	8.57.1	8.59.4
autoprefixer	10.4.27	10.5.0
jest	30.3.0	30.4.2

Updates @base-ui/react from 1.3.0 to 1.5.0

Release notes

Sourced from @​base-ui/react's releases.

v1.5.0

General changes

• Improve mount performance with interaction splitting, including closed popup mount performance by up to 50% and unmounting performance by up to 85% (#4661) by @​atomiks
• Use local document for virtual arrow (#4662) by @​lyzno1
• Fix macOS Safari and Firefox minimizing fullscreen when closing popups with Esc (#4695) by @​arturbien
• Drop unnecessary memoization (#4693) by @​flaviendelangle
• Do not use Math.random() in useStableCallback() (#4732) by @​michaldudak
• Fix return focus when reference disconnects (#4655) by @​atomiks
• Don't steal initial focus if focus already moved inside a popup (#4775) by @​stefee

Alert Dialog

• Fix handle defaults (#4834) by @​atomiks

Autocomplete

• Fix native FormData for popup inputs (#4725) by @​lunaxislu

Checkbox

• Submit the associated form when pressing Enter (#4713) by @​michaldudak

Combobox

• Expose clear visibility state (#4664) by @​atomiks
• Fix popup input form submit (#4687) by @​atomiks
• Preserve closeQuery when closing multiple input-inside-popup combobox (#4715) by @​mj12albert
• Fix RTL component behavior (#4840) by @​atomiks
• Ignore hidden-input changes while readonly or disabled (#4810) by @​lunaxislu

Dialog

• Consider the controlled open prop for open state detection (#4712) by @​michaldudak

Drawer

• Forward style prop in <Drawer.Viewport> (#4841) by @​atomiks

Field

• Avoid flushSync during validation (#4685) by @​atomiks

Form

• Avoid flushSync during validation (#4685) by @​atomiks

Menu

• Fix submenu pointer-events scope for keepMounted portals (#4723) by @​twillhorn

... (truncated)

Changelog

Sourced from @​base-ui/react's changelog.

v1.5.0

May 19, 2026

General changes

• Improve mount performance with interaction splitting, including closed popup mount performance by up to 50% and unmounting performance by up to 85% (#4661) by @​atomiks
• Use local document for virtual arrow (#4662) by @​lyzno1
• Fix macOS Safari and Firefox minimizing fullscreen when closing popups with Esc (#4695) by @​arturbien
• Drop unnecessary memoization (#4693) by @​flaviendelangle
• Do not use Math.random() in useStableCallback() (#4732) by @​michaldudak
• Fix return focus when reference disconnects (#4655) by @​atomiks
• Don't steal initial focus if focus already moved inside a popup (#4775) by @​stefee

Alert Dialog

• Fix handle defaults (#4834) by @​atomiks

Autocomplete

• Fix native FormData for popup inputs (#4725) by @​lunaxislu

Checkbox

• Submit the associated form when pressing Enter (#4713) by @​michaldudak

Combobox

• Expose clear visibility state (#4664) by @​atomiks
• Fix popup input form submit (#4687) by @​atomiks
• Preserve closeQuery when closing multiple input-inside-popup combobox (#4715) by @​mj12albert
• Fix RTL component behavior (#4840) by @​atomiks
• Ignore hidden-input changes while readonly or disabled (#4810) by @​lunaxislu

Dialog

• Consider the controlled open prop for open state detection (#4712) by @​michaldudak

Drawer

• Forward style prop in <Drawer.Viewport> (#4841) by @​atomiks

Field

• Avoid flushSync during validation (#4685) by @​atomiks

Form

• Avoid flushSync during validation (#4685) by @​atomiks

... (truncated)

Commits

• 2fdf1b0 [release] v1.5.0 (#4850)
• 8535638 [otp field] Fix vertical arrow slot navigation (#4844)
• 09ce83b [alert dialog] Fix handle defaults (#4834)
• 5e0f3e7 [menu] Support group labels in radio groups (#4826)
• 8db1aa9 [otp field] Fix RTL arrow navigation (#4847)
• ccb4b30 [otp field] Compose normalizeValue with validation (#4717)
• ad99b44 [direction provider] Fix RTL component behavior (#4840)
• 5579e7f [drawer] Forward style prop in \<Drawer.Viewport> (#4841)
• 8170336 [navigation menu] Fix keepMounted content sizing (#4817)
• 4a339d0 [otp field] Prevent locked hidden autofill validation (#4827)
• Additional commits viewable in compare view

Updates @neondatabase/serverless from 1.0.2 to 1.1.0

Changelog

Sourced from @​neondatabase/serverless's changelog.

1.1.0 (2026-04-09)

Type declarations are now fully inlined (some were previously re-exported from @types/pg and @types/node). The new types greatly reduce the size of the package with dependencies, and should be compatible in normal usage. The code that is actually run remains unchanged.

A few advanced type-level patterns could be affected. Code that depends on exact type identity with the @types/pg exports, that relies on declare module 'pg' augmentation flowing through these exports, or that assumes Buffer-specific types in places now declared as Uint8Array may need updated types.

Commits

• d8d42fc 1.1.0
• aeda724 Updated release instructions in DEVELOP.md and preversion script
• 55f6b42 Add comment to src/shims/pg/index.d.ts about maintenance
• accf39a Inline all TypeScript types for a significant install size reduction (#206)
• 013ae38 Add prisma generate before packages tests (#200)
• 2571f25 Switch CI workflows to protected runner group (#198)
• 010888d Harden CI: disable third-party scripts, add release cooldown, and tighten per...
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​neondatabase/serverless since your current version.

Updates @react-three/fiber from 9.5.0 to 9.6.1

Release notes

Sourced from @​react-three/fiber's releases.

v9.6.1

What's Changed

• fix: Seamlessly transfer interactivity state when swapping instances (#3743) by @​notrabs in pmndrs/react-three-fiber#3744

Full Changelog: pmndrs/react-three-fiber@v9.6.0...v9.6.1

v9.6.0 - Sunset X

Ever tried using <shaderMaterial uniforms={{ time: { value: time } }} /> and ran into immediate issues with desync? No more.

The uniforms objects on ShaderMaterial and its derivatives now have a stable reference. Objects passed into uniforms will instead copy into it. This is the same as behavior for math structures that have copy such as position, rotation, quaternion, etc. and ends up simplifying using the raw JSX where utilities were often introduced before.

Why does this matter?

1. Improves HMR. Even if you memoize the uniforms object it will still regenerate and desync Three. Now this won't happen. But also it makes compatibility with React compiler more complete with its auto-memoization.

2. Allows for inline uniform props and even prop uniforms directly on the material piercing.

<shaderMaterial
  vertexShader={vertexShader}
  fragmentShader={fragmentShader}
  // The uniforms object has a stable reference so objects can be safely merged in
  uniforms={{ 
    uTime: { value: 0 }, 
    uColor: { value: new THREE.Color('hotpink') } 
  }}
  // Individual uniforms can also be safely updated with pierce notation
  uniforms-uColor-value={hovered ? 'royalblue' : 'hotpink'}
/>

Documentation can be found here: https://r3f.docs.pmnd.rs/api/objects#shader-material-uniforms

And an example can be found here: https://github.com/pmndrs/react-three-fiber/blob/master/example/src/demos/ShaderMaterial.tsx

What's Changed

• fix: Fix broken link on "Performance pitfalls" documentation page by @​simonKristensen in pmndrs/react-three-fiber#3700
• fix: uniforms have stable refs for ShaderMaterial by @​krispya in pmndrs/react-three-fiber#3715
• docs: fix typos and documentation consistency by @​NssGourav in pmndrs/react-three-fiber#3709

New Contributors

• @​simonKristensen made their first contribution in pmndrs/react-three-fiber#3700
• @​NssGourav made their first contribution in pmndrs/react-three-fiber#3709

Full Changelog: pmndrs/react-three-fiber@v9.5.0...v9.6.0

Commits

• 2a52874 RELEASING: Releasing 1 package(s)
• b645741 docs(changeset): fix: Seamlessly transfer interactivity state when swapping i...
• 119668f fix: Seamlessly transfer interactivity state when swapping instances (#3744)
• 943a37e Merge pull request #3738 from pmndrs:chore/simplify-shadermaterial-demo
• 1be9504 chore: Add uniform piercing test
• 4df10c0 chore: Simplify ShaderMaterial demo
• 877c839 chore: Move ShaderMaterial uniform notes to objects out of pitfalls (#3734)
• 47d30ba chore: Move ShaderMaterial uniform notes to objects out of pitfalls
• ece1a3f RELEASING: Releasing 1 package(s)
• 26e4716 docs(changeset): Fix uniforms refs so they remain stable for ShaderMaterial
• Additional commits viewable in compare view

Updates @types/three from 0.183.1 to 0.184.1

Commits

• See full diff in compare view

Updates @vercel/sdk from 1.21.5 to 1.21.6

Release notes

Sourced from @​vercel/sdk's releases.

typescript - v1.21.6 - 2026-05-20 15:03:12

Generated by Speakeasy CLI

@​vercel/sdk 1.21.6

Typescript SDK Changes:

• vercel.user.listUserEvents(): response.events[].payload.union(283) Changed
• vercel.microfrontends.getMicrofrontendsInGroup(): response.projects[].permissions.vcrRepository Added
• vercel.projects.getProjects(): response.union(3).projects[].permissions.vcrRepository Added
• vercel.projects.createProject(): response.permissions.vcrRepository Added
• vercel.projects.updateProject(): response.permissions.vcrRepository Added
• vercel.projects.updateMicrofrontends(): response.permissions.vcrRepository Added
• vercel.sandboxesV2Beta.getSandboxesV2(): response.sandboxes[].mounts Added
• vercel.sandboxesV2Beta.getNamedSandbox():
  • response.sandbox.mounts Added
  • error.status[410] Added
• vercel.sandboxesV2Beta.deleteSandbox(): response.sandbox.mounts Added
• vercel.sandboxesV2Beta.stopSession(): response.union(2).sandbox.mounts Added

Generated with Speakeasy CLI 1.763.1

Publishing Completed

Changelog

Sourced from @​vercel/sdk's changelog.

2024-09-12 00:25:13

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.396.2 (2.415.0) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v14.0.0-canary.0] packages/sdk

Releases

• [NPM v14.0.0-canary.0] https://www.npmjs.com/package/@​vercel/sdk/v/14.0.0-canary.0 - packages/sdk

2024-09-24 21:05:38

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.402.12 (2.422.15) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v14.0.0-canary.2] packages/sdk

Releases

• [NPM v14.0.0-canary.2] https://www.npmjs.com/package/@​vercel/sdk/v/14.0.0-canary.2 - packages/sdk

2024-09-27 16:16:59

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.404.4 (2.426.2) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v14.0.0-canary.3] packages/sdk

Releases

• [NPM v14.0.0-canary.3] https://www.npmjs.com/package/@​vercel/sdk/v/14.0.0-canary.3 - packages/sdk

2024-11-06 15:50:38

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.431.0 (2.451.0) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v14.0.0-canary.4] packages/sdk

Releases

• [NPM v14.0.0-canary.4] https://www.npmjs.com/package/@​vercel/sdk/v/14.0.0-canary.4 - packages/sdk

2024-11-14 19:36:49

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.439.0 (2.457.9) https://github.com/speakeasy-api/speakeasy

Generated

• [typescript v14.0.0-canary.6] packages/sdk

Releases

... (truncated)

Commits

• a2635ac ## Typescript SDK Changes: (#296)
• 5114254 chore: set @​vercel/docs-team as sole code owner (#297)
• See full diff in compare view

Updates @workflow/core from 4.2.0-beta.71 to 4.2.4

Changelog

Sourced from @​workflow/core's changelog.

4.2.4

Patch Changes

• Updated dependencies [7be05b9]:
  • @​workflow/world-vercel@​4.1.2

4.2.3

Patch Changes

• #1758 fb3c118 Thanks @​VaguelySerious! - When runtime replays exceed 240s, re-try them up to three times, instead of failing immediately

• #1726 6f48e9e Thanks @​workflow-devkit-release-bot! - Embed source content in published sourcemaps.

• 2ece7ba Thanks @​VaguelySerious! - Fix community world E2E tests by adding specVersion to the World interface so start() uses the safe baseline (v2) for worlds that don't declare their supported version

• #1726 7aab36b Thanks @​workflow-devkit-release-bot! - Fix false-positive unconsumed step_created errors when replay resumes a for await hook loop and appends more async work after the first promise-queue drain.

• Updated dependencies [5bc4191, 6f48e9e, 2ece7ba, 3737caa]:

  • @​workflow/world-local@​4.1.1
  • @​workflow/errors@​4.1.1
  • @​workflow/serde@​4.1.1
  • @​workflow/utils@​4.1.1
  • @​workflow/world-vercel@​4.1.1
  • @​workflow/world@​4.1.1

4.2.2

Patch Changes

• f1cc68f Thanks @​karthikscale3! - Make encrypted markers clickable to trigger decryption and detect encryption at run level before span selection. Persist features.encryption flag in executionContext at run creation so the UI can detect encryption without a probe fetch.

4.2.1

Patch Changes

• #1657 f5fb9b7 Thanks @​workflow-devkit-release-bot! - Remove redundant hc_ prefix from health check correlationId that caused doubled hc_hc_ in the derived runId and stream name.

4.2.0

Patch Changes

• #1640 8890b33 Thanks @​VaguelySerious! - Stable release

• Updated dependencies [8890b33]:

  • @​workflow/errors@​4.1.0
  • @​workflow/serde@​4.1.0
  • @​workflow/utils@​4.1.0
  • @​workflow/world@​4.1.0

... (truncated)

Commits

• dd139df Version Packages (#1789)
• 2a7ead0 Version Packages (#1726)
• 2ece7ba [core] [world] Fix community world E2E tests broken by specVersion bump (#1658)
• 7aab36b fix false-positive unconsumed event in hook loop replay (#1778)
• 5bc4191 [world-local] Backport: enable cross-process streaming via filesystem polling...
• fb3c118 [core] Re-try runtime replays that exceed deadline up to three times (#1740) ...
• 7b045f0 Version Packages (#1720)
• f1cc68f [web][web-shared][core] Make encrypted markers clickable and detect encryptio...
• aed6ad2 Version Packages (#1657)
• f5fb9b7 fix(core): remove redundant hc_ prefix from health check correlationId (#1678)
• Additional commits viewable in compare view

Updates ai from 6.0.185 to 6.0.188

Release notes

Sourced from ai's releases.

ai@6.0.188

Patch Changes

• c98715a: Add allowSystemInMessages option to ToolLoopAgent.

  This exposes the same option that exists on streamText and generateText, whether role: "system" messages are allowed in the prompt or messages fields. When unset, system messages are rejected because they can create a prompt injection attack risk. Ideally, use the instructions option instead. Set to true to allow system messages, or false to explicitly reject them.

  const agent = new ToolLoopAgent({
    model,
    allowSystemInMessages: true,
  });
  await agent.generate({
  messages: [
  { role: "system", content: "Server context" },
  { role: "user", content: "Hello" },
  ],
  });

  The option can also be returned from prepareCall for dynamic per-call configuration.

ai@6.0.187

Patch Changes

• Updated dependencies [6f4bb06]
  • @​ai-sdk/gateway@​3.0.118

Changelog

Sourced from ai's changelog.

6.0.188

Patch Changes

• c98715a: Add allowSystemInMessages option to ToolLoopAgent.

  This exposes the same option that exists on streamText and generateText, whether role: "system" messages are allowed in the prompt or messages fields. When unset, system messages are rejected because they can create a prompt injection attack risk. Ideally, use the instructions option instead. Set to true to allow system messages, or false to explicitly reject them.

  const agent = new ToolLoopAgent({
    model,
    allowSystemInMessages: true,
  });
  await agent.generate({
  messages: [
  { role: "system", content: "Server context" },
  { role: "user", content: "Hello" },
  ],
  });

  The option can also be returned from prepareCall for dynamic per-call configuration.

6.0.187

Patch Changes

• Updated dependencies [6f4bb06]
  • @​ai-sdk/gateway@​3.0.118

6.0.186

Patch Changes

• Updated dependencies [756fec1]
  • @​ai-sdk/gateway@​3.0.117

Commits

• 93ad540 Version Packages (#15489)
• c98715a Backport: [tool-loop-agent] adding support for messages with system role with...
• a15eda9 Version Packages (#15473)
• 917e487 Backport CI speed improvements to release-v6.0 (#15455)
• e33b836 Version Packages (#15440)
• See full diff in compare view

Updates geist from 1.7.0 to 1.7.1

Changelog

Sourced from geist's changelog.

1.7.1

Patch Changes

• c8ed578: Fix Geist Mono rendering source-code text with unintended programming ligatures.

  v1.7.0 unintentionally activated programming-ligature substitutions (-->, ==, !=, ..., --, etc.) under the liga (Standard Ligatures) OpenType feature, which is on by default in every renderer. As a result, text like --debug-prerender, [id...], [...id], or NODE_OPTIONS='--debug-prerender' node rendered with ligated glyphs and broke monospace alignment in code.

  The source-level fix is in #217; this release ships the rebuilt binaries.

Commits

• 8b8b75f fix(release): sync package.json version and unignore packages/**/package.json...
• 88309a4 Version Packages (#223)
• 6af2e7f ci: harden release workflow (#222)
• c8ed578 chore: add changeset for geist@1.7.1 (Mono liga regression fix) (#221)
• a0a06a3 make build
• 855f609 Fix broken link in README.md
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for geist since your current version.

Updates mppx from 0.6.26 to 0.6.27

Release notes

Sourced from mppx's releases.

mppx@0.6.27

Patch Changes

• 27d9218: Updated Tempo chain imports to use the viem/tempo/chains entrypoint.
• 22d8eed: Updated viem and ox dependencies to their latest published versions and fixed sponsored Tempo transaction gas estimation with the new versions.

Changelog

Sourced from mppx's changelog.

0.6.27

Patch Changes

• 27d9218: Updated Tempo chain imports to use the viem/tempo/chains entrypoint.
• 22d8eed: Updated viem and ox dependencies to their latest published versions and fixed sponsored Tempo transaction gas estimation with the new versions.

Commits

• 9fd0e85 chore: version packages (#465)
• 27d9218 refactor: viem/chains -> viem/tempo/chains (#468)
• 22d8eed chore: bump viem and ox dependencies (#464)
• See full diff in compare view

Updates recharts from 3.8.0 to 3.8.1

Release notes

Sourced from recharts's releases.

v3.8.1

What's Changed

Bugfixes!

• fix(z-index): prevent elements from disappearing during dynamic zIndex transitions by @​VIDHITTS in recharts/recharts#7006
• fix: prevent tooltip flicker in syncMethod="value" with mismatched data arrays by @​roy7 in recharts/recharts#7020
• docs: add missing SVG props documentation to PolarGrid #3400 by @​ramanverse in recharts/recharts#6987
• fix: add cursor prop type to BaseChartProps by @​mixelburg in recharts/recharts#7065
• fix: restore arrow key navigation when active index is outside zoomed… by @​AbishekRaj2007 in recharts/recharts#7086
• Add test for ticks spacing by @​VIDHITTS in recharts/recharts#7082
• fix(Pie): skip minAngle redistribution when no segment needs it by @​Harikrushn9118 in recharts/recharts#7097
• fix(DefaultLegendContent): use entry.value for aria-label when formatter returns React element by @​mixelburg in recharts/recharts#7109
• fix(PolarRadiusAxis): update ticks prop type by @​PavelVanecek in recharts/recharts#7112
• fix: PieChart double padding gap when a data item has value 0 by @​Copilot in recharts/recharts#7113
• Add boxplot example by @​PavelVanecek in recharts/recharts#7130
• [fix] Update ticks calculator and domain extension by @​PavelVanecek in recharts/recharts#7146
• fix: guard against non-function d3-scale exports in getD3ScaleFromType by @​tdebarochez in recharts/recharts#7123
• fix: stackOffset expand should not override numerical XAxis domain by @​SeaL773 in recharts/recharts#7152
• fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) by @​olagokemills in recharts/recharts#7140
• fix(Tooltip): prevent crash on sparse or undefined payload entries by @​Om-Mishra09 in recharts/recharts#7149
• fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update by @​Om-Mishra09 in recharts/recharts#7161

New Contributors

• @​AbishekRaj2007 made their first contribution in recharts/recharts#7086
• @​tdebarochez made their first contribution in recharts/recharts#7123
• @​SeaL773 made their first contribution in recharts/recharts#7152
• @​olagokemills made their first contribution in recharts/recharts#7140

Full Changelog: recharts/recharts@v3.8.0...v3.8.1

Commits

• 5b10788 chore(deps-dev): bump diff from 8.0.3 to 8.0.4 (#7156)
• 222396f chore(deps): bump react-router-dom from 7.13.1 to 7.13.2 (#7164)
• c2642da chore(deps-dev): bump typescript-eslint from 8.57.1 to 8.57.2 (#7166)
• b186929 fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update (#7161)
• 738f71f fix(Tooltip): prevent crash on sparse or undefined payload entries (#7149)
• 00daf0b chore(deps-dev): bump rollup from 4.59.0 to 4.60.0 (#7158)
• eba4f2a chore(deps-dev): bump marked from 17.0.4 to 17.0.5 (#7157)
• 201d060 fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) (#...
• 670d092 chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#7150)
• 86ca8de fix: stackOffset expand should not override numerical XAxis domain (#7152)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by corkscreewe, a new releaser for recharts since your current version.

Updates streamdown from 2.4.0 to 2.5.0

Release notes

Sourced from streamdown's releases.

streamdown@2.5.0

Minor Changes

• d6666b6: Add lineNumbers prop to disable line numbers in code blocks
• d4ec6c0: Add meta prop to CustomRendererProps. Custom renderers now receive the raw metastring from the code fence (everything after the language identifier, e.g. ```rust {1} title="foo" → meta = '{1} title="foo"'). The prop is optional (meta?: string) and is undefined when no metastring is present. Existing custom renderers are unaffected.

Patch Changes

• ac8d839: Add staggered animation-delay to streaming word/character animations so new content cascades in sequentially instead of all animating simultaneously. Configurable via the new stagger option (default 40ms). Set stagger: 0 to restore the previous behavior.

• add5374: Enable horizontal scrolling on code blocks so long lines are accessible instead of being clipped by overflow-hidden.

• 75845c0: Fix unnecessary re-renders of code blocks during streaming updates.

  Problem: In streaming mode, when new content arrives (e.g. a paragraph is appended), completed code blocks that haven't changed were still re-rendering. This happened because the Streamdown component used inline object literals as default parameter values for linkSafety ({ enabled: true }). Every time children changed and Streamdown re-rendered, these inline defaults created new references, which caused the contextValue useMemo to recompute a new StreamdownContext object. Since React propagates context changes through memo boundaries, any context consumer inside a memoized Block (such as CodeBlock) would re-render even though the block's own props were unchanged.

  Fix: Extract the inline default values for linkSafety into module-level constants (defaultLinkSafetyConfig). This ensures referential stability across renders, so contextValue only recomputes when the actual values change — not just because children updated.

• 8b1c262: fix: prepend UTF-8 BOM to CSV downloads for Excel compatibility

  • save() now prepends \uFEFF for text/csv string content so Excel on Windows detects UTF-8 encoding instead of falling back to ANSI.
  • TableDownloadButton refactored to use save() instead of inline Blob creation, ensuring the public API also gets the BOM fix.

• b105c64: Fix custom tag content being prematurely split when content follows the opening tag on the same line and contains double newlines (\n\n). The preprocessor now ensures proper HTML block structure so the parser treats the entire tag as a single unit.

• 9e6f991: Increase dropdown z-index for table copy and download menus to prevent clipping by surrounding elements.

• 9c18748: docs: document required CSS custom properties (shadcn/ui design tokens) in README

• 7b62e9a: Replace Tailwind v4-only *:last: and *:first: variant syntax with [&>*:last-child]: and [&>*:first-child]: arbitrary variants for compatibility with both Tailwind CSS v3 and v4. Fixes caret rendering on every line instead of only the last child in v3.

• Updated dependencies [e50b0c4]

• Updated dependencies [716a5f0]

  • remend@1.3.0

Changelog

Sourced from streamdown's changelog.

2.5.0

Minor Changes

• d6666b6: Add lineNumbers prop to disable line numbers in code blocks
• d4ec6c0: Add meta prop to CustomRendererProps. Custom renderers now receive the raw metastring from the code fence (everything after the language identifier, e.g. ```rust {1} title="foo" → meta = '{1} title="foo"'). The prop is optional (meta?: string) and is undefined when no metastring is present. Existing custom renderers are unaffected.

Patch Changes

• ac8d839: Add staggered animation-delay to streaming word/character animations so new content cascades in sequentially instead of all animating simultaneously. Configurable via the new stagger option (default 40ms). Set stagger: 0 to restore the previous behavior.

• add5374: Enable horizontal scrolling on code blocks so long lines are accessible instead of being clipped by overflow-hidden.

• 75845c0: Fix unnecessary re-renders of code blocks during streaming updates.

  Problem: In streaming mode, when new content arrives (e.g. a paragraph is appended), completed code blocks that haven't changed were still re-rendering. This happened because the Streamdown component used inline object literals as default parameter values for linkSafety ({ enabled: true }). Every time children changed and Streamdown re-rendered, these inline defaults created new references, which caused the contextValue useMemo to recompute a new StreamdownContext object. Since React propagates context changes through memo boundaries, any context consumer inside a memoized Block (such as CodeBlock) would re-render even though the block's own props were unchanged.

  Fix: Extract the inline default values for linkSafety into module-level constants (defaultLinkSafetyConfig). This ensures referential stability across renders, so contextValue only recomputes when the actual values change — not just because children updated.

• 8b1c262: fix: prepend UTF-8 BOM to CSV downloads for Excel compatibility

  • save() now prepends \uFEFF for text/csv string content so Excel on Windows detects UTF-8 encoding instead of falling back to ANSI.
  • TableDownloadButton refactored to use save() instead of inline Blob creation, ensuring the public API also gets the BOM fix.

• b105c64: Fix custom tag content being prematurely split when content follows the opening tag on the same line and contains double newlines (\n\n). The preprocessor now ensures proper HTML block structure so the parser treats the entire tag as a single unit.

• 9e6f991: Increase dropdown z-index for table copy and download menus to prevent clipping by surrounding elements.

• 9c18748: docs: document required CSS custom properties (shadcn/ui design tokens) in README

• 7b62e9a: Replace Tailwind v4-only *:last: and *:first: variant syntax with [&>*:last-child]: and [&>*:first-child]: arbitrary variants for compatibility with both Tailwind CSS v3 and v4. Fixes caret rendering on every line instead of only the last child in v3.

• Updated dependencies [e50b0c4]

• Updated dependencies [716a5f0]

  • remend@1.3.0

Commits

• 15ba1ae Version Packages (#457)
• b752b44 fix(streamdown): move mermaid from devDependencies to dependencies (#466)
• 90a7b58 Run fix
• 9e6f991 fix(streamdown): increase dropdown z-index (#463)
• d6666b6 feat: add lineNumbers prop to disable line numbers in code blocks (#460)
• 6a79e04 fix(streamdown): preserve double newlines in literalTagContent tags (#459)
• b9796c8 Improve test coverage
• 6b49db1...

  Description has been truncated

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.