build(deps): bump the non-breaking-deps group across 1 directory with 16 updates

[dependabot]

Bumps the non-breaking-deps group with 16 updates in the /Cyrano directory:

Package	From	To
@anthropic-ai/sdk	0.88.0	0.93.0
@aws-sdk/client-s3	3.1029.0	3.1042.0
dompurify	3.3.3	3.4.2
express-rate-limit	8.3.2	8.4.1
jsdom	29.0.2	29.1.1
openai	6.34.0	6.36.0
pdfjs-dist	5.6.205	5.7.284
puppeteer	24.40.0	24.42.0
zod	4.3.6	4.4.3
@vitest/coverage-v8	4.1.4	4.1.5
@vitest/ui	4.1.4	4.1.5
eslint	10.2.0	10.3.0
globals	17.5.0	17.6.0
imapflow	1.3.1	1.3.3
typescript-eslint	8.58.2	8.59.2
vitest	4.1.4	4.1.5

Updates @anthropic-ai/sdk from 0.88.0 to 0.93.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.93.0

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

• client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

sdk: v0.92.0

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

• api: improve Managed Agents APIs (ca1bf4a)
• support setting headers via env (32f67d4)

Bug Fixes

• bedrock: throw APIError for error events delivered in chunk frames (#1021) (3ae887b)

Chores

• format: run eslint and prettier separately (7ce257c)
• internal: codegen related update (f08cc77)

sdk: v0.91.1

0.91.1 (2026-04-24)

Full Changelog: sdk-v0.91.0...sdk-v0.91.1

Bug Fixes

• memory: use restrictive file mode for memory files (#901) (6db3b7e)

Chores

• formatter: run prettier and eslint separately (974d22f)

sdk: v0.91.0

0.91.0 (2026-04-23)

Full Changelog: sdk-v0.90.0...sdk-v0.91.0

Features

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

• client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

• api: improve Managed Agents APIs (ca1bf4a)
• support setting headers via env (32f67d4)

Bug Fixes

• bedrock: throw APIError for error events delivered in chunk frames (#1021) (3ae887b)

Chores

• format: run eslint and prettier separately (7ce257c)
• internal: codegen related update (f08cc77)

0.91.1 (2026-04-24)

Full Changelog: sdk-v0.91.0...sdk-v0.91.1

Bug Fixes

• memory: use restrictive file mode for memory files (#901) (6db3b7e)

Chores

• formatter: run prettier and eslint separately (974d22f)

0.91.0 (2026-04-23)

Full Changelog: sdk-v0.90.0...sdk-v0.91.0

Features

• api: CMA Memory public beta (ddf732f)
• bedrock: use auth header for mantle client (#866) (aec801a)

... (truncated)

Commits

• d6f562c chore: release main (#1025)
• d3aff28 chore: release main (#1017)
• 3ae887b fix(bedrock): throw APIError for error events delivered in chunk frames (#1021)
• 74ac150 chore: release main (#1014)
• 22cb810 chore: release main (#1008)
• 93ac7c7 chore: release main (#1003)
• 39549e9 chore: release main (#993)
• See full diff in compare view

Updates @aws-sdk/client-s3 from 3.1029.0 to 3.1042.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1042.0

3.1042.0(2026-05-04)

New Features

• client-vpc-lattice: Amazon VPC Lattice now supports privately resolvable DNS resources (6b1b6aba)
• client-lex-model-building-service: Lex V1 is deprecated, use Lex V2 instead (1c35eb7a)
• client-securityagent: AWS Security Agent is adding a new target domain verification method for private VPC penetration testing. Additionally, the target domain resource will now have a verification status reason field to surface additional details about domain verification (c3570eac)
• client-cloudwatch-logs: Adding an additional optional deliverySourceConfiguration field to PutDeliverySource API. This enables customers to pass service-specific configurations through IngestionHub such as tracing enablement or sampling rates that will be propagated to the source resource. (fa70b570)
• client-ec2: This feature allows customers to change the tunnel bandwidth on existing VPN connections using the ModifyVpnConnectionOptions API (e37b846c)
• client-bedrock-agentcore-control: Amazon Bedrock AgentCore gateways now support MCP Sessions and response streaming from MCP targets. Session timeouts can be set between 15 minutes and 8 hours, and response streaming enables forwarding stream events sent by MCP targets to gateway users. (7d8baefc)
• client-medialive: Updates the type of the MediaLiveRouterOutputConnectionMap. (6a558da2)
• client-geo-routes: Added support for TravelTimeExceedsDriverWorkHours, ViolatedBlockedRoad, and ViolatedVehicleRestriction notice codes to the CalculateRoutes API response. (6b35d383)

---

For list of updated packages, view updated-packages.md in assets-3.1042.0.zip

v3.1041.0

3.1041.0(2026-05-01)

Chores

• core/client: emit warning for Node.js 20.x end-of-support (#7973) (00383767)
• workflows: migrate git-sync SSH key from GitHub secret to Secrets Manager via OIDC (#7978) (c056a2e3)
• codegen: smithy-aws-typescript-codegen 0.49.1 (#7980) (7bb42b39)

Documentation Changes

• client-iam: Added guidance for CreateOpenIDConnectProvider to include multiple thumbprints when OIDC discovery and JWKS endpoints use different hosts or certificates (b4bb6928)

New Features

• clients: update client endpoints as of 2026-05-01 (d48b40d5)
• client-iot: AWS IoT HTTP rule actions now support cross-topic batching, combining messages from different MQTT topics into single HTTP requests. (82edd29f)
• client-appstream: Amazon WorkSpaces Applications now enables AI agents to securely operate desktop applications. Administrators configure stacks to provide agents access to WorkSpaces. Agents can click, type, and take screenshots. Agents authenticate with AWS IAM credentials with activity logged in AWS CloudTrail. (5ca40b43)
• client-quicksight: Add IdentityProviderCACertificatesBundleS3Uri for private CA certs with OAuth datasources. 256-char limit for FontFamily in themes. ControlTitleFormatText on all 13 filters. ControlTitleFontConfiguration. ContextRegion for cross-region identity context. Story,scenario in CreateCustomCapability API. (a625879c)
• client-cloudwatch: This release adds tag support for CloudWatch Dashboards. The PutDashboard API now accepts a Tags parameter, allowing you to tag dashboards at creation time. Additionally, the TagResource, UntagResource, and ListTagsForResource APIs now support dashboard ARNs as resources. (e87c1479)
• client-entityresolution: Add support for transitive matching in AWS Entity Resolution rule-based matching workflows. When enabled, records that match through different rules are grouped together into the same match group, allowing related records to be connected across rule levels. (20487961)
• client-cloudwatch-logs: Adds support for filtering log groups by tags in the ListLogGroups API via the new logGroupTags parameter. (25dc6d23)
• client-qconnect: Added reasoning details, statusDescription, and timeToFirstTokenMs fields to the ListSpans response in Amazon Q in Connect to provide visibility into model thinking, error diagnostics, and inference latency metrics. (2c668c9d)

Bug Fixes

• lib-storage: use Math.ceil in default partSize calculation to prevent exceeding 10,000 parts (#7982) (8a58046b)

---

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1042.0 (2026-05-04)

Note: Version bump only for package @​aws-sdk/client-s3

3.1041.0 (2026-05-01)

Note: Version bump only for package @​aws-sdk/client-s3

3.1040.0 (2026-04-30)

Note: Version bump only for package @​aws-sdk/client-s3

3.1039.0 (2026-04-29)

Note: Version bump only for package @​aws-sdk/client-s3

3.1038.0 (2026-04-27)

Bug Fixes

• xml-builder: use xml 1.1 parsing behavior for entities (#7964) (7a30bce)

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-s3

... (truncated)

Commits

• d942e31 Publish v3.1042.0
• 5df4c01 Publish v3.1041.0
• 7736067 Publish v3.1040.0
• 51c8215 Publish v3.1039.0
• 3dfb72b chore(codegen): sync for adaptive retry fixes (#7970)
• 3fbf6c5 Publish v3.1038.0
• e9f8d8a chore(codegen): sync for typed waiter-result values (#7965)
• 7a30bce fix(xml-builder): use xml 1.1 parsing behavior for entities (#7964)
• 7babd8b Publish v3.1037.0
• 46e4ac5 Publish v3.1036.0
• Additional commits viewable in compare view

Updates dompurify from 3.3.3 to 3.4.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.2

• Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
• Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

DOMPurify 3.4.1

• Fixed an issue with on-handler stripping for HTML-spec-reserved custom element names (font-face, color-profile, missing-glyph, font-face-src, font-face-uri, font-face-format, font-face-name) under permissive CUSTOM_ELEMENT_HANDLING
• Fixed a case-sensitivity gap in the annotation-xml check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode
• Fixed SANITIZE_NAMED_PROPS repeatedly prefixing already-prefixed id and name values on subsequent sanitization
• Fixed the IN_PLACE root-node check to explicitly guard against non-string nodeName (DOM-clobbering robustness)
• Removed a duplicate slot entry from the default HTML attribute allow-list
• Strengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for SANITIZE_NAMED_PROPS, and a negative-control assertion ensuring the invariants actually fire
• Added regression and pinning tests covering the above fixes and two accepted-behavior contracts (SAFE_FOR_TEMPLATES greedy scrub, hook-added attribute handling)
• Extended CodeQL analysis to run on 3.x and 2.x maintenance branches

DOMPurify 3.4.0

Most relevant changes:

• Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @​kodareef5
• Fixed several minor problems and typos regarding MathML attributes, thanks @​DavidOliver
• Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @​1Jesper1
• Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @​bencalif
• Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @​trace37labs
• Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @​eddieran
• Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @​christos-eth
• Fixed an issue with USE_PROFILES prototype pollution, thanks @​christos-eth
• Fixed an issue leading to possible mXSS via Re-Contextualization, thanks @​researchatfluidattacks and others
• Fixed an issue with closing tags leading to possible mXSS, thanks @​frevadiscor
• Fixed a problem with the type dentition patcher after Node version bump
• Fixed freezing BS runs by reducing the tested browsers array
• Bumped several dependencies where possible
• Added needed files for OpenSSF scorecard checks

Published Advisories are here: https://github.com/cure53/DOMPurify/security/advisories?state=published

Commits

• 6f67fd3 Sync/3.4.2 (#1322)
• 5b0cdbb chore: merge main into 3.x for 3.4.1 release (#1301)
• 09f5911 test: added three more browsers to test setup (OSX, mobile)
• 5b16e0b Getting 3.x branch ready for 3.4.0 release (#1250)
• See full diff in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates express-rate-limit from 8.3.2 to 8.4.1

Release notes

Sourced from express-rate-limit's releases.

v8.4.1

You can view the changelog here.

v8.4.0

You can view the changelog here.

Commits

• 69568d4 8.4.1
• c686acd v8.4.1 changelog
• ba71353 test: bump timeout in flakey skipFailedRequests test (#618)
• dd4c894 feat: allow usage of custom logger (#616)
• 2bb343c resolve Jest timeout for server-based tests (#617)
• See full diff in compare view

Updates jsdom from 29.0.2 to 29.1.1

Release notes

Sourced from jsdom's releases.

v29.1.1

• Fixed 'border-radius' computed style serialization. (@​asamuzaK)
• Fixed computed style computation when using 'background-origin' and 'background-clip' CSS properties. (@​asamuzaK)
• Significantly optimized initial calls to getComputedStyle(), before the cache warms up. (@​asamuzaK)

v29.1.0

• Added basic support for the ratio CSS type. (@​asamuzaK)
• Fixed getComputedStyle() sometimes returning outdated results after CSS was modified. (@​asamuzaK)

Commits

• 9b9ea7e 29.1.1
• 07efb78 Optimize computed style comparison
• 5f66329 Fix background-origin/background-clip in background shorthand
• ad8af77 Fix border shorthand handling
• 5a3e88e 29.1.0
• 73db204 Update dependencies and dev dependencies
• a7168a5 Support ratio CSS unit type
• 15346e0 Fix style cache invalidation
• See full diff in compare view

Updates openai from 6.34.0 to 6.36.0

Release notes

Sourced from openai's releases.

v6.36.0

6.36.0 (2026-05-01)

Full Changelog: v6.35.0...v6.36.0

Features

• api: add group_type/user metadata fields, update types across admin resources (cc52f97)
• api: add support for Admin API Keys per endpoint (770d187)
• api: admin API updates (ee2bd2d)
• api: manual updates (6af2b6d)
• api: manual updates (f2dceda)

Bug Fixes

• api: support admin api key auth (e3862a3)
• api: tighten auth header selection (f1203bd)

Chores

• format: run eslint and prettier separately (104543a)
• internal: codegen related update (05d86da)
• internal: codegen related update (f184586)

v6.35.0

6.35.0 (2026-04-28)

Full Changelog: v6.34.0...v6.35.0

Features

• api: Add detail to InputFileContent (910ec5d)
• api: add OAuthErrorCode type (f84bd1f)
• api: add prompt_cache_retention parameter to responses compact (c486d1f)
• api: add web_search_call.results to ResponseIncludable (72449a1)
• api: manual updates (b742f1f)
• client: add support for binary messages (c498cc3)
• client: add support for path parameters in websockets clients (e0aba70)
• client: add support for queuing messages when waiting for a connection (fd8868c)
• client: add support for WebSockets in the browser when using simple auth (27bda6a)
• client: support automatic reconnection for websockets (189410b)
• typescript: expose underlying WebSocket type (7e96939)

Bug Fixes

• client: allow single messages greater than the size of the websockets queue (ad19ab2)
• internal: gitignore generated oidc dir (cf860f6)

... (truncated)

Changelog

Sourced from openai's changelog.

6.36.0 (2026-05-01)

Full Changelog: v6.35.0...v6.36.0

Features

• api: add group_type/user metadata fields, update types across admin resources (cc52f97)
• api: add support for Admin API Keys per endpoint (770d187)
• api: admin API updates (ee2bd2d)
• api: manual updates (6af2b6d)
• api: manual updates (f2dceda)

Bug Fixes

• api: support admin api key auth (e3862a3)
• api: tighten auth header selection (f1203bd)

Chores

• format: run eslint and prettier separately (104543a)
• internal: codegen related update (05d86da)
• internal: codegen related update (f184586)

6.35.0 (2026-04-28)

Full Changelog: v6.34.0...v6.35.0

Features

• api: Add detail to InputFileContent (910ec5d)
• api: add OAuthErrorCode type (f84bd1f)
• api: add prompt_cache_retention parameter to responses compact (c486d1f)
• api: add web_search_call.results to ResponseIncludable (72449a1)
• api: manual updates (b742f1f)
• client: add support for binary messages (c498cc3)
• client: add support for path parameters in websockets clients (e0aba70)
• client: add support for queuing messages when waiting for a connection (fd8868c)
• client: add support for WebSockets in the browser when using simple auth (27bda6a)
• client: support automatic reconnection for websockets (189410b)
• typescript: expose underlying WebSocket type (7e96939)

Bug Fixes

• client: allow single messages greater than the size of the websockets queue (ad19ab2)
• internal: gitignore generated oidc dir (cf860f6)
• types: correct prompt_cache_retention enum value in chat/completions and responses (5a81e1a)
• types: preserve emitted ts-ignore comments (1cde375)

... (truncated)

Commits

• e228aaa release: 6.36.0
• f124a40 codegen metadata
• eeb2d3d codegen metadata
• ca7729a feat(api): add group_type/user metadata fields, update types across admin res...
• f1d404e feat(api): admin API updates
• 70ebe04 feat(api): manual updates
• a257381 fix(api): tighten auth header selection
• 4fb7f68 codegen metadata
• e8695fc codegen metadata
• f98ceb5 feat(api): manual updates
• Additional commits viewable in compare view

Updates pdfjs-dist from 5.6.205 to 5.7.284

Release notes

Sourced from pdfjs-dist's releases.

v5.7.284

This release contains improvements for accessibility, annotations, the annotation editor, font conversion, image conversion, performance, shading pattern rendering, SMask rendering and the viewer.

Changes since v5.6.205

• Bump the stable version in pdfjs.config by @​timvandermeij in mozilla/pdf.js#21004
• [api-minor] Rewrite the ps lexer & parser and add a small Wasm compiler by @​calixteman in mozilla/pdf.js#21002
• [Node.js] Remove the node-readable-to-web-readable-stream polyfill by @​Snuffleupagus in mozilla/pdf.js#21007
• Add attachments when merging/reorganizing a pdf (bug 2026956) by @​calixteman in mozilla/pdf.js#21013
• Don't use an intermediate canvas when rendering a tiling pattern bigger than the rectangle to fill by @​calixteman in mozilla/pdf.js#18815
• Avoid expressions duplication in the ps AST and use a local instead when compiling to WASM by @​calixteman in mozilla/pdf.js#21008
• Add support for function-based shadings (bug 1254066) by @​calixteman in mozilla/pdf.js#21012
• Add an interpreter for optimized ps code by @​calixteman in mozilla/pdf.js#21010
• Encrypt pdf data when merging the same pdf (bug 2028369) by @​calixteman in mozilla/pdf.js#21022
• Use the MathClamp helper function more by @​Snuffleupagus in mozilla/pdf.js#21026
• l10n: Update locale files by @​github-actions[bot] in mozilla/pdf.js#21033
• Use OffscreenCanvas unconditionally in the web/pdf_thumbnail_view.js file by @​Snuffleupagus in mozilla/pdf.js#21021
• Fix wrong values when sanitizing fonts by @​calixteman in mozilla/pdf.js#21031
• A couple of small collectAnnotationsByType improvements by @​Snuffleupagus in mozilla/pdf.js#21034
• Move the MathClamp helper function to its own file by @​Snuffleupagus in mozilla/pdf.js#21027
• Replace all Object.prototype.hasOwnProperty usage with Object.hasOwn by @​Snuffleupagus in mozilla/pdf.js#21029
• [api-minor] Change PDFDataRangeTransport to use a single (internal) listener by @​Snuffleupagus in mozilla/pdf.js#21028
• Fix radial gradient when the two circles have an intersection by @​calixteman in mozilla/pdf.js#21014
• Add a js fallback for interpreting ps code by @​calixteman in mozilla/pdf.js#21023
• Get the right transform for a pattern before filling some text by @​calixteman in mozilla/pdf.js#21019
• Add an eslint plugin for using MathClamp when it's possible by @​calixteman in mozilla/pdf.js#21030
• Fix the annotation base transform before drawing it by @​calixteman in mozilla/pdf.js#21020
• Remove the unused compilePostScriptToIR function (PR 21023 follow-up) by @​Snuffleupagus in mozilla/pdf.js#21037
• [api-minor] Remove PostScriptCompiler and PostScriptEvaluator, since it's now dead code (PR 21023 follow-up) by @​Snuffleupagus in mozilla/pdf.js#21005
• Fix comments for (is/has)Singlefile in pdf_editor by @​calixteman in mozilla/pdf.js#21036
• Update dependencies to the most recent versions by @​timvandermeij in mozilla/pdf.js#21035
• Use the calculateMD5 helper, from test/downloadutils.mjs, in test/add_test.mjs by @​Snuffleupagus in mozilla/pdf.js#21038
• Introduce a function type enumeration by @​timvandermeij in mozilla/pdf.js#21041
• Use the original array-data when parsing Type 0 (Sampled) Functions by @​Snuffleupagus in mozilla/pdf.js#21040
• Fix intermittent failure in the "must check that the comment sidebar is resizable with the keyboard" comment integration test by @​timvandermeij in mozilla/pdf.js#21045
• Fix intermittent integration test failures related to checking the find count results text by @​timvandermeij in mozilla/pdf.js#21043
• [api-minor] Update the minimum supported Node.js version to 22 by @​Snuffleupagus in mozilla/pdf.js#21018
• Remove unnecessary "flooring" of the components when setting the Annotation borderColor by @​Snuffleupagus in mozilla/pdf.js#21047
• Replace individual AI/ML disabling preferences with the single killswitch preference in the tests by @​timvandermeij in mozilla/pdf.js#21046
• Shorten the src/core/postscript/ code a tiny bit by @​Snuffleupagus in mozilla/pdf.js#21048
• Unconditionally create a gpu device by @​calixteman in mozilla/pdf.js#21049
• Use the stringToBytes helper in the PDFEditor.prototype.writePDF method by @​Snuffleupagus in mozilla/pdf.js#21051
• Fix the l10n-id for the sidebar toggleButton, in the ViewsManager class by @​Snuffleupagus in mozilla/pdf.js#21055
• Reduce allocations when compiling CFF fonts by @​Snuffleupagus in mozilla/pdf.js#21053
• Fix the way to write numbers when saving a pdf by @​calixteman in mozilla/pdf.js#21054
• Make sure the thumbnails positions are recomputed after a structural change but after a reflow has been done (bug 2028193) by @​calixteman in mozilla/pdf.js#21059
• Bump github/codeql-action from 4.33.0 to 4.35.1 by @​dependabot[bot] in mozilla/pdf.js#21056
• Replace a couple of loops with TypedArray.prototype.fill() in the src/core/ascii_85_stream.js file by @​Snuffleupagus in mozilla/pdf.js#21050
• Bump actions/deploy-pages from 4.0.5 to 5.0.0 by @​dependabot[bot] in mozilla/pdf.js#21058
• Bump codecov/codecov-action from 5.5.2 to 6.0.0 by @​dependabot[bot] in mozilla/pdf.js#21057
• Avoid as much as possible to have intermediate canvases by @​calixteman in mozilla/pdf.js#21061

... (truncated)

Commits

• 7e5b36c Merge pull request #21171 from calixteman/bug2034980
• dc3c07b Allow free-highlighting on top of image placeholders (bug 2034980)
• 01b315a Merge pull request #21176 from calixteman/bug2035197
• c9a7ff0 Fix merging PDFs with conflicting AcroForm /DR (bug 2035197)
• d9f175d Merge pull request #21174 from nicolo-ribaudo/fix-comment
• 81678f2 Fix array type in CanvasBBoxTracker comment
• 8d3d370 Merge pull request #21170 from calixteman/speedup_typetest
• da0b99c Merge pull request #20371 from timvandermeij/github-actions-integration-tests
• 3b8f556 Merge pull request #21154 from calixteman/bug2034804
• 38beff5 Speed up 'gulp typestest' by removing the unused 'generic' dependency
• Additional commits viewable in compare view

Updates puppeteer from 24.40.0 to 24.42.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.42.0

24.42.0 (2026-04-20)

🎉 Features

• add metadata to extensions object (#14870) (d3e190e)
• cdp: support autofilling address (#14826) (c2acadc)
• implement URL blocklist to restrict access to unauthorized sites (#14873) (8ad881c)

🛠️ Fixes

• remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from disabled features (#14872) (c9909a5)
• roll to Chrome 147.0.7727.57 (#14869) (51c4305)

puppeteer: v24.42.0

24.42.0 (2026-04-20)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.41.0 to 24.42.0

puppeteer-core: v24.41.0

24.41.0 (2026-04-15)

🎉 Features

• add support for Issues (#14845) (6e8dbe7)
• adds extension realms api (#14824) (c14f4ae)
• API to list installed browser extensions and trigger extension actions (#14821) (d6395ef)
• implement console event on web workers (#14784) (fa6158a)
• roll to Chrome 147.0.7727.24 (#14797) (ee81786)
• roll to Firefox 149.0 (#14799) (9fd5ceb)
• webmcp: add hook for tool invocation (#14835) (cf8169d)
• webmcp: add hook for tool response (#14841) (6fb05bc)
• webmcp: add initial API to inspect tool registrations (#14814) (655c996)
• webmcp: add WebMCPTool execute support (#14851) (8f95117)
• webmcp: expose WebMCPToolCall in WebMCPToolCallResult (#14848) (242ac0b)
• webmcp: Switch from WebMCPInvocationStatus Success to Completed (#14859) (375e636)

... (truncated)

Changelog

Sourced from puppeteer's changelog.

24.42.0 (2026-04-20)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.41.0 to 24.42.0

🎉 Features

• add metadata to extensions object (#14870) (d3e190e)
• cdp: support autofilling address (#14826) (c2acadc)
• implement URL blocklist to restrict access to unauthorized sites (#14873) (8ad881c)

🛠️ Fixes

• remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from disabled features (#14872) (c9909a5)
• roll to Chrome 147.0.7727.57 (#14869) (

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.